Open Taha-cmd opened 3 months ago
Might be fixed once https://github.com/CycloneDX/cyclonedx-dotnet-library/pull/218 is merged and picked up by the cli.
@andreas-hilti Thanks for the reference! The PR is open for more than a year without a reaction from the maintainers :(
I have an SBOM for a C# application generated by the
dotnet cyclonedx tool
. One the components has the following schema:When converting to SBOM to xml, the json component will be converted to:
The xml component is invalid, because it contains a duplicated
licenses
node, instead of onelicenses
node with multiplelicense
nodes inside it. Thevalidate
command points this out correctly:Validation failed at line number 362 and position 8: The element 'component' in namespace 'http://cyclonedx.org/schema/bom/1.5' has invalid child element 'licenses' in namespace 'http://cyclonedx.org/schema/bom/1.5'. List of possible elements expected: 'copyright, cpe, purl, swid, modified, pedigree, externalReferences, properties, components, evidence, releaseNotes, modelCard, data' in namespace 'http://cyclonedx.org/schema/bom/1.5' as well as any element in namespace '##other'.