Conversion of SBOM in XML or JSON format with two licenes creates a wrong JSON or XML SBOM #127
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
I copied the example of https://cyclonedx.org/use-cases/#openchain-conformance in an XML and a JSON file (see "CycloneDX - OpenChain conformance.xml" and "CycloneDX - OpenChain conformance.json" in the ZIP file). I'm validated both and there are valid SBOM files.
If I convert the XML file with this tool to JSON then the file is valid but the second license ("LGPL-2.1-only") in evidence is missing (see "CycloneDX - OpenChain conformance - Converted.json" in the ZIP file).
If I convert the JSON file with this tool to XML then the file is an invalid SBOM file (see "CycloneDX - OpenChain conformance - Converted.xm"l in the ZIP file). I got the message "Validation failed at line number 24 and position 10: The element 'evidence' in namespace 'http://cyclonedx.org/schema/bom/1.5' has invalid child element 'licenses' in namespace 'http://cyclonedx.org/schema/bom/1.5'. List of possible elements expected: 'copyright' in namespace 'http://cyclonedx.org/schema/bom/1.5' as well as any element in namespace '##other'. "
CycloneDX - OpenChain conformance.zip
The text was updated successfully, but these errors were encountered: