We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
What happened: export SYFT_FILE_METADATA_SELECTION="all"
syft scan "${REPO_PATH}" -o cyclonedx-json > sbom.json syft scan "${REPO_PATH}" -o spdx-json > sbom.json
What you expected to happen:
for -o cyclonedx-json I expect that all files of the directory are in the sbom
Steps to reproduce the issue:
with -o spdx-json the sbom filled up
Anything else we need to know?:
cat sbom.json {"$schema":"http://cyclonedx.org/schema/bom-1.6.schema.json","bomFormat":"CycloneDX","specVersion":"1.6","serialNumber":"urn:uuid:d9f32702-f7d9-44a4-bd21-7b02f4c2ff67","version":1,"metadata":{"timestamp":"2024-11-11T19:10:42+01:00","tools":{"components":[{"type":"application","author":"anchore","name":"syft","version":"1.16.0"}]},"component":{"bom-ref":"c89118b3fe999aab","type":"file","name":"/***********************************"}}}
Environment:
syft version
cat /etc/os-release
The text was updated successfully, but these errors were encountered:
It looks like the cyclonedx presenter is outputting packages but not files. In cyclonedx, files are a type of component, and should be included here: https://github.com/anchore/syft/blob/main/syft/format/common/cyclonedxhelpers/to_format_model.go#L32-L37
Sorry, something went wrong.
spiffcs
Successfully merging a pull request may close this issue.
What happened:
export SYFT_FILE_METADATA_SELECTION="all"
syft scan "${REPO_PATH}" -o cyclonedx-json > sbom.json
syft scan "${REPO_PATH}" -o spdx-json > sbom.json
What you expected to happen:
for -o cyclonedx-json I expect that all files of the directory are in the sbom
Steps to reproduce the issue:
syft scan "${REPO_PATH}" -o cyclonedx-json > sbom.json
syft scan "${REPO_PATH}" -o spdx-json > sbom.json
with -o spdx-json the sbom filled up
Anything else we need to know?:
cat sbom.json
{"$schema":"http://cyclonedx.org/schema/bom-1.6.schema.json","bomFormat":"CycloneDX","specVersion":"1.6","serialNumber":"urn:uuid:d9f32702-f7d9-44a4-bd21-7b02f4c2ff67","version":1,"metadata":{"timestamp":"2024-11-11T19:10:42+01:00","tools":{"components":[{"type":"application","author":"anchore","name":"syft","version":"1.16.0"}]},"component":{"bom-ref":"c89118b3fe999aab","type":"file","name":"/***********************************"}}}
Environment:
syft version
: 1.16.0cat /etc/os-release
or similar): Linux and macosThe text was updated successfully, but these errors were encountered: