Should "response" field allow multiple entries?
Walter-Haydock opened this issue · 1 comments
Walter-Haydock commented
@stevespringett - thanks for putting this example together. When reviewing the vulnerability/analysis/response field, I saw that it contained "["will_not_fix", "update"]". Is this correct? According to the CycloneDX standard, this entry "Must be one of:" the options rather than an array. Let me know if I am reading that correctly.
stevespringett commented
Yes, that's correct @Walter-Haydock. Response is an array of enums.
https://cyclonedx.org/docs/1.4/json/#vulnerabilities_items_analysis_response
Each item in the array must be one of the pre-defined enums.