Mark components from test configurations #440

skhokhlov · 2024-05-28T14:44:00Z

CycloneDX npm plugin adds properties for components in SBOM which are dev dependencies of the project.

"properties": [
        {
          "name": "cdx:npm:package:development",
          "value": "true"
        }
]

https://github.com/CycloneDX/cyclonedx-node-npm/blob/main/demo/dev-dependencies/example-results/bare/bom.1.6.json#L187-L188

This data is crucial for risk analysis of vulnerabilities. It would be perfect to add similar property to be able to identify test dependencies in SBOMs collected with Gradle plugin.

skhokhlov changed the title ~~Mark components from test configuration~~ Mark components from test configurations May 28, 2024

skhokhlov added the enhancement New feature or request label Jul 25, 2024

skhokhlov added this to the 2.0.0 milestone Oct 21, 2024

skhokhlov linked a pull request Oct 28, 2024 that will close this issue

Feat/new implementation cyclonedx bom #532

Open

skhokhlov removed a link to a pull request Nov 7, 2024

Feat/new implementation cyclonedx bom #532

Open

skhokhlov mentioned this issue Nov 7, 2024

New namespace for Maven ecosystem proposal CycloneDX/cyclonedx-property-taxonomy#106

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Mark components from test configurations #440

Mark components from test configurations #440

skhokhlov commented May 28, 2024

Mark components from test configurations #440

Mark components from test configurations #440

Comments

skhokhlov commented May 28, 2024