We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
What happened: export SYFT_FILE_METADATA_SELECTION="all"
syft scan "${REPO_PATH}" -o cyclonedx-json > sbom.json syft scan "${REPO_PATH}" -o spdx-json > sbom.json
What you expected to happen:
for -o cyclonedx-json I expect that all files of the directory are in the sbom
Steps to reproduce the issue:
with -o spdx-json the sbom filled up
Anything else we need to know?:
cat sbom.json {"$schema":"http://cyclonedx.org/schema/bom-1.6.schema.json","bomFormat":"CycloneDX","specVersion":"1.6","serialNumber":"urn:uuid:d9f32702-f7d9-44a4-bd21-7b02f4c2ff67","version":1,"metadata":{"timestamp":"2024-11-11T19:10:42+01:00","tools":{"components":[{"type":"application","author":"anchore","name":"syft","version":"1.16.0"}]},"component":{"bom-ref":"c89118b3fe999aab","type":"file","name":"/***********************************"}}}
Environment:
syft version
cat /etc/os-release
The text was updated successfully, but these errors were encountered:
It looks like the cyclonedx presenter is outputting packages but not files. In cyclonedx, files are a type of component, and should be included here: https://github.com/anchore/syft/blob/main/syft/format/common/cyclonedxhelpers/to_format_model.go#L32-L37
Sorry, something went wrong.
spiffcs
No branches or pull requests
What happened:
export SYFT_FILE_METADATA_SELECTION="all"
syft scan "${REPO_PATH}" -o cyclonedx-json > sbom.json
syft scan "${REPO_PATH}" -o spdx-json > sbom.json
What you expected to happen:
for -o cyclonedx-json I expect that all files of the directory are in the sbom
Steps to reproduce the issue:
syft scan "${REPO_PATH}" -o cyclonedx-json > sbom.json
syft scan "${REPO_PATH}" -o spdx-json > sbom.json
with -o spdx-json the sbom filled up
Anything else we need to know?:
cat sbom.json
{"$schema":"http://cyclonedx.org/schema/bom-1.6.schema.json","bomFormat":"CycloneDX","specVersion":"1.6","serialNumber":"urn:uuid:d9f32702-f7d9-44a4-bd21-7b02f4c2ff67","version":1,"metadata":{"timestamp":"2024-11-11T19:10:42+01:00","tools":{"components":[{"type":"application","author":"anchore","name":"syft","version":"1.16.0"}]},"component":{"bom-ref":"c89118b3fe999aab","type":"file","name":"/***********************************"}}}
Environment:
syft version
: 1.16.0cat /etc/os-release
or similar): Linux and macosThe text was updated successfully, but these errors were encountered: