sbom-tool icon indicating copy to clipboard operation
sbom-tool copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Missing license of RootPackage in SBOM

Open Brend-Smits opened this issue 2 years ago • 1 comments

Hey there,

I am working on generating an SBOM for a GitHub Action that sets up this SBOM-Tool in a convenient way (see: https://github.com/philips-software/sbom-tool-installer-action). After generating the SBOM, I noticed that the license field of the RootPackage is set to NOASSERTION. This might be intended as this feature might not be implemented yet. However, I would really appreciate at least a parameter to set the LICENSE of the RootPackage. In the case of the installer-action, the license is actually set properly within GitHub and the package.json

I uploaded the SBOM as a Gist. Please have a look here: https://gist.github.com/Brend-Smits/90b62120de7abc989c2768c92a2a49c8#file-sbom-tool-installer-action-sbom-L10757-L10772

Brend-Smits avatar Jul 27 '22 11:07 Brend-Smits

Hi @Brend-Smits, would you like to send a PR for this?

edgarrs avatar Aug 02 '22 18:08 edgarrs