If -b is a subfolder of -bc then manifest.spdx.json will fail with a file in use error #410
Comments
|
@abramhemphill I was unable to reproduce this error using this setup. Please verify that the file in question isn't in use by another process such as Visual Studio or VSCode. |
|
No i'm using the exe from a windows command shell. Anytime -b is equal to or a sub dir of -bc this error is raised. Repro's on 1.7 also. Also what is a BuildDropPath, an output folder? Where my compiled artifacts are? This needs to be more clear. I interpreted this as -b is where my compiled bins were stored. -bc is the source repo. When we compile the repo, our -b is normally a subdir to -bc. -b --> ./Src/Bins Super simple repro C:\tmp>c:\Users\Bob\Downloads\sbom-tool-win-x64.exe generate -b example -bc example -pn foo -pv 1.2.3.4 -ps boo |
|
Ran again with the .exe this time using the following setup In this scenario -b is a sub dir of -bc. No exceptions were thrown. Can you try this again with the latest version's binaries in case it is an issue with an older version? We are on v1.7.1 currently. For more information on the parameters you can go here. But essentially the -b parameter should be the root of the project you are trying to generate the SBOM for. and -bc should point to where all of your projects components/packages are. -b will populate the 'files' section of the SBOM while -bc populates the 'packages' section. Note: the scenario I used above was just for testing -b being a sub dir of -bc. Not an actual example of generating an accurate SBOM for our tool. |
|
It's relative vs absolute pathing. Absolute paths work for me, it's relative that's raising. |
|
@abramhemphill Created a PR to fix the issue. Thank you for pointing this out |
If I use -b Src/Bins -b Src. This is not called out in the documentation for the cli args.
Also if this is a known problem then you should test the paths and report a clear error to the user.
##[information]Log file: "C:\Users\bob\AppData\Local\Temp\GovCompDisc_Log_20230929135345225_18984.log"
##[information]Run correlation id: b7af4baf-53ae-4d82-9ad1-77ad571076f2
##[information]Finding components...
##[warning]Unhandled exception caught when trying to open "<-b PATH>\_manifest\spdx_2.2\manifest.spdx.json"
System.IO.IOException: The process cannot access the file '<-b PATH>_manifest\spdx_2.2\manifest.spdx.json' because it is being used by another process.
at Microsoft.Win32.SafeHandles.SafeFileHandle.CreateFile(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options)
at Microsoft.Win32.SafeHandles.SafeFileHandle.Open(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize)
at System.IO.Strategies.OSFileStreamStrategy..ctor(String path, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize)
at System.IO.Strategies.FileStreamHelpers.ChooseStrategyCore(String path, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize)
at System.IO.Strategies.FileStreamHelpers.ChooseStrategy(FileStream fileStream, String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, Int64 preallocationSize)
at System.IO.FileInfo.OpenRead()
at Microsoft.ComponentDetection.Common.LazyComponentStream.SafeOpenFile()
##[warning]Discovered SPDX file at "<-b PATH>\_manifest\spdx_2.2\manifest.spdx.json" is not a valid document, skipping
The text was updated successfully, but these errors were encountered: