[Bug] 扫描Jar包,生成的CycloneDX格式有误 #306
Assignees
Labels
bug
Something isn't working
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
使用最新版本, 扫描spring boot打包成的jar包,生成cdx.json,metadata内容如下,其中多了一个purl内容,其他项目使用这个文件会解析出错,删除metadata里的purl内容即可
{ "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5", "version": 1, "metadata": { "component": { "bom-ref": "pkg:/@", "type": "application", "name": "", "purl": "pkg:/@" } },使用go解析出错如下
failed to parse sbom: failed to parse root component: failed to parse metadata component: failed to parse PURL: purl is missing type or name
The text was updated successfully, but these errors were encountered: