alitheg commented on PR #942: URL: https://github.com/apache/tooling-trusted-releases/pull/942#issuecomment-4133272223
> XML -> Bom object -> JSON -> Document object -> patched Document object -> JSON -> BOM -> XML is a bit of a long transformation process, and I'd worry that it's a bit fragile. I would rather try to convince projects to standardise on JSON SBOMs: the most recent survey I could find showed that JSON is used far more often than XML for SBOMs. It's a fair point. Perhaps we could add support for _parsing_ XML BOMs but say we can't do any augmentation/patching unless you use JSON. Our tool could still take XML in and output JSON, it would just remove the last 2 parts of that chain so we'd have two: JSON -> Document object -> patched Document object -> JSON and XML -> Bom object -> JSON -> Document object -> patched Document object -> JSON We could work on allowing our patches to work on XML too - my initial attempt was to make bundle have a `Document` *and* a `Element` but that felt even more complex - especially if we can standardise -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
