From ee898dd337880f12617bc82d8ee6e9725c06ad3a Mon Sep 17 00:00:00 2001 From: Max Ustinov Date: Thu, 2 Jan 2025 13:11:05 -0800 Subject: [PATCH] - fixing SBOM publishing for Java --- .github/workflows/reusable.sbom.workflow.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.github/workflows/reusable.sbom.workflow.yml b/.github/workflows/reusable.sbom.workflow.yml index 945f6bcf..a45193bb 100644 --- a/.github/workflows/reusable.sbom.workflow.yml +++ b/.github/workflows/reusable.sbom.workflow.yml @@ -300,6 +300,22 @@ jobs: ls -la $GRADLE_USER_HOME/caches || true fi + - name: Debug Syft scanning + if: inputs.project-type == 'java' + working-directory: ${{ inputs.working-directory }} + run: | + echo "Syft version:" + syft version + + echo "Scanning Gradle cache:" + find ~/.gradle/caches/modules-2 -type f -name "*.jar" | while read -r jar; do + echo "Found JAR: $jar" + syft packages "$jar" 2>/dev/null || true + done + + echo "Full project scan with verbose output:" + SYFT_LOG_LEVEL=debug syft packages . -o json | tee syft-scan.json + - name: Verify Syft Java scanning if: inputs.project-type == 'java' working-directory: ${{ inputs.working-directory }}