Failed to execute goal org.cyclonedx:cyclonedx-maven-plugin:2.9.0:makeAggregateBom (default-cli) on project markedeve-service-udp: The BOM does not conform to the CycloneDX BOM standard as defined by the XSD

[wzd-hash]

When I run the "mvn org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom" command in 2.9.0, I will report the following exception, and switch to the lower version (2.7.11) is OK. What is the reason：

[WARNING] Could not transfer metadata com.tydic.osworkflow:tydic-osworkflow:4.0.2-CLOUD-SNAPSHOT/maven-metadata.xml from/to terracotta-snapshots (http://www.terracotta.org/download/reflector/snapshots): status code: 403, reason phrase: Forbidden (403) [WARNING] Could not transfer metadata com.tydic.osworkflow:tydic-osworkflow:4.0.2-CLOUD-SNAPSHOT/maven-metadata.xml from/to eclipselink.repository (http://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/rt/eclipselink/maven.repo): Connect to www.eclipse.org:80 [www.eclipse.org/198.41.30.198] failed: connect timed out [INFO] Excluding markedeve-service-udp-start [WARNING] BOM dependency listed but is not depended upon: pkg:maven/org.objenesis/objenesis@2.6?type=jar [WARNING] BOM dependency listed but is not depended upon: pkg:maven/com.google.protobuf/protobuf-java@3.11.4?type=jar [INFO] CycloneDX: Creating BOM version 1.6 with 266 component(s) [INFO] CycloneDX: Writing and validating BOM (XML): /cyrms/nut/jar/osssm-osca/osssm_code/xielei/markedeve-service/target/bom.xml [INFO] ------------------------------------------------------------------------ [INFO] Reactor Summary for markedeve-service-udp 1.0.0: [INFO] [INFO] markedeve-service-udp .............................. FAILURE [08:21 min] [INFO] markedeve-service-udp-api .......................... SKIPPED [INFO] markedeve-service-udp-domain ....................... SKIPPED [INFO] markedeve-service-udp-infrastructure ............... SKIPPED [INFO] markedeve-service-udp-start ........................ SKIPPED [INFO] ------------------------------------------------------------------------ [INFO] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Total time: 08:29 min [INFO] Finished at: 2024-11-15T10:11:38+08:00 [INFO] ------------------------------------------------------------------------ [ERROR] Failed to execute goal org.cyclonedx:cyclonedx-maven-plugin:2.9.0:makeAggregateBom (default-cli) on project markedeve-service-udp: The BOM does not conform to the CycloneDX BOM standard as defined by the XSD -> [Help 1] [ERROR] [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. [ERROR] Re-run Maven using the -X switch to enable full debug logging. [ERROR] [ERROR] For more information about the errors and possible solutions, please read the following articles: [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException

[ppkarwasz]

@wzd-hash,

Can you validate the SBOM file (in target/bom.xml by default) using an XML schema validator and the XML Schema from https://cyclonedx.org/schema/bom-1.6.xsd? If the SBOM does not validate, can you post an example of invalid elements?