-
-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dependencies field is incomplete for POM artifacts in sbom file #347
Comments
This was referenced Oct 11, 2023
@glefloch When is a release planned that contains this fix? |
I need to do some update to match the latest SBOM spec. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello Team,
We noticed that when we have a "non-jar" artifact as one of the dependencies in our Gradle project, CycloneDX plugin doesn't generate the right information in the
dependencies
field in the sbom file.For example, in the below
build.gradle
file,Also, we noticed that in the
CycloneDxTask.java
file in the codebase, we have this functionThis code ignores all non
jar
andaar
artifacts.Is this intentional ? Can we improve on this in anyway to also provide information on non-jar artifacts, like provide a warning message to users to state that this artifact is/was skipped for
x..y..z
reasons. ?TIA
The text was updated successfully, but these errors were encountered: