fix: register CycloneDX annotation keywords to silence schema validator warnings#860
Conversation
…ings The CycloneDX JSON schemas (e.g. bom-1.6.schema.json) declare the draft-07 dialect but use the CycloneDX-specific 'meta:enum' and 'deprecated' annotation keywords, which are not part of draft-07. The networknt json-schema-validator therefore logs an "Unknown keyword <name>" warning for each one during BOM validation. Register both keywords as NonValidationKeyword on a draft-07-based dialect used for the CycloneDX schemas. They carry no validation semantics, so validation results are unchanged; only the spurious warnings are removed. Signed-off-by: Patrick Baumgartner <contact@patbaumgartner.com>
Up to standards ✅🟢 Issues
|
| Metric | Results |
|---|---|
| Complexity | 0 |
🟢 Coverage 100.00% diff coverage · +0.02% coverage variation
Metric Results Coverage variation ✅ +0.02% coverage variation Diff coverage ✅ 100.00% diff coverage Coverage variation details
Coverable lines Covered lines Coverage Common ancestor commit (681ed28) Report Missing Report Missing Report Missing Head commit (3ed6e98) 6676 (+6) 5061 (+6) 75.81% (+0.02%) Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch:
<coverage of head commit> - <coverage of common ancestor commit>Diff coverage details
Coverable lines Covered lines Diff coverage Pull request (#860) 6 6 100.00% Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified:
<covered lines added or modified>/<coverable lines added or modified> * 100%1 Codacy didn't receive coverage data for the commit, or there was an error processing the received data. Check your integration for errors and validate that your coverage setup is correct.
NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.
Signed-off-by: Patrick Baumgartner <contact@patbaumgartner.com>
9f45723 to
3ed6e98
Compare
|
Thank you, @nscuro, for guiding my changes. Implementation changed according to your feedback. |
Reference
Addresses the long-standing warning reported in CycloneDX/cyclonedx-maven-plugin#564.
Problem
The CycloneDX JSON schemas (e.g.
bom-1.6.schema.json) declare the JSON-Schema draft-07 dialect but use the CycloneDX-proprietary annotation keywordsmeta:enumanddeprecated, which are not part of draft-07. When a consumer has an SLF4J backend on the classpath, the networknt json-schema-validator logs:once per keyword during BOM validation. This is noise for every downstream tool (e.g. the Maven plugin).
Fix
Derive a draft-07 dialect that registers
meta:enumanddeprecatedasNonValidationKeywords and wire it in via a delegatingDialectRegistryon theSchemaRegistryused for CycloneDX schemas. The keywords are pure annotations, so validation behaviour is unchanged — only the spurious warnings are removed.Tests
CycloneDxJsonDialectTestverifying the keywords are registered as non-validating, that stock draft-07 does not know them, and that a valid 1.6 BOM still validates.