BOM validation failed after upgrade to Trivy 0.68.1 #9927

tomkuipers · 2025-12-10T11:19:31Z

tomkuipers
Dec 10, 2025

Description

In our CI/CD pipeline we use Trivy to produce CycloneDX SBOM files for containers and upload then to Dependency-Track. After upgrading from Trivy 0.67.2 to 0.68.1 the uploaded SBOM was invalid (according to Dependency-Track) using the same container as input:
"status":400,"title":"The uploaded BOM is invalid","detail":"Schema validation failed"

To pinpoint the issue I used cyclonedx-cli to validate the produced SBOM files for both versions 0.67.2 and 0.68.1

trivy 0.67.2 produces valid CycloneDX SBOM file.
trivy 0.68.1 produces invalid CycloneDX SBom file.

Desired Behavior

Trivy should produce valid SBOM when using --format cyclonedx.

Actual Behavior

When you validate the produced SBOM from trivy version 0.68.1, it is invalid - schema validation failed.

Reproduction Steps

1. trivy --version
Version: 0.68.1
2. cyclonedx --version
0.29.2+09de64f86951325836c701dfbf9dde9b5d8fcf7d
3. trivy image --format cyclonedx --output renovate-sbom-0.67.2.json ghcr.io/mend/renovate-ce:12.0.0-full
4. cyclonedx validate --input-file renovate-sbom-0.67.2.json
BOM validated successfully.

