You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Tried with a CycloneDX 1.5 SBOM. SBOM validated using the CycloneDX Validator tool but it fails to process. No idea why! Could error messages be added to the output to explain why the SBOM doesn't validate?
DevOps Kung Fu Mafia
https://github.com/devops-kung-fu/trustier
* Reading SBOM from file...
* Loaded SBOM from input...
* Provided input is not a valid SBOM
The (sensitive) SBOM contains over 700 components, the majority are files but there are 13 components identified as library.
The text was updated successfully, but these errors were encountered:
Hey @anthonyharrison thanks for logging this. I'm using the Rust crate from CycloneDX to load and process the SBOM. They have a validate function that I call but has seemed to cause problems. Likely an opinionated check - there were a few fields I noticed from components that were needed - but for the sake of trustier operation, not needed.
I'll take a look and see if I can get a list of errors back and display them, but I'm thinking that as long as the SBOM can be loaded, and trustier has the fields it needs, then we don't error out.
Tried with a CycloneDX 1.5 SBOM. SBOM validated using the CycloneDX Validator tool but it fails to process. No idea why! Could error messages be added to the output to explain why the SBOM doesn't validate?
The (sensitive) SBOM contains over 700 components, the majority are files but there are 13 components identified as library.
The text was updated successfully, but these errors were encountered: