cyclonedx-core-java
cyclonedx-core-java copied to clipboard
CycloneDX
CycloneDX SBOM Model and Utils for Creating and Validating BOMs
Fix for #363 Adds a test case for the issue, then a commit for a proposed fix.
Affected version: 8.0.3 and possible earlier 8.x. Sample SBOM that fails to parse. ```xml com.acme sample-library 1.0.0 org.example sample-library-ancestor 1.0.0 org.example sample-library-descendant 1.0.1 org.example sample-library-variant 1.0.2 ``` Exception: ```plain org.cyclonedx.exception.ParseException:...
This PR ports the hierarchical merge utility from cyclonedx-dotnet-library to Java.
In the `parse` method, it does read the schema version from the source file which is working fine. But when users call the `isValid` or `validate` method without specify a...
I have successfully created SBOMs from several in-house projects (can't share the source, sorry) using versions 1.7.3 and 1.7.4 of the `org.cyclonedx.bom` plugin. However, in one project the `tools` section...
BSD-3-Clause and BSD-4-Clause both had the name "BSD License", s.t. an unique mapping was not possible. The BSD-4-Clause is the "original" BSD-Clause, while BSD-3 is the "2.0". Therefore, I changed...
Fix for #308 Just added an extra check for cases, when "ratings/rating" node contains ArrayNode after deserialization. Payload to reproduce problem is attached to the ticket.
Version: 7.3.2 OS: Win 11 Pro Build 22621 I've encountered a problem parsing an SBOM with a Vulnerability 1.0 Extension. The problem is that if component node has multiple ratings...
In ORT, we're using `extensibleTypes` to record the ["origin" of a license](https://github.com/oss-review-toolkit/ort/blob/edbb46cb1dab1529d5ffb81cba18d365b98ef23e/reporter/src/main/kotlin/reporters/CycloneDxReporter.kt#L97) or the ["type" of a dependency](https://github.com/oss-review-toolkit/ort/blob/edbb46cb1dab1529d5ffb81cba18d365b98ef23e/reporter/src/main/kotlin/reporters/CycloneDxReporter.kt#L240). While serializing such a BOM to XML works fine, serializing the same...
