Closed bastiendonjon closed 1 year ago
@bastiendonjon Thanks for finding this. Do you have the SBOM file which generated the error?
However looking at the code it would appear that the component doesn't have a version specified. Whilst this parameter is optional according to the CycloneDX specification, a component without an identified version isn't that useful as part of a SBOM
UPDATE I can reproduce the error but it only occurs if the first package doesn't have a version specified.
I have this trace if i parse Cyclondx Json file