cyclonedx-cli Validate command false error on license id Elastic-2.0

Validate command false error on license id Elastic-2.0

Open DavidLambertCyber opened this issue 3 years ago • 3 comments

What I did

generate Log4j sbom using CycloneDX Maven Plugin
Command to validate, followed by output (thanks for supporting failed line number, very helpful !)

cat ./sboms/apache-log4j-2.17.2-src/log4j_2.17.2_cdx_1.4_sbom.xml | cyclonedx-cli validate --input-format xml --input-version v1_4 --fail-on-errors
Validating XML BOM...
Validation failed at line number 3799 and position 28: The 'http://cyclonedx.org/schema/bom/1.4:id' element is invalid - The value 'Elastic-2.0' is invalid according to its datatype 'http://cyclonedx.org/schema/spdx:licenseId' - The Enumeration constraint failed.
BOM is not valid.

snip of sbom xml at line 3799 = Elastic-2.0

      <licenses>
        <license>
          <id>Elastic-2.0</id>
          <text content-type="plain/text"

cyclonedx cli version

cyclonedx-cli --version
0.24.0

Jul 26 '22 14:07 DavidLambertCyber

Are you able to share the BOM file? That is a valid license identifier. So I don't know why it isn't validating.

Aug 12 '22 02:08 coderpatros

| cyclonedx-cli validate --input-format xml --input-version v1_4 --fail-on-errors

my apologizes, I cannot reproduce the error, close ticket

Sep 07 '22 22:09 DavidLambertCyber

cannot reproduce the error,

Sep 07 '22 22:09 DavidLambertCyber

cyclonedx-cli cyclonedx-cli copied to clipboard

Validate command false error on license id Elastic-2.0

What I did

cyclonedx-cli
cyclonedx-cli copied to clipboard