Skip to content

Support for Spec 1.7#866

Merged
mr-zepol merged 4 commits into
masterfrom
dev_1.7
Jul 1, 2026
Merged

Support for Spec 1.7#866
mr-zepol merged 4 commits into
masterfrom
dev_1.7

Conversation

@mr-zepol

@mr-zepol mr-zepol commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

This adds complete support for Spec 1.7 in the CycloneDX Java Core Library

mr-zepol and others added 3 commits July 1, 2026 08:43
* Add new classes for new types

* Update classes

* Dev 1.7 Expression Detail (#787)

* Support for license Details

* Fix tests

* Support for IKEV2 in 1.7 (#825)

* Fix License issue serialization

* Add Ike2 Proper Support

* Add headers

* Support patents and version-aware serialization (#827)

Add polymorphic patent support and make serialization version-aware. Introduces PatentItem model plus PatentItemDeserializer, PatentsDeserializer and PatentAssertionDeserializer/Serializer to handle mixed Patent/PatentFamily entries and XML/JSON differences; updates Definition to use the polymorphic list and provides helpers for legacy access. Refactors many serializers (EnvironmentVars, InputType, ExternalReference, Hash, IkeV2Transform, etc.) and CustomSerializerModifier to honor @VersionFilter and a Version parameter, filters enum/field serialization by target BOM version, and normalizes date formatting. Also enhances OrganizationalChoice deserialization, adds properties handling to ExternalReferencesDeserializer, and small model tweaks (Component, Composition, Service, LicenseItem, PriorityApplication, FormulationCommon, Level) to align with newer schema versions.

* Dev 1.7 fix model card (#829)

* Use 'model-card' for MODEL_CARD external reference

Update ExternalReference.MODEL_CARD to use kebab-case: change @JsonProperty and enum value from "model_card" to "model-card". This aligns the serialized name with the expected CycloneDX 1.5 naming while retaining the VersionFilter(Version.VERSION_15) annotation.

* Adjust Citation & Component; delete Classifications

Fix serialization and equality logic in model classes: change Citation @JsonPropertyOrder to use "bom-ref" to match the XML attribute, remove the now-unused Classifications class, and update Component.equals()/hashCode() to include newly added fields (isExternal, versionRange, patentAssertions, tags) so equality and hashing account for them.

* Add related cryptographic assets and schema (#828)

Introduce support for related cryptographic assets across crypto models and add a cryptography definitions schema. Changes include:

- Add new RelatedCryptographicAsset model with type and ref, equals/hashCode.
- Extend AlgorithmProperties, CertificateProperties, ProtocolProperties, and RelatedCryptoMaterialProperties to include List<RelatedCryptographicAsset> relatedCryptographicAssets with XML wrapper annotations, getters/setters, and include in equals/hashCode.
- Annotate new fields with @VersionFilter(Version.VERSION_17) and add necessary imports.
- Add cryptography-defs.schema.json resource containing algorithm family and elliptic curve metadata.
- Register the new schema in CycloneDxSchema offlineMappings so it can be resolved at runtime.

These changes enable expressing relationships between crypto objects and external cryptographic assets and provide a formal schema for algorithm/curve definitions.

* Add CycloneDX 1.7 crypto tests; reorder JSON props (#830)

Add comprehensive CycloneDX 1.7 cryptography unit tests for both JSON and XML generators (updates to BomJsonGeneratorTest and BomXmlGeneratorTest). Update schema verification to recognize -1.7 fixtures in JsonSchemaVerificationTest and XmlSchemaVerificationTest. Adjust AlgorithmProperties@JsonPropertyOrder to change the ordering of parameterSetIdentifier, curve, and ellipticCurve to match the 1.7 schema expectations.

* add signature object to citations for json-based sboms (#814)

* feat: add signature object to citations for json-based sboms

Signed-off-by: Sebastian Tiemann <setie@mailbox.org>

* revert chnage to bom reference JSON property

Signed-off-by: Sebastian Tiemann <setie@mailbox.org>

* Add new citation to checked amount of citation objects.

Signed-off-by: Sebastian Tiemann <setie@mailbox.org>

---------

Signed-off-by: Sebastian Tiemann <setie@mailbox.org>

---------

Signed-off-by: Sebastian Tiemann <setie@mailbox.org>
Co-authored-by: Sebastian Tiemann <setie@mailbox.org>
@mr-zepol mr-zepol requested a review from a team as a code owner July 1, 2026 13:47
@mr-zepol mr-zepol requested a review from nscuro July 1, 2026 13:47
@mr-zepol mr-zepol added breaking change spec/1.7 Changes for Spec 1.7 labels Jul 1, 2026
@codacy-production

codacy-production Bot commented Jul 1, 2026

Copy link
Copy Markdown

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 655 complexity

Metric Results
Complexity 655

View in Codacy

🟢 Coverage 71.49% diff coverage · -1.14% coverage variation

Metric Results
Coverage variation -1.14% coverage variation
Diff coverage 71.49% diff coverage

View coverage diff in Codacy

Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (37d5905) 6676 5061 75.81%
Head commit (8a22927) 7666 (+990) 5724 (+663) 74.67% (-1.14%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#866) 1203 860 71.49%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.

Update offline schema mappings to use `classpath:` URLs for `bom-1.7.schema.json` and `cryptography-defs.schema.json`, matching the existing pattern for earlier versions and ensuring local schema resolution works consistently.
@mr-zepol mr-zepol merged commit 4ec33a1 into master Jul 1, 2026
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

breaking change spec/1.7 Changes for Spec 1.7

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants