:)
Thanks, good idea, that worked.
I pushed a CycloneDX test as well. There are a few problems with it that will require changing its marshaller: 1) There is a problem with the CycloneDX dependencies format....
> This is a strange case. Why does Julia create duplicate dependencies? Why can't we use existing B for A? Julia allows you to add two dependencies with the same...
I added two integration tests for Julia SBOMs (SPDX and CycloneDX). I can't manage to run the tests, though: ``` cd integration go test package github.com/aquasecurity/trivy/integration: build constraints exclude all...
> You need to run mage test:integration from the root directory of the trivy repository That is what I did. > Let us know about this work. It may make...
I reinstalled mage from source and it is working now :shrug: I fixed the integration tests. Everything is looking good to me, now that the PURL includes the UUID.
Yes there was a sorting issue. We need to also consider the package ID when there are two shadowed packages.
I copied your given project and manifest files into a test case, and it is correctly parsed into this object: ```go Applications: []types.Application{ { Type: types.Julia, FilePath: "Manifest.toml", Libraries: []types.Package{...
Will be fixed by https://github.com/aquasecurity/go-dep-parser/pull/292