add `cdx:gomod:application` namespace

CycloneDX / cyclonedx-property-taxonomy

A taxonomy of all official CycloneDX property namespaces and names

https://cyclonedx.github.io/cyclonedx-property-taxonomy/

Apache License 2.0

14 stars 32 forks source link

add `cdx:gomod:application` namespace #4

Closed nscuro closed 3 years ago

nscuro commented 3 years ago

Signed-off-by: nscuro nscuro@protonmail.com

nscuro commented 3 years ago

This was introduced for https://github.com/CycloneDX/cyclonedx-gomod/issues/67

coderpatros commented 3 years ago

Wouldn't this be covered by using an application type component in the BOM metadata element?

nscuro commented 3 years ago

@coderpatros Good point. I already do this, and also use subpaths in the PURL to point to the application directory (if it differs from the module root dir): https://github.com/CycloneDX/cyclonedx-gomod/blob/43e1e14cd289761e04ec090958266e96769d93c6/examples/app_minikube-v1.23.1.bom.json#L37-L47

The intention of this property was to have an unambiguous way of indicating / identifying the application's name. pkg:golang/k8s.io/minikube@v1.23.1#cmd/minikube doesn't really answer that question.

nscuro commented 3 years ago

Actually, I've thought about this. I'll remove the property again for now and add it back in if the need arises. If that happens, I should add an option to set the application name manually as well.

Adding features is easier than removing them after all. 👽