Upgrade to trivy 0.68.1, and using same container image as input
5. trivy --version
Version: 0.68.1
6. trivy image --format cyclonedx --output renovate-sbom-0.68.1.json ghcr.io/mend/renovate-ce:12.0.0-full
7. cyclonedx validate --input-file renovate-sbom-0.68.1.json
Validation failed:
Expected 1 matching subschema but found 0
http://cyclonedx.org/schema/bom-1.6.schema.json#/definitions/licenseChoice
On instance: /components/2765/licenses:
[
        {
          "license": {
            "id": "GPL-1.0-or-later"
          }
        },
        {
          "license": {
            "id": "Artistic-2.0"
          }
        },
        {
          "license": {
            "id": "MIT"
          }
        },
        {
          "license": {
            "name": "REGCOMP"
          }
        },
        {
          "license": {
            "name": "GPL-2.0-only WITH bison-exception+"
          }
        },
        {
          "license": {
            "name": "Unicode"
          }
        },
        {
          "license": {
            "name": "BZIP"
          }
        },
        {
          "license": {
            "id": "Zlib"
          }
        },
        {
          "license": {
            "id": "GPL-2.0-or-later"
          }
        },
        {
          "license": {
            "id": "FSFAP"
          }
        },
        {
          "license": {
            "name": "BSD-3-Clause WITH weird-numbering"
          }
        },
        {
          "license": {
            "id": "CC0-1.0"
          }
        },
        {
          "license": {
            "name": "TEXT-TABS"
          }
        },
        {
          "license": {
            "name": "BSD-4-clause-POWERDOG"
          }
        },
        {
          "license": {
            "name": "BSD-3-clause-GENERIC"
          }
        },
        {
          "license": {
            "id": "BSD-3-Clause"
          }
        },
        {
          "license": {
            "name": "SDBM-PUBLIC-DOMAIN"
          }
        },
        {
          "license": {
            "name": "DONT-CHANGE-THE-GPL"
          }
        },
        {
          "license": {
            "id": "Artistic-dist"
          }
        },
        {
          "license": {
            "id": "LGPL-2.1-only"
          }
        },
        {
          "license": {
            "id": "GPL-1.0-only"
          }
        },
        {
          "license": {
            "id": "GPL-2.0-only"
          }
        },
        {
          "license": {
            "name": "Artistic-2"
          }
        }
      ]
Expected 1 matching subschema but found 0
http://cyclonedx.org/schema/bom-1.6.schema.json#/definitions/licenseChoice
On instance: /components/2769/licenses:
[
        {
          "license": {
            "id": "PostgreSQL"
          }
        },
        {
          "license": {
            "name": "Custom-regex"
          }
        },
        {
          "license": {
            "id": "Tcl"
          }
        },
        {
          "license": {
            "name": "Custom-pg-dump"
          }
        },
        {
          "license": {
            "id": "BSD-3-Clause"
          }
        },
        {
          "license": {
            "name": "Custom-Unicode"
          }
        },
        {
          "license": {
            "name": "double-metaphone"
          }
        },
        {
          "license": {
            "id": "GPL-1.0-only"
          }
        },
        {
          "license": {
            "id": "Artistic-2.0"
          }
        },
        {
          "license": {
            "name": "nagaysau-ishii"
          }
        },
        {
          "license": {
            "id": "BSD-2-Clause"
          }
        }
      ]
Expected 1 matching subschema but found 0
http://cyclonedx.org/schema/bom-1.6.schema.json#/definitions/licenseChoice
On instance: /components/2770/licenses:
[
        {
          "license": {
            "id": "PostgreSQL"
          }
        },
        {
          "license": {
            "name": "Custom-regex"
          }
        },
        {
          "license": {
            "id": "Tcl"
          }
        },
        {
          "license": {
            "name": "Custom-pg-dump"
          }
        },
        {
          "license": {
            "id": "BSD-3-Clause"
          }
        },
        {
          "license": {
            "name": "Custom-Unicode"
          }
        },
        {
          "license": {
            "name": "double-metaphone"
          }
        },
        {
          "license": {
            "id": "GPL-1.0-only"
          }
        },
        {
          "license": {
            "id": "Artistic-2.0"
          }
        },
        {
          "license": {
            "name": "nagaysau-ishii"
          }
        },
        {
          "license": {
            "id": "BSD-2-Clause"
          }
        }
      ]
Expected 1 matching subschema but found 0
http://cyclonedx.org/schema/bom-1.6.schema.json#/definitions/licenseChoice
On instance: /components/2835/licenses:
[
        {
          "license": {
            "id": "GPL-1.0-or-later"
          }
        },
        {
          "license": {
            "id": "Artistic-2.0"
          }
        },
        {
          "license": {
            "id": "MIT"
          }
        },
        {
          "license": {
            "name": "REGCOMP"
          }
        },
        {
          "license": {
            "name": "GPL-2.0-only WITH bison-exception+"
          }
        },
        {
          "license": {
            "name": "Unicode"
          }
        },
        {
          "license": {
            "name": "BZIP"
          }
        },
        {
          "license": {
            "id": "Zlib"
          }
        },
        {
          "license": {
            "id": "GPL-2.0-or-later"
          }
        },
        {
          "license": {
            "id": "FSFAP"
          }
        },
        {
          "license": {
            "name": "BSD-3-Clause WITH weird-numbering"
          }
        },
        {
          "license": {
            "id": "CC0-1.0"
          }
        },
        {
          "license": {
            "name": "TEXT-TABS"
          }
        },
        {
          "license": {
            "name": "BSD-4-clause-POWERDOG"
          }
        },
        {
          "license": {
            "name": "BSD-3-clause-GENERIC"
          }
        },
        {
          "license": {
            "id": "BSD-3-Clause"
          }
        },
        {
          "license": {
            "name": "SDBM-PUBLIC-DOMAIN"
          }
        },
        {
          "license": {
            "name": "DONT-CHANGE-THE-GPL"
          }
        },
        {
          "license": {
            "id": "Artistic-dist"
          }
        },
        {
          "license": {
            "id": "LGPL-2.1-only"
          }
        },
        {
          "license": {
            "id": "GPL-1.0-only"
          }
        },
        {
          "license": {
            "id": "GPL-2.0-only"
          }
        },
        {
          "license": {
            "name": "Artistic-2"
          }
        }
      ]
Expected 1 matching subschema but found 0
http://cyclonedx.org/schema/bom-1.6.schema.json#/definitions/licenseChoice
On instance: /components/2836/licenses:
[
        {
          "license": {
            "id": "GPL-1.0-or-later"
          }
        },
        {
          "license": {
            "id": "Artistic-2.0"
          }
        },
        {
          "license": {
            "id": "MIT"
          }
        },
        {
          "license": {
            "name": "REGCOMP"
          }
        },
        {
          "license": {
            "name": "GPL-2.0-only WITH bison-exception+"
          }
        },
        {
          "license": {
            "name": "Unicode"
          }
        },
        {
          "license": {
            "name": "BZIP"
          }
        },
        {
          "license": {
            "id": "Zlib"
          }
        },
        {
          "license": {
            "id": "GPL-2.0-or-later"
          }
        },
        {
          "license": {
            "id": "FSFAP"
          }
        },
        {
          "license": {
            "name": "BSD-3-Clause WITH weird-numbering"
          }
        },
        {
          "license": {
            "id": "CC0-1.0"
          }
        },
        {
          "license": {
            "name": "TEXT-TABS"
          }
        },
        {
          "license": {
            "name": "BSD-4-clause-POWERDOG"
          }
        },
        {
          "license": {
            "name": "BSD-3-clause-GENERIC"
          }
        },
        {
          "license": {
            "id": "BSD-3-Clause"
          }
        },
        {
          "license": {
            "name": "SDBM-PUBLIC-DOMAIN"
          }
        },
        {
          "license": {
            "name": "DONT-CHANGE-THE-GPL"
          }
        },
        {
          "license": {
            "id": "Artistic-dist"
          }
        },
        {
          "license": {
            "id": "LGPL-2.1-only"
          }
        },
        {
          "license": {
            "id": "GPL-1.0-only"
          }
        },
        {
          "license": {
            "id": "GPL-2.0-only"
          }
        },
        {
          "license": {
            "name": "Artistic-2"
          }
        }
      ]
Expected 1 matching subschema but found 0
http://cyclonedx.org/schema/bom-1.6.schema.json#/definitions/licenseChoice
On instance: /components/2837/licenses:
[
        {
          "license": {
            "id": "GPL-1.0-or-later"
          }
        },
        {
          "license": {
            "id": "Artistic-2.0"
          }
        },
        {
          "license": {
            "id": "MIT"
          }
        },
        {
          "license": {
            "name": "REGCOMP"
          }
        },
        {
          "license": {
            "name": "GPL-2.0-only WITH bison-exception+"
          }
        },
        {
          "license": {
            "name": "Unicode"
          }
        },
        {
          "license": {
            "name": "BZIP"
          }
        },
        {
          "license": {
            "id": "Zlib"
          }
        },
        {
          "license": {
            "id": "GPL-2.0-or-later"
          }
        },
        {
          "license": {
            "id": "FSFAP"
          }
