Update CycloneDX to 8.0.0 and BOM validation to v1_6 (#907)

* Update BOM validation to v1_6 and CycloneDX to 8.0.0

Updated FunctionalTestHelper.cs and ValidationTests.cs to support BOM validation for Specification Version v1_6 in both JSON and XML formats. Upgraded CycloneDX.Core package version in Directory.Packages.props from 7.0.1 to 8.0.0. Also corrected a minor formatting issue in Directory.Packages.props.

Signed-off-by: Mario Allegro <[email protected]>

* use new author field in cdx model

---------

Signed-off-by: Mario Allegro <[email protected]>
Co-authored-by: Mario Allegro <[email protected]>
Co-authored-by: MTsfoni <[email protected]>

CycloneDX.Tests/FunctionalTests/FunctionalTestHelper.cs

@@ -95,11 +95,11 @@ public static async Task<Bom> Test(RunOptions options, INugetServiceFactory nuge
             ValidationResult validationResult;
             if (options.json)
             {
-                validationResult = await Json.Validator.ValidateAsync(mockBomFileStream, SpecificationVersion.v1_5).ConfigureAwait(false);
+                validationResult = await Json.Validator.ValidateAsync(mockBomFileStream, SpecificationVersion.v1_6).ConfigureAwait(false);
             }
             else
             {
-                validationResult = Xml.Validator.Validate(mockBomFileStream, SpecificationVersion.v1_5);
+                validationResult = Xml.Validator.Validate(mockBomFileStream, SpecificationVersion.v1_6);
             }
             Assert.True(validationResult.Valid);
 

CycloneDX.Tests/ValidationTests.cs

@@ -69,11 +69,11 @@ public async Task Validation(string fileFormat, bool disableGitHubLicenses)
             ValidationResult validationResult;
             if (fileFormat == "json")
             {
-                validationResult = await Json.Validator.ValidateAsync(mockBomFileStream, SpecificationVersion.v1_5).ConfigureAwait(true);
+                validationResult = await Json.Validator.ValidateAsync(mockBomFileStream, SpecificationVersion.v1_6).ConfigureAwait(true);
             }
             else
             {
-                validationResult = Xml.Validator.Validate(mockBomFileStream, SpecificationVersion.v1_5);
+                validationResult = Xml.Validator.Validate(mockBomFileStream, SpecificationVersion.v1_6);
             }
 
             Assert.True(validationResult.Valid);

CycloneDX/Services/NugetV3Service.cs

@@ -278,7 +278,7 @@ public async Task<Component> GetComponentAsync(string name, string version, Comp
 
         private static Component SetupComponentProperties(Component component, NuspecModel nuspecModel)
         {
-            component.Author = nuspecModel.nuspecReader.GetAuthors();
+            component.Authors = new List<OrganizationalContact> { new OrganizationalContact { Name = nuspecModel.nuspecReader.GetAuthors() } };
             component.Copyright = nuspecModel.nuspecReader.GetCopyright();
             // this prevents empty copyright values in the JSON BOM
             if (string.IsNullOrEmpty(component.Copyright))

Directory.Packages.props

@@ -3,7 +3,7 @@
     <CentralPackageTransitivePinningEnabled>true</CentralPackageTransitivePinningEnabled>
   </PropertyGroup>
   <ItemGroup>
-    <PackageVersion Include="CycloneDX.Core" Version="7.0.1" />
+    <PackageVersion Include="CycloneDX.Core" Version="8.0.0" />
     <PackageVersion Include="Microsoft.Build" Version="17.3.2" />
     <PackageVersion Include="Microsoft.Build.Engine" Version="17.8.3" />
     <PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
@@ -18,4 +18,4 @@
     <PackageVersion Include="System.IO.Abstractions" Version="21.0.2" />
     <PackageVersion Include="System.IO.Abstractions.TestingHelpers" Version="21.0.2" />
   </ItemGroup>
-</Project>
+</Project>