Support for CycloneDX schema version 1.6

[V3ct0r-v]

CycloneDX version 1.6 has been released: https://cyclonedx.org/news/cyclonedx-v1.6-released/

currently the tool support schema 1.4 only:

Validating JSON BOM... Incorrect schema version: expected 1.4 actual 1.6 BOM is not valid.

Is there a timeline for schema version 1.6 support?

[mtsfoni]

1.5 is supported.

1.6 might still take some weeks.

[V3ct0r-v]

Thank you for the info!

Although, I tested with a 1.5 formatted SBOM but got the same error message:

Validating JSON BOM...
Incorrect schema version: expected 1.4 actual 1.5
BOM is not valid.

version of the exe I am using:

.\cyclonedx-win-x64.exe --version | out-default
0.25.1+03b8019b24e847b6fdc91822eae2e9a220d525fa

[mtsfoni]

Is it possible to provide the sbom? I would step through the code and check what's going wrong then.

[ferben]

cyclonedx merge command does not support 1.6 format see #376

[GalaxyGorilla]

Is there any update on a future release with the schema support? We really want to use attestations in a project :).

Maybe @mtsfoni knows?

[mtsfoni]

We are close, mostly some clean up work is left.

This or next weekend.

[mtsfoni]

@GalaxyGorilla It's released