        },
        {
          "license": {
            "name": "BSD-3-Clause WITH weird-numbering"
          }
        },
        {
          "license": {
            "id": "CC0-1.0"
          }
        },
        {
          "license": {
            "name": "TEXT-TABS"
          }
        },
        {
          "license": {
            "name": "BSD-4-clause-POWERDOG"
          }
        },
        {
          "license": {
            "name": "BSD-3-clause-GENERIC"
          }
        },
        {
          "license": {
            "id": "BSD-3-Clause"
          }
        },
        {
          "license": {
            "name": "SDBM-PUBLIC-DOMAIN"
          }
        },
        {
          "license": {
            "name": "DONT-CHANGE-THE-GPL"
          }
        },
        {
          "license": {
            "id": "Artistic-dist"
          }
        },
        {
          "license": {
            "id": "LGPL-2.1-only"
          }
        },
        {
          "license": {
            "id": "GPL-1.0-only"
          }
        },
        {
          "license": {
            "id": "GPL-2.0-only"
          }
        },
        {
          "license": {
            "name": "Artistic-2"
          }
        }
      ]
Value should have at most 1 items
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1
On instance: /components/2765/licenses:
[
        {
          "license": {
            "id": "GPL-1.0-or-later"
          }
        },
        {
          "license": {
            "id": "Artistic-2.0"
          }
        },
        {
          "license": {
            "id": "MIT"
          }
        },
        {
          "license": {
            "name": "REGCOMP"
          }
        },
        {
          "license": {
            "name": "GPL-2.0-only WITH bison-exception+"
          }
        },
        {
          "license": {
            "name": "Unicode"
          }
        },
        {
          "license": {
            "name": "BZIP"
          }
        },
        {
          "license": {
            "id": "Zlib"
          }
        },
        {
          "license": {
            "id": "GPL-2.0-or-later"
          }
        },
        {
          "license": {
            "id": "FSFAP"
          }
        },
        {
          "license": {
            "name": "BSD-3-Clause WITH weird-numbering"
          }
        },
        {
          "license": {
            "id": "CC0-1.0"
          }
        },
        {
          "license": {
            "name": "TEXT-TABS"
          }
        },
        {
          "license": {
            "name": "BSD-4-clause-POWERDOG"
          }
        },
        {
          "license": {
            "name": "BSD-3-clause-GENERIC"
          }
        },
        {
          "license": {
            "id": "BSD-3-Clause"
          }
        },
        {
          "license": {
            "name": "SDBM-PUBLIC-DOMAIN"
          }
        },
        {
          "license": {
            "name": "DONT-CHANGE-THE-GPL"
          }
        },
        {
          "license": {
            "id": "Artistic-dist"
          }
        },
        {
          "license": {
            "id": "LGPL-2.1-only"
          }
        },
        {
          "license": {
            "id": "GPL-1.0-only"
          }
        },
        {
          "license": {
            "id": "GPL-2.0-only"
          }
        },
        {
          "license": {
            "name": "Artistic-2"
          }
        }
      ]
Value should have at most 1 items
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1
On instance: /components/2769/licenses:
[
        {
          "license": {
            "id": "PostgreSQL"
          }
        },
        {
          "license": {
            "name": "Custom-regex"
          }
        },
        {
          "license": {
            "id": "Tcl"
          }
        },
        {
          "license": {
            "name": "Custom-pg-dump"
          }
        },
        {
          "license": {
            "id": "BSD-3-Clause"
          }
        },
        {
          "license": {
            "name": "Custom-Unicode"
          }
        },
        {
          "license": {
            "name": "double-metaphone"
          }
        },
        {
          "license": {
            "id": "GPL-1.0-only"
          }
        },
        {
          "license": {
            "id": "Artistic-2.0"
          }
        },
        {
          "license": {
            "name": "nagaysau-ishii"
          }
        },
        {
          "license": {
            "id": "BSD-2-Clause"
          }
        }
      ]
Value should have at most 1 items
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1
On instance: /components/2770/licenses:
[
        {
          "license": {
            "id": "PostgreSQL"
          }
        },
        {
          "license": {
            "name": "Custom-regex"
          }
        },
        {
          "license": {
            "id": "Tcl"
          }
        },
        {
          "license": {
            "name": "Custom-pg-dump"
          }
        },
        {
          "license": {
            "id": "BSD-3-Clause"
          }
        },
        {
          "license": {
            "name": "Custom-Unicode"
          }
        },
        {
          "license": {
            "name": "double-metaphone"
          }
        },
        {
          "license": {
            "id": "GPL-1.0-only"
          }
        },
        {
          "license": {
            "id": "Artistic-2.0"
          }
        },
        {
          "license": {
            "name": "nagaysau-ishii"
          }
        },
        {
          "license": {
            "id": "BSD-2-Clause"
          }
        }
      ]
Value should have at most 1 items
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1
On instance: /components/2835/licenses:
[
        {
          "license": {
            "id": "GPL-1.0-or-later"
          }
        },
        {
          "license": {
            "id": "Artistic-2.0"
          }
        },
        {
          "license": {
            "id": "MIT"
          }
        },
        {
          "license": {
            "name": "REGCOMP"
          }
        },
        {
          "license": {
            "name": "GPL-2.0-only WITH bison-exception+"
          }
        },
        {
          "license": {
            "name": "Unicode"
          }
        },
        {
          "license": {
            "name": "BZIP"
          }
        },
        {
          "license": {
            "id": "Zlib"
          }
        },
        {
          "license": {
            "id": "GPL-2.0-or-later"
          }
        },
        {
          "license": {
            "id": "FSFAP"
          }
        },
        {
          "license": {
            "name": "BSD-3-Clause WITH weird-numbering"
          }
        },
        {
          "license": {
            "id": "CC0-1.0"
          }
        },
        {
          "license": {
            "name": "TEXT-TABS"
          }
        },
        {
          "license": {
            "name": "BSD-4-clause-POWERDOG"
          }
        },
        {
          "license": {
            "name": "BSD-3-clause-GENERIC"
          }
        },
        {
          "license": {
            "id": "BSD-3-Clause"
          }
        },
        {
          "license": {
            "name": "SDBM-PUBLIC-DOMAIN"
          }
        },
        {
          "license": {
            "name": "DONT-CHANGE-THE-GPL"
          }
        },
        {
          "license": {
            "id": "Artistic-dist"
          }
        },
        {
          "license": {
            "id": "LGPL-2.1-only"
          }
        },
        {
          "license": {
            "id": "GPL-1.0-only"
          }
        },
        {
          "license": {
            "id": "GPL-2.0-only"
          }
        },
        {
          "license": {
            "name": "Artistic-2"
          }
        }
      ]
Value should have at most 1 items
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1
On instance: /components/2836/licenses:
[
        {
          "license": {
            "id": "GPL-1.0-or-later"
          }
        },
        {
          "license": {
            "id": "Artistic-2.0"
          }
        },
        {
          "license": {
            "id": "MIT"
          }
        },
        {
          "license": {
            "name": "REGCOMP"
          }
        },
        {
          "license": {
            "name": "GPL-2.0-only WITH bison-exception+"
          }
        },
        {
          "license": {
            "name": "Unicode"
          }
        },
        {
          "license": {
            "name": "BZIP"
          }
        },
        {
          "license": {
            "id": "Zlib"
          }
        },
        {
          "license": {
            "id": "GPL-2.0-or-later"
          }
        },
        {
          "license": {
            "id": "FSFAP"
          }
        },
        {
          "license": {
            "name": "BSD-3-Clause WITH weird-numbering"
          }
        },
        {
          "license": {
            "id": "CC0-1.0"
          }
        },
        {
          "license": {
            "name": "TEXT-TABS"
          }
        },
        {
          "license": {
            "name": "BSD-4-clause-POWERDOG"
          }
        },
        {
          "license": {
            "name": "BSD-3-clause-GENERIC"
          }
        },
        {
          "license": {
            "id": "BSD-3-Clause"
          }
        },
        {
          "license": {
            "name": "SDBM-PUBLIC-DOMAIN"
          }
        },
        {
          "license": {
            "name": "DONT-CHANGE-THE-GPL"
          }
        },
        {
          "license": {
            "id": "Artistic-dist"
          }
        },
        {
          "license": {
            "id": "LGPL-2.1-only"
          }
        },
        {
          "license": {
            "id": "GPL-1.0-only"
          }
        },
        {
          "license": {
            "id": "GPL-2.0-only"
          }
        },
        {
          "license": {
            "name": "Artistic-2"
          }
        }
      ]
Value should have at most 1 items
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1
On instance: /components/2837/licenses:
[
        {
          "license": {
            "id": "GPL-1.0-or-later"
          }
        },
