Better error output for malformed inputs. #86

0-wiz-0 · 2022-12-19T20:16:38Z

I've created a CycloneDX SBOM JSON file using syft in the file system detection mode.
I then passed it to osv-scanner 1.0.1 and got the following error message:

# osv-scanner --sbom sbom.cyclonedx.json                                                                                                                                                            
Scanned CycloneDX SBOM                                                                                                                                                                                      
scan failed server response error: {"code":3,"message":"Invalid Package URL."}

Can you please make this error more detailed so it's clearer which Package URL is invalid?

(I think I know what the reason is; syft created 59 sections looking like this:

       "externalReferences": [
         {
           "url": "",
           "hashes": [
             {
               "alg": "SHA-1",
               "content": "SOMESHA1"
             }
           ],
           "type": "build-meta"
            }                                                                                                                                                                                                 
       ],

and one like this:

       "bom-ref": "77d4884a4c0c2f96",
       "type": "library",
       "name": "",
       "cpe": "cpe:2.3:a:python-:python-:*:*:*:*:*:*:*:*",
       "purl": "pkg:pypi/",
       "properties": [
...

when I deleted these, osv-scanner didn't report this error any longer.)
(I'll file a bug report for syft next.)

The text was updated successfully, but these errors were encountered:

github-actions · 2024-07-25T18:02:24Z

This issue has not had any activity for 60 days and will be automatically closed in two weeks

0-wiz-0 · 2024-07-25T18:55:42Z

Anyone working on this?

github-actions · 2024-09-28T06:00:39Z

This issue has not had any activity for 60 days and will be automatically closed in two weeks

See https://github.com/google/osv-scanner/blob/main/CONTRIBUTING.md for how to contribute a PR if you're interested in helping out.

0-wiz-0 · 2024-09-30T07:06:52Z

Thank you, @another-rex !

0-wiz-0 mentioned this issue Dec 19, 2022

CycloneDX JSON output: empty "url" fields which break osv-scanner anchore/syft#1414

Open

another-rex added the bug Something isn't working label Dec 19, 2022

oliverchang changed the title ~~output in error case not very helpful~~ Better error output for malformed inputs. Dec 20, 2022

github-actions bot added the stale The issue or PR is stale and pending automated closure label Jul 25, 2024

github-actions bot removed the stale The issue or PR is stale and pending automated closure label Jul 30, 2024

github-actions bot added the stale The issue or PR is stale and pending automated closure label Sep 28, 2024

G-Rath mentioned this issue Sep 29, 2024

fix: output invalid PURLs when scanning sboms #1283

Merged

G-Rath removed the stale The issue or PR is stale and pending automated closure label Sep 29, 2024

G-Rath self-assigned this Sep 29, 2024

another-rex closed this as completed in #1283 Sep 30, 2024

another-rex closed this as completed in 3591365 Sep 30, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Better error output for malformed inputs. #86

Better error output for malformed inputs. #86

0-wiz-0 commented Dec 19, 2022

github-actions bot commented Jul 25, 2024

0-wiz-0 commented Jul 25, 2024

github-actions bot commented Sep 28, 2024

0-wiz-0 commented Sep 30, 2024

Better error output for malformed inputs. #86

Better error output for malformed inputs. #86

Comments

0-wiz-0 commented Dec 19, 2022

github-actions bot commented Jul 25, 2024

0-wiz-0 commented Jul 25, 2024

github-actions bot commented Sep 28, 2024

0-wiz-0 commented Sep 30, 2024