You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
cyclonedx-go still defines Identity as *EvidenceIdentity so it fails to unmarshal SBOMs which have an array of identities in place of a single one; the error is: cannot unmarshal array into Go struct field Evidence.components.evidence.identity of type cyclonedx.EvidenceIdentity.
This currently happens with some SBOMs generated by cdxgen (https://github.com/CycloneDX/cdxgen) when using the --spec-version 1.6 argument. This is an SBOM affected by the issue. It was generated from a skeleton Poetry project, with just pytest added, using this command:
In CycloneDX 1.5, the
Component.Evidence.Identity
field was specified as a singleIdentity
object. In CycloneDX 1.6 this has been deprecated in favor of an array ofIdentity
objects.The specifications can be compared here:
1.5: https://cyclonedx.org/docs/1.5/json/#components_items_evidence_identity
1.6: https://cyclonedx.org/docs/1.6/json/#components_items_evidence_identity
cyclonedx-go still defines
Identity
as*EvidenceIdentity
so it fails to unmarshal SBOMs which have an array of identities in place of a single one; the error is:cannot unmarshal array into Go struct field Evidence.components.evidence.identity of type cyclonedx.EvidenceIdentity
.This currently happens with some SBOMs generated by cdxgen (https://github.com/CycloneDX/cdxgen) when using the
--spec-version 1.6
argument. This is an SBOM affected by the issue. It was generated from a skeleton Poetry project, with just pytest added, using this command:The text was updated successfully, but these errors were encountered: