It seems like version output in v1.5 still uses deprecated features of the CycloneDX schema

[tchinchow]

Hello

I recently submitted an issue to the maven-plugin (CycloneDX/cyclonedx-maven-plugin#487) however, looking at their code, I realize that this project may actually be the origin of my problem.

In short the file https://github.com/CycloneDX/cyclonedx-core-java/blob/master/src/main/java/org/cyclonedx/model/Metadata.java is designed to store a list of Tool.

This seems wrong to me because as I understand the CycloneDX schema, this is a deprecated syntax.

The modern version of the metadata/tools attribute has a list of components and a list of services.

Is there a plan to switch to the modern version or do you consider that the deprecated attribute can still be used ?

[nscuro]

This is not something that can be addressed here. Being a library that needs to be backward-compatible, cyclonedx-core-java needs to offer both the deprecated, and the new way.

It's up to the individual tools to decide which fields they want to set.