cyclonedx-core-java icon indicating copy to clipboard operation
cyclonedx-core-java copied to clipboard
verified publisher icon CycloneDX

It seems like version output in v1.5 still uses deprecated features of the CycloneDX schema

Open tchinchow opened this issue 1 year ago • 0 comments

Hello

I recently submitted an issue to the maven-plugin (https://github.com/CycloneDX/cyclonedx-maven-plugin/issues/487) however, looking at their code, I realize that this project may actually be the origin of my problem.

In short the file https://github.com/CycloneDX/cyclonedx-core-java/blob/master/src/main/java/org/cyclonedx/model/Metadata.java is designed to store a list of Tool.

This seems wrong to me because as I understand the CycloneDX schema, this is a deprecated syntax.

The modern version of the metadata/tools attribute has a list of components and a list of services.

Is there a plan to switch to the modern version or do you consider that the deprecated attribute can still be used ?

tchinchow avatar Apr 17 '24 15:04 tchinchow