Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

component.evidence is repeated in proto and object in jsonschema #422

Open
prabhu opened this issue Apr 9, 2024 · 5 comments · May be fixed by #425
Open

component.evidence is repeated in proto and object in jsonschema #422

prabhu opened this issue Apr 9, 2024 · 5 comments · May be fixed by #425
Labels
defect format: ProtoBuf schema 1.6 validated

Comments

@prabhu
Copy link
Contributor

prabhu commented Apr 9, 2024

Looks like this got missed somehow

I think it must be optional in the proto as well.

https://github.com/CycloneDX/specification/blob/master/schema/bom-1.6.proto#L136

https://github.com/CycloneDX/specification/blob/master/schema/bom-1.6.schema.json#L2079

Originally reported here
@jkowalleck
Copy link
Member

confirmed.

in ProtoBuf is it a repeated (optional) element:

specification/schema/bom-1.6.proto

Lines 135 to 136 in 55343ba

// Specifies optional license and copyright evidence
repeated Evidence evidence = 23;

in JSON it is a single optional element:

specification/schema/bom-1.6.schema.json

Lines 1061 to 1065 in 55343ba

"evidence": {
"$ref": "#/definitions/componentEvidence",
"title": "Evidence",
"description": "Provides the ability to document evidence collected through various forms of extraction or analysis."
},

in XML ti is a single optional element:

specification/schema/bom-1.6.xsd

Lines 680 to 684 in 55343ba

<xs:element name="evidence" type="bom:componentEvidenceType" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>Provides the ability to document evidence collected through various forms of extraction or analysis.</xs:documentation>
</xs:annotation>
</xs:element>

i agree, there is a difference.

@jkowalleck
Copy link
Member

#272 (comment)

Actually, the defect is in the JSON and XML schemas. In this case, the protobuf is correct. Identity should be an array.

@jkowalleck
Copy link
Member

@stevespringett so we make the JSON/XML being a list?

@prabhu
Copy link
Contributor Author

prabhu commented Apr 9, 2024

@jkowalleck I thought only evidence.identity becomes an array, while evidence continued to be an object.

@prabhu prabhu mentioned this issue Apr 9, 2024
Merged
@jkowalleck jkowalleck linked a pull request Apr 10, 2024 that will close this issue
Open
@jkowalleck
Copy link
Member

@jkowalleck I thought only evidence.identity becomes an array, while evidence continued to be an object.

i see.
proposed a PR to fix it: #425

@jkowalleck jkowalleck changed the title [1.6] component.evidence is repeated in proto and object in jsonschema component.evidence is repeated in proto and object in jsonschema Apr 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
defect format: ProtoBuf schema 1.6 validated
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: ProtoBuf evidence not repeated, but optional jkowalleck/fork_CycloneDX-specification
2 participants
@prabhu @jkowalleck