diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3eab3e9b..4247b175 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,7 +11,7 @@ env: CDXGEN_VERSION: '10.8.1' CDXGEN_PLUGINS_VERSION: '1.6.2' GRYPE_VERSION: 'v0.79.2' - SBOMQS_VERSION: 'v0.1.5' + SBOMQS_VERSION: 'v0.1.6' DEPSCAN_VERSION: 'v5.4.2' NYDUS_VERSION: '2.2.5' SWIFT_VERSION: '5.10.1' diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index 741a03d3..b17c57c2 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -12,7 +12,7 @@ on: env: CDXGEN_PLUGINS_VERSION: '1.6.2' GRYPE_VERSION: 'v0.79.2' - SBOMQS_VERSION: 'v0.1.5' + SBOMQS_VERSION: 'v0.1.6' DEPSCAN_VERSION: 'v5.4.2' NYDUS_VERSION: '2.2.5' java_version: '21' diff --git a/src/main/java/com/mediamarktsaturn/technolinator/sbom/CdxgenClient.java b/src/main/java/com/mediamarktsaturn/technolinator/sbom/CdxgenClient.java index 6d00ba6b..c93b426a 100644 --- a/src/main/java/com/mediamarktsaturn/technolinator/sbom/CdxgenClient.java +++ b/src/main/java/com/mediamarktsaturn/technolinator/sbom/CdxgenClient.java @@ -147,7 +147,7 @@ public CdxgenClient() { * * --project-name %s # name of main component of the SBOM, defaulting to the repository name * * --no-validate # disable cdxgen validation as we try to process everything */ - private static final String CDXGEN_CMD_FMT = "cdxgen --spec-version 1.5 -o %s%s%s%s%s%s --project-name %s --no-validate"; + private static final String CDXGEN_CMD_FMT = "cdxgen --spec-version 1.6 -o %s%s%s%s%s%s --project-name %s --no-validate"; public record SbomCreationCommand( Path repoDir, diff --git a/src/main/java/com/mediamarktsaturn/technolinator/sbom/DependencyTrackClient.java b/src/main/java/com/mediamarktsaturn/technolinator/sbom/DependencyTrackClient.java index b23f4f14..b3b886e2 100644 --- a/src/main/java/com/mediamarktsaturn/technolinator/sbom/DependencyTrackClient.java +++ b/src/main/java/com/mediamarktsaturn/technolinator/sbom/DependencyTrackClient.java @@ -50,7 +50,7 @@ public DependencyTrackClient( */ public Uni> uploadSBOM(RepositoryDetails repoDetails, Bom sbom, String projectName, Project parentProject, Optional commitSha) { var projectVersion = repoDetails.version(); - var sbomBase64 = Base64.getEncoder().encodeToString(new BomJsonGenerator(sbom, Version.VERSION_15).toJsonString().getBytes(StandardCharsets.UTF_8)); + var sbomBase64 = Base64.getEncoder().encodeToString(new BomJsonGenerator(sbom, Version.VERSION_16).toJsonString().getBytes(StandardCharsets.UTF_8)); var payload = new JsonObject(Map.of( "projectName", projectName, "projectVersion", projectVersion, diff --git a/src/test/java/com/mediamarktsaturn/technolinator/handler/PushHandlingTest.java b/src/test/java/com/mediamarktsaturn/technolinator/handler/PushHandlingTest.java index 5ee41799..d0613839 100644 --- a/src/test/java/com/mediamarktsaturn/technolinator/handler/PushHandlingTest.java +++ b/src/test/java/com/mediamarktsaturn/technolinator/handler/PushHandlingTest.java @@ -19,7 +19,6 @@ import org.kohsuke.github.GHEventPayload; import org.kohsuke.github.GitHub; import org.mockito.ArgumentCaptor; -import org.testcontainers.shaded.org.hamcrest.CoreMatchers; import java.io.IOException; import java.util.Optional;