search

CycloneDX / cyclonedx-maven-plugin

Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects
https://cyclonedx.org/
Apache License 2.0
297 stars 86 forks source link

[WARNING] Unknown keyword meta:[enum|deprecated] - you should define your own Meta Schema #564

Open garydgregory opened 1 month ago

garydgregory commented 1 month ago

Hi All,

What am I supposed to do with these warnings:

[INFO] --- cyclonedx:2.9.0:makeAggregateBom (build-sbom-cyclonedx) @ commons-cli ---
[INFO] CycloneDX: Resolving Dependencies
[INFO] CycloneDX: Creating BOM version 1.6 with 0 component(s)
[INFO] CycloneDX: Writing and validating BOM (XML): /Users/garydgregory/git/commons-cli/target/commons-cli-1.9.1-SNAPSHOT-bom.xml
[INFO]            attaching as commons-cli-1.9.1-SNAPSHOT-cyclonedx.xml
[INFO] CycloneDX: Writing and validating BOM (JSON): /Users/garydgregory/git/commons-cli/target/commons-cli-1.9.1-SNAPSHOT-bom.json
[WARNING] Unknown keyword meta:enum - you should define your own Meta Schema. If the keyword is irrelevant for validation, just use a NonValidationKeyword or if it should generate annotations AnnotationKeyword
[WARNING] Unknown keyword deprecated - you should define your own Meta Schema. If the keyword is irrelevant for validation, just use a NonValidationKeyword or if it should generate annotations AnnotationKeyword
[INFO]            attaching as commons-cli-1.9.1-SNAPSHOT-cyclonedx.json
?

Reproducer:

git clone https://gitbox.apache.org/repos/asf/commons-cli
cd commons-cli
mvn clean verify -Dcommons.cyclonedx.version=2.9.0 -DskipTests

TY

hboutemy commented 1 month ago

thanks for the report: it seems #305 is going worse, with root cause https://github.com/CycloneDX/cyclonedx-core-java/issues/280

notice it seems the precise keyword issue from #305 seems to have been fixed by cyclonedx-core-java, but new similar issues addeed

I confess I opened https://github.com/CycloneDX/cyclonedx-core-java/issues/280 but I did not try to help fixing: this is definitively the project requiring additional love...

patpatpat123 commented 3 weeks ago

Hello team, I am facing the same issue.

Could you please help on this?

Thank you

hboutemy commented 3 weeks ago

Could you please help on this?

yes: in addition to the link to the root cause I added previously, I added the "help wanted" label to clarify what's needed = someone to work on it, it's OSS