-
Also see: https://cyclonedx.org/docs/1.5/json/#components_items_pedigree
-
### Problem
It seems like there's currently no support for outputting the json with the CycloneDX 1.6 format. Is support for this planned? I would be willing to add support if given the go ahead. Cur…
-
Own tools (@cyclonedx/webpack-plugin and @cyclonedx/cyclonedx-library) are listed under [medatada.tools](https://cyclonedx.org/docs/1.6/json/#tab-pane_metadata_tools_oneOf_i1) which is deprecated. The…
-
## Describe the feature
Own tools (`@cyclonedx/cyclonedx-npm` and `@cyclonedx/cyclonedx-library`) are listed under [`medatada.tools`](https://cyclonedx.org/docs/1.6/json/#tab-pane_metadata_tools_oneO…
-
Nuget documentation defines UNLICENSED as a valid license-expression: https://github.com/nuget/home/wiki/packaging-license-within-the-nupkg-(technical-spec)#nugets-license-expression-abnf
dotnet-Cycl…
-
In the cyclonedx_parser.py file, when it saves the package metadata, it saves the key of the dictionary as a tuple:
https://github.com/anthonyharrison/lib4sbom/blob/b7390b1a3c0124afb8856b4ea6a3fd33cd…
-
We observed an issue with one of our generations recently which resulted in an incomplete manifest. Generated manifest had 63 components, but we expected 378. The only thing we found in the logs was t…
-
### **Description**:
The help documentation for the `verify file` command in `cyclonedx-cli` appears to incorrectly specify the placement of options like `--key-file` and `--signature-file`.
#### **C…
-
In build:
```
org.cyclonedx
cyclonedx-maven-plugin
2.8.1
package
…
-
I have 2 SBOM files. One created with `cyclonedx-maven-plugin`
```json
{
"bomFormat" : "CycloneDX",
"specVersion" : "1.6",
"metadata" : {
"tools" : {
"components" : [
{
…