specification icon indicating copy to clipboard operation
specification copied to clipboard
Published 1 month ago verified publisher icon CycloneDX

Consider making specVersion an integer with validations

Open prabhu opened this issue 1 year ago • 2 comments

Currently specVersion is a string. This is creating confusion when consuming tools treat this value as both string and integer.

Example:

https://github.com/CycloneDX/cyclonedx-maven-plugin/blob/925b04fdd74e4e412e1cc06d7fad9e7a102e329c/src/main/java/org/cyclonedx/maven/DefaultModelConverter.java#L236

https://github.com/CycloneDX/cyclonedx-maven-plugin/blob/925b04fdd74e4e412e1cc06d7fad9e7a102e329c/src/it/makeBom/verify.groovy#L11

https://github.com/DependencyTrack/dependency-track/blob/b40ea44864d006079d38a8d159c2d9d1c5fb04f7/src/main/java/org/dependencytrack/model/Vex.java#L131

prabhu avatar Apr 13 '24 20:04 prabhu

I suppose the JSON examples are mere examples, and the intention should also be reflected in XML and ProtoBuf?

jkowalleck avatar Apr 23 '24 11:04 jkowalleck

see also the discussion here: https://github.com/CycloneDX/specification/discussions/476

jkowalleck avatar Jun 12 '24 11:06 jkowalleck