25 lines
1.1 KiB
Markdown
25 lines
1.1 KiB
Markdown
# Invalid Fixtures for Negative Testing
|
|
|
|
This directory contains intentionally invalid SBOM fixtures used for CI negative testing.
|
|
These fixtures MUST fail schema validation to ensure the CI pipeline correctly detects errors.
|
|
|
|
## CycloneDX Invalid Fixtures
|
|
|
|
| File | Defect | Expected Error |
|
|
|------|--------|----------------|
|
|
| `cyclonedx-wrong-version.json` | specVersion "2.0" doesn't exist | Invalid enum value for specVersion |
|
|
| `cyclonedx-missing-required.json` | Missing required specVersion field | Missing required property: specVersion |
|
|
| `cyclonedx-invalid-component.json` | Component missing name and type | Required properties missing in component |
|
|
|
|
## CI Usage
|
|
|
|
The schema validation workflow uses the `tests/fixtures/invalid/` directory for negative test cases.
|
|
When `--expect-failures` is passed, the CI expects these files to fail validation.
|
|
|
|
## Adding New Test Cases
|
|
|
|
1. Create a new JSON file with an intentional schema violation
|
|
2. Add a `$comment` field explaining the defect
|
|
3. Update this README with the expected error
|
|
4. Ensure the file has the correct format marker (e.g., `"bomFormat": "CycloneDX"`)
|