CycloneDX
diff --git a/‎README.md
+34-27 b/‎README.md
+34-27
diff --git a/‎cmd/component.go
+4-4 b/‎cmd/component.go
+4-4
diff --git a/‎cmd/errors.go
+14-7 b/‎cmd/errors.go
+14-7
diff --git a/‎cmd/license.go
+33-69 b/‎cmd/license.go
+33-69
diff --git a/‎cmd/resource.go
+9-1 b/‎cmd/resource.go
+9-1
diff --git a/‎cmd/resource_test.go
+1-1 b/‎cmd/resource_test.go
+1-1
@@ -1276,21 +1276,22 @@ Currently, all `resource list` command results are sorted by resource `type` the
 ```
 
 ```bash
-type       name               version  bom-ref
-----       ----               -------  -------
-component  ACME Application   2.0.0    pkg:app/[email protected]
-component  Library A          1.0.0    pkg:lib/[email protected]
-component  Library B          1.0.0    pkg:lib/[email protected]
-component  Library C          1.0.0    pkg:lib/[email protected]
-component  Library D          1.0.0    pkg:lib/[email protected]
-component  Library E          1.0.0    pkg:lib/[email protected]
-component  Library F          1.0.0    pkg:lib/[email protected]
-component  Library G          1.0.0    pkg:lib/[email protected]
-component  Library H          1.0.0    pkg:lib/[email protected]
-component  Library J          1.0.0    pkg:lib/[email protected]
-component  Library NoLicense  1.0.0    pkg:lib/[email protected]
-service    Bar                         service:example.com/myservices/bar
-service    Foo                         service:example.com/myservices/foo
+resource-type  group   name               version  description                       bom-ref
+-------------  -----   ----               -------  -----------                       -------
+component              ACME Application   2.0.0    ACME sample application           pkg:app/[email protected]
+component              Library A          1.0.0    Library A description             pkg:lib/[email protected]
+component              Library C          1.0.0    Library C description.            pkg:lib/[email protected]
+component              Library F          1.0.0    Library F description.            pkg:lib/[email protected]
+component              Library G          1.0.0    Library G description.            pkg:lib/[email protected]
+component              Library H          1.0.0    Library H description.            pkg:lib/[email protected]
+component              Library NoLicense  1.0.0    Library "NoLicense" description.  pkg:lib/[email protected]
+component      blue    Library B          1.0.0    Library B description.            pkg:lib/[email protected]
+component      blue    Library E          1.0.0    Library E description.            pkg:lib/[email protected]
+component      green   Library D          1.0.0    Library D description.            pkg:lib/[email protected]
+component      green   Library J          1.0.0    Library J description.            pkg:lib/[email protected]
+service                Bar                         Bar service                       service:example.com/myservices/bar
+service                Foo                         Foo service                       service:example.com/myservices/foo
+
 ```
 
 ##### Example: resource list using `--type service`
@@ -1302,10 +1303,16 @@ This example uses the `type` flag to specific `service`.  The other valid type i
 ```
 
 ```bash
-type     name    version  bom-ref
-----     ----    -------  -------
-service  Bar              service:example.com/myservices/bar
-service  Foo              service:example.com/myservices/foo
+resource-type  group   name    version  description  bom-ref
+-------------  -----   ----    -------  -----------  -------
+service                Bar              Bar service  service:example.com/myservices/bar
+service                Foo              Foo service  service:example.com/myservices/foo
+```
+
+**Note** The results would be equivalent to using the `--where` filter:
+
+```bash
+./sbom-utility resource list -i test/cyclonedx/cdx-1-3-resource-list.json --where "resource-type=service" --quiet
 ```
 
 ##### Example: list with `name` regex match
@@ -1317,20 +1324,16 @@ This example uses the `where` filter on the `name` field. In this case we supply
 ```
 
