cyclonedx-rust-cargo
cyclonedx-rust-cargo copied to clipboard
CycloneDX
Creates CycloneDX Software Bill of Materials (SBOM) from Rust (Cargo) projects
Bumps [DeterminateSystems/magic-nix-cache-action](https://github.com/determinatesystems/magic-nix-cache-action) from 3 to 6. Release notes Sourced from DeterminateSystems/magic-nix-cache-action's releases. v6 What's Changed Set the default flakehub-flake-name to an empty string by @cole-h in DeterminateSystems/magic-nix-cache-action#51 Full Changelog: https://github.com/DeterminateSystems/magic-nix-cache-action/compare/v5...v6...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [DeterminateSystems/nix-installer-action](https://github.com/determinatesystems/nix-installer-action) from 9 to 11. Release notes Sourced from DeterminateSystems/nix-installer-action's releases. v11 What's Changed Rebase on top of detsys-ts for abstracting over install.determinate.systems by @grahamc in DeterminateSystems/nix-installer-action#74 Update detsys-ts...
As shown in https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/695 and https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/694. Some of the snapshot files contain `null` objects that are consequence of forgetting sprinking `#[serde(skip_serializing_if = "Option::is_none")` in some optional fields. Considering that I...
While implementing the `formula` type for the XML and JSON schemas. I noticed that the two specs don't actually agree on the structure of some fields: [This](https://github.com/CycloneDX/specification/blob/8e131b1688ccfe41e1bfdd4b3280f33dcc06d04c/schema/bom-1.5.xsd#L1783-L1813) is the XML...
The current test suite relies on `cargo-insta` to do snapshot testing but it also has serialized versions of several structs as `&'static str`s inside the codebase. But, nothing guarantees that...
CycloneDX 1.6 (I believe) allows producing reproducible SBOMs by leaving out timestamps. We should add an option to allow the same.
The Spec version 1.5 was released last year, therefore support [version 1.5](https://cyclonedx.org/docs/1.5/json) should be added. Initial work has begun in #584, it covers the first 4 items of the list...
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 1 to 2. Release notes Sourced from softprops/action-gh-release's releases. v2.0.0 update actions.yml declaration to node20 to address warnings Changelog Sourced from softprops/action-gh-release's changelog. 0.1.12 fix bug leading...
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.193 to 1.0.201. Release notes Sourced from serde's releases. v1.0.201 Resolve unexpected_cfgs warning (#2737) v1.0.200 Fix formatting of "invalid type" and "invalid value" deserialization error messages containing...
addresses #552 - marked as draft as i made some calls about what targets and installers you'd like to support. happy to talk through those and update. you can run...
