Skip to content

fix: Add CycloneDX v1.5 writing#3477

Open
spiffcs wants to merge 1 commit into
mainfrom
cyclonedx-write-version
Open

fix: Add CycloneDX v1.5 writing#3477
spiffcs wants to merge 1 commit into
mainfrom
cyclonedx-write-version

Conversation

@spiffcs

@spiffcs spiffcs commented Jun 1, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

feat: Add CycloneDX support for older versons

grype alpine:3.18 -o cyclonedx-json@1.5

Supersedes #3176. Original work by @RossComputerGuy (Tristan Ross)
This branch is their commit rebased onto current main so it can be merged.

Authorship is preserved on the commit.

This PR also adds a small fix to the original feature that prevents a panic on an unsupported version.

Changes

No change in default behavior

$ grype alpine:3.18 -o cyclonedx-json | grep -m1 -E 'specVersion|schema'
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"specVersion": "1.6",

New feature: allow format to generate CycloneDX 1.5

$ grype alpine:3.18 -o cyclonedx-json@1.5 | grep -m1 -E 'specVersion|schema'
"$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
"specVersion": "1.5",

Original PR: #3176

@RossComputerGuy @spiffcs
Add CycloneDX v1.5 writing
71cb55b 
Signed-off-by: Tristan Ross <tristan.ross@determinate.systems>
@spiffcs

spiffcs commented Jun 10, 2026

Copy link
Copy Markdown
Contributor Author

There was an update requested here by some members of the tools team. I'm going to take a stab at getting grype closer to how syft does formatting and rework this PR in that vein. Apologies for the delay.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@spiffcs @RossComputerGuy