RubyGems - sbom-cyclonedx - Versions diffs - 0.1.0 → 0.2.0 - Mend

sbom-cyclonedx 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (368) hide show

checksums.yaml +4 -4
data/.gitignore +15 -0
data/.gitlab-ci.yml +49 -0
data/.rspec +3 -0
data/.rubocop.yml +72 -0
data/.vscode/settings.json +6 -0
data/CHANGELOG.md +9 -0
data/CODE_OF_CONDUCT.md +132 -0
data/Gemfile +26 -0
data/Gemfile.lock +179 -0
data/LICENSE.txt +21 -0
data/README.md +39 -0
data/Rakefile +36 -0
data/Steepfile +14 -0
data/bin/console +11 -0
data/bin/rbs_spec +9 -0
data/bin/setup +8 -0
data/bom-1.6.schema.json +7334 -0
data/lib/email_address_extension.rb +26 -0
data/lib/sbom/cyclone_dx/enum.rb +2178 -0
data/lib/sbom/cyclone_dx/field.rb +404 -0
data/lib/sbom/cyclone_dx/pattern.rb +43 -0
data/lib/sbom/cyclone_dx/record/advisory.rb +17 -0
data/lib/sbom/cyclone_dx/record/annotation.rb +46 -0
data/lib/sbom/cyclone_dx/record/attachment.rb +21 -0
data/lib/sbom/cyclone_dx/record/base.rb +244 -0
data/lib/sbom/cyclone_dx/record/cipher_suite.rb +23 -0
data/lib/sbom/cyclone_dx/record/co2_measure.rb +18 -0
data/lib/sbom/cyclone_dx/record/command.rb +18 -0
data/lib/sbom/cyclone_dx/record/commit.rb +25 -0
data/lib/sbom/cyclone_dx/record/component.rb +126 -0
data/lib/sbom/cyclone_dx/record/component_data.rb +46 -0
data/lib/sbom/cyclone_dx/record/component_evidence.rb +68 -0
data/lib/sbom/cyclone_dx/record/component_identity_evidence.rb +36 -0
data/lib/sbom/cyclone_dx/record/composition.rb +33 -0
data/lib/sbom/cyclone_dx/record/condition.rb +20 -0
data/lib/sbom/cyclone_dx/record/copyright.rb +16 -0
data/lib/sbom/cyclone_dx/record/crypto_properties.rb +137 -0
data/lib/sbom/cyclone_dx/record/data_governance.rb +21 -0
data/lib/sbom/cyclone_dx/record/data_governance_responsible_party.rb +22 -0
data/lib/sbom/cyclone_dx/record/declarations.rb +193 -0
data/lib/sbom/cyclone_dx/record/definitions.rb +17 -0
data/lib/sbom/cyclone_dx/record/dependency.rb +21 -0
data/lib/sbom/cyclone_dx/record/diff.rb +18 -0
data/lib/sbom/cyclone_dx/record/energy_consumption.rb +31 -0
data/lib/sbom/cyclone_dx/record/energy_measure.rb +18 -0
data/lib/sbom/cyclone_dx/record/energy_provider.rb +31 -0
data/lib/sbom/cyclone_dx/record/environmental_consideration.rb +20 -0
data/lib/sbom/cyclone_dx/record/event.rb +31 -0
data/lib/sbom/cyclone_dx/record/external_reference.rb +25 -0
data/lib/sbom/cyclone_dx/record/fairness_assessment.rb +22 -0
data/lib/sbom/cyclone_dx/record/formula.rb +29 -0
data/lib/sbom/cyclone_dx/record/graphic.rb +19 -0
data/lib/sbom/cyclone_dx/record/graphics_collection.rb +19 -0
data/lib/sbom/cyclone_dx/record/hash_data.rb +18 -0
data/lib/sbom/cyclone_dx/record/identifiable_action.rb +21 -0
data/lib/sbom/cyclone_dx/record/input.rb +34 -0
data/lib/sbom/cyclone_dx/record/input_output_ml_parameter.rb +17 -0
data/lib/sbom/cyclone_dx/record/issue.rb +36 -0
data/lib/sbom/cyclone_dx/record/license.rb +90 -0
data/lib/sbom/cyclone_dx/record/license_choice.rb +35 -0
data/lib/sbom/cyclone_dx/record/metadata.rb +55 -0
data/lib/sbom/cyclone_dx/record/model_card.rb +89 -0
data/lib/sbom/cyclone_dx/record/note.rb +20 -0
data/lib/sbom/cyclone_dx/record/organizational_contact.rb +26 -0
data/lib/sbom/cyclone_dx/record/organizational_entity.rb +28 -0
data/lib/sbom/cyclone_dx/record/output.rb +34 -0
data/lib/sbom/cyclone_dx/record/parameter.rb +20 -0
data/lib/sbom/cyclone_dx/record/patch.rb +23 -0
data/lib/sbom/cyclone_dx/record/performance_metric.rb +30 -0
data/lib/sbom/cyclone_dx/record/postal_address.rb +34 -0
data/lib/sbom/cyclone_dx/record/property.rb +18 -0
data/lib/sbom/cyclone_dx/record/rating.rb +27 -0
data/lib/sbom/cyclone_dx/record/release_notes.rb +44 -0
data/lib/sbom/cyclone_dx/record/resource_reference_choice.rb +22 -0
data/lib/sbom/cyclone_dx/record/risk.rb +18 -0
data/lib/sbom/cyclone_dx/record/root.rb +63 -0
data/lib/sbom/cyclone_dx/record/secured_by.rb +20 -0
data/lib/sbom/cyclone_dx/record/service.rb +54 -0
data/lib/sbom/cyclone_dx/record/service_data.rb +32 -0
data/lib/sbom/cyclone_dx/record/signature.rb +85 -0
data/lib/sbom/cyclone_dx/record/standard.rb +72 -0
data/lib/sbom/cyclone_dx/record/step.rb +24 -0
data/lib/sbom/cyclone_dx/record/swid.rb +29 -0
data/lib/sbom/cyclone_dx/record/task.rb +56 -0
data/lib/sbom/cyclone_dx/record/tools.rb +20 -0
data/lib/sbom/cyclone_dx/record/trigger.rb +48 -0
data/lib/sbom/cyclone_dx/record/version.rb +24 -0
data/lib/sbom/cyclone_dx/record/volume.rb +33 -0
data/lib/sbom/cyclone_dx/record/vulnerability.rb +119 -0
data/lib/sbom/cyclone_dx/record/vulnerability_source.rb +20 -0
data/lib/sbom/cyclone_dx/record/workflow.rb +59 -0
data/lib/sbom/cyclone_dx/record/workspace.rb +45 -0
data/lib/sbom/cyclone_dx/record.rb +12 -0
data/lib/sbom/cyclone_dx/validator/array_validator.rb +66 -0
data/lib/sbom/cyclone_dx/validator/base_validator.rb +43 -0
data/lib/sbom/cyclone_dx/validator/boolean_validator.rb +16 -0
data/lib/sbom/cyclone_dx/validator/date_time_validator.rb +29 -0
data/lib/sbom/cyclone_dx/validator/email_address_validator.rb +31 -0
data/lib/sbom/cyclone_dx/validator/float_validator.rb +30 -0
data/lib/sbom/cyclone_dx/validator/integer_validator.rb +30 -0
data/lib/sbom/cyclone_dx/validator/record_validator.rb +26 -0
data/lib/sbom/cyclone_dx/validator/string_validator.rb +33 -0
data/lib/sbom/cyclone_dx/validator/union_validator.rb +39 -0
data/lib/sbom/cyclone_dx/validator/uri_validator.rb +32 -0
data/lib/sbom/cyclone_dx/validator.rb +32 -0
data/lib/sbom/cyclone_dx/version.rb +7 -0
data/lib/sbom/cyclone_dx.rb +39 -0
data/rbs_collection.lock.yaml +288 -0
data/rbs_collection.yaml +31 -0
data/sbom-cyclone_dx.gemspec +32 -0
data/sig/email_address_extension.rbs +14 -0
data/sig/sbom/cyclone_dx/enum.rbs +93 -0
data/sig/sbom/cyclone_dx/field.rbs +434 -0
data/sig/sbom/cyclone_dx/pattern.rbs +24 -0
data/sig/sbom/cyclone_dx/record/advisory.rbs +19 -0
data/sig/sbom/cyclone_dx/record/annotation.rbs +63 -0
data/sig/sbom/cyclone_dx/record/attachment.rbs +24 -0
data/sig/sbom/cyclone_dx/record/base.rbs +62 -0
data/sig/sbom/cyclone_dx/record/cipher_suite.rbs +24 -0
data/sig/sbom/cyclone_dx/record/co2_measure.rbs +14 -0
data/sig/sbom/cyclone_dx/record/command.rbs +19 -0
data/sig/sbom/cyclone_dx/record/commit.rbs +34 -0
data/sig/sbom/cyclone_dx/record/component.rbs +203 -0
data/sig/sbom/cyclone_dx/record/component_data.rbs +73 -0
data/sig/sbom/cyclone_dx/record/component_evidence.rbs +115 -0
data/sig/sbom/cyclone_dx/record/component_identity_evidence.rbs +53 -0
data/sig/sbom/cyclone_dx/record/composition.rbs +39 -0
data/sig/sbom/cyclone_dx/record/condition.rbs +24 -0
data/sig/sbom/cyclone_dx/record/copyright.rbs +14 -0
data/sig/sbom/cyclone_dx/record/crypto_properties.rbs +268 -0
data/sig/sbom/cyclone_dx/record/data_governance.rbs +24 -0
data/sig/sbom/cyclone_dx/record/data_governance_responsible_party.rbs +19 -0
data/sig/sbom/cyclone_dx/record/declarations.rbs +352 -0
data/sig/sbom/cyclone_dx/record/definitions.rbs +14 -0
data/sig/sbom/cyclone_dx/record/dependency.rbs +24 -0
data/sig/sbom/cyclone_dx/record/diff.rbs +19 -0
data/sig/sbom/cyclone_dx/record/energy_consumption.rbs +39 -0
data/sig/sbom/cyclone_dx/record/energy_measure.rbs +14 -0
data/sig/sbom/cyclone_dx/record/energy_provider.rbs +39 -0
data/sig/sbom/cyclone_dx/record/environmental_consideration.rbs +19 -0
data/sig/sbom/cyclone_dx/record/event.rbs +44 -0
data/sig/sbom/cyclone_dx/record/external_reference.rbs +29 -0
data/sig/sbom/cyclone_dx/record/fairness_assessment.rbs +29 -0
data/sig/sbom/cyclone_dx/record/formula.rbs +34 -0
data/sig/sbom/cyclone_dx/record/graphic.rbs +19 -0
data/sig/sbom/cyclone_dx/record/graphics_collection.rbs +19 -0
data/sig/sbom/cyclone_dx/record/hash_data.rbs +19 -0
data/sig/sbom/cyclone_dx/record/identifiable_action.rbs +24 -0
data/sig/sbom/cyclone_dx/record/input.rbs +44 -0
data/sig/sbom/cyclone_dx/record/input_output_ml_parameter.rbs +14 -0
data/sig/sbom/cyclone_dx/record/issue.rbs +53 -0
data/sig/sbom/cyclone_dx/record/license.rbs +134 -0
data/sig/sbom/cyclone_dx/record/license_choice.rbs +39 -0
data/sig/sbom/cyclone_dx/record/metadata.rbs +82 -0
data/sig/sbom/cyclone_dx/record/model_card.rbs +143 -0
data/sig/sbom/cyclone_dx/record/note.rbs +19 -0
data/sig/sbom/cyclone_dx/record/organizational_contact.rbs +29 -0
data/sig/sbom/cyclone_dx/record/organizational_entity.rbs +34 -0
data/sig/sbom/cyclone_dx/record/output.rbs +44 -0
data/sig/sbom/cyclone_dx/record/parameter.rbs +24 -0
data/sig/sbom/cyclone_dx/record/patch.rbs +24 -0
data/sig/sbom/cyclone_dx/record/performance_metric.rbs +43 -0
data/sig/sbom/cyclone_dx/record/postal_address.rbs +44 -0
data/sig/sbom/cyclone_dx/record/property.rbs +19 -0
data/sig/sbom/cyclone_dx/record/rating.rbs +39 -0
data/sig/sbom/cyclone_dx/record/release_notes.rbs +64 -0
data/sig/sbom/cyclone_dx/record/resource_reference_choice.rbs +19 -0
data/sig/sbom/cyclone_dx/record/risk.rbs +19 -0
data/sig/sbom/cyclone_dx/record/root.rbs +84 -0
data/sig/sbom/cyclone_dx/record/secured_by.rbs +19 -0
data/sig/sbom/cyclone_dx/record/service.rbs +99 -0
data/sig/sbom/cyclone_dx/record/service_data.rbs +44 -0
data/sig/sbom/cyclone_dx/record/signature.rbs +130 -0
data/sig/sbom/cyclone_dx/record/standard.rbs +132 -0
data/sig/sbom/cyclone_dx/record/step.rbs +29 -0
data/sig/sbom/cyclone_dx/record/swid.rbs +44 -0
data/sig/sbom/cyclone_dx/record/task.rbs +84 -0
data/sig/sbom/cyclone_dx/record/tools.rbs +19 -0
data/sig/sbom/cyclone_dx/record/trigger.rbs +69 -0
data/sig/sbom/cyclone_dx/record/version.rbs +24 -0
data/sig/sbom/cyclone_dx/record/volume.rbs +49 -0
data/sig/sbom/cyclone_dx/record/vulnerability.rbs +209 -0
data/sig/sbom/cyclone_dx/record/vulnerability_source.rbs +19 -0
data/sig/sbom/cyclone_dx/record/workflow.rbs +94 -0
data/sig/sbom/cyclone_dx/record/workspace.rbs +69 -0
data/sig/sbom/cyclone_dx/record.rbs +161 -0
data/sig/sbom/cyclone_dx/type.rbs +16 -0
data/sig/sbom/cyclone_dx/validator/array_validator.rbs +31 -0
data/sig/sbom/cyclone_dx/validator/base_validator.rbs +21 -0
data/sig/sbom/cyclone_dx/validator/boolean_validator.rbs +9 -0
data/sig/sbom/cyclone_dx/validator/date_time_validator.rbs +10 -0
data/sig/sbom/cyclone_dx/validator/email_address_validator.rbs +10 -0
data/sig/sbom/cyclone_dx/validator/float_validator.rbs +12 -0
data/sig/sbom/cyclone_dx/validator/integer_validator.rbs +12 -0
data/sig/sbom/cyclone_dx/validator/record_validator.rbs +12 -0
data/sig/sbom/cyclone_dx/validator/string_validator.rbs +14 -0
