Conversion of SPDX to Cyclone dx is possible using cli or any other options for converting these 2 formats

[Ranjithkumar-Arumugam-agilysys]

I am trying to convert SPDX to Cyclone DX with cli while i am trying this option i am facing - Unhandled exception: System.Text.Json.JsonException: The JSON value could not be converted to CycloneDX.Spdx.Models.v2_2.ExternalRefCategory. Path: $.packages[0].externalRefs[0].referenceCategory | LineNumber: 718 | BytePositionInLine: 48. at System.Text.Json.ThrowHelper.ThrowJsonException(String ) at System.Text.Json.Serialization.Converters.EnumConverter1.ReadAsPropertyNameCore(Utf8JsonReader& , Type , JsonSerializerOptions ) at System.Text.Json.Serialization.Converters.EnumConverter1.Read(Utf8JsonReader& , Type , JsonSerializerOptions ) at System.Text.Json.Serialization.Metadata.JsonPropertyInfo1.ReadJsonAndSetMember(Object , ReadStack& , Utf8JsonReader& ) at System.Text.Json.Serialization.Converters.ObjectDefaultConverter1.OnTryRead(Utf8JsonReader& , Type , JsonSerializerOptions , ReadStack& , T& ) at System.Text.Json.Serialization.JsonConverter1.TryRead(Utf8JsonReader& , Type , JsonSerializerOptions , ReadStack& , T& ) at System.Text.Json.Serialization.JsonCollectionConverter2.OnTryRead(Utf8JsonReader& , Type , JsonSerializerOptions , ReadStack& , TCollection& ) at System.Text.Json.Serialization.JsonConverter1.TryRead(Utf8JsonReader& , Type , JsonSerializerOptions , ReadStack& , T& ) at System.Text.Json.Serialization.Metadata.JsonPropertyInfo1.ReadJsonAndSetMember(Object , ReadStack& , Utf8JsonReader& ) at System.Text.Json.Serialization.Converters.ObjectDefaultConverter1.OnTryRead(Utf8JsonReader& , Type , JsonSerializerOptions , ReadStack& , T& ) at System.Text.Json.Serialization.JsonConverter1.TryRead(Utf8JsonReader& , Type , JsonSerializerOptions , ReadStack& , T& ) at System.Text.Json.Serialization.JsonCollectionConverter2.OnTryRead(Utf8JsonReader& , Type , JsonSerializerOptions , ReadStack& , TCollection& ) at System.Text.Json.Serialization.JsonConverter1.TryRead(Utf8JsonReader& , Type , JsonSerializerOptions , ReadStack& , T& ) at System.Text.Json.Serialization.Metadata.JsonPropertyInfo1.ReadJsonAndSetMember(Object , ReadStack& , Utf8JsonReader& ) at System.Text.Json.Serialization.Converters.ObjectDefaultConverter1.OnTryRead(Utf8JsonReader& , Type , JsonSerializerOptions , ReadStack& , T& ) at System.Text.Json.Serialization.JsonConverter1.TryRead(Utf8JsonReader& , Type , JsonSerializerOptions , ReadStack& , T& ) at System.Text.Json.Serialization.JsonConverter1.ReadCore(Utf8JsonReader& , JsonSerializerOptions , ReadStack& ) at System.Text.Json.JsonSerializer.ReadCore[TValue](JsonConverter , Utf8JsonReader& , JsonSerializerOptions , ReadStack& ) at System.Text.Json.JsonSerializer.ReadCore[TValue](JsonReaderState& , Boolean , ReadOnlySpan`1 , JsonSerializerOptions , ReadStack& , JsonConverter ) at System.Text.Json.JsonSerializer.ContinueDeserialize[TValue](ReadBufferState& , JsonReaderState& , ReadStack& , JsonConverter , JsonSerializerOptions ) at System.Text.Json.JsonSerializer.ReadAllAsync[TValue](Stream , JsonTypeInfo , CancellationToken ) at CycloneDX.Spdx.Serialization.JsonSerializer.DeserializeAsync(Stream jsonStream) at CycloneDX.Cli.CliUtils.InputBomHelper(String filename, ConvertFormat format) at CycloneDX.Cli.Commands.ConvertCommand.Convert(ConvertCommandOptions options) at System.CommandLine.Invocation.CommandHandler.GetExitCodeAsync(Object value, InvocationContext context) at System.CommandLine.Invocation.ModelBindingCommandHandler.InvokeAsync(InvocationContext context) at System.CommandLine.Invocation.InvocationPipeline.<>c__DisplayClass4_0.<<BuildInvocationChain>b__0>d.MoveNext() --- End of stack trace from previous location --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass23_0.<<UseParseErrorReporting>b__0>d.MoveNext() --- End of stack trace from previous location --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass16_0.<<UseHelp>b__0>d.MoveNext() --- End of stack trace from previous location --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass27_0.<<UseVersionOption>b__1>d.MoveNext() --- End of stack trace from previous location --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass25_0.<<UseTypoCorrections>b__0>d.MoveNext() --- End of stack trace from previous location --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<UseSuggestDirective>b__24_0>d.MoveNext() --- End of stack trace from previous location --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass22_0.<<UseParseDirective>b__0>d.MoveNext() --- End of stack trace from previous location --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass11_0.<<UseDebugDirective>b__0>d.MoveNext() --- End of stack trace from previous location --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<RegisterWithDotnetSuggest>b__10_0>d.MoveNext() --- End of stack trace from previous location --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass14_0.<<UseExceptionHandler>b__0>d.MoveNext()

Can any one help me out of this ?

Conversion of SPDX to Cyclone dx is possible using cli or any other options for converting these 2 formats.

[andreas-hilti]

@Ranjithkumar-Arumugam-agilysys Can you share the source SBOM (or a minimal example)?

I'm assuming that there is a value which doesn't fall into the possible enum values, see: https://github.com/CycloneDX/cyclonedx-dotnet-library/blob/main/src/CycloneDX.Spdx/Models/v2_2/ExternalRefCategory.cs

In particular, what is located here? Path: $.packages[0].externalRefs[0].referenceCategory | LineNumber: 718 | BytePositionInLine: 48.

[andreas-hilti]

Might be related or even a duplicate of https://github.com/CycloneDX/cyclonedx-cli/issues/316