cyclonedx-core-java
cyclonedx-core-java copied to clipboard
CycloneDX
CycloneDX SBOM Model and Utils for Creating and Validating BOMs
I'm continuous stumbling over https://github.com/CycloneDX/cyclonedx-core-java/blob/79b808f5a77b6f6465d649761974841293887f99/src/main/java/org/cyclonedx/model/LicenseChoice.java#L31 To me, the name of the class sounds as if it would implement a choice mechanism that for example says "whenever you encounter the SPDX...
The code at https://github.com/CycloneDX/cyclonedx-core-java/blob/master/src/main/java/org/cyclonedx/util/ExternalReferenceSerializer.java#L56 produces XML output for external references (website, version control, issue tracker...) as a single line of concatenated XML. Everything else in the XML files is well-formed....
With this addition to license mappings in PR #195 https://github.com/CycloneDX/cyclonedx-core-java/blob/b664a13f3e7c41a7e086ec508d804c2bd4207140/src/main/resources/license-mapping.json#L67 The consequence is that the component [antlr4](https://github.com/antlr/antlr4) now maps to `BSD-4-Clause` when the intention of the antlr project is the...
```java public class Metadata extends ExtensibleElement { @JsonSerialize(using = CustomDateSerializer.class) @VersionFilter(versions = {"1.2", "1.3", "1.4"}) private Date timestamp = new Date(); ``` This is useful (perhaps) when creating a new...
Licenses deprecated in the SPDX standard had an 404 error in their license files instead of the actual license text.
For me it would be very helpful if this library had an additional export format in a Lightweight markup language besides json and xml. E.g. Markdown or AsciiDoc. This would...
I would like to see an improved release process... * [Releases](https://github.com/CycloneDX/cyclonedx-core-java/releases) populated with release notes. This will help repo watchers who configure customise events for "Releases" only. * [CHANGELOG.md](https://github.com/CycloneDX/cyclonedx-core-java/blob/master/CHANGELOG.md) updated...
the `Dependency` class currently contains a dependencies field which is typed as a `List`, which implies that dependencies can be nested. This is incorrect based on both the current specification...
Hello Team, What tool can I use to generate SBOM for Java applications built with Ant? There does not appear to be a specific plugin for Ant (only Maven and...
Similar to the `ExtensibleElement` abstract base class, it might make sense to introduce an `ExternalReference` interface, so functions that add external references to class instances could operate on that interface...