From caf0e5f165a676dc6a484f99102ea8953b96595f Mon Sep 17 00:00:00 2001
From: Christoph Hartmann <chris@lollyrock.com>
Date: Fri, 19 Jul 2024 20:10:48 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=A7=B9=20add=20bom=20ref?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 sbom/cyclonedx.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/sbom/cyclonedx.go b/sbom/cyclonedx.go
index a6319a82c4..1144285c94 100644
--- a/sbom/cyclonedx.go
+++ b/sbom/cyclonedx.go
@@ -38,6 +38,7 @@ func (ccx *CycloneDX) convertToCycloneDx(bom *Sbom) (*cyclonedx.BOM, error) {
 		Tools: &cyclonedx.ToolsChoice{
 			Components: &[]cyclonedx.Component{
 				{
+					Type:    cyclonedx.ComponentTypeApplication,
 					Author:  bom.Generator.Vendor,
 					Name:    bom.Generator.Name,
 					Version: bom.Generator.Version,
@@ -45,7 +46,7 @@ func (ccx *CycloneDX) convertToCycloneDx(bom *Sbom) (*cyclonedx.BOM, error) {
 			},
 		},
 		Component: &cyclonedx.Component{
-			// BOMRef:  string(bomRef),
+			BOMRef: uuid.New().String(),
 			// TODO: understand the device type
 			// Type: cyclonedx.ComponentTypeContainer,
 			Type: cyclonedx.ComponentTypeDevice,
@@ -62,6 +63,7 @@ func (ccx *CycloneDX) convertToCycloneDx(bom *Sbom) (*cyclonedx.BOM, error) {
 	}
 
 	components = append(components, cyclonedx.Component{
+		BOMRef:  uuid.New().String(),
 		Type:    cyclonedx.ComponentTypeOS,
 		Name:    bom.Asset.Platform.Name,
 		Version: bom.Asset.Platform.Version,
@@ -104,6 +106,7 @@ func (ccx *CycloneDX) convertToCycloneDx(bom *Sbom) (*cyclonedx.BOM, error) {
 		}
 
 		bomPkg := cyclonedx.Component{
+			BOMRef:     uuid.New().String(), // temporary, we need to store the relationships next
 			Type:       cyclonedx.ComponentTypeLibrary,
 			Name:       pkg.Name,
 			Version:    pkg.Version,