-
Notifications
You must be signed in to change notification settings - Fork 298
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CycloneDxReporter: Update CycloneDX Version to v1.4 #7165
Comments
@mawl, are you aware that this is just the default schema version that can be overridden via the reporter-specific "schema.version" option? (I just realized that option is not documented for the class, I'll fix that.) |
@sschuberth: you mean https://github.com/oss-review-toolkit/ort/blob/c79919dfe7a4a1e963973679982582a627112d6b/plugins/reporters/cyclonedx/src/main/kotlin/CycloneDxReporter.kt#LL67C19-L67C41 - Sounds good to me. Maybe you can also document output.file.formats as I have learned yesterday that you also support json output :) |
--report-option CycloneDX=schema.version=1.4 works, thanks :) |
It's already documented as part of the class docs 😉 And version 1.4 is now also the default. |
CycloneDX Version 1.4 was released 12 January 2022: https://cyclonedx.org/about/history/
Can you please update the version in
ort/plugins/reporters/cyclonedx/src/main/kotlin/CycloneDxReporter.kt
Line 63 in c5bae30
BTW: v1.4 is the first version supporting vulnerabilities: https://cyclonedx.org/docs/1.4/json/
Thanks :)
The text was updated successfully, but these errors were encountered: