Binary executables identified as "library" type in CycloneDX #1402

kzantow · 2022-12-14T15:30:44Z

A community member, Fabien Kerbouci, reported this on Slack.

Please provide a set of steps on how to reproduce the issue
syft node:latest -o cyclonedx-json, find the node binary, note the type is library.

What happened:
CycloneDX output using type library for node binary (this is probably also true for other binaries and things that should be labeled as application or differently)

      "bom-ref": "pkg:generic/node@19.2.0?package-id=41eb49f5d9e9da36",
      "type": "library",
      "name": "node",
      "version": "19.2.0",

What you expected to happen:
This is labeled as application

Environment:

Output of syft version: 0.63.0

The text was updated successfully, but these errors were encountered:

kzantow added the bug Something isn't working label Dec 14, 2022

kzantow mentioned this issue Dec 14, 2022

fix: cyclonedx component type for binaries #1406

Merged

kzantow closed this as completed in #1406 Dec 20, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Binary executables identified as "library" type in CycloneDX #1402

Binary executables identified as "library" type in CycloneDX #1402

kzantow commented Dec 14, 2022

Binary executables identified as "library" type in CycloneDX #1402

Binary executables identified as "library" type in CycloneDX #1402

Comments

kzantow commented Dec 14, 2022