upgrade to CycloneDX 1.5

fixes #419 Signed-off-by: Hervé Boutemy <hboutemy@apache.org>
CycloneDX · Jan 17, 2024 · 09066be · 09066be
1 parent f5f20d4
commit 09066be
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 11 deletions.
diff --git a/README.md b/README.md
@@ -45,7 +45,7 @@ Default Values
         <artifactId>cyclonedx-maven-plugin</artifactId>
         <configuration>
             <projectType>library</projectType>
-            <schemaVersion>1.4</schemaVersion>
+            <schemaVersion>1.5</schemaVersion>
             <includeBomSerialNumber>true</includeBomSerialNumber>
             <includeCompileScope>true</includeCompileScope>
             <includeProvidedScope>true</includeProvidedScope>
@@ -96,12 +96,13 @@ as well as the output format options. Use the latest possible version of this pl
 the CycloneDX version supported by the target system.
 
 | Version | Schema Version | Format(s) |
-| ------- | -------------- | --------- |
-| 2.6.x | CycloneDX v1.4 | XML/JSON |
-| 2.5.x | CycloneDX v1.3 | XML/JSON |
-| 2.0.x | CycloneDX v1.2 | XML/JSON |
-| 1.4.x | CycloneDX v1.1 | XML |
-| 1.0x | CycloneDX v1.0 | XML |
+|---------|----------------| --------- |
+| 2.8.x   | CycloneDX v1.5 | XML/JSON |
+| 2.6.x   | CycloneDX v1.4 | XML/JSON |
+| 2.5.x   | CycloneDX v1.3 | XML/JSON |
+| 2.0.x   | CycloneDX v1.2 | XML/JSON |
+| 1.4.x   | CycloneDX v1.1 | XML |
+| 1.0x    | CycloneDX v1.0 | XML |
 
 ## Maven Plugin Documentation
 

diff --git a/pom.xml b/pom.xml
@@ -106,7 +106,7 @@
         <dependency>
             <groupId>org.cyclonedx</groupId>
             <artifactId>cyclonedx-core-java</artifactId>
-            <version>7.3.2</version>
+            <version>8.0.3</version>
         </dependency>
         <dependency>
             <groupId>javax.inject</groupId>

diff --git a/src/it/makeBom/verify.groovy b/src/it/makeBom/verify.groovy
@@ -8,6 +8,8 @@ assert bomFileXml.text.contains('<reference type="website"><url>https://github.c
 
 assert !bomFileXml.text.contains('<property name="maven.optional.unused">')
 
+assert bomFileJson.text.contains('"specVersion" : "1.5"')
+
 // Reproducible Builds
 assert !bomFileJson.text.contains('"timestamp"')
 assert bomFileJson.text.contains('"name" : "cdx:reproducible",')

diff --git a/src/main/java/org/cyclonedx/maven/BaseCycloneDxMojo.java b/src/main/java/org/cyclonedx/maven/BaseCycloneDxMojo.java
@@ -64,7 +64,7 @@ public abstract class BaseCycloneDxMojo extends AbstractMojo {
 
     /**
      * The component type associated to the SBOM metadata. See
-     * <a href="https://cyclonedx.org/docs/1.4/json/#metadata_component_type">CycloneDX reference</a> for supported
+     * <a href="https://cyclonedx.org/docs/1.5/json/#metadata_component_type">CycloneDX reference</a> for supported
      * values. 
      *
      * @since 2.0.0
@@ -77,7 +77,7 @@ public abstract class BaseCycloneDxMojo extends AbstractMojo {
      *
      * @since 2.1.0
      */
-    @Parameter(property = "schemaVersion", defaultValue = "1.4", required = false)
+    @Parameter(property = "schemaVersion", defaultValue = "1.5", required = false)
     private String schemaVersion;
 
     /**
@@ -451,8 +451,10 @@ protected CycloneDxSchema.Version schemaVersion() {
             return CycloneDxSchema.Version.VERSION_12;
         } else if ("1.3".equals(schemaVersion)) {
             return CycloneDxSchema.Version.VERSION_13;
-        } else {
+        } else if ("1.4".equals(schemaVersion)) {
             return CycloneDxSchema.Version.VERSION_14;
+        } else {
+            return CycloneDxSchema.Version.VERSION_15;
         }
     }