You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
failed to catalog: unable to decode sbom: unable to decode cyclonedx json document: json: cannot unmarshal array into Go struct field Evidence.components.evidence.identity of type cyclonedx.EvidenceIdentity
What you expected to happen:
No error.
How to reproduce it (as minimally and precisely as possible):
Use cdxgen 11.0.0 to generate an SBOM from pom.xml:
If you search this page for "title": "Identity Evidence", you'll see it has been updated to be oneOf which could be an object or list of identity objects.
Grype and Syft have not been updated to this latest schema. I've added this work to our backlog so we can update the schemas to the latest changes and get new versions of the tooling out.
Dev note: who ever picks this up might want to look at how we do these schema updates going forward. Currently it's a manual process that has not been run in 5 months. We might want more automation to cover if something changes in the specifications.
What happened:
What you expected to happen:
No error.
How to reproduce it (as minimally and precisely as possible):
Use
cdxgen
11.0.0 to generate an SBOM frompom.xml
:Then run Grype 0.84.0:
sbom.json
:Click me
Notes
Differences between 10.10.7 (works with Grype) and 11.0.0
cdxgen
output:sbom.json
fromcdxgen
10.10.7:Click me
The text was updated successfully, but these errors were encountered: