Open JackieOss opened 4 months ago
"screenshot" Validating XML BOM... Validation failed at line number 29 and position 63: The 'http://cyclonedx.org/schema/bom/1.4:id' element is invalid - The value 'Zlib License - Jean-loup Gailly and Mark Adler' is invalid according to its datatype 'http://cyclonedx.org/schema/spdx:licenseId' - The Enumeration constraint failed. BOM is not valid.
Hi @JackieOss the CycloneDX Component Type field of a component has to be populated for the type field to appear in the exported SBOM. As far as the licenses are considered, they are read as it is from the Main and Other Licenses which are present at the Release level. We can provide a validation at SW360 level in order to prevent the export of an invalid SBOM and also allow the user to configure the addition of Licenses. Thanks for your input!
Description
After exporting an SBOM in cycloneDX v1.4 format the validation failed. the first issue is that with the sequence the first entry misses type attribute, which is mandatory according to the xml scheme
E.g.