Open mmarseu opened 5 months ago
The following piece of code doesn't take nested components into account:
https://github.com/Festo-se/cyclonedx-editor-validator/blob/8bdf8fd2195b68c18a9f76d74146a8f8d14550a3/cdxev/merge_vex.py#L32-L49
That means, if your vulnerabilities reference a nested component, the merge will fail.
The following piece of code doesn't take nested components into account:
https://github.com/Festo-se/cyclonedx-editor-validator/blob/8bdf8fd2195b68c18a9f76d74146a8f8d14550a3/cdxev/merge_vex.py#L32-L49
That means, if your vulnerabilities reference a nested component, the merge will fail.