cyclonedx-cli icon indicating copy to clipboard operation
cyclonedx-cli copied to clipboard

Published 20 hours ago verified publisher icon CycloneDX

Validate doesn't tell you why the format isn't any good or where the problem is

Open mebigfatguy opened this issue 1 year ago • 2 comments

docker run -v .:/mnt/mydata cyclonedx/cyclonedx-cli validate --input-file /mnt/mydata/bcdx.json Unable to validate against any JSON schemas. BOM is not valid.

that is not helpful

mebigfatguy avatar Mar 03 '23 15:03 mebigfatguy

I found that --fail-on-errors provides a tiny bit more information. Not really good but at least better.

schlenk avatar Mar 17 '23 10:03 schlenk

For more verbose validation errors, I've found check-jsonschema (and also on pypi), to be useful; e.g. if I add a field not supported by the schema such as invalid_field_name I get:

$ check-jsonschema --schemafile /path/to/bom-1.4.schema.json bom.json
Schema validation errors were encountered.
   .validate_piped_input.txt::$.components[0].supplier.contact[0]: Additional properties are not allowed ('invalid_field_name' was unexpected)

Note this only checks that the BOM is syntactically correct, not that the values are correct; for instance, it won't check to see that your dependencies section points to things which exist (but then, neither does the cyclonedx-cli tool). Hope this helps.

nrnvgh avatar Mar 22 '23 21:03 nrnvgh

This should be improved by release 0.26.0.

andreas-hilti avatar Aug 17 '24 08:08 andreas-hilti