SBOM is generated with empty name
vjpiyush123 opened this issue · comments
What happened:
SBOM is generated with an empty name for the company's proprietary modules. It used to work earlier.
"packages": [
{
"name": "",
"SPDXID": "SPDXRef-Package-java-archive-a3a6833c5eb6fc44",
"supplier": "NOASSERTION",
"downloadLocation": "NOASSERTION",
"filesAnalyzed": false,
What you expected to happen:
name should be present for the module
Steps to reproduce the issue:
Generate the SBOM for the proprietary images , the modules which are company owned.
SBOM generated with empty Name for those company owned module (not open source)
Anything else we need to know?:
Environment:
- Output of
syft version
:
syft 1.2.0 - OS (e.g:
cat /etc/os-release
or similar):
NAME="Fedora Linux"
VERSION="39 (Server Edition)"
ID=fedora
VERSION_ID=39
VERSION_CODENAME=""
PLATFORM_ID="platform:f39"
PRETTY_NAME="Fedora Linux 39 (Server Edition)"
ANSI_COLOR="0;38;2;60;110;180"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:39"
HOME_URL="https://fedoraproject.org/"
DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/f39/system-administrators-guide/"
SUPPORT_URL="https://ask.fedoraproject.org/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=39
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=39
SUPPORT_END=2024-11-12
VARIANT="Server Edition"
VARIANT_ID=server
👋 @vjpiyush123 do you know which version it worked on earlier? That would help us track down the regression and what changes we might have made to the java cataloger
Old version - syft-0.98.0
Current version - syft-1.2.0"
@spiffcs - Would like to know if any updated on this issue.
Hi @vjpiyush123, we will need more information to help you solve this--can you provide us a publicly accessible image or even a single Jar file that reproduces the problem? If you can't provide us a test image or Jar, we will need you to figure out the exact version of Syft where the problem occurs. From there we can take a look. Thanks!