jbom icon indicating copy to clipboard operation
jbom copied to clipboard
verified publisher icon eclipse

Update serialNumber format and supply metadata.component.version

Open yurxyl opened this issue 1 year ago • 1 comments

The strict schema validation was introduced in Dependency-Track API v4.11.0 (https://docs.dependencytrack.org/changelog):

BOM Validation. Historically, Dependency-Track did not validate uploaded BOMs and VEXs against the CycloneDX schema. While this allowed BOMs to be processed that did not strictly adhere to the schema, it could also lead to confusion when uploaded files were accepted, but then failed to be ingested during asynchronous processing. Starting with this release, uploaded files will be rejected if they fail schema validation.

This PR adds cosmetics changes to comply with the BOM schema.

yurxyl avatar May 22 '24 09:05 yurxyl

Thx Yuri - can you check the failure above? I think you need an Eclipse account. Let me know how you found jbom and what you're using it for. Thx!!

planetlevel avatar May 22 '24 22:05 planetlevel

Thx Yuri - can you check the failure above? I think you need an Eclipse account.

Thanks Jeff - fixed!

Let me know how you found jbom and what you're using it for. Thx!!

jbom is awesome - we have a plenty of programs built by various build systems. And it's very helpful to just add a common simple step to all of them, producing SBOMs (then collected by https://github.com/DependencyTrack/dependency-track.).

yurxyl avatar May 23 '24 09:05 yurxyl