Open prabhu opened 5 months ago
Currently specVersion is a string. This is creating confusion when consuming tools treat this value as both string and integer.
Example:
https://github.com/CycloneDX/cyclonedx-maven-plugin/blob/925b04fdd74e4e412e1cc06d7fad9e7a102e329c/src/main/java/org/cyclonedx/maven/DefaultModelConverter.java#L236
https://github.com/CycloneDX/cyclonedx-maven-plugin/blob/925b04fdd74e4e412e1cc06d7fad9e7a102e329c/src/it/makeBom/verify.groovy#L11
https://github.com/DependencyTrack/dependency-track/blob/b40ea44864d006079d38a8d159c2d9d1c5fb04f7/src/main/java/org/dependencytrack/model/Vex.java#L131
I suppose the JSON examples are mere examples, and the intention should also be reflected in XML and ProtoBuf?
see also the discussion here: https://github.com/CycloneDX/specification/discussions/476
Currently specVersion is a string. This is creating confusion when consuming tools treat this value as both string and integer.
Example:
https://github.com/CycloneDX/cyclonedx-maven-plugin/blob/925b04fdd74e4e412e1cc06d7fad9e7a102e329c/src/main/java/org/cyclonedx/maven/DefaultModelConverter.java#L236
https://github.com/CycloneDX/cyclonedx-maven-plugin/blob/925b04fdd74e4e412e1cc06d7fad9e7a102e329c/src/it/makeBom/verify.groovy#L11
https://github.com/DependencyTrack/dependency-track/blob/b40ea44864d006079d38a8d159c2d9d1c5fb04f7/src/main/java/org/dependencytrack/model/Vex.java#L131