-
-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add tests for multiple licenses. #187
Conversation
605335b
to
34fc389
Compare
Actually JSON is fine, I just made a mistake in the structure. Recognizing that it only affects XML leads to the culprit:
Doing the obvious thing will introduce a layer of |
@khuey @coderpatros #218 would show one way how you could address this issue (without changing the data model; depends maybe also on CycloneDX/specification#204). |
I will try to find a solution in the 1.6 update for this. I don't know yet if we still need the proposed PR as the specification was changed, so that the json schema now matches the xml. Proto is still in Not sure how to bring it all together and staying downwards compatible to be honest... |
IMO a way would be: Merge #218 and then in addition put a constraint that only one license expression can be used wherever it is needed (for instance on export to the newer formats). This is based on the following observations (if I remember it all correctly):
|
I was curious to see what the core-team says about this. All those misalignments and then the fixes for those cause much complexity... we will merge and change this for the next version. |
problem should be solved now |
Support for multiple licenses is broken (and it's broken differently for XML/JSON format SBOMs). It's not obvious to me how to fix it. The .NET serialization stuff isn't well documented. But this PR demonstrates the problem.