Metadata component is missing entries for hashes etc

[danhallin]

When generating a bom the metadata component does not get assigned the same values as entries in component list.

Steps to reproduce

git clone https://github.com/CycloneDX/cyclonedx-gradle-plugin.git
cd cyclonedx-gradle-plugin
./gradlew cyclonedxbom
cat build/reports/bom.json

Expected result

metadata.component should contain entries for hashes / description / licenses / purl

Actual result

metadata.component does not contain entries for hashes / description / licenses / purl

[skhokhlov]

1. It's not clear what exactly must be used for hash calculation for the main component. For libraries jar files are using for it, but for the project itself jar file is not a required thing.
2. Raised a new issue to add project description: Introduce a way to provide project description #472
3. You can provide licenses for your project using licenseChoice. Example: https://github.com/CycloneDX/cyclonedx-gradle-plugin?tab=readme-ov-file#adding-licenses-data
4. Component in metadata contains PURL. Example:

    "component" : {
      "group" : "org.cyclonedx",
      "name" : "cyclonedx-gradle-plugin",
      "version" : "1.8.2",
      "purl" : "pkg:maven/org.cyclonedx/[email protected]?type=jar",
      "type" : "library",
      "bom-ref" : "pkg:maven/org.cyclonedx/[email protected]?type=jar"
    }

[github-actions]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.