        {
          "license": {
            "id": "Artistic-2.0"
          }
        },
        {
          "license": {
            "id": "MIT"
          }
        },
        {
          "license": {
            "name": "REGCOMP"
          }
        },
        {
          "license": {
            "name": "GPL-2.0-only WITH bison-exception+"
          }
        },
        {
          "license": {
            "name": "Unicode"
          }
        },
        {
          "license": {
            "name": "BZIP"
          }
        },
        {
          "license": {
            "id": "Zlib"
          }
        },
        {
          "license": {
            "id": "GPL-2.0-or-later"
          }
        },
        {
          "license": {
            "id": "FSFAP"
          }
        },
        {
          "license": {
            "name": "BSD-3-Clause WITH weird-numbering"
          }
        },
        {
          "license": {
            "id": "CC0-1.0"
          }
        },
        {
          "license": {
            "name": "TEXT-TABS"
          }
        },
        {
          "license": {
            "name": "BSD-4-clause-POWERDOG"
          }
        },
        {
          "license": {
            "name": "BSD-3-clause-GENERIC"
          }
        },
        {
          "license": {
            "id": "BSD-3-Clause"
          }
        },
        {
          "license": {
            "name": "SDBM-PUBLIC-DOMAIN"
          }
        },
        {
          "license": {
            "name": "DONT-CHANGE-THE-GPL"
          }
        },
        {
          "license": {
            "id": "Artistic-dist"
          }
        },
        {
          "license": {
            "id": "LGPL-2.1-only"
          }
        },
        {
          "license": {
            "id": "GPL-1.0-only"
          }
        },
        {
          "license": {
            "id": "GPL-2.0-only"
          }
        },
        {
          "license": {
            "name": "Artistic-2"
          }
        }
      ]
Required properties ["expression"] are not present
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/items/0
On instance: /components/2765/licenses/0:
{
          "license": {
            "id": "GPL-1.0-or-later"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2765/licenses/1:
{
          "license": {
            "id": "Artistic-2.0"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2765/licenses/2:
{
          "license": {
            "id": "MIT"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2765/licenses/3:
{
          "license": {
            "name": "REGCOMP"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2765/licenses/4:
{
          "license": {
            "name": "GPL-2.0-only WITH bison-exception+"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2765/licenses/5:
{
          "license": {
            "name": "Unicode"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2765/licenses/6:
{
          "license": {
            "name": "BZIP"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2765/licenses/7:
{
          "license": {
            "id": "Zlib"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2765/licenses/8:
{
          "license": {
            "id": "GPL-2.0-or-later"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2765/licenses/9:
{
          "license": {
            "id": "FSFAP"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2765/licenses/10:
{
          "license": {
            "name": "BSD-3-Clause WITH weird-numbering"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2765/licenses/11:
{
          "license": {
            "id": "CC0-1.0"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2765/licenses/12:
{
          "license": {
            "name": "TEXT-TABS"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2765/licenses/13:
{
          "license": {
            "name": "BSD-4-clause-POWERDOG"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2765/licenses/14:
{
          "license": {
            "name": "BSD-3-clause-GENERIC"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2765/licenses/15:
{
          "license": {
            "id": "BSD-3-Clause"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2765/licenses/16:
{
          "license": {
            "name": "SDBM-PUBLIC-DOMAIN"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2765/licenses/17:
{
          "license": {
            "name": "DONT-CHANGE-THE-GPL"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2765/licenses/18:
{
          "license": {
            "id": "Artistic-dist"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2765/licenses/19:
{
          "license": {
            "id": "LGPL-2.1-only"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2765/licenses/20:
{
          "license": {
            "id": "GPL-1.0-only"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2765/licenses/21:
{
          "license": {
            "id": "GPL-2.0-only"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2765/licenses/22:
{
          "license": {
            "name": "Artistic-2"
          }
        }
Required properties ["expression"] are not present
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/items/0
On instance: /components/2769/licenses/0:
{
          "license": {
            "id": "PostgreSQL"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2769/licenses/1:
{
          "license": {
            "name": "Custom-regex"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2769/licenses/2:
{
          "license": {
            "id": "Tcl"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2769/licenses/3:
{
          "license": {
            "name": "Custom-pg-dump"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2769/licenses/4:
{
          "license": {
            "id": "BSD-3-Clause"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2769/licenses/5:
{
          "license": {
            "name": "Custom-Unicode"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2769/licenses/6:
{
          "license": {
            "name": "double-metaphone"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2769/licenses/7:
{
          "license": {
            "id": "GPL-1.0-only"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2769/licenses/8:
{
          "license": {
            "id": "Artistic-2.0"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2769/licenses/9:
{
          "license": {
            "name": "nagaysau-ishii"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2769/licenses/10:
{
          "license": {
            "id": "BSD-2-Clause"
          }
        }
Required properties ["expression"] are not present
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/items/0
On instance: /components/2770/licenses/0:
{
          "license": {
            "id": "PostgreSQL"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2770/licenses/1:
{
          "license": {
            "name": "Custom-regex"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2770/licenses/2:
{
          "license": {
            "id": "Tcl"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2770/licenses/3:
{
          "license": {
            "name": "Custom-pg-dump"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2770/licenses/4:
{
          "license": {
            "id": "BSD-3-Clause"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2770/licenses/5:
{
          "license": {
            "name": "Custom-Unicode"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2770/licenses/6:
{
          "license": {
            "name": "double-metaphone"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2770/licenses/7:
{
          "license": {
            "id": "GPL-1.0-only"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2770/licenses/8:
{
          "license": {
            "id": "Artistic-2.0"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2770/licenses/9:
{
          "license": {
            "name": "nagaysau-ishii"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2770/licenses/10:
{
          "license": {
            "id": "BSD-2-Clause"
          }
        }
Required properties ["expression"] are not present
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/items/0
On instance: /components/2835/licenses/0:
{
          "license": {
            "id": "GPL-1.0-or-later"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2835/licenses/1:
{
          "license": {
            "id": "Artistic-2.0"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2835/licenses/2:
{
          "license": {
            "id": "MIT"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2835/licenses/3:
{
          "license": {
            "name": "REGCOMP"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2835/licenses/4:
{
          "license": {
            "name": "GPL-2.0-only WITH bison-exception+"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2835/licenses/5:
{
          "license": {
            "name": "Unicode"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2835/licenses/6:
{
          "license": {
            "name": "BZIP"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2835/licenses/7:
{
          "license": {
            "id": "Zlib"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2835/licenses/8:
{
          "license": {
            "id": "GPL-2.0-or-later"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2835/licenses/9:
{
          "license": {
            "id": "FSFAP"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2835/licenses/10:
{
          "license": {
            "name": "BSD-3-Clause WITH weird-numbering"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2835/licenses/11:
{
          "license": {
            "id": "CC0-1.0"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2835/licenses/12:
{
          "license": {
            "name": "TEXT-TABS"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2835/licenses/13:
{
          "license": {
            "name": "BSD-4-clause-POWERDOG"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2835/licenses/14:
{
          "license": {
            "name": "BSD-3-clause-GENERIC"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2835/licenses/15:
{
          "license": {
            "id": "BSD-3-Clause"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2835/licenses/16:
{
          "license": {
