Update cyclone dx versions for Build tools (#5383)

Updated Cyclone DX dependencies for golangBuild, mavenBuild and graddleExecuteBuild.
2025-10-30 23:57:50 +02:00 · 2025-06-27 15:06:42 +03:00
parent 4aeceb2789
commit b647e2f26b
7 changed files with 17 additions and 11 deletions
--- a/cmd/golangBuild.go
+++ b/cmd/golangBuild.go
@@ -33,7 +33,7 @@ const (
 	integrationJsonReport       = "integration-report.out"
 	golangCoberturaPackage      = "github.com/boumenot/gocover-cobertura@latest"
 	golangTestsumPackage        = "gotest.tools/gotestsum@latest"
-	golangCycloneDXPackage      = "github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@v1.4.0"
+	golangCycloneDXPackage      = "github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@v1.9.0"
 	sbomFilename                = "bom-golang.xml"
 )

--- a/cmd/golangBuild_test.go
+++ b/cmd/golangBuild_test.go
@@ -284,7 +284,7 @@ go 1.17`
 		assert.NoError(t, err)
 		assert.Equal(t, 3, len(utils.ExecMockRunner.Calls))
 		assert.Equal(t, "go", utils.ExecMockRunner.Calls[0].Exec)
-		assert.Equal(t, []string{"install", "github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@v1.4.0"}, utils.ExecMockRunner.Calls[0].Params)
+		assert.Equal(t, []string{"install", "github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@v1.9.0"}, utils.ExecMockRunner.Calls[0].Params)
 		assert.Equal(t, "cyclonedx-gomod", utils.ExecMockRunner.Calls[1].Exec)
 		assert.Equal(t, []string{"mod", "-licenses", "-verbose=false", "-test", "-output", "bom-golang.xml", "-output-version", "1.4"}, utils.ExecMockRunner.Calls[1].Params)
 		assert.Equal(t, "go", utils.ExecMockRunner.Calls[2].Exec)
@@ -330,7 +330,7 @@ go 1.17`
 			CreateBOM: true,
 		}
 		utils := newGolangBuildTestsUtils()
-		utils.ShouldFailOnCommand = map[string]error{"go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@v1.4.0": fmt.Errorf("install failure")}
+		utils.ShouldFailOnCommand = map[string]error{"go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@v1.9.0": fmt.Errorf("install failure")}
 		telemetryData := telemetry.CustomData{}

 		err := runGolangBuild(&config, &telemetryData, utils, &cpe)
--- a/cmd/gradleExecuteBuild.go
+++ b/cmd/gradleExecuteBuild.go
@@ -83,7 +83,7 @@ initscript {
    }
  }
  dependencies {
-    classpath "org.cyclonedx:cyclonedx-gradle-plugin:1.7.0"
+    classpath "org.cyclonedx:cyclonedx-gradle-plugin:1.7.4"
  }
 }

--- a/cmd/mavenBuild.go
+++ b/cmd/mavenBuild.go
@@ -66,7 +66,7 @@ func runMakeBOMGoal(config *mavenBuildOptions, utils maven.Utils) error {
 	}
 	defines = append(defines, createBOMConfig...)

-	goals := []string{"org.cyclonedx:cyclonedx-maven-plugin:2.7.9:makeBom"}
+	goals := []string{"org.cyclonedx:cyclonedx-maven-plugin:2.9.1:makeBom"}

 	if config.Flatten {
 		goals = append(goals, "flatten:flatten")
@@ -110,7 +110,7 @@ func runMavenBuild(config *mavenBuildOptions, _ *telemetry.CustomData, utils mav

 	if config.CreateBOM {
 		// Append the makeAggregateBOM goal to the rest of the goals
-		goals = append(goals, "org.cyclonedx:cyclonedx-maven-plugin:2.7.9:makeAggregateBom")
+		goals = append(goals, "org.cyclonedx:cyclonedx-maven-plugin:2.9.1:makeAggregateBom")
 		createBOMConfig := []string{
 			"-DschemaVersion=1.4",
 			"-DincludeBomSerialNumber=true",
--- a/cmd/mavenBuild_test.go
+++ b/cmd/mavenBuild_test.go
@@ -7,11 +7,17 @@ import (
 	"testing"

