Rodney Richardson

Many unit testing frameworks will raise a specific exception within ASSERT to prevent a test from continuing, but to still execute other tests. I would like to see this added,...

@Itori As a workaround, are you able to trust the root CA from the development server? It would seem more secure to allow an additional (list of) CA certificates to...

The schema you're using doesn't have a "properties" or "type" keys, so everything ends up in the ExtensionData property. try adding ` "type" : "object",` and renaming `"resourceDefinitions"` to `"properties"`.

macos tests are failing due to using a now-unsupported version of xcode: See #202 for a fix

This looks to be an issue with cyclonedx-python-lib. Raised there instead: https://github.com/CycloneDX/cyclonedx-python-lib/issues/227

Actually, the choice of bom-ref is made in cyclonedx-python. Reopening to address that part here. The ordering of elements is addressed here: https://github.com/CycloneDX/cyclonedx-python-lib/pull/235

Would it be worth downloading and parsing the license text, such as done by [licensee](https://github.com/licensee/licensee)?

Another license url that doesn't resolve for pkg:nuget/[email protected]: https://aka.ms/deprecateLicenseUrl This resolves to here: https://docs.microsoft.com/en-us/nuget/consume-packages/finding-and-choosing-packages#license-url-deprecation which gives details of how to find the actual license file (by downloading and extracting the...

This seems like it should find the KeyCloak license (even with it using a "main" branch): https://api.github.com/repos/lvermeulen/Keycloak.Net/license?ref=b52d4e6f2697e88d6ff12afe280b415ef804e8cb It doesn't, however, find the Microsoft licenses (e.g. https://api.github.com/repos/dotnet-core-setup/license returns 404)

Do you also have duplicate components in the SBOM? Or do you have different versions of the same component (e.g. "pkg:nuget/coverlet.collector.3.1.0" and "pkg:nuget/coverlet.collector.3.1.2")?