            "name": "SDBM-PUBLIC-DOMAIN"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2835/licenses/17:
{
          "license": {
            "name": "DONT-CHANGE-THE-GPL"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2835/licenses/18:
{
          "license": {
            "id": "Artistic-dist"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2835/licenses/19:
{
          "license": {
            "id": "LGPL-2.1-only"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2835/licenses/20:
{
          "license": {
            "id": "GPL-1.0-only"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2835/licenses/21:
{
          "license": {
            "id": "GPL-2.0-only"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2835/licenses/22:
{
          "license": {
            "name": "Artistic-2"
          }
        }
Required properties ["expression"] are not present
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/items/0
On instance: /components/2836/licenses/0:
{
          "license": {
            "id": "GPL-1.0-or-later"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2836/licenses/1:
{
          "license": {
            "id": "Artistic-2.0"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2836/licenses/2:
{
          "license": {
            "id": "MIT"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2836/licenses/3:
{
          "license": {
            "name": "REGCOMP"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2836/licenses/4:
{
          "license": {
            "name": "GPL-2.0-only WITH bison-exception+"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2836/licenses/5:
{
          "license": {
            "name": "Unicode"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2836/licenses/6:
{
          "license": {
            "name": "BZIP"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2836/licenses/7:
{
          "license": {
            "id": "Zlib"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2836/licenses/8:
{
          "license": {
            "id": "GPL-2.0-or-later"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2836/licenses/9:
{
          "license": {
            "id": "FSFAP"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2836/licenses/10:
{
          "license": {
            "name": "BSD-3-Clause WITH weird-numbering"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2836/licenses/11:
{
          "license": {
            "id": "CC0-1.0"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2836/licenses/12:
{
          "license": {
            "name": "TEXT-TABS"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2836/licenses/13:
{
          "license": {
            "name": "BSD-4-clause-POWERDOG"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2836/licenses/14:
{
          "license": {
            "name": "BSD-3-clause-GENERIC"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2836/licenses/15:
{
          "license": {
            "id": "BSD-3-Clause"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2836/licenses/16:
{
          "license": {
            "name": "SDBM-PUBLIC-DOMAIN"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2836/licenses/17:
{
          "license": {
            "name": "DONT-CHANGE-THE-GPL"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2836/licenses/18:
{
          "license": {
            "id": "Artistic-dist"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2836/licenses/19:
{
          "license": {
            "id": "LGPL-2.1-only"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2836/licenses/20:
{
          "license": {
            "id": "GPL-1.0-only"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2836/licenses/21:
{
          "license": {
            "id": "GPL-2.0-only"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2836/licenses/22:
{
          "license": {
            "name": "Artistic-2"
          }
        }
Required properties ["expression"] are not present
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/items/0
On instance: /components/2837/licenses/0:
{
          "license": {
            "id": "GPL-1.0-or-later"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2837/licenses/1:
{
          "license": {
            "id": "Artistic-2.0"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2837/licenses/2:
{
          "license": {
            "id": "MIT"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2837/licenses/3:
{
          "license": {
            "name": "REGCOMP"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2837/licenses/4:
{
          "license": {
            "name": "GPL-2.0-only WITH bison-exception+"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2837/licenses/5:
{
          "license": {
            "name": "Unicode"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2837/licenses/6:
{
          "license": {
            "name": "BZIP"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2837/licenses/7:
{
          "license": {
            "id": "Zlib"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2837/licenses/8:
{
          "license": {
            "id": "GPL-2.0-or-later"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2837/licenses/9:
{
          "license": {
            "id": "FSFAP"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2837/licenses/10:
{
          "license": {
            "name": "BSD-3-Clause WITH weird-numbering"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2837/licenses/11:
{
          "license": {
            "id": "CC0-1.0"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2837/licenses/12:
{
          "license": {
            "name": "TEXT-TABS"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2837/licenses/13:
{
          "license": {
            "name": "BSD-4-clause-POWERDOG"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2837/licenses/14:
{
          "license": {
            "name": "BSD-3-clause-GENERIC"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2837/licenses/15:
{
          "license": {
            "id": "BSD-3-Clause"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2837/licenses/16:
{
          "license": {
            "name": "SDBM-PUBLIC-DOMAIN"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2837/licenses/17:
{
          "license": {
            "name": "DONT-CHANGE-THE-GPL"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2837/licenses/18:
{
          "license": {
            "id": "Artistic-dist"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2837/licenses/19:
{
          "license": {
            "id": "LGPL-2.1-only"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2837/licenses/20:
{
          "license": {
            "id": "GPL-1.0-only"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2837/licenses/21:
{
          "license": {
            "id": "GPL-2.0-only"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/additionalItems
On instance: /components/2837/licenses/22:
{
          "license": {
            "name": "Artistic-2"
          }
        }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/items/0/additionalProperties
On instance: /components/2765/licenses/0/license:
{
            "id": "GPL-1.0-or-later"
          }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/items/0/additionalProperties
On instance: /components/2769/licenses/0/license:
{
            "id": "PostgreSQL"
          }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/items/0/additionalProperties
On instance: /components/2770/licenses/0/license:
{
            "id": "PostgreSQL"
          }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/items/0/additionalProperties
On instance: /components/2835/licenses/0/license:
{
            "id": "GPL-1.0-or-later"
          }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/items/0/additionalProperties
On instance: /components/2836/licenses/0/license:
{
            "id": "GPL-1.0-or-later"
          }
All values fail against the false schema
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1/items/0/additionalProperties
On instance: /components/2837/licenses/0/license:
{
            "id": "GPL-1.0-or-later"
          }
Required properties ["name"] are not present
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1
On instance: /components/2765/licenses/18/license:
{
            "id": "Artistic-dist"
          }
Required properties ["name"] are not present
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1
On instance: /components/2769/licenses/2/license:
{
            "id": "Tcl"
          }
Required properties ["name"] are not present
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1
On instance: /components/2770/licenses/2/license:
{
            "id": "Tcl"
          }
Required properties ["name"] are not present
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1
On instance: /components/2835/licenses/18/license:
{
            "id": "Artistic-dist"
          }
Required properties ["name"] are not present
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1
On instance: /components/2836/licenses/18/license:
{
            "id": "Artistic-dist"
          }
Required properties ["name"] are not present
http://cyclonedx.org/schema/bom-1.6.schema.json#/oneOf/1
On instance: /components/2837/licenses/18/license:
{
            "id": "Artistic-dist"
          }
Value should match one of the values specified by the enum
http://cyclonedx.org/schema/spdx.schema.json
On instance: /components/2765/licenses/18/license/id:
Artistic-dist
Value should match one of the values specified by the enum
http://cyclonedx.org/schema/spdx.schema.json
On instance: /components/2769/licenses/2/license/id:
Tcl
Value should match one of the values specified by the enum
http://cyclonedx.org/schema/spdx.schema.json
On instance: /components/2770/licenses/2/license/id:
Tcl
Value should match one of the values specified by the enum
http://cyclonedx.org/schema/spdx.schema.json
On instance: /components/2835/licenses/18/license/id:
Artistic-dist
Value should match one of the values specified by the enum
http://cyclonedx.org/schema/spdx.schema.json
On instance: /components/2836/licenses/18/license/id:
Artistic-dist
Value should match one of the values specified by the enum
http://cyclonedx.org/schema/spdx.schema.json
On instance: /components/2837/licenses/18/license/id:
Artistic-dist
Unable to validate against any JSON schemas.
BOM is not valid.

