Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fails to process valid CycloneDX SBOM #5

Open
anthonyharrison opened this issue Sep 18, 2024 · 1 comment · May be fixed by #7
Open

Fails to process valid CycloneDX SBOM #5

anthonyharrison opened this issue Sep 18, 2024 · 1 comment · May be fixed by #7
Assignees
@djschleen
Labels
bug Something isn't working question Further information is requested
Milestone
0.1.1

Comments

@anthonyharrison
Copy link

Tried with a CycloneDX 1.5 SBOM. SBOM validated using the CycloneDX Validator tool but it fails to process. No idea why! Could error messages be added to the output to explain why the SBOM doesn't validate?

DevOps Kung Fu Mafia
https://github.com/devops-kung-fu/trustier

* Reading SBOM from file...
* Loaded SBOM from input...
* Provided input is not a valid SBOM

The (sensitive) SBOM contains over 700 components, the majority are files but there are 13 components identified as library.
@djschleen
Copy link
Member

Hey @anthonyharrison thanks for logging this. I'm using the Rust crate from CycloneDX to load and process the SBOM. They have a validate function that I call but has seemed to cause problems. Likely an opinionated check - there were a few fields I noticed from components that were needed - but for the sake of trustier operation, not needed.

I'll take a look and see if I can get a list of errors back and display them, but I'm thinking that as long as the SBOM can be loaded, and trustier has the fields it needs, then we don't error out.

@djschleen djschleen self-assigned this Sep 28, 2024
@djschleen djschleen added bug Something isn't working question Further information is requested labels Sep 28, 2024
@djschleen djschleen linked a pull request Oct 9, 2024 that will close this issue
Open
@djschleen djschleen added this to the 0.1.1 milestone Oct 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@djschleen djschleen

Labels
bug Something isn't working question Further information is requested
Milestone
0.1.1
Development

Successfully merging a pull request may close this issue.

Bug Fixes devops-kung-fu/trustier
2 participants
@anthonyharrison @djschleen