search

CycloneDX / cyclonedx-cli

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
https://cyclonedx.org/
Apache License 2.0
276 stars 59 forks source link

Support for CycloneDX schema version 1.6 #375

Open V3ct0r-v opened 1 week ago

V3ct0r-v commented 1 week ago

CycloneDX version 1.6 has been released: https://cyclonedx.org/news/cyclonedx-v1.6-released/

currently the tool support schema 1.4 only:

Validating JSON BOM... Incorrect schema version: expected 1.4 actual 1.6 BOM is not valid.

Is there a timeline for schema version 1.6 support?

mtsfoni commented 1 week ago

1.5 is supported.

1.6 might still take some weeks.

V3ct0r-v commented 1 week ago

Thank you for the info!

Although, I tested with a 1.5 formatted SBOM but got the same error message:

Validating JSON BOM...
Incorrect schema version: expected 1.4 actual 1.5
BOM is not valid.

version of the exe I am using: 

.\cyclonedx-win-x64.exe --version | out-default
0.25.1+03b8019b24e847b6fdc91822eae2e9a220d525fa
mtsfoni commented 1 week ago

Is it possible to provide the sbom? I would step through the code and check what's going wrong then.

ferben commented 1 week ago

cyclonedx merge command does not support 1.6 format see #376