search

CycloneDX / cyclonedx-core-java

CycloneDX SBOM Model and Utils for Creating and Validating BOMs
https://cyclonedx.org/
Apache License 2.0
81 stars 61 forks source link

Update vulnerabilities to use new Tool specification #438

Open shaikhu opened 4 months ago

shaikhu commented 4 months ago

According to the docs, since v1.5 the Tools format has been deprecated and a new format recommended. While the entity Metada has been updated to use the new format (new method setToolChoice), Vulnerability has not. This PR adds a similar method to Vulnerability.

codacy-production[bot] commented 4 months ago

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
:white_check_mark: +0.97% :white_check_mark: 97.84%
Coverage variation details | | Coverable lines | Covered lines | Coverage | | ------------- | ------------- | ------------- | ------------- | | Common ancestor commit (134c36e8bb1a446e026f593defc7ddd4a548d7c7) | 6029 | 4400 | 72.98% | | | Head commit (691649c4d0f7adeba4a27ddb1ddf33a69f0c9c1b) | 6264 (+235) | 4632 (+232) | 73.95% (**+0.97%**) | **Coverage variation** is the difference between the coverage for the head and common ancestor commits of the pull request branch: ` - `
Diff coverage details | | Coverable lines | Covered lines | Diff coverage | | ------------- | ------------- | ------------- | ------------- | | Pull request (#438) | 278 | 272 | **97.84%** | **Diff coverage** is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: `/ * 100%`

See your quality gate settings    Change summary preferences

Codacy stopped sending the deprecated coverage status on June 5th, 2024. Learn more

mr-zepol commented 2 months ago

@shaikhu new fields were introduced to the vulnerability class, so you might need to rebase and add them to the serializer you are creating