Target

Container Image

Scanner

None

Output Format

CycloneDX

Mode

Standalone

Debug Output

trivy image --format cyclonedx --output renovate-sbom-0.68.1.json ghcr.io/mend/renovate-ce:12.0.0-full --debug
2025-12-10T12:17:43+01:00       DEBUG   Default config file "file_path=trivy.yaml" not found, using built in values
2025-12-10T12:17:43+01:00       DEBUG   Cache dir       dir="/Users/tomk/Library/Caches/trivy"
2025-12-10T12:17:43+01:00       DEBUG   Cache dir       dir="/Users/tomk/Library/Caches/trivy"
2025-12-10T12:17:43+01:00       DEBUG   Parsed severities       severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL]
2025-12-10T12:17:43+01:00       DEBUG   Ignore statuses statuses=[]
2025-12-10T12:17:43+01:00       INFO    "--format cyclonedx" disables security scanning. Specify "--scanners vuln" explicitly if you want to include vulnerabilities in the "cyclonedx" report.
2025-12-10T12:17:43+01:00       DEBUG   [notification] Running version check
2025-12-10T12:17:43+01:00       DEBUG   [pkg] Package types     types=[os library]
2025-12-10T12:17:43+01:00       DEBUG   [pkg] Package relationships     relationships=[unknown root workspace direct indirect]
2025-12-10T12:17:43+01:00       DEBUG   Initializing scan cache...      type="fs"
2025-12-10T12:17:43+01:00       DEBUG   [notification] Version check completed  latest_version="0.68.1"
2025-12-10T12:17:43+01:00       DEBUG   [image] Image found     image="ghcr.io/mend/renovate-ce:12.0.0-full" source="remote"
2025-12-10T12:17:43+01:00       DEBUG   Created process-specific temp directory path="/var/folders/1t/q42g140x2n5_x8912tg0zcvr0000gn/T/trivy-94325"
2025-12-10T12:17:43+01:00       DEBUG   [image] Detected image ID       image_id="sha256:a62303b09e229fe69ef832cfd86cb92a75d8165ec7fa054b4cb642d749c40c98"
2025-12-10T12:17:43+01:00       DEBUG   [image] Detected diff ID        diff_ids=[sha256:073ec47a8c22dcaa4d6e5758799ccefe2f9bde943685830b1bf6fd2395f5eabc sha256:40084e850b8f8490a38559f6aac1aff31c9c244e77c4d8b022587fb090346573 sha256:ff08bbf2a879bcef5a7827e763b8fef37dca90ec4fb290288bedff4f2193aa4f sha256:4b4be206505f16839c568cb51a3f878f2d93826bfbe652ea9eef1ab21f7fd9a4 sha256:f11b6c023bb1d72fa172d0134f523db32c5b45c54097ef7e6ce8c9a7760fde8b sha256:63211dd1af52b7dd550bd5ed3091ca38b9ee6df5b5b31c32ffd90acd046fa3fc sha256:a90ceca1782389d28516851ef22856aabd08a724f85bdcffb8931c7d47074b77 sha256:fefe6014df476a8846023f4b3bbfc3864d845b3f4b66c0c5b7ce5939f73360c6 sha256:a0e88a3cf59a9477d4c146179407850ae8dad0e5f4bb0a935f32e5bf395a6b41 sha256:be366c8c2f2e82987411e27b1dd523e0167ecfea50ea247267770d3594e62523 sha256:d4f131c348942800cf849e584eeb84b3f4bfc1aa80d352a833b203ef8e5f3333 sha256:749adc73d5f02ad71127c2bdb91b88b7d548e4212981438c55467da9204caa4f sha256:5bab29298f9a7b30bb0745b5ffe2a11611b9e7ecfc76d1b52075640bf7be3688 sha256:de110f8fae749239ae4b21667d384a1fc3893569b85677794ae37dc5d1fdc4b5 sha256:dbf8d1e084def0db9f62a9ec02832a3c69a387e4064af000a326732d297a9713 sha256:925cef59f6575e0fbf867762cd028c1f8213bf8c2f5d3144bfc1ea6eb32ae49b sha256:1d727e289d3b1e6b7d4c51b40f0ca69bbd9c1dd72e5be83d063d352a15e039dd sha256:46a9e0e68a565aeee3e21cdf30e63872a5a6660ec3248bdd956818e0f23a52fa sha256:310a8e458473f5d7d4c63f890e524ddad3c7aa552c6df001d84da5dd3472a729 sha256:c31a65c7b4fe04e1eb6fcb6b75ba37443e207c703ad8fe89901fb491119cbc34 sha256:fea13dc4a8f57faa0ce811838ecb152e3f6a4756bf7c5fe513b46404c99767d5 sha256:37fc688e88ec6d7b9e095782c54278dfbdeee4e97e04658e90b8728963cce535 sha256:615c7225df52cdf24a9c5feda7112c3f1b2160cf532aa4d947617cf7eee90c2f sha256:2ab5d85488e8c0258f8a0aab9d77b188799181a995c191c52344890c91637704 sha256:faea9ad01bae739db858be992e8d49a496eb755614ab0ec4101c0ef84bae3e03 sha256:688b4fcbc796a2de95df5c72d1de4fcb1ca97c265be2aa5ace2453db9480cd02 sha256:0c9d787ff3a102997905828305a1bd46e0c4733ce2c96574806023659343e4b3 sha256:9ec8ae230e49244ab454197db3e751aec97ef8241728746f04147a040f15af84 sha256:dc53f093bb4ddd236f586d97d9b572295d45cd4023fac29a0c29608d5266674c sha256:ae7334583f1cf08e8a92b06a139ed164971a4d5eaac09dc2177545ebfbfb71ea sha256:734cc03952d49b083d7a5dc9e8faeacca7441cce92cd37704d31377aeca9e1d7 sha256:399682d6c5c8640d3f574d3f1d2497d5d5ac6332d8e24851b23a511e9024587c sha256:553c0366f951d82abc22c09147d843e669574ebb00a7cea70302378e5b2b1882 sha256:074146a5b10b45fe0668f0a40a6c9d76b42b9b6d6e8f9881ce7d44390d68709b sha256:c46f2b2815d6f119906019a8ac6dc0db206664a653919364ab9573507176378c sha256:07289fe0f48ba13a9be8b30cd39512a152a70579d7e8f17543e64bf29d69bb29 sha256:57f3a79362f174f98149b50be5d55f2daa0fc92f2b8b2d56f2f39500af7a8f1b sha256:10cbd54c7a7e3cd05bfabf31ad219378cee0152e9cdade1e7df59c90e9c16425 sha256:92edb40f18d964b0d2795393aa63cd5dd6928cb9600a8e3599e1ee8ac19d61b5 sha256:bcbffb3cc47fb9e903368b5f1be1b6b3c4e42577fc2810933f7c06e1cec00458 sha256:e9b60d3a3c0a99907eadd0118302128e61f9dc1a5aa488298b3f4c2a306cbdc1 sha256:b9eb8a288e0571c97cad53bc30d51f1c5787fa0ebe6d1ca3ead2daf0b9127298 sha256:ed8cdb9bb5aa62a5b401d8593813a6683f68e2f26220552fbb7bbb314bfb0714 sha256:634f8e5b1b6b649e9ae4668381a74d85f8e85b7132382062f658a81cedc88e62 sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef sha256:e858d8404cf7e5b0febfa0bbb27a2c28215309ba941b1681347bde85696d1e29 sha256:e7a9eafd02296d4269e143ecfab55350e6eee5f66df780e0722d6869df22228c sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef sha256:ab6ab29d76ce226eccd110ae05d3b4fc97063bfb0ea2b9888be75b99ee88694b sha256:b11b80cbd82709a1343765d50bb2fdcd6b02785115f4a38e1b144b4e58d7e3ce sha256:d59ec33b1b4aea0de1c2f732f6c27c2e4454a34ede985d051616309a89e7f8b1 sha256:9fa907455faf09364c6dfb493e76bc4eb5c8905d2fa44afcfb0f20609adf383a sha256:4e8ff99f072cfa149d60fa81a898713674c19b098dd353610e9aaea002ae8268 sha256:815d9821b3cd395cbb5ededf981bb7f96d078f0dd13d53dc85ddbb1c7405fa3c sha256:1b678ab7c31dbe511f363b1ad32de2dddc0ddfab0cfe52bfcf88f248e0092829 sha256:050100a94e62510805461df2127169b8bf6cd013b3ce161ac82e537456b9ce6e sha256:48b6c50fd928c72a8ae94efa2e00d50c4459f5246207b5e8375a7d8a885919e4 sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef]
