specification icon indicating copy to clipboard operation
specification copied to clipboard
Published 1 month ago verified publisher icon CycloneDX

protobuf Metadata licenses should be repeated

Open b-grooters-byte opened this issue 2 years ago • 1 comments

The protobuf specification for bom MetaData does not appear match the XML and JSON specifications. It seems that the licenses field should be a repeated, rather than optional, field in the MetaData to match the JSON and XML schema specification for the same field. Proto:

message LicenseChoice {
  oneof choice {
    License license = 1;
    string expression = 2;
  }
}

message Metadata {
 ...
  // The license information for the BOM document
  optional LicenseChoice licenses = 7;
  // Specifies optional, custom, properties
  repeated Property properties = 8;
}

JSON:

"metadata": {
      "type": "object",
      "title": "BOM Metadata Object",

"licenses": {
          "type": "array",
          "title": "BOM License(s)",
          "additionalItems": false,
          "items": {"$ref": "#/definitions/licenseChoice"}
        },

A similar apparent discrepancy appears in the v1.5 specifications from proto to JSON.

b-grooters-byte avatar Jul 11 '23 23:07 b-grooters-byte

looks like a low hanging fruit. i might work on this for 1.6, as soon as https://github.com/CycloneDX/specification/pull/385 is in

jkowalleck avatar Feb 28 '24 14:02 jkowalleck