diff --git a/src/main/java/org/cyclonedx/maven/DefaultModelConverter.java b/src/main/java/org/cyclonedx/maven/DefaultModelConverter.java
index ad2d36f2..2d28c5fb 100644
--- a/src/main/java/org/cyclonedx/maven/DefaultModelConverter.java
+++ b/src/main/java/org/cyclonedx/maven/DefaultModelConverter.java
@@ -232,7 +232,9 @@ private void extractComponentMetadata(MavenProject project, Component component,
if (project.getDistributionManagement() != null) {
addExternalReference(ExternalReference.Type.DISTRIBUTION, project.getDistributionManagement().getDownloadUrl(), component);
if (project.getDistributionManagement().getRepository() != null) {
- addExternalReference(ExternalReference.Type.DISTRIBUTION, project.getDistributionManagement().getRepository().getUrl(), component);
+ ExternalReference.Type type =
+ (schemaVersion.getVersion() < 1.5) ? ExternalReference.Type.DISTRIBUTION : ExternalReference.Type.DISTRIBUTION_INTAKE;
+ addExternalReference(type, project.getDistributionManagement().getRepository().getUrl(), component);
}
}
if (project.getIssueManagement() != null) {
diff --git a/src/test/java/org/cyclonedx/maven/ExternalReferenceTest.java b/src/test/java/org/cyclonedx/maven/ExternalReferenceTest.java
index 3bc88e39..f7229476 100644
--- a/src/test/java/org/cyclonedx/maven/ExternalReferenceTest.java
+++ b/src/test/java/org/cyclonedx/maven/ExternalReferenceTest.java
@@ -51,7 +51,7 @@ private static void verifyParentExternalReferences(File projDir) {
assertExternalReferences(bomJsonFile, "chat", "url", singleton("https://acme.com/parent"));
assertExternalReferences(bomJsonFile, "website", "url", singleton("https://cyclonedx.org/acme"));
assertExternalReferences(bomJsonFile, "vcs", "url", singleton("https://github.com/CycloneDX/cyclonedx-maven-plugin.git"));
- verifyCommonExternalReferences(bomJsonFile);
+ verifyCommonExternalReferences(bomJsonFile, false);
}
private static void verifyChildExternalReferences(File projDir) {
@@ -59,14 +59,15 @@ private static void verifyChildExternalReferences(File projDir) {
assertExternalReferences(bomJsonFile, "chat", "url", asList("https://acme.com/parent", "https://acme.com/child"));
assertExternalReferences(bomJsonFile, "website", "url", singleton("https://cyclonedx.org/acme/child"));
assertExternalReferences(bomJsonFile, "vcs", "url", singleton("https://github.com/CycloneDX/cyclonedx-maven-plugin.git/child"));
- verifyCommonExternalReferences(bomJsonFile);
+ verifyCommonExternalReferences(bomJsonFile, true);
}
- private static void verifyCommonExternalReferences(File bomJsonFile) {
+ private static void verifyCommonExternalReferences(File bomJsonFile, boolean child) {
assertExternalReferences(bomJsonFile, "chat", "comment", singleton("optional comment"));
assertExternalReferences(bomJsonFile, "release-notes", "url", singleton("https://github.com/CycloneDX/cyclonedx-maven-plugin/releases"));
assertExternalReferences(bomJsonFile, "build-system", "url", singleton("https://github.com/CycloneDX/cyclonedx-maven-plugin/actions"));
- assertExternalReferences(bomJsonFile, "distribution", "url", singleton("https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/"));
+ // CycloneDX 1.4 supports distribution only, 1.5 replaces with distribution-intake
+ assertExternalReferences(bomJsonFile, child ? "distribution" : "distribution-intake", "url", singleton("https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/"));
assertExternalReferences(bomJsonFile, "issue-tracker", "url", singleton("https://github.com/CycloneDX/cyclonedx-maven-plugin/issues"));
assertExternalReferences(bomJsonFile, "mailing-list", "url", singleton("https://dev.ml.cyclonedx.org/archive"));
}
diff --git a/src/test/resources/external-reference/child/pom.xml b/src/test/resources/external-reference/child/pom.xml
index 1455508e..1f0c7b25 100644
--- a/src/test/resources/external-reference/child/pom.xml
+++ b/src/test/resources/external-reference/child/pom.xml
@@ -28,6 +28,7 @@
cyclonedx-maven-plugin
${cyclonedx-maven-plugin.version}
+ 1.4
CHAT