fix: support other versions of cyclonedx?

[terriko]

I noticed our main repo's SBOMs are now being generated in CycloneDX 1.5:

  "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.5",

But I remembered from code review that we're explicitly looking for CycloneDX 1.3 in a few spots:

cve-bin-tool-action/src/cve_bin_tool.py

Line 211 in b6bf3ba

if data.find("cyclonedx.org/schema/bom/1.3") != -1:

Do we need to change anything to make sure other versions of CycloneDX get picked up?

[b31ngd3v]

In the cve-bin-tool how to scan sbom doc it says it only supports cyclonedx 1.3.

[terriko]

Okay, I'll open an issue in the main repo too I guess to see if that's something we need to extend

[terriko]

Sounds like the main repo actually supports 1.3-1.5, the docs just need updating. So we should be able to support up to 1.5 here as well.

@b31ngd3v This isn't urgent; your gsoc report & the final documentation tasks should come first. And if you don't feel like getting to this, someone else can work on it later!