Open simonfrancaix opened 1 week ago
@simonfrancaix When I ran it, I had two instances of empty licenses
{
"license": {}
},
which violate the specification as id or name is required. If I remove these two, it validates successfully. However, what I don't understand why the validation produces so many misleading/wrong error messages.
It seems to report also the oneof cases against which it could not validate, even though another case succeeded, e.g.
the case 1
for tools (legacy tools), it can't validate
http://cyclonedx.org/schema/bom-1.6.schema.json#/properties/tools/oneOf/1
against it, but it can perfectly fine validate against the case 0 (the new tools).
Similarly, it can't in most cases validate against the LicenseChoice case 1 (license expression), but it can in most cases validate against the case 0 (licenses list).
Hello,
I think there are various errors when validating a CycloneDX format in version 1.6.
Requirements:
Steps for reproduction:
Analysis
tools array is deprecated. Tools is object now - https://cyclonedx.org/docs/1.6/json/#tab-pane_metadata_tools_oneOf_i0
License can be id or name - https://cyclonedx.org/docs/1.6/json/#tab-pane_components_items_licenses_oneOf_i0_items_license_oneOf_i1
Licenses is array - why should it be one item? https://cyclonedx.org/docs/1.6/json/#components_items_licenses
Thank you for your attention to this ticket.