feat: v8.1.0 (#291)

* fix: Bug fix for trigger fossology process validation. (#277)
* fixed test case issue
* conan processer update
* updated requested code changes

Author: sumanthkb44

.github/workflows/build-and-release.yml

@@ -49,8 +49,8 @@ jobs:
 
       - name: Build Docker Image
         run: |
-          docker build . --file Dockerfile --tag ${{ github.repository }}:continuous-clearing-v8.0.0
-          docker save ${{ github.repository }}:continuous-clearing-v8.0.0 -o continuous-clearing-v8.0.0.tar
+          docker build . --file Dockerfile --tag ${{ github.repository }}:continuous-clearing-v8.1.0
+          docker save ${{ github.repository }}:continuous-clearing-v8.1.0 -o continuous-clearing-v8.1.0.tar
 
       - name: Upload Docker Image
         uses: actions/upload-artifact@v4
@@ -114,25 +114,25 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
-          tag_name: v8.0.0
-          release_name: Release v8.0.0
+          tag_name: v8.1.0
+          release_name: Release v8.1.0
           body: |
             ${{ github.event.head_commit.message }}
           draft: true
           prerelease: false
 
       - name: Compress Full Build Output into ZIP
         run: |
-          powershell -Command "& {Compress-Archive -Path ${{ github.workspace }}/out/* -DestinationPath ${{ github.workspace }}/continuous-clearing-v8.0.0.zip}"
+          powershell -Command "& {Compress-Archive -Path ${{ github.workspace }}/out/* -DestinationPath ${{ github.workspace }}/continuous-clearing-v8.1.0.zip}"
 
       - name: Upload Full Build Output ZIP to Release
         uses: actions/upload-release-asset@v1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: ${{ github.workspace }}/continuous-clearing-v8.0.0.zip
-          asset_name: continuous-clearing-v8.0.0.zip
+          asset_path: ${{ github.workspace }}/continuous-clearing-v8.1.0.zip
+          asset_name: continuous-clearing-v8.1.0.zip
           asset_content_type: application/zip
 
       - name: Upload Docker Image(tar) to Release
@@ -141,8 +141,8 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: ./continuous-clearing-v8.0.0.tar
-          asset_name: continuous-clearing-v8.0.0.tar
+          asset_path: ./continuous-clearing-v8.1.0.tar
+          asset_name: continuous-clearing-v8.1.0.tar
           asset_content_type: application/x-tar
 
       - name: Upload NuGet Package to Release

CA.nuspec

@@ -4,7 +4,7 @@
 <package >
   <metadata>
     <id>continuous-clearing</id>
-    <version>8.0.0</version>
+    <version>8.1.0</version>
     <authors>Siemens AG</authors>
     <owners>continuous-clearing contributors</owners>
     <projectUrl>https://github.com/siemens/continuous-clearing</projectUrl>
@@ -64,6 +64,9 @@
     <file src="out\net8.0\Microsoft.Build.Locator.dll" target="tools\Microsoft.Build.Locator.dll"/>
     <file src="out\net8.0\Microsoft.CodeAnalysis.CSharp.dll" target="tools\Microsoft.CodeAnalysis.CSharp.dll"/>
     <file src="out\net8.0\Microsoft.CodeAnalysis.dll" target="tools\Microsoft.CodeAnalysis.dll"/>
+    <file src="out\net8.0\Microsoft.ComponentDetection.Common.dll" target="tools\Microsoft.ComponentDetection.Common.dll"/>
+    <file src="out\net8.0\Microsoft.ComponentDetection.Contracts.dll" target="tools\Microsoft.ComponentDetection.Contracts.dll"/>
+    <file src="out\net8.0\Microsoft.ComponentDetection.Detectors.dll" target="tools\Microsoft.ComponentDetection.Detectors.dll"/>
     <file src="out\net8.0\Microsoft.Extensions.Configuration.Abstractions.dll" target="tools\Microsoft.Extensions.Configuration.Abstractions.dll"/>
     <file src="out\net8.0\Microsoft.Extensions.Configuration.Binder.dll" target="tools\Microsoft.Extensions.Configuration.Binder.dll"/>
     <file src="out\net8.0\Microsoft.Extensions.Configuration.CommandLine.dll" target="tools\Microsoft.Extensions.Configuration.CommandLine.dll"/>
@@ -125,6 +128,9 @@
     <file src="out\net8.0\System.Security.Permissions.dll" target="tools\System.Security.Permissions.dll"/>
     <file src="out\net8.0\System.Threading.AccessControl.dll" target="tools\System.Threading.AccessControl.dll"/>
     <file src="out\net8.0\System.Windows.Extensions.dll" target="tools\System.Windows.Extensions.dll"/>
+    <file src="out\net8.0\System.Text.Json.dll" target="tools\System.Text.Json.dll"/>
+    <file src="out\net8.0\System.IO.Pipelines.dll" target="tools\System.IO.Pipelines.dll"/>
+    <file src="out\net8.0\System.Text.Encodings.Web.dll" target="tools\System.Text.Encodings.Web.dll"/>
     <file src="out\net8.0\LCT.Telemetry.dll" target="tools\LCT.Telemetry.dll"/>
     <file src="out\net8.0\Tommy.dll" target="tools\Tommy.dll"/>
     <file src="out\net8.0\YamlDotNet.dll" target="tools\YamlDotNet.dll"/>