 	"github.com/stretchr/testify/assert"
+
+	config2 "github.com/SAP/jenkins-library/pkg/config"
 )

 var cpe mavenBuildCommonPipelineEnvironment

 func TestMavenBuild(t *testing.T) {
+	SetConfigOptions(ConfigCommandOptions{
+		OpenFile: config2.OpenPiperFile,
+	})
+
 	t.Run("mavenBuild should install the artifact", func(t *testing.T) {
 		mockedUtils := newMavenMockUtils()

@@ -51,7 +57,7 @@ func TestMavenBuild(t *testing.T) {
 		assert.Nil(t, err)
 		if assert.Equal(t, 2, len(mockedUtils.Calls), "Expected two Maven invocations (default + makeAggregateBom)") {
 			assert.Equal(t, "mvn", mockedUtils.Calls[1].Exec)
-			assert.Contains(t, mockedUtils.Calls[0].Params, "org.cyclonedx:cyclonedx-maven-plugin:2.7.9:makeAggregateBom")
+			assert.Contains(t, mockedUtils.Calls[0].Params, "org.cyclonedx:cyclonedx-maven-plugin:2.9.1:makeAggregateBom")
 			assert.Contains(t, mockedUtils.Calls[0].Params, "-DoutputName=bom-maven")
 		}
 	})
--- a/integration/integration_golang_test.go
+++ b/integration/integration_golang_test.go
@@ -29,7 +29,7 @@ func TestGolangIntegrationBuildProject1(t *testing.T) {

 	container.assertHasOutput(t,
 		"info  golangBuild - running command: go install gotest.tools/gotestsum@latest",
-		"info  golangBuild - running command: go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@v1.4.0",
+		"info  golangBuild - running command: go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@v1.9.0",
 		"info  golangBuild - running command: gotestsum --junitfile TEST-go.xml --jsonfile unit-report.out -- -coverprofile=cover.out -tags=unit ./...",
 		"info  golangBuild - DONE 8 tests",
 		"info  golangBuild - running command: go tool cover -html cover.out -o coverage.html",
@@ -64,7 +64,7 @@ func TestGolangIntegrationBuildProject1MultiPackage(t *testing.T) {
 	assert.NoError(t, err)

 	container.assertHasOutput(t, "info  golangBuild - running command: go install gotest.tools/gotestsum@latest",
-		"info  golangBuild - running command: go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@v1.4.0",
+		"info  golangBuild - running command: go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@v1.9.0",
 		"info  golangBuild - running command: gotestsum --junitfile TEST-go.xml --jsonfile unit-report.out -- -coverprofile=cover.out -tags=unit ./...",
 		"info  golangBuild - DONE 8 tests",
 		"info  golangBuild - running command: go tool cover -html cover.out -o coverage.html",
@@ -102,7 +102,7 @@ func TestGolangIntegrationBuildProject2(t *testing.T) {

 	container.assertHasNoOutput(t,
 		"info  golangBuild - running command: go install gotest.tools/gotestsum@latest",
-		"info  golangBuild - running command: go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@v1.4.0",
+		"info  golangBuild - running command: go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@v1.9.0",
 		"info  golangBuild - running command: gotestsum --junitfile TEST-go.xml --jsonfile unit-report.out -- -coverprofile=cover.out -tags=unit ./...",
 		"info  golangBuild - running command: go tool cover -html cover.out -o coverage.html",
 		"info  golangBuild - running command: gotestsum --junitfile TEST-integration.xml --jsonfile integration-report.out -- -tags=integration ./...",
--- a/integration/testdata/TestGradleIntegration/java-project-with-bom-plugin/build.gradle
+++ b/integration/testdata/TestGradleIntegration/java-project-with-bom-plugin/build.gradle
@@ -2,7 +2,7 @@ plugins {
 	id 'org.springframework.boot' version '2.6.5-SNAPSHOT'
 	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
 	id 'java'
-	id "org.cyclonedx.bom" version "1.7.0"
+	id "org.cyclonedx.bom" version "1.7.4"
 }

 group = 'com.example'