data/sig/sbom/cyclone_dx/validator/union_validator.rbs +24 -0
data/sig/sbom/cyclone_dx/validator/uri_validator.rbs +10 -0
data/sig/sbom/cyclone_dx/validator.rbs +66 -0
data/sig/sbom/cyclone_dx.rbs +13 -0
data/sig/types.rbs +45 -0
data/spec/email_address_extension_spec.rb +27 -0
data/spec/factories/factory_helper.rb +78 -0
data/spec/factories/record/advisory_factory.rb +11 -0
data/spec/factories/record/annotation_factory.rb +63 -0
data/spec/factories/record/attachment_factory.rb +9 -0
data/spec/factories/record/cipher_suite_factory.rb +26 -0
data/spec/factories/record/co2_measure_factory.rb +9 -0
data/spec/factories/record/command_factory.rb +10 -0
data/spec/factories/record/commit_factory.rb +13 -0
data/spec/factories/record/component_data_factory.rb +28 -0
data/spec/factories/record/component_evidence_factory.rb +44 -0
data/spec/factories/record/component_factory.rb +102 -0
data/spec/factories/record/component_identity_evidence_factory.rb +25 -0
data/spec/factories/record/composition_factory.rb +20 -0
data/spec/factories/record/condition_factory.rb +11 -0
data/spec/factories/record/copyright_factory.rb +9 -0
data/spec/factories/record/crypto_properties_factory.rb +191 -0
data/spec/factories/record/data_governance_factory.rb +11 -0
data/spec/factories/record/data_governance_responsible_party_factory.rb +31 -0
data/spec/factories/record/declarations_factory.rb +145 -0
data/spec/factories/record/definitions_factory.rb +9 -0
data/spec/factories/record/dependency_factory.rb +12 -0
data/spec/factories/record/diff_factory.rb +24 -0
data/spec/factories/record/energy_consumption_factory.rb +15 -0
data/spec/factories/record/energy_measure_factory.rb +9 -0
data/spec/factories/record/energy_provider_factory.rb +15 -0
data/spec/factories/record/environmental_consideration_factory.rb +10 -0
data/spec/factories/record/event_factory.rb +15 -0
data/spec/factories/record/external_reference_factory.rb +13 -0
data/spec/factories/record/fairness_assessment_factory.rb +12 -0
data/spec/factories/record/formula_factory.rb +13 -0
data/spec/factories/record/graphic_factory.rb +10 -0
data/spec/factories/record/graphics_collection_factory.rb +10 -0
data/spec/factories/record/hash_data_factory.rb +10 -0
data/spec/factories/record/identifiable_action_factory.rb +11 -0
data/spec/factories/record/input_factory.rb +36 -0
data/spec/factories/record/input_output_ml_parameter_factory.rb +9 -0
data/spec/factories/record/issue_factory.rb +22 -0
data/spec/factories/record/license_choice_factory.rb +23 -0
data/spec/factories/record/license_factory.rb +99 -0
data/spec/factories/record/metadata_factory.rb +38 -0
data/spec/factories/record/model_card_factory.rb +59 -0
data/spec/factories/record/note_factory.rb +11 -0
data/spec/factories/record/organizational_contact_factory.rb +12 -0
data/spec/factories/record/organizational_entity_factory.rb +13 -0
data/spec/factories/record/output_factory.rb +32 -0
data/spec/factories/record/parameter_factory.rb +11 -0
data/spec/factories/record/patch_factory.rb +12 -0
data/spec/factories/record/performance_metric_factory.rb +20 -0
data/spec/factories/record/postal_address_factory.rb +14 -0
data/spec/factories/record/property_factory.rb +11 -0
data/spec/factories/record/rating_factory.rb +14 -0
data/spec/factories/record/release_notes_factory.rb +20 -0
data/spec/factories/record/resource_reference_choice_factory.rb +27 -0
data/spec/factories/record/risk_factory.rb +10 -0
data/spec/factories/record/root_factory.rb +23 -0
data/spec/factories/record/secured_by_factory.rb +10 -0
data/spec/factories/record/service_data_factory.rb +16 -0
data/spec/factories/record/service_factory.rb +27 -0
data/spec/factories/record/signature_factory.rb +50 -0
data/spec/factories/record/standard_factory.rb +37 -0
data/spec/factories/record/step_factory.rb +12 -0
data/spec/factories/record/swid_factory.rb +16 -0
data/spec/factories/record/task_factory.rb +24 -0
data/spec/factories/record/tools_factory.rb +10 -0
data/spec/factories/record/trigger_factory.rb +21 -0
data/spec/factories/record/version_factory.rb +19 -0
data/spec/factories/record/volume_factory.rb +16 -0
data/spec/factories/record/vulnerability_factory.rb +70 -0
data/spec/factories/record/vulnerability_source_factory.rb +10 -0
data/spec/factories/record/workflow_factory.rb +26 -0
data/spec/factories/record/workspace_factory.rb +21 -0
data/spec/factories/record_factory.rb +159 -0
data/spec/fixtures/cipher_info.yml +948 -0
data/spec/fixtures/purl_data.yml +0 -0
data/spec/sbom/cyclone_dx/enum_spec.rb +30 -0
data/spec/sbom/cyclone_dx/field_spec.rb +104 -0
data/spec/sbom/cyclone_dx/pattern_spec.rb +18 -0
data/spec/sbom/cyclone_dx/record/advisory_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/annotation_spec.rb +31 -0
data/spec/sbom/cyclone_dx/record/attachment_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/base_spec.rb +363 -0