README.md

@@ -21,6 +21,8 @@ To ensure such practises are in place, we need to provide software bill of mater
 
 This tool has been  logically split into 3 different executables that enable it to be used as separate modules as per the user's requirement.
 
+**_Note: The SBOM created by this tool follows the CycloneDX version [v1.6](https://cyclonedx.org/docs/1.6/json/) and Siemens SBOM standard [v3](https://sbom.siemens.io/v3/format.html). These formats ensure the SBOM is detailed, secure, and meets industry and Siemens-specific requirements._**
+
 **_Note: Continuous Clearing Tool internally uses [Syft](https://github.com/anchore/syft) for component detection for debian/alpine type projects._**
 
 

TestFiles/IntegrationTestFiles/ArtifactoryUploaderTestData/Conan/Test_Bom.cdx.json

@@ -1,38 +1,32 @@
 {
   "bomFormat": "CycloneDX",
-  "specVersion": "1.4",
-  "serialNumber": "urn:uuid:3e407ffb-8ef0-4b06-bcdb-bdbe12dcd2a7",
+  "specVersion": "1.6",
+  "serialNumber": "urn:uuid:167dc9b4-dd8d-4f55-926a-c0f96cabf035",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-07-06T03:57:03Z",
-    "tools": [
-      {
-        "vendor": "Siemens AG",
-        "name": "Clearing Automation Tool",
-        "version": "6.1.0",
-        "externalReferences": [
-          {
-            "url": "https://github.com/siemens/continuous-clearing",
-            "type": "website"
-          }
-        ]
-      },
-      {
-        "vendor": "Siemens AG",
-        "name": "Siemens SBOM",
-        "version": "2.0.0",
-        "externalReferences": [
-          {
-            "url": "https://sbom.siemens.io/",
-            "type": "website"
-          }
-        ]
-      }
-    ],
+    "timestamp": "2025-05-26T04:19:21Z",
+    "tools": {
+      "components": [
+        {
+          "type": "application",
+          "supplier": {
+            "name": "Siemens AG"
+          },
+          "name": "Clearing Automation Tool",
+          "version": "8.0.0",
+          "externalReferences": [
+            {
+              "url": "https://github.com/siemens/continuous-clearing",
+              "type": "website"
+            }
+          ]
+        }
+      ]
+    },
     "component": {
       "type": "application",
-      "name": "Test",
-      "version": "1.0"
+      "name": "continuous-clearing",
+      "version": "v9.0.x"
     },
     "properties": [
       {
@@ -149,5 +143,22 @@
       ]
     }
   ],
-  "dependencies": []
+  "dependencies": [],
+  "definitions": {
+    "standards": [
+      {
+        "bom-ref": "standard-bom",
+        "name": "Standard BOM",
+        "version": "3.0.0",
+        "description": "The Standard for Software Bills of Materials in Siemens",
+        "owner": "Siemens AG",
+        "externalReferences": [
+          {
+            "url": "https://sbom.siemens.io/",
+            "type": "website"
+          }
+        ]
+      }
+    ]
+  }
 }

