jbom
jbom copied to clipboard
eclipse
Generated SBOMs include some Nulls/Unknowns
Using jbom itself as an example, if you run: java -jar target/jbom-1.2.1.jar -f target/jbom-1.2.1.jar and then look at the generated SBOM, I see these null/unknown entries:
- [ ] "manufacture" : { "name" : "Unknown" }
- [ ] "bom-ref" : "null:byte-buddy-agent:agent/pom" -- And the "group" for this component is missing above as well.
- [ ] "bom-ref" : "null:maven-model:model/pom" -- And group missing.
- [ ] "bom-ref" : "null:plexus-utils:3.4.2" -- And group missing.
Under dependencies:
- [ ] "ref" : "com.fasterxml.jackson.dataformat:jackson-dataformat-xml:2.14.1", "dependsOn" : [ "com.fasterxml.jackson.core:jackson-core:null", "com.fasterxml.jackson.core:jackson-annotations:null", "com.fasterxml.jackson.core:jackson-databind:null", "com.fasterxml.jackson.module:jackson-module-jakarta-xmlbind-annotations:null",
- [ ] "ref" : "null:byte-buddy-agent:agent/pom", (and maven-model and plexus-utils as well)
- [ ] "ref" : "net.java.dev.msv:xsdlib:INF/maven/net.java.dev.msv/xsdlib/pom", "dependsOn" : [ "relaxngDatatype:relaxngDatatype:null", "junit:junit:null", "jdom:jdom:null"
It looks like the null's are caused by 1 or 2 different issues that, when fixed, will hopefully fix a bunch of these per fix.
Hello @davewichers / @JoeBeeton ,
I noticed that issue #18 is still open and unassigned. I have found a solution to this problem and I am interested in fixing it. Would it be possible to assign this issue to me so that I can create a pull request with the proposed fix?
Thank you for your time and consideration. I look forward to contributing to this project.
Best regards, Dhruvesh
@dhruvesh9 - Just submit your pull request and reference this issue. You don't need to have the issue assigned to you to do that. Thanks for researching/proposing a fix.
