Vulnerability analysis cannot be performed, if the component contains “purchaser” property in SBOM file

[buke-narlitepe-itk]

Current Behavior

When we upload SBOM file in CycloneDX ( 1.5 version) format to the tool, we do not get any results. Instead, we receive a parse error from your API.
Once we examine further:
if any component contains the following section, API throws an error:

  "purchaser": {
    "organization": {
      "contact": [
        {
          "name": ""
        }
      ]
    }

When we remove the above part from the component section, the analysis can be completed as expected.
Additionally, there is another component in SBOM file that has already vulnerabilities. Due to this error, its analysis is also skipped.

Proposed Behavior

If there is an error or omission in SBOM file that could disrupt the analysis, it would be better, that the error message was more descriptive.
At least the analysis results of the other component can be given, and the error of the faulty component can be thrown as a response in more descriptive way.
We would also like to know why such an error occurred.

Checklist

• I have read and understand the contributing guidelines
• I have checked the existing issues for whether this enhancement was already requested

[nscuro]

we receive a parse error from your API.

Can you share the exact error you'e getting?

[nscuro]

It's a parsing bug in the CycloneDX library: CycloneDX/cyclonedx-core-java#507