data/spec/sbom/cyclone_dx/record/cipher_suite_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/co2_measure_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/command_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/commit_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/component_data_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/component_evidence_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/component_identity_evidence_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/component_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/composition_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/condition_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/copyright_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/crypto_properties_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/data_governance_responsible_party_spec.rb +19 -0
data/spec/sbom/cyclone_dx/record/data_governance_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/declarations_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/definitions_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/dependency_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/diff_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/energy_consumption_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/energy_measure_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/energy_provider_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/environmental_consideration_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/event_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/external_reference_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/fairness_assessment_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/formula_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/graphic_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/graphics_collection_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/hash_data_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/identifiable_action_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/input_output_ml_parameter_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/input_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/issue_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/license_choice_spec.rb +26 -0
data/spec/sbom/cyclone_dx/record/license_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/metadata_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/model_card_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/note_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/organizational_contact_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/organizational_entity_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/output_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/parameter_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/patch_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/performance_metric_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/postal_address_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/property_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/rating_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/release_notes_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/resource_reference_choice_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/risk_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/root_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/secured_by_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/service_data_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/service_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/signature_spec.rb +26 -0
data/spec/sbom/cyclone_dx/record/standard_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/step_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/swid_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/task_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/tools_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/trigger_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/version_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/volume_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/vulnerability_source_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/vulnerability_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/workflow_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/workspace_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record_spec.rb +7 -0
data/spec/sbom/cyclone_dx/validator/array_validator_spec.rb +184 -0
data/spec/sbom/cyclone_dx/validator/base_validator_spec.rb +71 -0
data/spec/sbom/cyclone_dx/validator/boolean_validator_spec.rb +26 -0
data/spec/sbom/cyclone_dx/validator/date_time_validator_spec.rb +28 -0
data/spec/sbom/cyclone_dx/validator/email_address_validator_spec.rb +23 -0
data/spec/sbom/cyclone_dx/validator/float_validator_spec.rb +71 -0
data/spec/sbom/cyclone_dx/validator/integer_validator_spec.rb +71 -0
data/spec/sbom/cyclone_dx/validator/record_validator_spec.rb +35 -0
data/spec/sbom/cyclone_dx/validator/string_validator_spec.rb +94 -0
data/spec/sbom/cyclone_dx/validator/union_validator_spec.rb +65 -0
data/spec/sbom/cyclone_dx/validator/uri_validator_spec.rb +21 -0
data/spec/sbom/cyclone_dx/validator_spec.rb +38 -0
data/spec/sbom/cyclone_dx/version_spec.rb +9 -0
data/spec/sbom/cyclone_dx_spec.rb +7 -0
data/spec/spec_helper.rb +39 -0
metadata +377 -6