2025-12-10T12:17:43+01:00       DEBUG   [image] Detected base layers    diff_ids=[sha256:073ec47a8c22dcaa4d6e5758799ccefe2f9bde943685830b1bf6fd2395f5eabc sha256:40084e850b8f8490a38559f6aac1aff31c9c244e77c4d8b022587fb090346573 sha256:ff08bbf2a879bcef5a7827e763b8fef37dca90ec4fb290288bedff4f2193aa4f sha256:4b4be206505f16839c568cb51a3f878f2d93826bfbe652ea9eef1ab21f7fd9a4 sha256:f11b6c023bb1d72fa172d0134f523db32c5b45c54097ef7e6ce8c9a7760fde8b sha256:63211dd1af52b7dd550bd5ed3091ca38b9ee6df5b5b31c32ffd90acd046fa3fc sha256:a90ceca1782389d28516851ef22856aabd08a724f85bdcffb8931c7d47074b77 sha256:fefe6014df476a8846023f4b3bbfc3864d845b3f4b66c0c5b7ce5939f73360c6 sha256:a0e88a3cf59a9477d4c146179407850ae8dad0e5f4bb0a935f32e5bf395a6b41 sha256:be366c8c2f2e82987411e27b1dd523e0167ecfea50ea247267770d3594e62523 sha256:d4f131c348942800cf849e584eeb84b3f4bfc1aa80d352a833b203ef8e5f3333 sha256:749adc73d5f02ad71127c2bdb91b88b7d548e4212981438c55467da9204caa4f sha256:5bab29298f9a7b30bb0745b5ffe2a11611b9e7ecfc76d1b52075640bf7be3688 sha256:de110f8fae749239ae4b21667d384a1fc3893569b85677794ae37dc5d1fdc4b5 sha256:dbf8d1e084def0db9f62a9ec02832a3c69a387e4064af000a326732d297a9713 sha256:925cef59f6575e0fbf867762cd028c1f8213bf8c2f5d3144bfc1ea6eb32ae49b sha256:1d727e289d3b1e6b7d4c51b40f0ca69bbd9c1dd72e5be83d063d352a15e039dd sha256:46a9e0e68a565aeee3e21cdf30e63872a5a6660ec3248bdd956818e0f23a52fa sha256:310a8e458473f5d7d4c63f890e524ddad3c7aa552c6df001d84da5dd3472a729 sha256:c31a65c7b4fe04e1eb6fcb6b75ba37443e207c703ad8fe89901fb491119cbc34 sha256:fea13dc4a8f57faa0ce811838ecb152e3f6a4756bf7c5fe513b46404c99767d5 sha256:37fc688e88ec6d7b9e095782c54278dfbdeee4e97e04658e90b8728963cce535 sha256:615c7225df52cdf24a9c5feda7112c3f1b2160cf532aa4d947617cf7eee90c2f sha256:2ab5d85488e8c0258f8a0aab9d77b188799181a995c191c52344890c91637704 sha256:faea9ad01bae739db858be992e8d49a496eb755614ab0ec4101c0ef84bae3e03 sha256:688b4fcbc796a2de95df5c72d1de4fcb1ca97c265be2aa5ace2453db9480cd02 sha256:0c9d787ff3a102997905828305a1bd46e0c4733ce2c96574806023659343e4b3 sha256:9ec8ae230e49244ab454197db3e751aec97ef8241728746f04147a040f15af84 sha256:dc53f093bb4ddd236f586d97d9b572295d45cd4023fac29a0c29608d5266674c sha256:ae7334583f1cf08e8a92b06a139ed164971a4d5eaac09dc2177545ebfbfb71ea sha256:734cc03952d49b083d7a5dc9e8faeacca7441cce92cd37704d31377aeca9e1d7 sha256:399682d6c5c8640d3f574d3f1d2497d5d5ac6332d8e24851b23a511e9024587c sha256:553c0366f951d82abc22c09147d843e669574ebb00a7cea70302378e5b2b1882 sha256:074146a5b10b45fe0668f0a40a6c9d76b42b9b6d6e8f9881ce7d44390d68709b sha256:c46f2b2815d6f119906019a8ac6dc0db206664a653919364ab9573507176378c sha256:07289fe0f48ba13a9be8b30cd39512a152a70579d7e8f17543e64bf29d69bb29 sha256:57f3a79362f174f98149b50be5d55f2daa0fc92f2b8b2d56f2f39500af7a8f1b sha256:10cbd54c7a7e3cd05bfabf31ad219378cee0152e9cdade1e7df59c90e9c16425 sha256:92edb40f18d964b0d2795393aa63cd5dd6928cb9600a8e3599e1ee8ac19d61b5 sha256:bcbffb3cc47fb9e903368b5f1be1b6b3c4e42577fc2810933f7c06e1cec00458 sha256:e9b60d3a3c0a99907eadd0118302128e61f9dc1a5aa488298b3f4c2a306cbdc1 sha256:b9eb8a288e0571c97cad53bc30d51f1c5787fa0ebe6d1ca3ead2daf0b9127298 sha256:ed8cdb9bb5aa62a5b401d8593813a6683f68e2f26220552fbb7bbb314bfb0714 sha256:634f8e5b1b6b649e9ae4668381a74d85f8e85b7132382062f658a81cedc88e62 sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef sha256:e858d8404cf7e5b0febfa0bbb27a2c28215309ba941b1681347bde85696d1e29 sha256:e7a9eafd02296d4269e143ecfab55350e6eee5f66df780e0722d6869df22228c sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef sha256:ab6ab29d76ce226eccd110ae05d3b4fc97063bfb0ea2b9888be75b99ee88694b sha256:b11b80cbd82709a1343765d50bb2fdcd6b02785115f4a38e1b144b4e58d7e3ce sha256:d59ec33b1b4aea0de1c2f732f6c27c2e4454a34ede985d051616309a89e7f8b1 sha256:9fa907455faf09364c6dfb493e76bc4eb5c8905d2fa44afcfb0f20609adf383a sha256:4e8ff99f072cfa149d60fa81a898713674c19b098dd353610e9aaea002ae8268 sha256:815d9821b3cd395cbb5ededf981bb7f96d078f0dd13d53dc85ddbb1c7405fa3c sha256:1b678ab7c31dbe511f363b1ad32de2dddc0ddfab0cfe52bfcf88f248e0092829 sha256:050100a94e62510805461df2127169b8bf6cd013b3ce161ac82e537456b9ce6e sha256:48b6c50fd928c72a8ae94efa2e00d50c4459f5246207b5e8375a7d8a885919e4 sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef]
2025-12-10T12:17:43+01:00       INFO    Detected OS     family="ubuntu" version="24.04"
2025-12-10T12:17:43+01:00       INFO    Number of language-specific files       num=51
2025-12-10T12:17:43+01:00       DEBUG   Specified ignore file does not exist    file=".trivyignore"
2025-12-10T12:17:43+01:00       DEBUG   [vex] VEX filtering is disabled
2025-12-10T12:17:44+01:00       DEBUG   Cleaning up temp directory      path="/var/folders/1t/q42g140x2n5_x8912tg0zcvr0000gn/T/trivy-94325"

