Closed tchinchow closed 3 months ago
This is not something that can be addressed here. Being a library that needs to be backward-compatible, cyclonedx-core-java
needs to offer both the deprecated, and the new way.
It's up to the individual tools to decide which fields they want to set.
Hello
I recently submitted an issue to the maven-plugin (https://github.com/CycloneDX/cyclonedx-maven-plugin/issues/487) however, looking at their code, I realize that this project may actually be the origin of my problem.
In short the file
https://github.com/CycloneDX/cyclonedx-core-java/blob/master/src/main/java/org/cyclonedx/model/Metadata.java
is designed to store a list ofTool
.This seems wrong to me because as I understand the CycloneDX schema, this is a deprecated syntax.
The modern version of the
metadata/tools
attribute has a list of components and a list of services.Is there a plan to switch to the modern version or do you consider that the deprecated attribute can still be used ?