-
-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cyclonedx convert
causes cyclonedx validate
to fail
#383
Comments
@tmuehlbacher I tried to reproduce your issue, but for me the resulting BOM validated correctly. However, for me the produced time-stamp was in the format "2024-08-01T08:11:45Z", note the ":" as separators, not "." as in your case. If you use the latest version of the application (i.e. 0.25.1), does this change anything? (I doubt it, though.) That the time is converted to UTC is intended: What surprises me is that in your case the format is "yyyy-MM-ddTHH.mm.ssZ", given the explicit specification of "yyyy-MM-ddTHH:mm:ssZ" here: |
The locale does appear to be the problem, not sure why the format specified for `ToString` is not respected here. `env -i` or changing `LANG=en_DK.UTF-8` to en_US or de_DE makes the timestamp format correctly for me.
|
I am post-processing an SBOM using
jq
and hence have to then usecyclonedx convert
to get a "valid" SBOM again that has not just Unicode butalso "special" characters (e.g. &, <, >) escaped since certain tools
require this at least for CycloneDX v1.4 and v1.5.
The resulting file does not validate anymore.
I am using the
cyclonedx
build from nixpkgs.Steps to reproduce
Create a simple valid SBOM file
Check that it validates
Use
cyclonedx convert
to normalize the SBOMTry to validate again
Here is the structural diff that
cyclonedx convert
causes:The timestamp is for some reason getting mangled.
The text was updated successfully, but these errors were encountered: