Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings
Discussion options

ysvoon
Jan 24, 2024

Hello, thank you for creating this library, it is a super helpful and essential tool for us! :D

I do have a question though, when generating a sample CycloneDX file from the complex.py example, the components that doesn't have any more dependencies just return with the corresponding ref value, without the dependsOn key at all, unlike as shown here in the valid dependency sample JSON file.

I was wondering how can I ensure that the components with no further dependencies be generated such that it complies to the sample file shown above?

Any help is greatly appreciated!
You must be logged in to vote

Replies: 2 comments · 1 reply

Comment options

jkowalleck
Jan 24, 2024
Maintainer

First off, why would it be important that the optional dependsOn is rendered, in case it was an empty list?

per schema, these both are equal:

  {
  // ...
  "dependencies":  [
    {
      "ref": "foo"
    }
    // ...
  ]
  // ...
}
{
  // ...
  "dependencies":  [
    {
      "ref": "foo",
      "dependsOn": []
    }
    // ...
  ]
  // ...
}
You must be logged in to vote
1 reply
@ysvoon
Comment options

ysvoon Jan 25, 2024
Author

Hi Jan, thank you for your reply!
I do understand that these two examples are equivalent, but we saw this in the docs, along with the attached JSON example which has the empty list rendered for the dependsOn field, which seemed to imply that this method of writing is more accurate.

Screenshot 2024-01-25 141904

However, do correct me if I am wrong, but it seems to me that this empty list can only be added manually as you have mentioned in your second reply, yes?

This is also to say if we were to add the dependencies using the library's register_dependency method, we would not be able to render this empty list for dependsOn, would that be correct?

Thank you!
Comment options

jkowalleck
Jan 24, 2024
Maintainer

I was wondering how can I ensure that the components with no further dependencies be generated such that it complies to the sample file shown above?

the sample above was human generated. read https://github.com/CycloneDX/cyclonedx-python-lib/blob/8f81322ebdb6614569ab9301a76f7354fdd0051b/tests/_data/schemaTestData/README.md

the file resides in this repo to test whether the libraries own schema validator is working as expected.
You must be logged in to vote
0 replies
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
🙏
Q&A
Labels
None yet
2 participants
@ysvoon @jkowalleck
Morty Proxy This is a proxified and sanitized view of the page, visit original site.