Closed n1ckl0sk0rtge closed 1 month ago
report looks about right. or did I miss something?
@n1ckl0sk0rtge My understanding is that the defect is with the XML and Protobuf schemas. Is that correct? And if so, then the JSON schema is accurate, correct?
possible fix: #502 please review
Describe the defect
There is an inconsistency in the CycloneDX 1.6 spec implementation. The spec talks about
cryptoRefArray
being part ofprotocolProperties
. https://github.com/CycloneDX/specification/blob/62a669075f1897193a14060e0784e6a7576b693d/schema/bom-1.6.schema.json#L5572-L5576The 1.6.xsd schema definition does not specify them. https://github.com/CycloneDX/specification/blob/62a669075f1897193a14060e0784e6a7576b693d/schema/bom-1.6.xsd#L7301-L7303
also missing in ProtoBuf. https://github.com/CycloneDX/specification/blob/62a669075f1897193a14060e0784e6a7576b693d/schema/bom-1.6.proto#L2193