cyclonedx-cli icon indicating copy to clipboard operation
cyclonedx-cli copied to clipboard

Published 20 hours ago verified publisher icon CycloneDX

Missed BSD-3-Clause-Modification support

Open jake2-0 opened this issue 3 years ago • 1 comments

Looks like there is missed support of license id BSD-3-Clause-Modification that presents in cyclonedx spec 1.4 https://github.com/CycloneDX/specification/blob/1.4/schema/spdx.schema.json#L57

Enviroment:

./cyclonedx-linux-x64 --version
0.24.0

lsb_release -a                                                               
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.04.1 LTS
Release:        22.04
Codename:       jammy

Steps to reproduce

./cyclonedx-linux-x64 validate --input-file ./sbom-with-bsd-3-clause-modification.json --input-version v1_4

Content of sbom-with-bsd-3-clause-modification.json:

{
  "bomFormat": "CycloneDX",
  "specVersion": "1.4",
  "serialNumber": "urn:uuid:34dea56d-d91d-43df-b610-84a1281eb7e3",
  "version": 1,
  "components": [
    {
      "type": "library",
      "bom-ref": "dfc41578-5bc1-4d46-a691-91c6e9d32710",
      "name": "mylib",
      "version": "",
      "publisher": "me",
      "licenses": [
        {
          "license": {
            "id": "BSD-3-Clause-Modification"
          }
        }
      ]
    }
  ]
}

Happened

Validating JSON BOM...
Validation failed: 
#
BOM is not valid.

Expected

Validating JSON BOM...
BOM validated successfully.

Additionally

if change BSD-3-Clause-Modification to BSD-3-Clause, tool works as expected.

jake2-0 avatar Sep 13 '22 11:09 jake2-0

As far as I can see, this is fixed by version 0.24.2 (thanks to an updated cyclonedx-dotnet-library with updated schemas).

andreas-hilti avatar Aug 19 '23 21:08 andreas-hilti