I am using the gradle CycloneDX plugin to generate a BOM file for a few LEGACY Java projects.
I have only had to make 2 minor updates to the exiting build.gradle files for each project.
The updates being to add the following 2 lines :
dependencies {
classpath("org.cyclonedx:cyclonedx-gradle-plugin:1.3.0")
}
apply plugin: 'org.cyclonedx.bom'
I am running the following command line for each project :
gradle :project-name:cyclonedxBom
which is generating both bom.xml & bom.json files in the build/reports folder.
I am using gradle 4.6 & Java 7 as my source & target version for the projects in build.gradle file.
The BOM file is successfully getting generated for all the projects except one. The failing project is reporting "the BOM does not confirm to the CycloneDX BOM standard". Whilst this error is reported a bom file is still generated for this failing project ( no jsn.xml file )
I have been able to successfully use the following link to validate the bom.xml file generated for the failing and successful projects. Th version is set to 1.2
https://cyclonedx.github.io/cyclonedx-web-tool/validate
So the failing bom.xml file is getting validated and still reports the error.
I would very much appreciate for any suggestions as to what actions I can make to fix the "the BOM does not confirm to the CycloneDX BOM standard" error reported.
