Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Custom validation applies components requirements to tools #209

Open
mmarseu opened this issue Jun 17, 2024 · 2 comments
Open

Custom validation applies components requirements to tools #209

mmarseu opened this issue Jun 17, 2024 · 2 comments
Assignees
@CBeck-96
Labels
bug Something isn't working

Comments

@mmarseu
Copy link
Collaborator

mmarseu commented Jun 17, 2024

This is a side-effect of the change to the tools field in CDX 1.5.
When tools is an object, it can contain two arrays: components and services. The official schema applies the regular schemas for those two types to the arrays, which makes sense for them.

In our custom schema that means that all requirements meant for components automatically also apply to tools - for example, bom-ref, copyright, license, etc. This is arguably nonsense and should be changed.
@italvi italvi added the bug Something isn't working label Jun 25, 2024
@italvi
Copy link
Collaborator

italvi commented Jun 25, 2024

Would expect that something like that is covered by our tests 😅

@CBeck-96
Copy link
Collaborator

The tests only cover fields contained in our CB specification, tools is not among them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@CBeck-96 CBeck-96

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mmarseu @italvi @CBeck-96