Some additional SBOM types to support upstream projects

DarthHater commented 4 years ago

For some additional projects (Ahab, Cheque, Hashbrowns), I figured we could extend Nancy to have the core cyclonedx functionality necessary to support additional use cases for generating different types of SBOMs

This pull request makes the following changes:

Adds a SBOM processor for a slice of types.Sha1SBOM (supports Hashbrowns)
Adds a SBOM processor for a slice of packageurl.PackageURL (Ahab, Cheque, and likely Nancy)
Adds tests for verifying these
Adds group to SBOM output as that was missing previously to packageurl and purl processors

cc @bhamail / @DarthHater

fitzoh commented 4 years ago

https://github.com/sonatype-nexus-community/go-sona-types

nice

DarthHater commented 4 years ago

@zendern @fitzoh I am not against that at all. We've got enough tools consuming these things where that would make sense! I'll merge this for now but we can make that a thing for 1.0.0, rip out the common stuff.

sonatype-nexus-community / nancy

Some additional SBOM types to support upstream projects #138