Hello, I have a question regarding an exception I get when parsing a 1.3 CycloneDX SBOM.
According to the specification, the <tools> tag in the <metadata> section is an array, which does not specify a constraint to it's size: https://cyclonedx.org/docs/1.3/json/#metadata_tools
However, when I try to parse an SBOM like this using your library:
<?xml version="1.0" encoding="utf-8"?>
<bom xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" serialNumber="urn:uuid:da658586-9285-4d22-9340-b791f4637b69" version="1" xmlns="http://cyclonedx.org/schema/bom/1.3">
<metadata>
<tools /> <!-- or <tools></tools> -->
</metadata>
</bom>I get this exception:
com.fasterxml.jackson.databind.JsonMappingException: Cannot coerce empty String ("") to `org.cyclonedx.model.Tool` value (but could if coercion was enabled using `CoercionConfig`)
at [Source: UNKNOWN; byte offset: #UNKNOWN] (through reference chain: org.cyclonedx.model.Bom["metadata"])
The SBOM is generated using a tool, but it does not fill out this property.
I was wondering whether this behavior is intended or whether this is a difference to the specification that I did not understand.
Thank you for your time.
Hello, I have a question regarding an exception I get when parsing a 1.3 CycloneDX SBOM.
According to the specification, the
<tools>tag in the<metadata>section is anarray, which does not specify a constraint to it's size: https://cyclonedx.org/docs/1.3/json/#metadata_toolsHowever, when I try to parse an SBOM like this using your library:
I get this exception:
The SBOM is generated using a tool, but it does not fill out this property.
I was wondering whether this behavior is intended or whether this is a difference to the specification that I did not understand.
Thank you for your time.