add signature object to citations for json-based sboms#814
Conversation
Up to standards ✅🟢 Issues
|
| Metric | Results |
|---|---|
| Complexity | 0 |
NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.
|
@sebtiem some changes have been made, could you fix the conflicts please |
Signed-off-by: Sebastian Tiemann <setie@mailbox.org>
| @JsonIgnoreProperties(ignoreUnknown = true) | ||
| @JsonInclude(Include.NON_NULL) | ||
| @JsonPropertyOrder({"bom-ref", "pointers", "expressions", "timestamp", "attributedTo", "process", "note"}) | ||
| @JsonPropertyOrder({"bomRef", "pointers", "expressions", "timestamp", "attributedTo", "process", "note", "signature"}) |
There was a problem hiding this comment.
@JsonPropertyOrder uses "bomRef" instead of "bom-ref", this changes the property order from "bom-ref" to "bomRef". The field is annotated with @JsonProperty("bom-ref"), so the serialized name is "bom-ref". Using the Java field name "bomRef" in the property order may not match Jackson's behavior consistently. However, looking at the test JSON, it uses "bom-ref" as the key, so this could cause ordering issues during serialization.
| "process": "task-license-scan", | ||
| "note": "Auto-detected by license scanner tool - with both, 'attributedTo' and 'process'" | ||
| }, | ||
| { |
There was a problem hiding this comment.
with this change do the tests still pass? I would expect some of the assertions to fail
2 participants
As specified, in a json-based BOM, a citation can contain a signature object.
See https://cyclonedx.org/docs/1.7/json/#citations_items_signature