 ```bash
-type       name       version  bom-ref
-----       ----       -------  -------
-component  Library A  1.0.0    pkg:lib/[email protected]
+resource-type  group   name       version  description            bom-ref
+-------------  -----   ----       -------  -----------            -------
+component              Library A  1.0.0    Library A description  pkg:lib/[email protected]
 ```
 
 ---
 
 ### Schema
 
-You can verify which formats, schemas, versions and variants are available for validation by using the `schema` command:
-
-```bash
-./sbom-utility schema list
-```
+You can verify which formats, schemas, versions and variants are available for validation by using the `schema` command.
 
 - **Note**: The `schema` command will default to the `list` subcommand if omitted.
 
@@ -1348,6 +1351,10 @@ This command supports the `--format` flag with any of the following values:
 
 ##### Example: schema list
 
+```bash
+./sbom-utility schema list -q
+```
+
 ```bash
 name            variant      format     version   file                                             url
 ----            -------      ------     -------   ----                                             ---
 
@@ -235,8 +235,8 @@ func loadDocumentComponents(document *schema.BOM, whereFilters []common.WhereFil
 func sortComponents(entries []multimap.Entry) {
 	// Sort by Type then Name
 	sort.Slice(entries, func(i, j int) bool {
-		resource1 := (entries[i].Value).(schema.CDXResourceInfo)
-		resource2 := (entries[j].Value).(schema.CDXResourceInfo)
+		resource1 := (entries[i].Value).(schema.CDXComponentInfo)
+		resource2 := (entries[j].Value).(schema.CDXComponentInfo)
 		if resource1.ResourceType != resource2.ResourceType {
 			return resource1.ResourceType < resource2.ResourceType
 		}
@@ -265,7 +265,7 @@ func DisplayComponentListText(bom *schema.BOM, writer io.Writer) (err error) {
 	fmt.Fprintf(w, "%s\n", strings.Join(underlines, "\t"))
 
 	// Display a warning "missing" in the actual output and return (short-circuit)
-	entries := bom.ResourceMap.Entries()
+	entries := bom.ComponentMap.Entries()
 
 	// Emit no license warning into output
 	if len(entries) == 0 {
@@ -280,7 +280,7 @@ func DisplayComponentListText(bom *schema.BOM, writer io.Writer) (err error) {
 	var line []string
 	for _, entry := range entries {
 		line, err = prepareReportLineData(
-			entry.Value.(schema.CDXResourceInfo),
+			entry.Value.(schema.CDXComponentInfo),
 			COMPONENT_LIST_ROW_DATA,
 			true,
 		)
 
@@ -46,24 +46,31 @@ const (
 	ERR_TYPE_IETF_RFC6902_TEST_FAILED = "IETF RFC6902 test operation error"
 )
 
-// Validation messages
+// Custom Validation messages
+// TODO: Need to define a profile that supports these validation checks/messages
 const (
-	MSG_FORMAT_TYPE                           = "format: `%s`"
-	MSG_SCHEMA_ERRORS                         = "schema errors found"
+	MSG_PROPERTY_NOT_UNIQUE                   = "check failed: property not unique"
 	MSG_INVALID_METADATA_PROPERTIES           = "field `metadata.properties` is missing or invalid"
 	MSG_INVALID_METADATA_COMPONENT_COMPONENTS = "field `metadata.component.components` array should be empty"
 	MSG_INVALID_METADATA_COMPONENT            = "field `metadata.component` is missing or invalid"
-	MSG_PROPERTY_NOT_FOUND                    = "property not found"
-	MSG_PROPERTY_NOT_UNIQUE                   = "check failed: property not unique"
-	MSG_PROPERTY_REGEX_FAILED                 = "check failed: property regex mismatch"
-	MSG_IETF_RFC6902_OPERATION_SUCCESS        = "IETF RFC6902 test operation success"
+)
+
+// Validation messages
+const (
+	MSG_FORMAT_TYPE                    = "format: `%s`"
+	MSG_SCHEMA_ERRORS                  = "schema errors found"
+	MSG_PROPERTY_NOT_FOUND             = "property not found"
+	MSG_PROPERTY_REGEX_FAILED          = "check failed: property regex mismatch"
+	MSG_IETF_RFC6902_OPERATION_SUCCESS = "IETF RFC6902 test operation success"
 )
 
 // License messages
 const (
 	MSG_LICENSE_INVALID_DATA   = "invalid license data"
 	MSG_LICENSE_INVALID_POLICY = "invalid license policy"
+	MSG_LICENSE_NOT_FOUND      = "license not found"
 	MSG_LICENSES_NOT_FOUND     = "licenses not found"
+	MSG_LICENSE_HASH_ERROR     = "hash of license failed"
 )
 
 // Query error details
 
@@ -129,28 +129,33 @@ func loadDocumentLicenses(bom *schema.BOM, policyConfig *schema.LicensePolicyCon
 			return
 		}
 	}
-
 	return
 }
 
+// Note: An actual error SHOULD ONLY be returned by the custom validation code.
+func warnNoLicenseFound(bom *schema.BOM, location int) {
+	message := fmt.Sprintf("%s (%s)",
+		MSG_LICENSES_NOT_FOUND, // "licenses not found"
+		schema.GetLicenseChoiceLocationName(location))
+	sbomError := NewInvalidSBOMError(bom, message, nil, nil)
+	getLogger().Warning(sbomError)
+}
+
+func warnInvalidResourceLicense(resourceType string, bomRef string, name string, version string) {
+	getLogger().Warningf("%s. resourceType: `%s`: bomRef: `%s`, name:`%s`, version: `%s`",
+		MSG_LICENSE_NOT_FOUND,
+		resourceType, bomRef, name, version)
+}
+
 // Hash the license found in the (root).metadata.licenses[] array
 func hashMetadataLicenses(bom *schema.BOM, policyConfig *schema.LicensePolicyConfig, location int, whereFilters []common.WhereFilter, licenseFlags utils.LicenseCommandFlags) (err error) {
 	getLogger().Enter()
 	defer getLogger().Exit(err)
 
 	pLicenses := bom.GetCdxMetadataLicenses()
+	// Issue a warning that the SBOM does not declare at least one, top-level component license.
 	if pLicenses == nil {
-		sbomError := NewInvalidSBOMError(
-			bom,
-			fmt.Sprintf("%s (%s)",
-				MSG_LICENSES_NOT_FOUND,
-				schema.GetLicenseChoiceLocationName(location)),
-			nil, nil)
-		// Issue a warning as an SBOM without at least one, top-level license
-		// (in the metadata license summary) SHOULD be noted.
-		// Note: An actual error SHOULD ONLY be returned by
-		// the custom validation code.
-		getLogger().Warning(sbomError)
+		warnNoLicenseFound(bom, location)
 		return
 	}
 
@@ -168,7 +173,6 @@ func hashMetadataLicenses(bom *schema.BOM, policyConfig *schema.LicensePolicyCon
 			return
 		}
 	}
-
 	return
 }
 
@@ -179,22 +183,10 @@ func hashMetadataComponentLicenses(bom *schema.BOM, policyConfig *schema.License
 
 	component := bom.GetCdxMetadataComponent()
 	if component == nil {
-		sbomError := NewInvalidSBOMError(
-			bom,
-			fmt.Sprintf("%s (%s)",
-				MSG_LICENSES_NOT_FOUND,
-				schema.GetLicenseChoiceLocationName(location)),
-			nil, nil)
-		// Issue a warning as an SBOM without at least one
-		// top-level component license declared SHOULD be noted.
-		// Note: An actual error SHOULD ONLY be returned by
-		// the custom validation code.
-		getLogger().Warning(sbomError)
+		warnNoLicenseFound(bom, location)
 		return
 	}
-
 	_, err = hashComponentLicense(bom, policyConfig, *component, location, whereFilters, licenseFlags)
-
 	return
 }
 
@@ -240,38 +232,23 @@ func hashComponentLicense(bom *schema.BOM, policyConfig *schema.LicensePolicyCon
 			getLogger().Debugf("licenseChoice: %s", getLogger().FormatStruct(licenseChoice))
 			getLogger().Tracef("hashing license for component=`%s`", cdxComponent.Name)
 
