gh-sbom icon indicating copy to clipboard operation
gh-sbom copied to clipboard
verified publisher icon advanced-security

Timeout on generation

Open alper opened this issue 3 years ago • 2 comments

I'm getting this error:

2023/04/06 12:59:14 Message: timedout, Locations: [{Line:1 Column:155}]

alper avatar Apr 06 '23 11:04 alper

As you discovered, this can take awhile to generate a SBOM for a large repository, or fail altogether for very large repositories.

The Dependency Graph team was kind enough to implement a server-side SBOM generator for SPDX, which is much, much faster. The gh-sbom v0.0.9 release makes use of this feature - give it a try and let us know if that works for you?

You'll need to update gh-sbom with:

$ gh ext remove advanced-security/gh-sbom
$ gh ext install advanced-security/gh-sbom

steiza avatar Apr 12 '23 19:04 steiza

Are there plans to do the same for CycloneDX (or at least some other type of fix)?

reedloden avatar May 18 '23 17:05 reedloden