sbomgr icon indicating copy to clipboard operation
sbomgr copied to clipboard

Published 20 hours ago verified publisher icon interlynk-io

document version is missing despite useful details in the SBOM

Open surendrapathak opened this issue 1 year ago • 0 comments

For the SBOM here - https://sbomlc.s3.amazonaws.com/sbom4python-0.8.0_paramiko-3.1.0.spdx.tv?AWSAccessKeyId=AKIA2ZBFUJ4NNQGYD5OF&Signature=eyV1wX%2F%2Beg2TaXQTS5UQxE%2FpRd4%3D&Expires=1711592216

sbomgr packages -EP 'pypi/cryptography' -O 'filen,docn,docv,pkgn,pkgv' ../sbomlc/sbom4python-0.8.0_paramiko-3.1.0.spdx.tv
../sbomlc/sbom4python-0.8.0_paramiko-3.1.0.spdx.tv	Python-paramiko	http://spdx.org/spdxdocs/Python-paramiko-f7ea4f38-99df-4880-87d8-ab4d19b9f707	cryptography	40.0.1

docv results in blank.

However, we have two signals that should lead us to the document version

Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-1-paramiko

PackageName: paramiko
SPDXID: SPDXRef-Package-1-paramiko
PackageVersion: 3.1.0

I recommend rechecking the logic for dov to ensure the above case can be handled.

surendrapathak avatar Apr 06 '23 22:04 surendrapathak