gh-upload-sbom icon indicating copy to clipboard operation
gh-upload-sbom copied to clipboard
verified publisher icon DependencyTrack

Uploading a bom fails with Error 400

Open amergey opened this issue 3 years ago • 2 comments

I have configured this action to upload a sbom to a Dependency-Track instance


      - uses: DependencyTrack/gh-upload-sbom@master
        with:
          serverhostname: 'x.y.z.w'
          port: 8081
          protocol: http
          apikey: ${{ secrets.DEPENDENCYTRACK_APIKEY }}
          projectname: 'my project'
          projectversion: '1.0.0'
          autocreate: true
          bomfilename: /home/runner/work/myproject/myproject/target/bom.xml

It fails with

Uploading to Dependency-Track server x.y.z.w...
Response status code: 400
Error: Failed response status code:400

Note I use DependencyTrack/gh-upload-sbom@master because my dependency track instance is hosted on http server and 1.0.0 release of this action only support https.

I do not see any logs server side on dependency-track, and it seems the acton logs only the status, not the response content (that could provide the cause), is there a way to obtain more logs ?

the bom.xml is ok as I can manually upload it through the dependency track interface

amergey avatar May 04 '22 15:05 amergey

seems fixed in latest version

amergey avatar Jun 07 '24 16:06 amergey

Had the same issue, updating to the latest resolved it

marcbest avatar Jun 11 '24 14:06 marcbest