Add schema and id reference to CBOM

IBM / sonar-cryptography

This repository contains a SonarQube Plugin that detects cryptographic assets in source code and generates CBOM.

Apache License 2.0

27 stars 4 forks source link

Add schema and id reference to CBOM #41

Closed n1ckl0sk0rtge closed 4 months ago

n1ckl0sk0rtge commented 4 months ago

"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "https://raw.githubusercontent.com/CycloneDX/specification/1.6/schema/bom-1.6.schema.json",

n1ckl0sk0rtge commented 4 months ago

There is no way to specify those values using the cycloneDX BOM libraries. Moreover, it seems that those values are not set in many SBOMs.