You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What happened:
When using Syft to generate the SBOM for one of our Docker Images we encountered issues uploading the generated SBOM towards Dependency Track due to an invalid Package URL that was created.
This resulted in an error while parsing the SBOM as follows:
[2023-10-24 16:27:06.862] malformed package url pkg:nuget/%C3%A4b�FileVersion@4.6.25512.01%20built%20by:%20dlab-DDVSOWINAGE016.%20Commit%20Hash:%20d0d5c7b49271cadb6d97de26d8e623e98abdc8db
[2023-10-24 16:27:06.863] com.github.packageurl.MalformedPackageURLException: Invalid purl: Illegal character in opaque part at index 17: pkg:nuget/%C3%A4b�FileVersion@4.6.25512.01%20built%20by:%20dlab-DDVSOWINAGE016.%20Commit%20Hash:%20d0d5c7b49271cadb6d97de26d8e623e98abdc8db
[2023-10-24 16:27:06.863] at com.github.packageurl.PackageURL.parse(PackageURL.java:549)
[2023-10-24 16:27:06.863] at com.github.packageurl.PackageURL.<init>(PackageURL.java:68)
Which is obvious, since it is effectively an invalid SBOM.
What you expected to happen:
A correct and parseable SBOM is created.
What happened:
When using Syft to generate the SBOM for one of our Docker Images we encountered issues uploading the generated SBOM towards Dependency Track due to an invalid Package URL that was created.
Hereby the fragment of the SBOM:
This resulted in an error while parsing the SBOM as follows:
Which is obvious, since it is effectively an invalid SBOM.
What you expected to happen:
A correct and parseable SBOM is created.
Steps to reproduce the issue:
You can use the DLL in question at https://github.com/kmoens/syft-bug-dll/blob/main/sni.dll.gz
Environment:
syft version
: 0.94.0cat /etc/os-release
or similar): Ubuntu 22.04The text was updated successfully, but these errors were encountered: