Skip to content

golang structure is not consistent with the JSON schema. "Provides" is missing from "Dependencies". #223

New issue
New issue
Open
Open
golang structure is not consistent with the JSON schema. "Provides" is missing from "Dependencies".#223
@chuyval

Description

@chuyval
chuyval
opened on Mar 12, 2025

Similar to this issue: #196

cyclonedx-go/cyclonedx.go

Line 120 in 3b85e74

Dependencies *[]Dependency `json:"dependencies,omitempty" xml:"dependencies>dependency,omitempty"`

cyclonedx-go/cyclonedx.go

Lines 598 to 601 in 3b85e74

type Dependency struct {
Ref string `json:"ref"`
Dependencies *[]string `json:"dependsOn,omitempty"`
}

Dependency has fields ref and dependsOn, and the schema defines Dependency with fields ref, dependsOn, and provides

cyclonedx-go/schema/bom-1.6.schema.json

Lines 1828 to 1861 in 98a070d

"dependency": {
"type": "object",
"title": "Dependency",
"description": "Defines the direct dependencies of a component, service, or the components provided/implemented by a given component. Components or services that do not have their own dependencies MUST be declared as empty elements within the graph. Components or services that are not represented in the dependency graph MAY have unknown dependencies. It is RECOMMENDED that implementations assume this to be opaque and not an indicator of an object being dependency-free. It is RECOMMENDED to leverage compositions to indicate unknown dependency graphs.",
"required": [
"ref"
],
"additionalProperties": false,
"properties": {
"ref": {
"$ref": "#/definitions/refLinkType",
"title": "Reference",
"description": "References a component or service by its bom-ref attribute"
},
"dependsOn": {
"type": "array",
"uniqueItems": true,
"items": {
"$ref": "#/definitions/refLinkType"
},
"title": "Depends On",
"description": "The bom-ref identifiers of the components or services that are dependencies of this dependency object."
},
"provides": {
"type": "array",
"uniqueItems": true,
"items": {
"$ref": "#/definitions/refLinkType"
},
"title": "Provides",
"description": "The bom-ref identifiers of the components or services that define a given specification or standard, which are provided or implemented by this dependency object.\nFor example, a cryptographic library which implements a cryptographic algorithm. A component which implements another component does not imply that the implementation is in use."
}
}
},

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions