Merge pull request #12 from mfaquan/update-to-1.2.2320.0

Update public-api to 1.2.2320.0

Author: psmf

README.md

@@ -1,5 +1,9 @@
 # Fortify Software Security Center Plugin API
 
+## Version 1.2.2320
+- Add setSBOMEntry() method to ScanBuilder
+- The plugin-api version 1.2 is only supported since SSC version 23.2.0
+
 ## Version 1.1.2220
 - Add optional ParserType element to IssueParser
 - Bump schema and plugin-api version to 1.1

build.gradle

@@ -4,11 +4,11 @@ plugins {
 	id 'maven-publish'
 	id 'signing'
 	id 'io.github.gradle-nexus.publish-plugin' version '1.0.0'
-	id "biz.aQute.bnd.builder" version "6.3.1"
+	id "biz.aQute.bnd.builder" version "6.4.0"
 }
 
 group 'com.fortify.plugin'
-version '1.1.2220.0'
+version '1.2.2320.0'
 description 'Fortify Plugin API'
 
 apply from: 'bundle.gradle'

src/main/java/com/fortify/plugin/api/BasicVulnerabilityBuilder.java

@@ -1,5 +1,5 @@
 /*
- * (c) Copyright 2017 Micro Focus or one of its affiliates.
+ * Copyright 2017-2023 Open Text
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at

src/main/java/com/fortify/plugin/api/FortifyAnalyser.java

@@ -1,5 +1,5 @@
 /*
- * (c) Copyright 2017 Micro Focus or one of its affiliates.
+ * Copyright 2017-2023 Open Text
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at

src/main/java/com/fortify/plugin/api/FortifyKingdom.java

@@ -1,5 +1,5 @@
 /*
- * (c) Copyright 2017 Micro Focus or one of its affiliates.
+ * Copyright 2017-2023 Open Text
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at

src/main/java/com/fortify/plugin/api/SbomFormat.java

@@ -0,0 +1,14 @@
+/*
+ * Copyright 2023 Open Text
+ */
+
+package com.fortify.plugin.api;
+
+/**
+ * The SBOM formats that SSC accepts.
+ */
+public enum SbomFormat {
+    CYCLONEDX,
+    SPDX,
+    SWID;
+}

src/main/java/com/fortify/plugin/api/SbomSerialization.java

@@ -0,0 +1,16 @@
+/*
+ * Copyright 2023 Open Text
+ */
+
+package com.fortify.plugin.api;
+
+/**
+ * The SBOM serializations that SSC accepts.
+ */
+public enum SbomSerialization {
+    JSON,
+    RDF_XML,
+    XLSX,
+    XML,
+    YAML
+}

src/main/java/com/fortify/plugin/api/SbomType.java

@@ -0,0 +1,26 @@
+/*
+ * Copyright 2023 Open Text
+ */
+
+package com.fortify.plugin.api;
+
+public enum SbomType {
+    CYCLONEDX_JSON(SbomFormat.CYCLONEDX, SbomSerialization.JSON),
+    CYCLONEDX_XML(SbomFormat.CYCLONEDX, SbomSerialization.XML),
+    SPDX_RDFXML(SbomFormat.SPDX, SbomSerialization.RDF_XML),
+    SPDX_JSON(SbomFormat.SPDX, SbomSerialization.JSON),
+    SPDX_XLSX(SbomFormat.SPDX, SbomSerialization.XLSX),
+    SPDX_XML(SbomFormat.SPDX, SbomSerialization.XML),
+    SPDX_YAML(SbomFormat.SPDX, SbomSerialization.YAML),
+    SWID_XML(SbomFormat.SWID, SbomSerialization.XML);
+
+    private SbomFormat format;
+    private SbomSerialization serialization;
+    SbomType(SbomFormat format, SbomSerialization serialization) {
+        this.format = format;
+        this.serialization = serialization;
+    }
+
+    public SbomFormat getFormat() { return format; }
+    public SbomSerialization getSerialization() { return serialization; }
+}

src/main/java/com/fortify/plugin/api/ScanBuilder.java

@@ -1,5 +1,7 @@
 /*
- * (c) Copyright 2017 Micro Focus or one of its affiliates.
+ * Copyright 2017-2023 Open Text
+ */
+/*
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -9,7 +11,7 @@
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
-*/
+ */
 package com.fortify.plugin.api;
 
 import java.util.Date;
@@ -109,6 +111,15 @@ public interface ScanBuilder {
      */
     ScanBuilder setEngineVersion(String engineVersion);
 
+    /**
+     * Set the ScanEntry of the SBOM file in the scan file.
+     * @param scanEntry scanEntry of the SBOM file.
+     * @param sbomType format and serialization of the SBOM file.
+     * @return reference to this ScanBuilder instance.
+     * @since 1.2.2320.0 (SSC 23.2.0)
+     */
+    ScanBuilder setSBOMEntry(ScanEntry scanEntry, SbomType sbomType);
+
     /**
      * Complete scan build process and notify plugin framework that scan is ready to be passed to SSC.
      */

src/main/java/com/fortify/plugin/api/ScanData.java

@@ -1,5 +1,7 @@
 /*
- * (c) Copyright 2017 Micro Focus or one of its affiliates.
+ * Copyright 2017-2023 Open Text
+ */
+/*
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -14,6 +16,7 @@
 
 import java.io.IOException;
 import java.io.InputStream;
+import java.net.URL;
 import java.util.List;
 import java.util.function.Predicate;
 
@@ -54,4 +57,11 @@ public interface ScanData {
      */
     InputStream getInputStream(Predicate<String> matcher) throws IOException;
 
+    /**
+     * Returns a URL for the specified ScanEntry
+     * @param scanEntry
+     * @return URL for the scan entry
+     * @since 23.2.0
+     */
+    URL getUrl(ScanEntry scanEntry);
 }