Closed tgagneret-embedded closed 5 months ago
CycloneDX parser extracts CPE field as cpe23Type by default, but if CPE follows version 2.2 specification, it should be set to cpe22Type.
cpe23Type
cpe22Type
https://github.com/anthonyharrison/lib4sbom/blob/5a8866db90ab2c8654061ce957f05ddfa69fbb07/lib4sbom/cyclonedx/cyclonedx_parser.py#L263-L266
I your implementation is based on SPDX specification, so you can find the cpe22Type definition here
CycloneDX parser extracts CPE field as
cpe23Typeby default, but if CPE follows version 2.2 specification, it should be set tocpe22Type.https://github.com/anthonyharrison/lib4sbom/blob/5a8866db90ab2c8654061ce957f05ddfa69fbb07/lib4sbom/cyclonedx/cyclonedx_parser.py#L263-L266
I your implementation is based on SPDX specification, so you can find the
cpe22Typedefinition here