Tool does not report correct number of components for nested CycloneDX SBOMs #133

schlenk · 2023-04-06T10:14:01Z

The tool seems to not traverse the component graph properly, see for example:

sbomqs.exe score bom_issue_328_components.json
SBOM Quality Score:5.9  components:2    bom_issue_328_components.json

The SBOM obviously has 4 components described. 1 component in the BOM metadata and three libraries A, B, C.

Using the simple test case file from:

The text was updated successfully, but these errors were encountered:

riteshnoronha · 2023-04-06T11:57:23Z

Let me take a look will get back. I understand the issue, will fix it.

riteshnoronha · 2023-04-06T15:29:13Z

OK we have a fix here #134, should be part of our next release, if u would like to use it earlier, let me know.

riteshnoronha · 2023-04-07T13:28:21Z

A new version of the tool v0.0.13 has been released.

riteshnoronha mentioned this issue Apr 6, 2023

Add support to walk component hierarchy for cdx #134

Merged

riteshnoronha linked a pull request Apr 6, 2023 that will close this issue

Add support to walk component hierarchy for cdx #134

Merged

riteshnoronha mentioned this issue Apr 6, 2023

Port fix from sbomqs for cdx component scanning. interlynk-io/sbomgr#24

Closed

riteshnoronha closed this as completed in #134 Apr 6, 2023

Provide feedback