Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE] When a BOM is generated with zero Components, components is still present in the generated BOM #147

Closed
madpah opened this issue Jan 26, 2022 · 4 comments · Fixed by #172
Closed

[FEATURE] When a BOM is generated with zero Components, components is still present in the generated BOM #147

madpah opened this issue Jan 26, 2022 · 4 comments · Fixed by #172
Assignees
@madpah
Labels
enhancement New feature or request rainy day
Milestone
2.0.0

Comments

@madpah
Copy link
Collaborator

madpah commented Jan 26, 2022

Very minor issue noted here.

If a BOM is has ZERO Components, components is still included in the generated BOM as an empty array.

Not invalid, but not tidy.
@madpah madpah added bug Something isn't working enhancement New feature or request labels Jan 26, 2022
@madpah madpah mentioned this issue Jan 26, 2022
Merged
@jkowalleck
Copy link
Member

not a bug, but a feature... and a requirement.

an a requirement for CycloneDX spec 1.0 requires the presence of bom.components
see https://github.com/CycloneDX/specification/blob/ccbf7b5781ef534cd62616e3c4221004c7c82a66/schema/bom-1.0.xsd#L215

an a requirement for CycloneDX spec 1.1 requires the presence of bom.components
https://github.com/CycloneDX/specification/blob/ccbf7b5781ef534cd62616e3c4221004c7c82a66/schema/bom-1.1.xsd#L687

since spec 1.2 bom.components is optional
see https://github.com/CycloneDX/specification/blob/ccbf7b5781ef534cd62616e3c4221004c7c82a66/schema/bom-1.2.xsd#L1360

@madpah
Copy link
Collaborator Author

madpah commented Jan 26, 2022

Good call @jkowalleck - easiest to leave in then would you say?

@madpah madpah removed the bug Something isn't working label Jan 26, 2022
@madpah madpah changed the title [BUG] When a BOM is generated with zero Components, components is still present in the generated BOM [FEATURE] When a BOM is generated with zero Components, components is still present in the generated BOM Jan 26, 2022
@jkowalleck
Copy link
Member

jkowalleck commented Jan 26, 2022
edited
Loading

if this feature was implemented,
i would expect to have unit/integration tests that generate a BOM with empty components list and actually normalize the data to XML
and then validate the resulting XML with the known schema.
SO there should be one test for XML spec 1.0, one for ... , and one for 1.4
SO there should be one test for JSON spec 1.2, one for ... , and one for 1.4

@madpah dont know. This fix/feature does not actually change the resulting data. it is just a different representation.
its a task for rainy weekends, i guess. and a fun one, too.

what is the current situation?
is the generated XML lacking the required element, if components were empty?
or does the resulting XML have the component, but you want to get rid of it in spec >= 1.2 ?

@madpah madpah mentioned this issue Feb 16, 2022
Merged
madpah added a commit that referenced this issue Feb 16, 2022
@madpah
feat: completed work on #155
02d2ba8 
fix: resolved #169 (part of #155)
feat: as part of solving #155, #147 has been implemented

Signed-off-by: Paul Horton <[email protected]>
@madpah madpah mentioned this issue Feb 16, 2022
Merged
@madpah madpah linked a pull request Feb 16, 2022 that will close this issue
feat: completed work on #155 #172
Merged
madpah added a commit that referenced this issue Feb 16, 2022
@madpah
feat: completed work on #155 (#172)
a926b34 
fix: resolved #169 (part of #155)
feat: as part of solving #155, #147 has been implemented

Signed-off-by: Paul Horton <[email protected]>
@madpah
Copy link
Collaborator Author

madpah commented Feb 21, 2022

https://pypi.org/project/cyclonedx-python-lib/2.0.0/ released

@madpah madpah closed this as completed Feb 21, 2022
@madpah madpah added this to the 2.0.0 milestone Feb 21, 2022
@madpah madpah self-assigned this Feb 21, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@madpah madpah

Labels
enhancement New feature or request rainy day
Projects
None yet
Milestone
2.0.0
Development

Successfully merging a pull request may close this issue.

feat: completed work on #155 CycloneDX/cyclonedx-python-lib
2 participants
@jkowalleck @madpah