From 097eb5d6397611d0049d090971641c7ea7a128ab Mon Sep 17 00:00:00 2001 From: Sebastian Schuberth Date: Mon, 9 Dec 2024 21:41:40 +0100 Subject: [PATCH] feat(cyclonedx): Set basic supplier information While at it, also set author information for package components. See [1] for context. [1]: https://github.com/oss-review-toolkit/ort/issues/7449 Signed-off-by: Sebastian Schuberth --- .../reporters/cyclonedx/src/main/kotlin/BomExtensions.kt | 7 +++++++ .../cyclonedx/src/main/kotlin/CycloneDxReporter.kt | 5 +++++ 2 files changed, 12 insertions(+) diff --git a/plugins/reporters/cyclonedx/src/main/kotlin/BomExtensions.kt b/plugins/reporters/cyclonedx/src/main/kotlin/BomExtensions.kt index 5078accce74ca..8b93b6269ae1c 100644 --- a/plugins/reporters/cyclonedx/src/main/kotlin/BomExtensions.kt +++ b/plugins/reporters/cyclonedx/src/main/kotlin/BomExtensions.kt @@ -37,6 +37,8 @@ import org.cyclonedx.model.Dependency import org.cyclonedx.model.ExtensibleType import org.cyclonedx.model.ExternalReference import org.cyclonedx.model.LicenseChoice +import org.cyclonedx.model.OrganizationalContact +import org.cyclonedx.model.OrganizationalEntity import org.cyclonedx.model.vulnerability.Vulnerability.Rating.Method import org.ossreviewtoolkit.model.Identifier @@ -118,6 +120,11 @@ internal fun Bom.addComponent(input: ReporterInput, pkg: Package, dependencyType name = pkg.id.name version = pkg.id.version + authors = pkg.authors.map { OrganizationalContact().apply { name = it } } + supplier = authors.takeUnless { it.isEmpty() }?.let { + OrganizationalEntity().apply { contacts = authors } + } + description = pkg.description // TODO: Map package-manager-specific OPTIONAL scopes. diff --git a/plugins/reporters/cyclonedx/src/main/kotlin/CycloneDxReporter.kt b/plugins/reporters/cyclonedx/src/main/kotlin/CycloneDxReporter.kt index e79849c401573..a810d7b69473e 100644 --- a/plugins/reporters/cyclonedx/src/main/kotlin/CycloneDxReporter.kt +++ b/plugins/reporters/cyclonedx/src/main/kotlin/CycloneDxReporter.kt @@ -32,6 +32,7 @@ import org.cyclonedx.model.ExternalReference import org.cyclonedx.model.LicenseChoice import org.cyclonedx.model.Metadata import org.cyclonedx.model.OrganizationalContact +import org.cyclonedx.model.OrganizationalEntity import org.cyclonedx.model.license.Expression import org.cyclonedx.model.metadata.ToolInformation @@ -215,6 +216,10 @@ class CycloneDxReporter( version = project.id.version authors = project.authors.map { OrganizationalContact().apply { name = it } } + supplier = authors.takeUnless { it.isEmpty() }?.let { + OrganizationalEntity().apply { contacts = authors } + } + description = project.description } }