Closed nscuro closed 3 years ago
Looks like the SBOMs are invalid. A license can be either a resolved SPDX license ID or an unresolved license name, but not both.
Refer to
Thanks for pointing that out @stevespringett. I created a fix and will update this PR once GitHub Actions is working again.
SBOMs have been regenerated with v0.6.1 of cyclonedx-gomod, which includes a fix for the issue. All SBOMs have been validated using the CDX CLI.
Thanks @nscuro. Validated all four. Looks good and thanks for the PR.
As of cyclonedx-gomod v0.6.0, generated SBOMs include license information. I also added SBOMs for another version of proton-bridge to address #5.