data/spec/factories/record/component_factory.rb ADDED Viewed

@@ -0,0 +1,102 @@
+# frozen_string_literal: true
+require "sbom/cyclone_dx/enum"
+FactoryBot.define do
+  factory :component, parent: :record, class: "SBOM::CycloneDX::Record::Component" do
+    type { SBOM::CycloneDX::Enum::COMPONENT_TYPE.sample }
+    name { Faker::Lorem.word }
+    trait :all_fields do
+      mime_type { generate(:mime_type) }
+      bom_ref { generate(:ref_link) }
+      supplier factory: :organizational_entity
+      manufacturer factory: :organizational_entity
+      authors { association_list(:organizational_contact) }
+      publisher { Faker::Lorem.word }
+      group { Faker::Lorem.word }
+      version { Faker::App.semantic_version }
+      description { Faker::Lorem.sentence }
+      scope { SBOM::CycloneDX::Enum::SCOPE.sample }
+      hashes { association_list(:hash_data) }
+      licenses { license_choice_list(rand(1..3)) }
+      copyright { Faker::Company.name }
+      cpe do
+        # cpe:2.3:part:vendor:product:version:update:edition:language:sw_edition:target_sw:target_hw:other
+        "cpe:" \
+          "2.3:" \
+          "#{%w[a h o].sample}:" \
+          "#{copyright.gsub(/\s+/, "-").underscore}:" \
+          "#{name.underscore}:" \
+          "#{version}:" \
+          "*:" \
+          "*:" \
+          "*:" \
+          "*:" \
+          "*:" \
+          "*:" \
+          "*"
+      end
+      purl do
+        # scheme:type/namespace/name@version?qualifiers#subpath
+        "pkg:" \
+          "#{%w[apk cargo gem github npm].sample}/" \
+          "#{copyright.gsub(/\s+/, "-").underscore}/" \
+          "#{name.underscore}@#{version}" \
+          "?release=#{%w[alpha beta rc stable].sample}" \
+          "#some/subpath/#{Faker::Lorem.word.downcase}"
+      end
+      omnibor_id do
+        Array.new(rand(1..4)) do
+          sha_type = %w[sha1 sha256].sample
+          shasum = sha_type == "sha1" ? Faker::Crypto.sha1 : Faker::Crypto.sha256
+          "gitoid:" \
+            "#{%w[blob tree commit tag].sample}:" \
+            "#{sha_type}:" \
+            "#{shasum}"
+        end
+      end
+      swhid do
+        Array.new(rand(1..4)) do
+          "swh:" \
+            "1:" \
+            "#{%w[cnt dir rel rev snp].sample}:" \
+            "#{Faker::Crypto.sha1}"
+        end
+      end
+      swid
+      modified { Faker::Boolean.boolean }
+      pedigree { association(:pedigree) }
+      external_references { association_list(:external_reference) }
+      components { [] }
+      evidence factory: :component_evidence
+      release_notes
+      model_card
+      data { association_list(:component_data) }
+      crypto_properties
+      properties { association_list(:property) }
+      tags { Array.new(rand(1..4)) { Faker::Lorem.word } }
+      signature { generate_signature }
+    end
+    after(:build) do |component|
+      if component.pedigree? && !component.pedigree.nil?
+        component.pedigree.ancestors ||= []
+        component.pedigree.ancestors << component
+        component.pedigree.ancestors.uniq!
+      end
+    end
+  end
+  factory :pedigree, parent: :record, class: "SBOM::CycloneDX::Record::Component::Pedigree" do
+    trait :all_fields do
+      ancestors { [] }
+      descendants { [] }
+      variants { [] }
+      commits { association_list(:commit) }
+      patches { association_list(:patch) }
+      notes { Faker::Lorem.sentence }
+    end
+  end
+end

data/spec/factories/record/component_identity_evidence_factory.rb ADDED Viewed

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+require "sbom/cyclone_dx/enum"
+FactoryBot.define do
+  factory :component_identity_evidence, parent: :record, class: "SBOM::CycloneDX::Record::ComponentIdentityEvidence" do
+    field { SBOM::CycloneDX::Enum::FIELD.sample }
+    trait :all_fields do
+      confidence { rand(0.0..1.0) }
+      concluded_value { %w[cpe purl omnibor_id swhid swid].sample }
+      methods_used { association_list(:method) }
+      tools { Array.new(rand(1..4)) { generate(:ref_or_cdx_urn) } }
+    end
+  end
+  factory :method, parent: :record, class: "SBOM::CycloneDX::Record::ComponentIdentityEvidence::Method" do
+    technique { Faker::Lorem.word }
+    confidence { rand(0.0..1.0) }
+    trait :all_fields do
+      value { Faker::Lorem.sentence }
+    end
+  end
+end

data/spec/factories/record/composition_factory.rb ADDED Viewed

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+FactoryBot.define do
+  factory :composition, parent: :record, class: "SBOM::CycloneDX::Record::Composition" do
+    trait :all_fields do
+      bom_ref { generate(:ref_link) }
+      aggregate { SBOM::CycloneDX::Enum::AGGREGATE_TYPE.sample }
+      assemblies { Array.new(rand(1..3)) { generate(:ref_or_cdx_urn) } }
+      dependencies do
+        Array.new(rand(1..3)) do
+          next association(:component) if Faker::Boolean.boolean
+          association(:service)
+        end
+      end
+      vulnerabilities { association_list(:vulnerability) }
+      signature { generate_signature }
+    end
+  end
+end

data/spec/factories/record/condition_factory.rb ADDED Viewed

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+FactoryBot.define do
+  factory :condition, parent: :record, class: "SBOM::CycloneDX::Record::Condition" do
+    trait :all_fields do
+      description { Faker::Lorem.sentence }
+      expression { Faker::Lorem.words(number: 4).zip(Array.new(3) { %w[AND OR XOR].sample }).flatten.join(" ") }
+      properties { association_list(:property) }
+    end
+  end
+end

data/spec/factories/record/copyright_factory.rb ADDED Viewed

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+FactoryBot.define do
+  factory :copyright, parent: :record, class: "SBOM::CycloneDX::Record::Copyright" do
+    text { "©#{rand(1979..2024)} #{Faker::Company.name}" }
+    trait :all_fields
+  end
+end

