anchore · spiffcs · Apr 29, 2022 · Apr 27, 2022 · Apr 29, 2022
diff --git a/Makefile b/Makefile
@@ -305,7 +305,7 @@ cli: $(SNAPSHOTDIR) ## Run CLI tests
 	chmod 755 "$(SNAPSHOT_BIN)"
 	$(SNAPSHOT_BIN) version
 	SYFT_BINARY_LOCATION='$(SNAPSHOT_BIN)' \
-		go test -count=1 -v ./test/cli
+		go test -count=1 -timeout=15m -v ./test/cli
 
 .PHONY: changelog
 changelog: clean-changelog CHANGELOG.md

diff --git a/internal/formats/common/cyclonedxhelpers/component.go b/internal/formats/common/cyclonedxhelpers/component.go
@@ -50,7 +50,7 @@ func deriveBomRef(p pkg.Package) string {
 	// TODO: In the future we may want to dedupe by PURL and combine components with
 	// the same PURL while preserving their unique metadata.
 	if parsedPURL, err := packageurl.FromString(p.PURL); err == nil {
-		parsedPURL.Qualifiers = append(parsedPURL.Qualifiers, packageurl.Qualifier{Key: "syft-id", Value: string(p.ID())})
+		parsedPURL.Qualifiers = append(parsedPURL.Qualifiers, packageurl.Qualifier{Key: "package-id", Value: string(p.ID())})
 		return parsedPURL.ToString()
 	}
 	// fallback is to use strictly the ID if there is no valid pURL

diff --git a/internal/formats/common/cyclonedxhelpers/component_test.go b/internal/formats/common/cyclonedxhelpers/component_test.go
@@ -171,7 +171,7 @@ func Test_deriveBomRef(t *testing.T) {
 		{
 			name: "use pURL-id hybrid",
 			pkg:  pkgWithPurl,
-			want: fmt.Sprintf("pkg:pypi/[email protected]?syft-id=%s", pkgWithPurl.ID()),
+			want: fmt.Sprintf("pkg:pypi/[email protected]?package-id=%s", pkgWithPurl.ID()),
 		},
 		{
 			name: "fallback to ID when pURL is invalid",

diff --git a/internal/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden b/internal/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden
@@ -57,7 +57,7 @@
       ]
     },
     {
-      "bom-ref": "pkg:deb/debian/[email protected]?syft-id=ceda99598967ae8d",
+      "bom-ref": "pkg:deb/debian/[email protected]?package-id=ceda99598967ae8d",
       "type": "library",
       "name": "package-2",
       "version": "2.0.1",

diff --git a/internal/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden b/internal/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden
@@ -62,7 +62,7 @@
       ]
     },
     {
-      "bom-ref": "pkg:deb/debian/[email protected]?syft-id=ae77680e9b1d087e",
+      "bom-ref": "pkg:deb/debian/[email protected]?package-id=ae77680e9b1d087e",
       "type": "library",
       "name": "package-2",
       "version": "2.0.1",

diff --git a/internal/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden b/internal/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden
@@ -32,7 +32,7 @@
         <property name="syft:location:0:path">/some/path/pkg1</property>
       </properties>
     </component>
-    <component bom-ref="pkg:deb/debian/[email protected]?syft-id=ceda99598967ae8d" type="library">
+    <component bom-ref="pkg:deb/debian/[email protected]?package-id=ceda99598967ae8d" type="library">
       <name>package-2</name>
       <version>2.0.1</version>
       <cpe>cpe:2.3:*:some:package:2:*:*:*:*:*:*:*</cpe>

diff --git a/internal/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden b/internal/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden
@@ -34,7 +34,7 @@
         <property name="syft:location:0:path">/somefile-1.txt</property>
       </properties>
     </component>
-    <component bom-ref="pkg:deb/debian/[email protected]?syft-id=ae77680e9b1d087e" type="library">
+    <component bom-ref="pkg:deb/debian/[email protected]?package-id=ae77680e9b1d087e" type="library">
       <name>package-2</name>
       <version>2.0.1</version>
       <cpe>cpe:2.3:*:some:package:2:*:*:*:*:*:*:*</cpe>