feat(sbom): add manufacturer field to CycloneDX tools metadata (#9019)

Co-authored-by: DmitriyLewen <[email protected]>

Author: krikera

integration/testdata/conda-cyclonedx.json.golden

@@ -10,6 +10,9 @@
       "components": [
         {
           "type": "application",
+          "manufacturer": {
+            "name": "Aqua Security Software Ltd."
+          },
           "group": "aquasecurity",
           "name": "trivy",
           "version": "dev"

integration/testdata/conda-environment-cyclonedx.json.golden

@@ -10,6 +10,9 @@
       "components": [
         {
           "type": "application",
+          "manufacturer": {
+            "name": "Aqua Security Software Ltd."
+          },
           "group": "aquasecurity",
           "name": "trivy",
           "version": "dev"

integration/testdata/fluentd-multiple-lockfiles-short.cdx.json.golden

@@ -10,6 +10,9 @@
       "components": [
         {
           "type": "application",
+          "manufacturer": {
+            "name": "Aqua Security Software Ltd."
+          },
           "group": "aquasecurity",
           "name": "trivy",
           "version": "dev"

integration/testdata/fluentd-multiple-lockfiles.cdx.json.golden

@@ -10,6 +10,9 @@
       "components": [
         {
           "type": "application",
+          "manufacturer": {
+            "name": "Aqua Security Software Ltd."
+          },
           "group": "aquasecurity",
           "name": "trivy",
           "version": "dev"

integration/testdata/npm-cyclonedx.json.golden

@@ -10,6 +10,9 @@
       "components": [
         {
           "type": "application",
+          "manufacturer": {
+            "name": "Aqua Security Software Ltd."
+          },
           "group": "aquasecurity",
           "name": "trivy",
           "version": "dev"

integration/testdata/pom-cyclonedx.json.golden

@@ -10,6 +10,9 @@
       "components": [
         {
           "type": "application",
+          "manufacturer": {
+            "name": "Aqua Security Software Ltd."
+          },
           "group": "aquasecurity",
           "name": "trivy",
           "version": "dev"

pkg/sbom/cyclonedx/marshal.go

@@ -26,9 +26,10 @@ import (
 )
 
 const (
-	ToolVendor = "aquasecurity"
-	ToolName   = "trivy"
-	Namespace  = ToolVendor + ":" + ToolName + ":"
+	ToolVendor       = "aquasecurity"
+	ToolName         = "trivy"
+	ToolManufacturer = "Aqua Security Software Ltd."
+	Namespace        = ToolVendor + ":" + ToolName + ":"
 
 	// https://json-schema.org/understanding-json-schema/reference/string.html#dates-and-times
 	timeLayout = "2006-01-02T15:04:05+00:00"
@@ -88,10 +89,11 @@ func (m *Marshaler) Metadata(ctx context.Context) *cdx.Metadata {
 		Tools: &cdx.ToolsChoice{
 			Components: &[]cdx.Component{
 				{
-					Type:    cdx.ComponentTypeApplication,
-					Group:   ToolVendor,
-					Name:    ToolName,
-					Version: m.appVersion,
+					Type:         cdx.ComponentTypeApplication,
+					Group:        ToolVendor,
+					Name:         ToolName,
+					Version:      m.appVersion,
+					Manufacturer: &cdx.OrganizationalEntity{Name: ToolManufacturer},
 				},
 			},
 		},

pkg/sbom/cyclonedx/marshal_test.go

@@ -287,6 +287,9 @@ func TestMarshaler_MarshalReport(t *testing.T) {
 								Name:    "trivy",
 								Group:   "aquasecurity",
 								Version: "dev",
+								Manufacturer: &cdx.OrganizationalEntity{
+									Name: "Aqua Security Software Ltd.",
+								},
 							},
 						},
 					},
@@ -923,6 +926,9 @@ func TestMarshaler_MarshalReport(t *testing.T) {
 								Name:    "trivy",
 								Group:   "aquasecurity",
 								Version: "dev",
+								Manufacturer: &cdx.OrganizationalEntity{
+									Name: "Aqua Security Software Ltd.",
+								},
 							},
 						},
 					},
@@ -1308,6 +1314,9 @@ func TestMarshaler_MarshalReport(t *testing.T) {
 								Name:    "trivy",
 								Group:   "aquasecurity",
 								Version: "dev",
+								Manufacturer: &cdx.OrganizationalEntity{
+									Name: "Aqua Security Software Ltd.",
+								},
 							},
 						},
 					},
@@ -1535,6 +1544,9 @@ func TestMarshaler_MarshalReport(t *testing.T) {
 								Name:    "trivy",
 								Group:   "aquasecurity",
 								Version: "dev",
+								Manufacturer: &cdx.OrganizationalEntity{
+									Name: "Aqua Security Software Ltd.",
+								},
 							},
 						},
 					},
@@ -1791,6 +1803,9 @@ func TestMarshaler_MarshalReport(t *testing.T) {
 								Name:    "trivy",
 								Group:   "aquasecurity",
 								Version: "dev",
+								Manufacturer: &cdx.OrganizationalEntity{
+									Name: "Aqua Security Software Ltd.",
+								},
 							},
 						},
 					},
@@ -1978,6 +1993,9 @@ func TestMarshaler_MarshalReport(t *testing.T) {
 								Name:    "trivy",
 								Group:   "aquasecurity",
 								Version: "dev",
+								Manufacturer: &cdx.OrganizationalEntity{
+									Name: "Aqua Security Software Ltd.",
+								},
 							},
 						},
 					},
@@ -2066,6 +2084,9 @@ func TestMarshaler_MarshalReport(t *testing.T) {
 								Name:    "trivy",
 								Group:   "aquasecurity",
 								Version: "dev",
+								Manufacturer: &cdx.OrganizationalEntity{
+									Name: "Aqua Security Software Ltd.",
+								},
 							},
 						},
 					},