data/spec/factories/record/crypto_properties_factory.rb ADDED Viewed

@@ -0,0 +1,191 @@
+# frozen_string_literal: true
+FactoryBot.define do
+  factory :crypto_properties, parent: :record, class: "SBOM::CycloneDX::Record::CryptoProperties" do
+    asset_type { SBOM::CycloneDX::Enum::ASSET_TYPE.sample }
+    trait :all_fields do
+      algorithm_properties { association :algorithm_properties }
+      certificate_properties { association :certificate_properties }
+      related_crypto_material_properties { association :related_crypto_material_properties }
+      protocol_properties { association :protocol_properties }
+      oid do
+        # Pseudo-random sample of crypto-related OIDs of different lengths in different forms
+        [
+          "1.2",
+          "iso.member-body",
+          "1.3.132",
+          "iso.identified-organization.certicom",
+          "2.5.29.17",
+          "joint-iso-itu-t.ds.certificateExtension.subjectAltName",
+          "1.3.132.0.23",
+          "iso.identified-organization.certicom.curve.sect131r2",
+          "1.3.132.1.14.3",
+          "iso.identified-organization.certicom.schemes.14.dhSinglePass-cofactorDH-sha512kdf-scheme",
+          "1.2.840.113549.1.9.5",
+          "iso.member-body.us.rsadsi.pkcs.pkcs-9.signing-time",
+          "1.3.6.1.1.1.2.8",
+          "iso.identified-organization.dod.internet.directory.nisSchema.2.nisNetgroup",
+          "1.3.6.1.5.5.7.4.11",
+          "iso.identified-organization.dod.internet.security.mechanisms.pkix.it.id-it-keyPairParamRep",
+          "1.3.6.1.4.1.311.12.1.2",
+          "iso.identified-organization.dod.internet.private.enterprise.311 12 1 2",
+          "1.3.6.1.4.1.1722.12.2.1.16",
+          "iso.identified-organization.dod.internet.private.enterprise.1722 cryptography.hashAlgs.blake2b.16",
+          "1.3.6.1.4.1.42.2.27.2.1.15",
+          "iso.identified-organization.dod.internet.private.enterprise.42 products.27 2 1 rfc822MailMember",
+          "1.2.804.2.1.1.1.1.3.1.1.2.3",
+          "iso.member-body.ua.root.security.cryptography.ua-pki.alg.asym.dstu4145WithGost34311." \
+          "dstu4145WithGost34311-pb.dstu4145WithGost34311keyFormat-PB.dstu4145WithGost34311m179-PB"
+        ].sample
+      end
+    end
+  end
+  factory(
+    :algorithm_properties,
+    parent: :record,
+    class: "SBOM::CycloneDX::Record::CryptoProperties::AlgorithmProperties"
+  ) do
+    trait :all_fields do
+      primitive { SBOM::CycloneDX::Enum::PRIMITIVE.sample }
+      parameter_set_identifier { %w[128 256 512].sample }
+      curve do
+        [
+          "FRP256v1",
+          "BLS12-477",
+          "Bandersnatch",
+          "bn638",
+          "brainpoolP512t1",
+          "gost512",
+          "id-tc26-gost-3410-12-512-paramSetB",
+          "id-GostR3410-2001-CryptoPro-C-ParamSet",
+          "mnt4",
+          "mnt5/1",
+          "B-409",
+          "numsp512t1",
+          "ed-511-mers",
+          "w-510-mont",
+          "Oakley Group 4",
+          "384-bit Random ECP Group",
+          "SM2",
+          "Curve22103",
+          "Ed448-Goldilocks",
+          "Fp254n2BNa",
+          "ssc-512",
+          "Tweedledum",
+          "Tweedledee",
+          "JubJub",
+          "Vesta",
+          "BADA55-VPR-224",
+          "Tom-521",
+          "sect571k1",
+          "wap-wsg-idm-ecid-wtls12",
+          "prime239v3",
+          "c2pnb163v1",
+          "ansit233r1"
+        ].sample
+      end
+      execution_environment { SBOM::CycloneDX::Enum::EXECUTION_ENVIRONMENT.sample }
+      implementation_platform { SBOM::CycloneDX::Enum::IMPLEMENTATION_PLATFORM.sample }
+      certification_level { Array.new(rand(1..3)) { SBOM::CycloneDX::Enum::CERTIFICATION_LEVEL.sample } }
+      mode { SBOM::CycloneDX::Enum::ALGORITHM_MODE.sample }
+      padding { SBOM::CycloneDX::Enum::PADDING.sample }
+      crypto_functions { Array.new(rand(1..3)) { SBOM::CycloneDX::Enum::CRYPTO_FUNCTION.sample } }
+      classical_security_level do
+        base_power = 2**rand(7..12)
+        next base_power if Faker::Boolean.boolean
+        base_power + (2**rand(3..9))
+      end
+      nist_quantum_security_level do
+        # Not how this is actually calculated. Just ensuring the values roughly correlate
+        Math.log2(classical_security_level).floor - 6
+      end
+    end
+  end
+  factory(
+    :certificate_properties,
+    parent: :record,
+    class: "SBOM::CycloneDX::Record::CryptoProperties::CertificateProperties"
+  ) do
+    trait :all_fields do
+      subject_name { Faker::Internet.domain_name }
+      issuer_name do
+        [
+          "ACCVRAIZ1",
+          "Certum Trusted Root CA",
+          "DigiCert SMIME ECC P384 Root G5",
+          "ePKI Root Certification Authority",
+          "GlobalSign",
+          "GTS Root R1",
+          "IdenTrust Commercial Root CA 1",
+          "ISRG Root X2",
+          "OISTE WISeKey Global Root GB CA",
+          "Starfield Class 2 Certification Authority",
+          "SZAFIR ROOT CA2",
+          "TeliaSonera Root CA v1",
+          "Trustwave Global Certification Authority",
+          "Trustwave Global ECC P256 Certification Authority",
+          "vTrus ECC Root CA",
+          "XRamp Global Certification Authority"
+        ].sample
+      end
+      not_valid_before { Faker::Time.between(from: 730.days.ago, to: 183.days.from_now) }
+      not_valid_after { not_valid_before + rand(1..913).days }
+      signature_algorithm_ref { generate(:ref_link) }
+      subject_public_key_ref { generate(:ref_link) }
+      certificate_format { %w[X.509 PEM DER CVC].sample }
+      certificate_extension { %w[crt pem cer der p12].sample }
+    end
+  end
+  factory(
+    :protocol_properties,
+    parent: :record,
+    class: "SBOM::CycloneDX::Record::CryptoProperties::ProtocolProperties"
+  ) do
+    trait :all_fields do
+      type { SBOM::CycloneDX::Enum::PROTOCOL_TYPE.sample }
+      version { Faker::App.version }
+      cipher_suites { association_list(:cipher_suite) }
+      ikev2_transform_types { association :ikev2_transform_type }
+      crypto_ref_array { Array.new(rand(1..3)) { generate(:ref_link) } }
+    end
+  end
+  factory(
+    :ikev2_transform_type,
+    parent: :record,
+    class: "SBOM::CycloneDX::Record::CryptoProperties::ProtocolProperties::IKEv2TransformType"
+  ) do
+    trait :all_fields do
+      encr { Array.new(rand(1..3)) { generate(:ref_link) } }
+      prf { Array.new(rand(1..3)) { generate(:ref_link) } }
+      integ { Array.new(rand(1..3)) { generate(:ref_link) } }
+      ke { Array.new(rand(1..3)) { generate(:ref_link) } }
+      esn { Array.new(rand(1..3)) { generate(:ref_link) } }
+      auth { Array.new(rand(1..3)) { generate(:ref_link) } }
+    end
+  end
+  factory(
+    :related_crypto_material_properties,
+    class: "SBOM::CycloneDX::Record::CryptoProperties::RelatedCryptoMaterialProperties"
+  ) do
+    trait :all_fields do
+      type { SBOM::CycloneDX::Enum::RELATED_CRYPTO_MATERIAL_TYPE.sample }
+      id { SecureRandom.uuid }
+      state { SBOM::CycloneDX::Enum::RELATED_CRYPTO_MATERIAL_STATE.sample }
+      creation_date { Faker::Time.backward(days: 367) }
+      activation_date { creation_date + rand(1..183).days }
+      update_date { activation_date + rand(1..183).days }
+      expiration_date { update_date + rand(1..367).days }
+      value { Faker::Crypto.md5 }
+      asset_size { rand(1..(2**16)) }
+      format { %w[P8 PEM DER CVC].sample }
+      secured_by { association_list(:secured_by) }
+    end
+  end
+end

