fix: manufacture. Reasoning: https://cyclonedx.org/docs/1.6/json/#metadata_manufacture deprecated. Use https://cyclonedx.org/docs/1.6/json/#metadata_manufacturer instead

Signed-off-by: Johannes Özkan Preisinger <[email protected]>

Author: barblin

src/main/java/org/cyclonedx/gradle/SbomBuilder.java

@@ -50,6 +50,7 @@
 import org.cyclonedx.model.Hash;
 import org.cyclonedx.model.LicenseChoice;
 import org.cyclonedx.model.Metadata;
+import org.cyclonedx.model.OrganizationalEntity;
 import org.cyclonedx.model.Property;
 import org.cyclonedx.model.Tool;
 import org.cyclonedx.model.metadata.ToolInformation;
@@ -127,7 +128,10 @@ private Metadata buildMetadata(final SbomComponent parentComponent) {
                     e);
         }
         metadata.setLicenseChoice(task.getLicenseChoice());
-        metadata.setManufacture(task.getOrganizationalEntity());
+
+        if (!(new OrganizationalEntity()).equals(task.getOrganizationalEntity())) {
+            metadata.setManufacturer(task.getOrganizationalEntity());
+        }
 
         final Properties pluginProperties = readPluginProperties();
         if (!pluginProperties.isEmpty()) {

src/test/groovy/org/cyclonedx/gradle/utils/OrganizationalEntityUtilTest.groovy

@@ -0,0 +1,137 @@
+package org.cyclonedx.gradle.utils
+
+import com.fasterxml.jackson.databind.ObjectMapper
+import org.cyclonedx.gradle.TestUtils
+import org.cyclonedx.model.Bom
+import org.gradle.testkit.runner.GradleRunner
+import org.gradle.testkit.runner.TaskOutcome
+import spock.lang.Specification
+
+class OrganizationalEntityUtilTest extends Specification {
+
+    def "manufacturer should be empty if no organizational entity is provided"() {
+        given: "A mocked project directory with no git repo configuration"
+        File testDir = TestUtils.createFromString(
+            """
+            plugins {
+                id 'org.cyclonedx.bom'
+                id 'java'
+            }
+            repositories {
+                mavenCentral()
+            }
+            group = 'com.example'
+            version = '1.0.0'
+
+            cyclonedxBom {
+            }
+
+            dependencies {
+                implementation("org.hibernate:hibernate-core:5.6.15.Final")
+            }""", "rootProject.name = 'hello-world'"
+        )
+
+        and: "given the current test directory context (otherwise it will pick up the repo url from cycloneDx repo)"
+        System.setProperty("user.dir", testDir.toPath().toString())
+
+        when:
+        def result = GradleRunner.create()
+            .withProjectDir(testDir)
+            .withArguments("cyclonedxBom")
+            .withPluginClasspath()
+            .build()
+
+        then:
+        result.task(":cyclonedxBom").outcome == TaskOutcome.SUCCESS
+        File jsonBom = new File(testDir, "build/reports/bom.json")
+        Bom bom = new ObjectMapper().readValue(jsonBom, Bom.class)
+
+        assert bom.getMetadata().getManufacturer() == null
+    }
+
+    def "manufacturer should be empty if empty organizational entity is provided"() {
+        given: "A mocked project directory with no git repo configuration"
+        File testDir = TestUtils.createFromString(
+            """
+            plugins {
+                id 'org.cyclonedx.bom'
+                id 'java'
+            }
+            repositories {
+                mavenCentral()
+            }
+            group = 'com.example'
+            version = '1.0.0'
+
+            cyclonedxBom {
+                setOrganizationalEntity { oe ->
+                    oe.name = null
+                }
+            }
+
+            dependencies {
+                implementation("org.hibernate:hibernate-core:5.6.15.Final")
+            }""", "rootProject.name = 'hello-world'"
+        )
+
+        and: "given the current test directory context (otherwise it will pick up the repo url from cycloneDx repo)"
+        System.setProperty("user.dir", testDir.toPath().toString())
+
+        when:
+        def result = GradleRunner.create()
+            .withProjectDir(testDir)
+            .withArguments("cyclonedxBom")
+            .withPluginClasspath()
+            .build()
+
+        then:
+        result.task(":cyclonedxBom").outcome == TaskOutcome.SUCCESS
+        File jsonBom = new File(testDir, "build/reports/bom.json")
+        Bom bom = new ObjectMapper().readValue(jsonBom, Bom.class)
+
+        assert bom.getMetadata().getManufacturer() == null
+    }
+
+    def "manufacturer should not be empty if organizational entity is provided"() {
+        given: "A mocked project directory with no git repo configuration"
+        File testDir = TestUtils.createFromString(
+            """
+            plugins {
+                id 'org.cyclonedx.bom'
+                id 'java'
+            }
+            repositories {
+                mavenCentral()
+            }
+            group = 'com.example'
+            version = '1.0.0'
+
+            cyclonedxBom {
+                setOrganizationalEntity { oe ->
+                    oe.name = "name"
+                }
+            }
+
+            dependencies {
+                implementation("org.hibernate:hibernate-core:5.6.15.Final")
+            }""", "rootProject.name = 'hello-world'"
+        )
+
+        and: "given the current test directory context (otherwise it will pick up the repo url from cycloneDx repo)"
+        System.setProperty("user.dir", testDir.toPath().toString())
+
+        when:
+        def result = GradleRunner.create()
+            .withProjectDir(testDir)
+            .withArguments("cyclonedxBom")
+            .withPluginClasspath()
+            .build()
+
+        then:
+        result.task(":cyclonedxBom").outcome == TaskOutcome.SUCCESS
+        File jsonBom = new File(testDir, "build/reports/bom.json")
+        Bom bom = new ObjectMapper().readValue(jsonBom, Bom.class)
+
+        assert bom.getMetadata().getManufacturer().getName() == "name"
+    }
+}