scancode.io Parts of the latest CycloneDX specs (1.5, 1.6) are not supported by `cyclonedx-python-lib`

Parts of the latest CycloneDX specs (1.5, 1.6) are not supported by `cyclonedx-python-lib`

Open tdruez opened this issue 10 months ago • 1 comments

For example, the metadata.tools as an array was deprecated in 1.5 and replaced by an object structure where you can define a list of components and services.

The issue is that the new structure is not supported by the cyclonedx-python-lib, neither for serialization (output) nor deserialization (input).

It can be in the way of loading a SBOM that is valid regarding the spec, but fails the deserialization.

https://github.com/CycloneDX/cyclonedx-python-lib/issues/561#issuecomment-1972673735

Apr 22 '24 07:04 tdruez

Workaround added in https://github.com/nexB/scancode.io/pull/1172

Apr 22 '24 09:04 tdruez

scancode.io scancode.io copied to clipboard

Parts of the latest CycloneDX specs (1.5, 1.6) are not supported by `cyclonedx-python-lib`

scancode.io
scancode.io copied to clipboard