scorecard enrich for xml sboms removes xmlns declarations

[schlenk]

The XML processing for a CycloneDX SBOM (v1.5) seems to destroy the XML namespaces:

parlay scorecard enrich bom.cdx.xml

The xmlns declaration for the CycloneDX namespace gets stripped:

<bom xmlns:ns0="http://cyclonedx.org/schema/bom/1.5" ...>

ends up as:

<bom xmlns="" ...>

Version:

./parlay -v
0.4.0

[mcombuechen]

Thanks for submitting @schlenk!
We'll look into this and get back.