Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

do not add self to metadata.tools #673

Open
jkowalleck opened this issue Sep 16, 2024 · 2 comments · Fixed by #674 · May be fixed by #665
Open

do not add self to metadata.tools #673

jkowalleck opened this issue Sep 16, 2024 · 2 comments · Fixed by #674 · May be fixed by #665
Assignees
@jkowalleck
Labels
breaking change enhancement New feature or request
Milestone
8.0.0

Comments

@jkowalleck
Copy link
Member

If the Bom.metadata.tools are found empty, this library adds an entry to it, to represent itself.

This might look like a cute idea at first, but it alters the original data on deserialization:
when deserialization of a CycloneDX BOM that did not hold any data about tools, the library will add itself to the tools. This is unexpected behavior.

A suitable solution would be to add this library not to the SBOM at all.
Instead, the library should provide functionality in the form of a builder, to generate itself's representation as a tool/component, so that downstream users may use it.
@jkowalleck jkowalleck added the enhancement New feature or request label Sep 16, 2024
@jkowalleck
Copy link
Member Author

this is considered a breaking change, as existing behaviour is modified

jkowalleck added a commit that referenced this issue Sep 16, 2024
@jkowalleck
fix issue #673
2ac46ae 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck jkowalleck mentioned this issue Sep 16, 2024
Merged
jkowalleck added a commit that referenced this issue Sep 16, 2024
@jkowalleck
fix issue #673
112dfcf 
Signed-off-by: Jan Kowalleck <[email protected]>
jkowalleck added a commit that referenced this issue Sep 16, 2024
@jkowalleck
feat: don't add self to metafata.tools (#674)
e0a153f 
fixes #673

Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck jkowalleck linked a pull request Sep 16, 2024 that will close this issue
Open
@jkowalleck jkowalleck self-assigned this Sep 16, 2024
@jkowalleck jkowalleck added this to the 8.0.0 milestone Sep 16, 2024
@jkowalleck
Copy link
Member Author

implementation finished

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jkowalleck jkowalleck

Labels
breaking change enhancement New feature or request
Projects
None yet
Milestone
8.0.0
1 participant
@jkowalleck