Operating System

macOS Tahoe

Version

Version: 0.68.1

Checklist

Run trivy clean --all
Read the troubleshooting

DmitriyLewen · 2025-12-10T13:00:32Z

DmitriyLewen
Dec 10, 2025
Maintainer

Hello @tomkuipers
Thanks for your interest to Trivy!

I'm not sure why the CycloneDX CLI reports this BOM as invalid.

The licenseChoice field must contain either a license or an SPDX expression -
A license entry may use either an SPDX ID or a name.

In our BOM we include multiple licenses using both ID and name.
As far as I understand, there is no requirement that all licenses must consistently use only IDs or only names.

If you have information that indicates otherwise, please let us know.

Regards, Dmitriy

7 replies

tomkuipers Dec 11, 2025
Author

Hi @DmitriyLewen ,
I really appreciate you are also looking into this. I partially agree with your findings.

I compared the CycloneDX and SPDX lists, and I assume that CycloneDX is using outdated data (SPDX list contains Artistic-dist).

CycloneDX is indeed not up to speed with updating license data from the SPDX license list. The CycloneDX specification repository has an open issue to automate SPDX licenses updates (CycloneDX/specification#703), which might help to overcome this issue.

The documentation says: “valid SPDX license identifiers defined in the spdx.schema.json (or spdx.xml) subschema which is synchronized with the official SPDX license list.”
I think this confirms that we can rely on the SPDX list for validation.

This quote is from a comment in the v1.6 CycloneDX schema. The files mentioned are https://github.com/CycloneDX/specification/blob/master/schema/spdx.schema.json and https://github.com/CycloneDX/specification/blob/master/schema/spdx.xsd. They are hosted and maintained by CycloneDX - and indeed lack some licenses which are present in the updated SPDX license list - and are used in the schema. To my opinion you cannot rely on the SPDX list for validation. When using a schema you should comply to the schema. This is why the validators failed, they adhere to the schema. When you are using a schema, the schema is the authoritative source.

The SBOM from trivy --format cyclonedx states it is compliant to the v1.6 CycloneDX schema:

{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:7df8217c-b6f4-45fb-a65e-b5f283a54daf",
  "version": 1,
  "metadata": {
    "timestamp": "2025-12-10T11:17:43+00:00",
    "tools": {
      "components": [
        {
          "type": "application",
          "manufacturer": {
            "name": "Aqua Security Software Ltd."
          },
          "group": "aquasecurity",
          "name": "trivy",
          "version": "0.68.1"
        }
      ]
    },

This means trivy should use the enum of licenses defined in the schema - not from the SPDX list - to produce valid CyclonedDX v1.6 output. Other tools and applications are also using the schema for validation, it is like a contract between systems. This is the reason Dependency-Track is failing with the trivy 0.68.1 SBOM upload.

In software engineering, a schema's purpose is to act as a blueprint for data, ensuring consistency, integrity, and structure by defining data types, relationships, and rules, which enables efficient data management, better team collaboration, scalable systems, and predictable application behavior. It prevents chaos by establishing a shared understanding of data, acting as a contract for how information is organized, validated, and accessed, crucial for building reliable and maintainable software.

I really like what you are doing with trivy. Please don't see these remarks as criticism, I want to help the project improve. I think the root cause is that CycloneDX is behind. Maybe we could collaborate to improve or pressure them to update the schema. I truly believe the schema and it's usage is key here.

Do you have tests to validate if the --cyclonedx output matches the schema? That would be my suggestion to implement.

tomkuipers Dec 11, 2025
Author

Similar issue here DependencyTrack/dependency-track#5272

DmitriyLewen Dec 11, 2025
Maintainer

The schema states (https://github.com/CycloneDX/specification/blob/bfe1589cba99e1381050caebafbf888d0367a89b/schema/bom-1.6.schema.json#L1255)
that license IDs must be taken from the spdx.schema.json file
(https://github.com/CycloneDX/specification/blob/master/schema/spdx.schema.json),
which is located in the same repository.

However, the schema does not specify the SPDX License List version or commit hash.
This is understandable — updating the schema every time SPDX publishes a new release
would be unnecessary overhead.

This leads to two problems, both related to delays:

Delay on the CycloneDX side after a new SPDX License List is released.
For example, SPDX 3.27.0 was published on 2025-07-01
(https://spdx.org/licenses/),
but CycloneDX updated their schema only 3 months ago
(https://github.com/CycloneDX/specification/blob/bfe1589cba99e1381050caebafbf888d0367a89b/schema/spdx.schema.json#L4).
Validators also lag behind, because they also need time to update their embedded lists.

Regarding problem 1: in this specific case we can say either “Trivy is ahead” or “CycloneDX is behind”.

CycloneDX intentionally reuses the SPDX License List instead of maintaining their own —
this is absolutely the right decision.
It is much better and simpler for the ecosystem to rely on a single canonical list than to create parallel variants.

I strongly believe that most users will check the SPDX list directly rather than look at CycloneDX’s copy
(see also CycloneDX/cyclonedx-cli#459).

But in your situation, the real issue is problem 2.

The documentation
(https://cyclonedx.org/docs/1.6/json/#components_items_licenses_oneOf_i0_items_license_id)
still refers to the old list.

However, the schema file
https://github.com/CycloneDX/specification/blob/master/schema/spdx.schema.json#L4
was updated 3 months ago and already includes identifiers such as Artistic-dist and TCL.

To me, it seems validators should use the list from the CycloneDX repository (even if it lags SPDX slightly).
If they did, your CycloneDX BOM would be considered valid.

tomkuipers Dec 12, 2025
Author

Hi @DmitriyLewen,
I completely understand your point about being up to date with licenses. You are actually doing better than the specification.

The difference I think is, viewing it from a human vs data structure perspective. In my opinion the specification should be regarded as a machine readable interface for interoperability between systems. The CycloneDX SBOM report is structured in a specific way (jsonschema or xsd) so other systems (e.g. Dependency-Track) can consume it. Currently we loose this interoperability. The validators are merely schema validators, they don't "read" text in description fields.

DmitriyLewen Dec 12, 2025
Maintainer

That’s exactly right.

But if we look at this as a machine-readable interface, then all consumers should rely on the data from the spdx.schema.json file.

However, if other systems don’t update that file in time, they won’t be able to consume the SBOM correctly, because they will treat valid data as invalid.

BOM validation failed after upgrade to Trivy 0.68.1 #9927

Uh oh!

Uh oh!

tomkuipers Dec 10, 2025

Description

Desired Behavior

Actual Behavior

Reproduction Steps

Target

Scanner

Output Format

Mode

Debug Output

Operating System

Version

Checklist

Replies: 1 comment · 7 replies

Uh oh!

DmitriyLewen Dec 10, 2025 Maintainer

Uh oh!

tomkuipers Dec 11, 2025 Author

Uh oh!

Uh oh!

tomkuipers Dec 11, 2025 Author

Uh oh!

Uh oh!

DmitriyLewen Dec 11, 2025 Maintainer

Uh oh!

tomkuipers Dec 12, 2025 Author

Uh oh!

DmitriyLewen Dec 12, 2025 Maintainer

tomkuipers
Dec 10, 2025

Replies: 1 comment 7 replies

DmitriyLewen
Dec 10, 2025
Maintainer

tomkuipers Dec 11, 2025
Author

tomkuipers Dec 11, 2025
Author

DmitriyLewen Dec 11, 2025
Maintainer

tomkuipers Dec 12, 2025
Author

DmitriyLewen Dec 12, 2025
Maintainer