New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Components not properly in dep tree nor BOM #540
Comments
will add test cases to older versions, for regression and showcasing-purposes, I am planning to have all affected major versions fixed. ++++ the issue does not rely on same name of components, but the fact that both component have an equal (not identical) bom_ref - with a |
bom_ref.name
break dependency tree
I'm not understanding this. All the components in the example script have unique |
bom_ref.name
break dependency treebom_ref.value
break dependency tree
bom_ref.value
break dependency tree
did some research and found, that Per CycloneDX Specification, the minimal set of equality-properties of Components are: type, name` As all is ass expected, I'll close this issue. |
Ah, that is interesting. I would expect a "guaranteed unique" property would be used for testing "unique-ness." But I understand. I guess I'm drawing too much on my database experience. :) Thanks for digging in to this and doing the research! |
I encountered a similar issue with a different component tree.
In my opinion, the component equality validation should be performed within the context of a parent component, rather than within the context of a root component. Am I misunderstanding something? |
@madpah FYI |
this issue should have been closed via #587 or so |
From my perspective, it seems that this issue does not specifically address the same problem. To reproduce the second case mentioned here, you can use the provided example BOM file UnkCompDepEx.json. Here is a code example that reads the BOM file and writes it to a string:
When running this code, I get the 'UnknownComponentDependencyException' error message:
Feel free to reach out if you need further assistance |
This is version 6.4.0
Components with unique bom_refs, but the same name, will generate an error when trying to render a dependency tree. Given this script:
I get this error when I run it:
The text was updated successfully, but these errors were encountered: