Add custom Vulnerability serializer and tests#743
Merged
Conversation
Introduces VulnerabilitySerializer for version-aware serialization of Vulnerability objects in both JSON and XML formats. Updates AbstractBomGenerator to register the new serializer, modifies Vulnerability model to ignore deprecated tool fields, and adds tests for vulnerability parsing in BomJsonGeneratorTest and BomXmlGeneratorTest for schema versions 1.4 and 1.5.
Coverage summary from CodacySee diff coverage on Codacy
Coverage variation details
Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: Diff coverage details
Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: See your quality gate settings Change summary preferencesFootnotes
|
Introduces new unit tests for vulnerability parsing in both JSON and XML formats for version 16, and refactors existing test method names for clarity. Ensures coverage for versions 14, 15, and 16 using both JSON and XML BOM inputs.
Updates VulnerabilitySerializer to avoid serializing empty string fields and to convert deprecated Tool objects to Component objects for CycloneDX versions 1.5 and above. Adds comprehensive tests to verify correct serialization behavior for empty strings and tool conversion across JSON and XML formats and multiple schema versions.
Simplifies tool serialization by removing conversion of deprecated tools to components for v1.5+; now preserves deprecated tool format if ToolInformation is not present. Updates and renames related tests to verify correct preservation of deprecated tool format and improves test coverage for edge cases.
Introduces StringUtils.isNotEmpty checks before setting Vulnerability and Analysis fields to prevent assigning empty strings. This improves robustness when deserializing JSON with missing or empty values.
Contributor
Author
|
hey @nscuro can you please take a look at this when you have time? I would like to have this in the next release |
nscuro
approved these changes
Jan 19, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Introduces VulnerabilitySerializer for version-aware serialization of Vulnerability objects in both JSON and XML formats. Updates AbstractBomGenerator to register the new serializer, modifies Vulnerability model to ignore deprecated tool fields, and adds tests for vulnerability parsing in BomJsonGeneratorTest and BomXmlGeneratorTest for schema versions 1.4 and 1.5.