Merge pull request #58 from scanoss/add-metadata-to-cyclonedx

SP-1584 / added metadata field to cyclonedx output

Author: ortizjeronimo

CHANGELOG.md

@@ -9,6 +9,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - Upcoming changes...
 
+## [1.16.0] - 2024-10-08
+### Added
+- Added the `metadata` field to the output in CycloneDX format, now including the fields `timestamp`, `tool vendor`, `tool` and `tool version`
+
 ## [1.15.0] - 2024-09-17
 ### Added
 - Added Results sub-command:
@@ -350,3 +354,4 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [1.13.0]: https://github.com/scanoss/scanoss.py/compare/v1.12.3...v1.13.0
 [1.14.0]: https://github.com/scanoss/scanoss.py/compare/v1.13.0...v1.14.0
 [1.15.0]: https://github.com/scanoss/scanoss.py/compare/v1.14.0...v1.15.0
+[1.16.0]: https://github.com/scanoss/scanoss.py/compare/v1.15.0...v1.16.0

src/scanoss/__init__.py

@@ -22,4 +22,4 @@
    THE SOFTWARE.
 """
 
-__version__ = "1.15.0"
+__version__ = "1.16.0"

src/scanoss/cyclonedx.py

@@ -25,6 +25,9 @@
 import os.path
 import sys
 import uuid
+import datetime
+
+from . import __version__
 
 from .scanossbase import ScanossBase
 from .spdxlite import SpdxLite
@@ -186,6 +189,16 @@ def produce_from_json(self, data: json, output_file: str = None) -> bool:
             'specVersion': '1.4',
             'serialNumber': f'urn:uuid:{uuid.uuid4()}',
             'version': 1,
+            'metadata': {
+                'timestamp': datetime.datetime.now(datetime.timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ"),
+                'tools': [
+                    {
+                        'vendor': 'SCANOSS',
+                        'name': 'scanoss-py',
+                        'version': __version__,
+                    }
+                ]
+            },
             'components': [],
             'vulnerabilities': []
         }