cyclonedx-cli icon indicating copy to clipboard operation
cyclonedx-cli copied to clipboard

Published 20 hours ago verified publisher icon CycloneDX

Missing version numbers

Open sphengle opened this issue 2 years ago • 1 comments

When I create a new SBOM with the tool using the add files option I am finding that the version numbers are of the form 0.0.0-. Mostly I'm OK with this but I'm finding that for DLL files it is the same format - rather than listing the actual version of the file. The version of the DLLs is important to me. It's the main reason I need to have an SBOM.

Am I using the tool incorrectly or should I be using a different tool to generate the SBOM?

sphengle avatar Oct 13 '23 12:10 sphengle

I have the same issue - we are using the SBOM primarily to check dll versioning. As a workaround, try adding this to the Commands/Add/AddFilesCommand, starts at line 138.

Edit: slight tweak of the if statement as certain file names were causing exceptions:

                    if (fileComponent.Name.ToLower().EndsWith(".dll"))
                    {
                        FileVersionInfo fileVersionInfo = FileVersionInfo.GetVersionInfo(fullPath);
                        fileComponent.Version = fileVersionInfo.ProductVersion;
                    }
                    else
                    {
                        var shortHash = fileComponent.Hashes.First(h => h.Alg == Hash.HashAlgorithm.SHA_1).Content.Substring(0, 12);
                        fileComponent.Version = $"0.0.0-{shortHash}";
                    }

carolinexpenn avatar Oct 24 '23 15:10 carolinexpenn