TestFiles/IntegrationTestFiles/ArtifactoryUploaderTestData/Npm/Test_Bom.cdx.json

@@ -1,38 +1,32 @@
 {
   "bomFormat": "CycloneDX",
-  "specVersion": "1.4",
-  "serialNumber": "urn:uuid:fe6bfc03-6e58-4ee4-bbe3-b1dc8fd73ad5",
+  "specVersion": "1.6",
+  "serialNumber": "urn:uuid:167dc9b4-dd8d-4f55-926a-c0f96cabf035",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-07-08T14:06:17Z",
-    "tools": [
-      {
-        "vendor": "Siemens AG",
-        "name": "Clearing Automation Tool",
-        "version": "6.1.0",
-        "externalReferences": [
-          {
-            "url": "https://github.com/siemens/continuous-clearing",
-            "type": "website"
-          }
-        ]
-      },
-      {
-        "vendor": "Siemens AG",
-        "name": "Siemens SBOM",
-        "version": "2.0.0",
-        "externalReferences": [
-          {
-            "url": "https://sbom.siemens.io/",
-            "type": "website"
-          }
-        ]
-      }
-    ],
+    "timestamp": "2025-05-26T04:19:21Z",
+    "tools": {
+      "components": [
+        {
+          "type": "application",
+          "supplier": {
+            "name": "Siemens AG"
+          },
+          "name": "Clearing Automation Tool",
+          "version": "8.0.0",
+          "externalReferences": [
+            {
+              "url": "https://github.com/siemens/continuous-clearing",
+              "type": "website"
+            }
+          ]
+        }
+      ]
+    },
     "component": {
       "type": "application",
-      "name": "Test",
-      "version": "1.0"
+      "name": "continuous-clearing",
+      "version": "v9.0.x"
     },
     "properties": [
       {
@@ -382,5 +376,22 @@
         "pkg:npm/webpack-sources@1.4.3"
       ]
     }
-  ]
+  ],
+  "definitions": {
+    "standards": [
+      {
+        "bom-ref": "standard-bom",
+        "name": "Standard BOM",
+        "version": "3.0.0",
+        "description": "The Standard for Software Bills of Materials in Siemens",
+        "owner": "Siemens AG",
+        "externalReferences": [
+          {
+            "url": "https://sbom.siemens.io/",
+            "type": "website"
+          }
+        ]
+      }
+    ]
+  }
 }

TestFiles/IntegrationTestFiles/ArtifactoryUploaderTestData/Nuget/Test_Bom.cdx.json

@@ -1,38 +1,32 @@
 {
   "bomFormat": "CycloneDX",
-  "specVersion": "1.4",
-  "serialNumber": "urn:uuid:383df7b9-7355-4912-98ce-dc0c93573a11",
+  "specVersion": "1.6",
+  "serialNumber": "urn:uuid:167dc9b4-dd8d-4f55-926a-c0f96cabf035",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-07-08T12:58:12Z",
-    "tools": [
-      {
-        "vendor": "Siemens AG",
-        "name": "Clearing Automation Tool",
-        "version": "6.1.0",
-        "externalReferences": [
-          {
-            "url": "https://github.com/siemens/continuous-clearing",
-            "type": "website"
-          }
-        ]
-      },
-      {
-        "vendor": "Siemens AG",
-        "name": "Siemens SBOM",
-        "version": "2.0.0",
-        "externalReferences": [
-          {
-            "url": "https://sbom.siemens.io/",
-            "type": "website"
-          }
-        ]
-      }
-    ],
+    "timestamp": "2025-05-26T04:19:21Z",
+    "tools": {
+      "components": [
+        {
+          "type": "application",
+          "supplier": {
+            "name": "Siemens AG"
+          },
+          "name": "Clearing Automation Tool",
+          "version": "8.0.0",
+          "externalReferences": [
+            {
+              "url": "https://github.com/siemens/continuous-clearing",
+              "type": "website"
+            }
+          ]
+        }
+      ]
+    },
     "component": {
       "type": "application",
-      "name": "Test",
-      "version": "1.0"
+      "name": "continuous-clearing",
+      "version": "v9.0.x"
     },
     "properties": [
       {
@@ -361,5 +355,22 @@
       ]
     }
   ],
-  "dependencies": []
+  "dependencies": [],
+  "definitions": {
+    "standards": [
+      {
+        "bom-ref": "standard-bom",
+        "name": "Standard BOM",
+        "version": "3.0.0",
+        "description": "The Standard for Software Bills of Materials in Siemens",
+        "owner": "Siemens AG",
+        "externalReferences": [
+          {
+            "url": "https://sbom.siemens.io/",
+            "type": "website"
+          }
+        ]
+      }
+    ]
+  }
 }