You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If the Bom.metadata.tools are found empty, this library adds an entry to it, to represent itself.
This might look like a cute idea at first, but it alters the original data on deserialization:
when deserialization of a CycloneDX BOM that did not hold any data about tools, the library will add itself to the tools. This is unexpected behavior.
A suitable solution would be to add this library not to the SBOM at all.
Instead, the library should provide functionality in the form of a builder, to generate itself's representation as a tool/component, so that downstream users may use it.
The text was updated successfully, but these errors were encountered:
If the
Bom.metadata.tools
are found empty, this library adds an entry to it, to represent itself.This might look like a cute idea at first, but it alters the original data on deserialization:
when deserialization of a CycloneDX BOM that did not hold any data about tools, the library will add itself to the tools. This is unexpected behavior.
A suitable solution would be to add this library not to the SBOM at all.
Instead, the library should provide functionality in the form of a builder, to generate itself's representation as a tool/component, so that downstream users may use it.
The text was updated successfully, but these errors were encountered: