specification icon indicating copy to clipboard operation
specification copied to clipboard
Published 1 month ago verified publisher icon CycloneDX

[Defect]: Inconsistency in the CycloneDX v1.6 - `cryptoRefArray`

Open n1ckl0sk0rtge opened this issue 1 year ago • 3 comments

Describe the defect

There is an inconsistency in the CycloneDX 1.6 spec implementation. The spec talks about cryptoRefArray being part of protocolProperties. https://github.com/CycloneDX/specification/blob/62a669075f1897193a14060e0784e6a7576b693d/schema/bom-1.6.schema.json#L5572-L5576

The 1.6.xsd schema definition does not specify them. https://github.com/CycloneDX/specification/blob/62a669075f1897193a14060e0784e6a7576b693d/schema/bom-1.6.xsd#L7301-L7303

also missing in ProtoBuf. https://github.com/CycloneDX/specification/blob/62a669075f1897193a14060e0784e6a7576b693d/schema/bom-1.6.proto#L2193

n1ckl0sk0rtge avatar Jul 26 '24 13:07 n1ckl0sk0rtge

report looks about right. or did I miss something?

jkowalleck avatar Jul 26 '24 13:07 jkowalleck

@n1ckl0sk0rtge My understanding is that the defect is with the XML and Protobuf schemas. Is that correct? And if so, then the JSON schema is accurate, correct?

stevespringett avatar Jul 31 '24 03:07 stevespringett

possible fix: #502 please review

jkowalleck avatar Aug 13 '24 18:08 jkowalleck