-			licenseInfo.LicenseChoice = licenseChoice
-			licenseInfo.Component = cdxComponent
-			licenseInfo.BOMLocationValue = location
-			licenseInfo.ResourceName = cdxComponent.Name
-			if cdxComponent.BOMRef != nil {
-				licenseInfo.BOMRef = *cdxComponent.BOMRef
-			}
+			licenseInfo = *schema.NewLicenseInfoFromComponent(cdxComponent, licenseChoice, location)
 			err = hashLicenseInfoByLicenseType(bom, policyConfig, licenseInfo, whereFilters, licenseFlags)
 
 			if err != nil {
 				// Show intent to not check for error returns as there no intent to recover
-				_ = getLogger().Errorf("Unable to hash empty license: %v", licenseInfo)
+				_ = getLogger().Errorf("%s. license: %+v", MSG_LICENSE_HASH_ERROR, licenseInfo)
 				return
 			}
 		}
 	} else {
 		// Account for component with no license with an "UNDEFINED" entry
-		// hash any component w/o a license using special key name
-		licenseInfo.Component = cdxComponent
-		licenseInfo.BOMLocationValue = location
-		licenseInfo.ResourceName = cdxComponent.Name
-		if cdxComponent.BOMRef != nil {
-			licenseInfo.BOMRef = *cdxComponent.BOMRef
-		}
+		licenseInfo = *schema.NewLicenseInfoFromComponent(cdxComponent, schema.CDXLicenseChoice{}, location)
 		_, err = bom.HashmapLicenseInfo(policyConfig, LICENSE_NO_ASSERTION, licenseInfo, whereFilters, licenseFlags)
 
-		getLogger().Warningf("%s: %s (name:`%s`, version: `%s`, package-url: `%s`)",
-			"No license found for component. bomRef",
-			licenseInfo.BOMRef,
-			licenseInfo.ResourceName,
-			cdxComponent.Version,
-			cdxComponent.Purl)
+		// Issue a warning that the component had no license; use "safe" BOMRef string value
+		// TODO: flag component for stats. purposes
+		warnInvalidResourceLicense(schema.RESOURCE_TYPE_COMPONENT, licenseInfo.BOMRef.String(), cdxComponent.Name, cdxComponent.Version)
 		// No actual licenses to process
 		return
 	}
@@ -284,7 +261,6 @@ func hashComponentLicense(bom *schema.BOM, policyConfig *schema.LicensePolicyCon
 			return
 		}
 	}
-
 	return
 }
 
@@ -301,35 +277,23 @@ func hashServiceLicense(bom *schema.BOM, policyConfig *schema.LicensePolicyConfi
 		for _, licenseChoice := range *pLicenses {
 			getLogger().Debugf("licenseChoice: %s", getLogger().FormatStruct(licenseChoice))
 			getLogger().Tracef("Hashing license for service=`%s`", cdxService.Name)
-			licenseInfo.LicenseChoice = licenseChoice
-			licenseInfo.Service = cdxService
-			licenseInfo.ResourceName = cdxService.Name
-			if cdxService.BOMRef != nil {
-				licenseInfo.BOMRef = *cdxService.BOMRef
-			}
-			licenseInfo.BOMLocationValue = location
+			licenseInfo = *schema.NewLicenseInfoFromService(cdxService, licenseChoice, location)
 			err = hashLicenseInfoByLicenseType(bom, policyConfig, licenseInfo, whereFilters, licenseFlags)
-
 			if err != nil {
+				// Show intent to not check for error returns as there no intent to recover
+				_ = getLogger().Errorf("%s. license: %+v", MSG_LICENSE_HASH_ERROR, licenseInfo)
 				return
 			}
 		}
 	} else {
 		// Account for service with no license with an "UNDEFINED" entry
 		// hash any service w/o a license using special key name
-		licenseInfo.Service = cdxService
-		licenseInfo.BOMLocationValue = location
-		licenseInfo.ResourceName = cdxService.Name
-		if cdxService.BOMRef != nil {
-			licenseInfo.BOMRef = *cdxService.BOMRef
-		}
+		licenseInfo = *schema.NewLicenseInfoFromService(cdxService, schema.CDXLicenseChoice{}, location)
 		_, err = bom.HashmapLicenseInfo(policyConfig, LICENSE_NO_ASSERTION, licenseInfo, whereFilters, licenseFlags)
 
