Skip to content

[BUG] component.licenses not valid against schema in version 1.0 #151

@madpah

Description

@madpah

Example code to produce BOM:

bom = Bom(
        components=[Component(
            name='setuptools', version='50.3.2', bom_ref='pkg:pypi/[email protected]?extension=tar.gz',
            purl=PackageURL(
                type='pypi', name='setuptools', version='50.3.2', qualifiers='extension=tar.gz'
            ), license_str='MIT License', author='Test Author'
        )]
    )

This attempts to produce XML for the Component as follows:

<component type="library" bom-ref="pkg:pypi/[email protected]?extension=tar.gz">
            <name>setuptools</name>
            <version>50.3.2</version>
            <licenses>
                <expression>MIT License</expression>
            </licenses>
            <cpe>cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*</cpe>
            <purl>pkg:pypi/[email protected]?extension=tar.gz</purl>
        </component>

.licenses.expression is not permissible in schema version 1.0.

Metadata

Metadata

Assignees

Labels

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions