almaz045
almaz045
For 2: [trivy-sbom.json](https://github.com/owasp-dep-scan/dep-scan/files/14375368/trivy-sbom.json) - this is sbom trivy that give keyerror: 'purl' [bom-source-trivy.json](https://github.com/owasp-dep-scan/dep-scan/files/14375417/bom-source-trivy.json) - this is sbom trivy that give keyerror: 'version' depscan --bom bom-source-trivy.json
Yes, of course. Should I do same thing for KeyError with 'version'? Or after fixing purl will the problem with key error 'version' also disappear?
@prabhu https://github.com/owasp-dep-scan/dep-scan/pull/261 PR :)
I can't run this way:) vulnerability-db-6.0.1/vdb$ python cli.py --search "pkg:pypi/[email protected]" Traceback (most recent call last): File "/home/user/Desktop/Programs/vulnerability-db-6.0.1/vdb/cli.py", line 15, in <module> from vdb.lib import config, db6 as db_lib, search ImportError:...
$ vdb --search "pkg:pypi/[email protected]" ___ /\ ._ ._ | |_ ._ _ _. _|_ /--\ |_) |_) | | | | (/_ (_| |_ | | VDB Results ┏━━━━━┳━━━━━━━━━┳━━━━━━━━━━━━━┓ ┃...
We faced the same problem. I thought that it was enough for DC to see package.json and package-lock.json as described in the documentation, but it turns out that it needs...
cdxgen -o bom.json Unable to parse trivy-main/pkg/fanal/analyzer/language/nodejs/npm/testdata/sad/package-lock.json without legacy peer dependencies. Retrying ... Unable to parse trivy-main/pkg/fanal/analyzer/language/nodejs/npm/testdata/sad/package-lock.json in legacy and non-legacy mode. The resulting SBOM would be incomplete. Executing 'mvn...
> @almaz045 can you also pass `-t go`. I think there is some invalid pom.xml in that repo that is causing the failure. Yes, with -t go works fine. Just...
> @almaz045 can you also pass `-t go`. I think there is some invalid pom.xml in that repo that is causing the failure. I inserted pom.xml into the online xml...
Yes, you were right. But another errors now... cdxgen -o bom.json Unable to parse trivy-main/pkg/fanal/analyzer/language/nodejs/npm/testdata/sad/package-lock.json without legacy peer dependencies. Retrying ... Unable to parse trivy-main/pkg/fanal/analyzer/language/nodejs/npm/testdata/sad/package-lock.json in legacy and non-legacy mode....