-		getLogger().Warningf("%s: %s (name: `%s`, version: `%s`)",
-			"No license found for service. bomRef",
-			cdxService.BOMRef,
-			cdxService.Name,
-			cdxService.Version)
+		// Issue a warning that the service had no license; use "safe" BOMRef string value
+		// TODO: flag service for stats. purposes
+		warnInvalidResourceLicense(schema.RESOURCE_TYPE_SERVICE, licenseInfo.BOMRef.String(), cdxService.Name, cdxService.Version)
 
 		// No actual licenses to process
 		return
@@ -340,8 +304,8 @@ func hashServiceLicense(bom *schema.BOM, policyConfig *schema.LicensePolicyConfi
 	if pServices != nil && len(*pServices) > 0 {
 		err = hashServicesLicenses(bom, policyConfig, *pServices, location, whereFilters, licenseFlags)
 		if err != nil {
-			// Show intent to not check for error returns as there is no recovery
-			_ = getLogger().Errorf("Unable to hash empty license: %v", licenseInfo)
+			// Show intent to not check for error returns as there no intent to recover
+			_ = getLogger().Errorf("%s. license: %+v", MSG_LICENSE_HASH_ERROR, licenseInfo)
 			return
 		}
 	}
 
@@ -52,8 +52,10 @@ const (
 
 var RESOURCE_LIST_ROW_DATA = []ColumnFormatData{
 	*NewColumnFormatData(RESOURCE_FILTER_KEY_RESOURCE_TYPE, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false),
+	*NewColumnFormatData(RESOURCE_FILTER_KEY_GROUP, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, REPORT_REPLACE_LINE_FEEDS_TRUE),
 	*NewColumnFormatData(RESOURCE_FILTER_KEY_NAME, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false),
 	*NewColumnFormatData(RESOURCE_FILTER_KEY_VERSION, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false),
+	*NewColumnFormatData(RESOURCE_FILTER_KEY_DESCRIPTION, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, REPORT_REPLACE_LINE_FEEDS_TRUE),
 	*NewColumnFormatData(RESOURCE_FILTER_KEY_BOMREF, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, REPORT_REPLACE_LINE_FEEDS_TRUE),
 }
 
@@ -260,7 +262,13 @@ func sortResources(entries []multimap.Entry) {
 		if resource1.ResourceType != resource2.ResourceType {
 			return resource1.ResourceType < resource2.ResourceType
 		}
-		return resource1.Name < resource2.Name
+		if resource1.Group != resource2.Group {
+			return resource1.Group < resource2.Group
+		}
+		if resource1.Name != resource2.Name {
+			return resource1.Name < resource2.Name
+		}
+		return resource1.Version < resource2.Version
 	})
 }
 
 
@@ -256,7 +256,7 @@ func TestResourceListTextCdx13WhereClauseAndResultsBomRefContains(t *testing.T)
 		EXPECTED_OUTPUT_LINE_COUNT,
 		schema.RESOURCE_TYPE_COMPONENT)
 	rti.ResultLineContainsValues = TEST_OUTPUT_CONTAINS
-	rti.ResultLineContainsValuesAtLineNum = 10
+	rti.ResultLineContainsValuesAtLineNum = 11
 	innerTestResourceList(t, rti)
 }
Original file line number	Diff line number	Diff line change
`@@ -256,7 +256,7 @@ func TestResourceListTextCdx13WhereClauseAndResultsBomRefContains(t *testing.T)`
`256`	`256`	`EXPECTED_OUTPUT_LINE_COUNT,`
`257`	`257`	`schema.RESOURCE_TYPE_COMPONENT)`
`258`	`258`	`rti.ResultLineContainsValues = TEST_OUTPUT_CONTAINS`
`259`		`- rti.ResultLineContainsValuesAtLineNum = 10`
	`259`	`+ rti.ResultLineContainsValuesAtLineNum = 11`
`260`	`260`	`innerTestResourceList(t, rti)`
`261`	`261`	`}`
`262`	`262`