sbom-tool icon indicating copy to clipboard operation
sbom-tool copied to clipboard

Published 20 hours ago verified publisher icon microsoft

License information may not be fully recorded

Open schuhbsi opened this issue 8 months ago • 4 comments

sbom-tool version: 3.1.0

I execute the following command in an Azure Devops pipeline:

sbom-tool generate -b $(Build.ArtifactStagingDirectory) -bc ${{ parameters.workingDirectory }} -pn $(Build.DefinitionName) -pv 1.0.0 -ps sbom -nsb https://sbom.com -li true -V Verbose -D true -lto 90

The following result is returned

Sbom-tool is already installed: 3.1.0

##[debug]Retrieving license information for 408 components took 85,7697623 seconds
##[warning]Encountered error while attempting to parse response. License information may not be fully recorded.
##[information]Found license information for 0 out of 408 unique components.

If I leave out the -lto parameter I get the timeout error

sbom-tool generate -b $(Build.ArtifactStagingDirectory) -bc ${{ parameters.workingDirectory }} -pn $(Build.DefinitionName) -pv 1.0.0 -ps sbom -nsb https://sbom.com -li true -V Verbose -D true

##[debug]Retrieving license information for 408 components...
##[warning]Error encountered while fetching license information from API, resulting SBOM may have incomplete license information: The request was canceled due to the configured HttpClient.Timeout of 30 seconds elapsing.
##[debug]Retrieving license information for 408 components took 30,020855 seconds

But strangely enough, sometimes the licence generation works even if the timeout is not specified

schuhbsi avatar Feb 21 '25 10:02 schuhbsi