grype/schema/cyclonedx/README.md

# CycloneDX Schemas

`grype` generates a CycloneDX BOm output with the vulnerability extension. This validation is similar to what is done in `syft`, validating output against CycloneDX schemas.

Validation is done with `xmllint`, which requires a copy of all schemas because it can't work with HTTP references. The schemas are modified to reference local copies of dependent schemas.
tests: add cyclonedx schema check Signed-off-by: Alfredo Deza <adeza@anchore.com> 2020-09-16 14:50:57 +00:00			`# CycloneDX Schemas`

			`grype` generates a CycloneDX BOm output with the vulnerability extension. This validation is similar to what is done in `syft`, validating output against CycloneDX schemas.

			Validation is done with `xmllint`, which requires a copy of all schemas because it can't work with HTTP references. The schemas are modified to reference local copies of dependent schemas.