Doesn't work with CycloneDX 1.5

Question

Doesn't work with CycloneDX 1.5

Closed this issue 9 months ago · 2 comments

Attempt to score a CyclonDX SBOM (version 1.5) results in the following error message

failed to parse /tmp/javascript.json : json: cannot unmarshal object into Go struct field Metadata.metadata.tools of type []cyclonedx.Tool

Problem is probably in the CycloneDX Go library

Answer 1 · 2023-12-05T19:15:24.000Z

@anthonyharrison we currently dont support cyclonedx 1.5. Although we have plans to support once adoption increases. If you have a cyclondx1.5 sbom and willing to share it, we can use it for testing.

Answer 2 · 2024-01-06T16:28:55.000Z

v0.0.29 fixes this.