`component.evidence` is repeated in proto and object in jsonschema

[prabhu]

Looks like this got missed somehow

I think it must be optional in the proto as well.

https://github.com/CycloneDX/specification/blob/master/schema/bom-1.6.proto#L136

https://github.com/CycloneDX/specification/blob/master/schema/bom-1.6.schema.json#L2079

Originally reported here

[jkowalleck]

confirmed.

in ProtoBuf is it a repeated (optional) element: https://github.com/CycloneDX/specification/blob/55343ba19dee1785acf1ce9191540d5fd7b590db/schema/bom-1.6.proto#L135-L136

in JSON it is a single optional element: https://github.com/CycloneDX/specification/blob/55343ba19dee1785acf1ce9191540d5fd7b590db/schema/bom-1.6.schema.json#L1061-L1065 in XML ti is a single optional element: https://github.com/CycloneDX/specification/blob/55343ba19dee1785acf1ce9191540d5fd7b590db/schema/bom-1.6.xsd#L680-L684

i agree, there is a difference.

[jkowalleck]

https://github.com/CycloneDX/specification/issues/272#issuecomment-1869972139

Actually, the defect is in the JSON and XML schemas. In this case, the protobuf is correct. Identity should be an array.

[jkowalleck]

@stevespringett so we make the JSON/XML being a list?

[prabhu]

@jkowalleck I thought only evidence.identity becomes an array, while evidence continued to be an object.

[jkowalleck]

@jkowalleck I thought only evidence.identity becomes an array, while evidence continued to be an object.

i see. proposed a PR to fix it: https://github.com/CycloneDX/specification/pull/425

[jkowalleck]

reopened via #516 as agreed in CoreWorkingGroup meeting on 2014-09-02

[jkowalleck]

fixed via https://github.com/CycloneDX/specification/pull/517