specification icon indicating copy to clipboard operation
specification copied to clipboard
Published 1 month ago verified publisher icon CycloneDX

BC: Removing `incomplete_` prefix in compositions.aggregate

Open prabhu opened this issue 2 years ago • 1 comments

https://cyclonedx.org/docs/1.5/json/#compositions_items_aggregate

We currently have incomplete_ prefix on values. This sounds negative and could confuse the consumers that the list is incomplete.

For example, the vendor might have provided a complete and accurate first-party-only or third-party-only SBOM as per the compliance requirements.

It will be nice to accept values without the incomplete_ prefix.

prabhu avatar Oct 12 '23 21:10 prabhu

This sounds negative and could confuse the consumers that the list is incomplete.

It is incomplete. If I were to purchase an energy bar and the manufacture only included the ingredients from third-parties and not their own, the ingredient list would be incomplete.

stevespringett avatar Oct 16 '23 04:10 stevespringett