meta-dependencytrack icon indicating copy to clipboard operation
meta-dependencytrack copied to clipboard
verified publisher icon bgnetworks

400 error when generating SBOM

Open austinhallett opened this issue 1 year ago • 1 comments

dependency track server version: 4.11.3 yocto: kirkstone

ERROR: Failed to upload SBOM to Dependency Track server at https://<valid_server_url>/api/v1/bom. [HTTP Error] 400; Reason: Bad Request

austinhallett avatar Jun 25 '24 15:06 austinhallett

There are some bugs which cause the resulting sbom to not be a valid cyclonedx file. In newer versions of dependencytrack, this is actually validated, thus upload fails. Also, if memory serves me right, there have been breaking changes to the API since.

This repository has not been updated for 3 years. We maintain a working fork at https://github.com/iris-GmbH/meta-cyclonedx (however, it only creates cyclonedx output files and does not directly talk to a dependencytrack server, which we consider a feature. upload can be easily scripted though). Feel free to check it out.

Jasper-Ben avatar Jun 29 '25 23:06 Jasper-Ben