sbom-tool icon indicating copy to clipboard operation
sbom-tool copied to clipboard
verified publisher icon microsoft

External SPDX files appear in the files section

Open DaveTryon opened this issue 7 months ago • 3 comments

This is a known bug but I was unable to find an issue on it. When building an SPDX file, external doc refs gets reported twice--once (correctly) in as an ExternalDocRef, and once (incorrectly) in the files section. The external SPDX file should only be listed in the files section if it is actually shipped with the product.

DaveTryon avatar May 28 '25 00:05 DaveTryon

Dupe of #956

DaveTryon avatar Jun 04 '25 16:06 DaveTryon

Reopening since it's a different scenario from #956, although probably a common root cause

DaveTryon avatar Jul 23 '25 16:07 DaveTryon

Discussed this in triage and assigning to @pragnya17 since this seems closely related to another issue assigned to her, https://github.com/microsoft/sbom-tool/issues/956

sfoslund avatar Jul 24 '25 18:07 sfoslund