104 support cyclonedx external reference type source distribution

ChangeLog.md

@@ -10,9 +10,11 @@
 * `bom merge` improved: the dependencies are reconstructed, i.e. all dependencies
   that existed in the SBOMs before the merge should also exist after the merge.
 * `bom convert` improved: we can now convert from and to CycloneDX XML.
-* new command `bom validate` to do a siple validation whether a given SBOM
+* new command `bom validate` to do a simple validation whether a given SBOM
   complies with the CycloneDX spec version 1.4, 1.5 or 1.6.
 * `bom findsources`: programming language can be `golang` or `go`.
+* support for the new CyCloneDX 1.6 external reference type `source-distribution`
+  when trying to find the source code for a component.
 
 ## 2.6.0.dev1
 

capycli/common/capycli_bom_support.py

@@ -200,6 +200,10 @@ def get_ext_ref_source_url(comp: Component) -> Any:
                     and (ext_ref.comment == CaPyCliBom.SOURCE_URL_COMMENT):
                 return ext_ref.url
 
+            # new for CyCloneDX 1.6
+            if (ext_ref.type == ExternalReferenceType.SOURCE_DISTRIBUTION):
+                return ext_ref.url
+
         return ""
 
     @staticmethod