Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to Validate CycloneDX Format Versions 1.5 and 1.6 with ModelCard and Data Elements #403

Open
cbsMartin opened this issue Sep 30, 2024 · 1 comment
Open

Unable to Validate CycloneDX Format Versions 1.5 and 1.6 with ModelCard and Data Elements #403

cbsMartin opened this issue Sep 30, 2024 · 1 comment

Comments

@cbsMartin
Copy link

The latest release of the CycloneDX CLI tool is unable to validate SBOMs conforming to CycloneDX format versions 1.5 and 1.6 that include the modelCard and data elements. These versions of the format introduce new features and structures, such as the modelCard and data elements, which are not being properly recognized or validated by the CLI tool.
The validation fails even though the SBOM adheres to the CycloneDX specification

Link to the CycloneDX 1.5 modelCard
Link to the CycloneDX 1.5 data
Link to the CycloneDX 1.6 modelCard
Link to the CycloneDX 1.6 data
@andreas-hilti
Copy link
Contributor

@cbsMartin Can you please provide a sample BOM that fails validation? (All that the cli does internally is to validate the json file against the corresponding json schema; thus, I'm a bit surprised if this is indeed the case.) What kind of validation messages do you get? (In particular, there are also tests that validate for instance valid-machine-learning-1.6.json.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@andreas-hilti @cbsMartin