Conversation
Introduce OrganizationalContactsDeserializer and wire it into Component#getAuthors to correctly parse author/author-list payloads within tool components. Refactor ToolDeserializer, ToolInformationDeserializer and ToolsDeserializer to use the JsonParser's ObjectMapper when available (via getMapper), ensuring consistent conversion behavior. Add regression tests and JSON/XML fixtures for issue815 to validate tool/component authors and external references parsing.
Up to standards ✅🟢 Issues
|
| Metric | Results |
|---|---|
| Complexity | 6 |
🟢 Coverage 86.67% diff coverage · +0.02% coverage variation
Metric Results Coverage variation ✅ +0.02% coverage variation Diff coverage ✅ 86.67% diff coverage Coverage variation details
Coverable lines Covered lines Coverage Common ancestor commit (9a772a2) 7682 5737 74.68% Head commit (fcc78f6) 7704 (+22) 5755 (+18) 74.70% (+0.02%) Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch:
<coverage of head commit> - <coverage of common ancestor commit>Diff coverage details
Coverable lines Covered lines Diff coverage Pull request (#816) 30 26 86.67% Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified:
<covered lines added or modified>/<coverable lines added or modified> * 100%
NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.
|
We ran into this same parsing failure today when processing a CycloneDX 1.6 SBOM generated by Syft 1.36.0. Syft writes We confirmed this still fails on 12.2.0, which is the latest release. Would it be feasible to backport this to a 12.2.x patch release? References:
Minimal reproducible example<?xml version='1.0' encoding='UTF-8'?>
<bom xmlns="http://cyclonedx.org/schema/bom/1.6" serialNumber="urn:uuid:00000000-0000-0000-0000-000000000001" version="1">
<metadata>
<timestamp>2026-07-09T00:00:00Z</timestamp>
<tools>
<components>
<component type="application">
<authors>
<author>
<name>example-tool-author</name>
</author>
</authors>
<name>example-tool</name>
<version>1.0.0</version>
</component>
</components>
</tools>
</metadata>
<components>
<component type="library">
<authors>
<author>
<name>Jane Doe</name>
<email>jane@example.com</email>
</author>
</authors>
<name>example-library</name>
<version>2.0.0</version>
<purl>pkg:generic/example-library@2.0.0</purl>
</component>
</components>
</bom>byte[] bytes = Files.readAllBytes(Path.of("bom.xml"));
Bom bom = new XmlParser().parse(bytes); // throws ParseException |
…o issue815 Signed-off-by: nscuro <nscuro@protonmail.com>
|
Thanks! I'll keep an eye out for the next release then |
Introduce OrganizationalContactsDeserializer and wire it into Component#getAuthors to correctly parse author/author-list payloads within tool components. Refactor ToolDeserializer, ToolInformationDeserializer and ToolsDeserializer to use the JsonParser's ObjectMapper when available (via getMapper), ensuring consistent conversion behavior. Add regression tests and JSON/XML fixtures for issue815 to validate tool/component authors and external references parsing.
This fixes #815