data/spec/factories/record/data_governance_factory.rb ADDED Viewed

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+FactoryBot.define do
+  factory :data_governance, parent: :record, class: "SBOM::CycloneDX::Record::DataGovernance" do
+    trait :all_fields do
+      custodians { association_list(:data_governance_responsible_party) }
+      stewards { association_list(:data_governance_responsible_party) }
+      owners { association_list(:data_governance_responsible_party) }
+    end
+  end
+end

data/spec/factories/record/data_governance_responsible_party_factory.rb ADDED Viewed

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+FactoryBot.define do
+  factory(
+    :data_governance_responsible_party,
+    parent: :record,
+    class: "SBOM::CycloneDX::Record::DataGovernanceResponsibleParty"
+  ) do
+    transient do
+      party_type { %i[organization contact].sample }
+    end
+    trait :all_fields
+    trait :organization do
+      transient { party_type { :organization } }
+    end
+    trait :contact do
+      transient { party_type { :contact } }
+    end
+    organization do
+      party_type == :organization ? association(:organizational_entity) : nil
+    end
+    contact do
+      party_type == :contact ? association(:organizational_contact) : nil
+    end
+  end
+end

data/spec/factories/record/declarations_factory.rb ADDED Viewed

@@ -0,0 +1,145 @@
+# frozen_string_literal: true
+FactoryBot.define do
+  factory :declarations, parent: :record, class: "SBOM::CycloneDX::Record::Declarations" do
+    trait :all_fields do
+      assessors { association_list(:assessor) }
+      attestations { association_list(:attestation) }
+      claims { association_list(:claim) }
+      evidence { association_list(:evidence) }
+      targets { association_list(:target) }
+      affirmation
+      signature { generate_signature }
+    end
+  end
+  factory :affirmation, parent: :record, class: "SBOM::CycloneDX::Record::Declarations::Affirmation" do
+    trait :all_fields do
+      statement { Faker::Lorem.sentence }
+      signatories { association_list(:signatory) }
+      signature { generate_signature }
+    end
+  end
+  factory :signatory, parent: :record, class: "SBOM::CycloneDX::Record::Declarations::Affirmation::Signatory" do
+    transient do
+      signatory_type { %w[signature organization].sample }
+    end
+    signature { signatory_type == :signature ? generate_signature : nil }
+    organization { signatory_type == :organization ? association(:organizational_entity) : nil }
+    external_reference { signatory_type == :organization ? association(:external_reference) : nil }
+    trait :all_fields do
+      name { Faker::Name.name }
+      role { Faker::Job.title }
+      signature { generate_signature }
+      organization factory: :organizational_entity
+      external_reference
+    end
+  end
+  factory :assessor, parent: :record, class: "SBOM::CycloneDX::Record::Declarations::Assessor" do
+    trait :all_fields do
+      bom_ref { generate(:ref_link) }
+      third_party { Faker::Boolean.boolean }
+      organization factory: :organizational_entity
+    end
+  end
+  factory :attestation, parent: :record, class: "SBOM::CycloneDX::Record::Declarations::Attestation" do
+    trait :all_fields do
+      summary { Faker::Lorem.sentence }
+      assessor { generate(:ref_link) }
+      requirements_map { association_list(:map) }
+      signature { generate_signature }
+    end
+  end
+  factory :map, parent: :record, class: "SBOM::CycloneDX::Record::Declarations::Attestation::Map" do
+    trait :all_fields do
+      requirement { generate(:ref_link) }
+      claims { Array.new(rand(1..2)) { generate(:ref_link) } }
+      counter_claims { Array.new(rand(1..2)) { generate(:ref_link) } }
+      conformance
+      confidence
+    end
+  end
+  factory :confidence, parent: :record, class: "SBOM::CycloneDX::Record::Declarations::Attestation::Map::Confidence" do
+    trait :all_fields do
+      score { rand(0.0..1.0) }
+      rationale { Faker::Lorem.sentence }
+    end
+  end
+  factory :conformance, parent: :record,
+                        class: "SBOM::CycloneDX::Record::Declarations::Attestation::Map::Conformance" do
+    trait :all_fields do
+      score { rand(0.0..1.0) }
+      rationale { Faker::Lorem.sentence }
+      mitigation_strategies { Array.new(rand(1..2)) { generate(:ref_link) } }
+    end
+  end
+  factory :claim, parent: :record, class: "SBOM::CycloneDX::Record::Declarations::Claim" do
+    trait :all_fields do
+      bom_ref { generate(:ref_link) }
+      target { generate(:ref_link) }
+      predicate { Faker::Lorem.sentence }
+      mitigation_strategies { Array.new(rand(1..2)) { generate(:ref_link) } }
+      reasoning { Faker::Lorem.sentence }
+      evidence { Array.new(rand(1..2)) { generate(:ref_link) } }
+      external_references { Array.new(rand(1..2)) { generate(:ref_link) } }
+      signature { generate_signature }
+    end
+  end
+  factory :evidence, parent: :record, class: "SBOM::CycloneDX::Record::Declarations::Evidence" do
+    trait :all_fields do
+      bom_ref { generate(:ref_link) }
+      # This will definitely not be valid, but isn't checked currently
+      property_name { Faker::Lorem.words(number: 2).join(":").downcase }
+      description { Faker::Lorem.sentence }
+      data { association_list(:evidence_data) }
+      created { Faker::Time.backward(days: 367) }
+      expires { Faker::Time.between(from: 6.months.ago, to: 18.months.from_now) }
+      author factory: :organizational_contact
+      reviewer factory: :organizational_contact
+      signature { generate_signature }
+    end
+  end
+  factory(
+    :evidence_data,
+    parent: :record,
+    class: "SBOM::CycloneDX::Record::Declarations::Evidence::EvidenceData"
+  ) do
+    trait :all_fields do
+      name { Faker::Lorem.word }
+      contents
+      classification { %w[public restricted confidential secret].sample }
+      sensitive_data { Array.new(rand(1..3)) { Faker::Lorem.sentence } }
+      governance factory: :data_governance
+    end
+  end
+  factory(
+    :contents,
+    parent: :record,
+    class: "SBOM::CycloneDX::Record::Declarations::Evidence::EvidenceData::Contents"
+  ) do
+    trait :all_fields do
+      attachment
+      url { generate(:url) }
+    end
+  end
+  factory :target, parent: :record, class: "SBOM::CycloneDX::Record::Declarations::Target" do
+    trait :all_fields do
+      organizations { association_list(:organizational_entity) }
+      components { association_list(:component) }
+      services { association_list(:service) }
+    end
+  end
+end

data/spec/factories/record/definitions_factory.rb ADDED Viewed

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+FactoryBot.define do
+  factory :definitions, parent: :record, class: "SBOM::CycloneDX::Record::Definitions" do
+    trait :all_fields do
+      standards { association_list(:standard) }
+    end
+  end
+end

data/spec/factories/record/dependency_factory.rb ADDED Viewed

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+FactoryBot.define do
+  factory :dependency, parent: :record, class: "SBOM::CycloneDX::Record::Dependency" do
+    ref { generate(:ref_link) }
+    trait :all_fields do
+      depends_on { Array.new(rand(1..3)) { generate(:ref_link) } }
+      provides { Array.new(rand(1..3)) { generate(:ref_link) } }
+    end
+  end
+end

data/spec/factories/record/diff_factory.rb ADDED Viewed

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+FactoryBot.define do
+  factory :diff, parent: :record, class: "SBOM::CycloneDX::Record::Diff" do
+    trait :all_fields do
+      text do
+        line_count = rand(0..100)
+        association(
+          :attachment,
+          content:
+            <<~DIFF_TEXT
+              --- #{Faker::Lorem.word}
+              +++ #{Faker::Lorem.word}
+              @@ -1,#{line_count} +1,#{line_count} @@
+              -# #{Faker::Lorem.sentence}
+              +# #{Faker::Lorem.sentence}
+                #{Faker::Lorem.sentence}
+            DIFF_TEXT
+        )
+      end
+      url { generate(:url) }
+    end
+  end
+end

data/spec/factories/record/energy_consumption_factory.rb ADDED Viewed

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+FactoryBot.define do
+  factory :energy_consumption, parent: :record, class: "SBOM::CycloneDX::Record::EnergyConsumption" do
+    activity { SBOM::CycloneDX::Enum::ACTIVITY.sample }
+    energy_providers { association_list(:energy_provider) }
+    activity_energy_cost { association(:energy_measure) }
+    trait :all_fields do
+      co2_cost_equivalent { association(:co2_measure) }
+      co2_cost_offset { association(:co2_measure) }
+      properties { association_list(:property) }
+    end
+  end
+end

data/spec/factories/record/energy_measure_factory.rb ADDED Viewed

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+FactoryBot.define do
+  factory :energy_measure, parent: :record, class: "SBOM::CycloneDX::Record::EnergyMeasure" do
+    value { Faker::Number.decimal(l_digits: 2) }
+    trait :all_fields
+  end
+end

data/spec/factories/record/energy_provider_factory.rb ADDED Viewed

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+FactoryBot.define do
+  factory :energy_provider, parent: :record, class: "SBOM::CycloneDX::Record::EnergyProvider" do
+    organization { association(:organizational_entity) }
+    energy_source { SBOM::CycloneDX::Enum::ENERGY_SOURCE.sample }
+    energy_provided { association(:energy_measure) }
+    trait :all_fields do
+      bom_ref { generate(:ref_link) }
+      description { Faker::Lorem.sentence }
+      external_references { association_list(:external_reference) }
+    end
+  end
+end

data/spec/factories/record/environmental_consideration_factory.rb ADDED Viewed

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+FactoryBot.define do
+  factory :environmental_consideration, parent: :record, class: "SBOM::CycloneDX::Record::EnvironmentalConsideration" do
+    trait :all_fields do
+      energy_consumptions { association_list(:energy_consumption) }
+      properties { association_list(:property) }
+    end
+  end
+end

data/spec/factories/record/event_factory.rb ADDED Viewed

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+FactoryBot.define do
+  factory :event, parent: :record, class: "SBOM::CycloneDX::Record::Event" do
+    trait :all_fields do
+      uid { SecureRandom.uuid }
+      description { Faker::Lorem.sentence }
+      time_received { Faker::Time.backward(days: 21) }
+      data { association(:attachment) }
+      source { association(:resource_reference_choice) }
+      target { association(:resource_reference_choice) }
+      properties { association_list(:property) }
+    end
+  end
+end