-
Notifications
You must be signed in to change notification settings - Fork 120
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"DirectoryExclusionList" not working as expected #494
Comments
Hi, @Niba-nazar Can you try using |
Hi @sebasgomez238, Still the same "SPDXID": "SPDXRef-File--node-modules-flatpickr-dist-l10n-ar.d.ts-90924249CDD6917742E798AA7383439F5A5CE319",
"fileName": "./node_modules/flatpickr/dist/l10n/fa.d.ts",
"SPDXID": "SPDXRef-File--node-modules-flatpickr-dist-l10n-fa.d.ts-E6ADB13504B9CF404B73431A54CCB4C24B50E81B",
"fileName": "./node_modules/flatpickr/dist/l10n/az.d.ts",
"SPDXID": "SPDXRef-File--node-modules-flatpickr-dist-l10n-az.d.ts-DB15D2153361A061916279BE65D604211CA35222",
"fileName": "./node_modules/flatpickr/dist/l10n/tr.d.ts",
"SPDXID": "SPDXRef-File--node-modules-flatpickr-dist-l10n-tr.d.ts-E99D6A3C1D425F9582856D8BABB95664529593AD",
"fileName": "./node_modules/flatpickr/dist/l10n/ru.js",
"SPDXID": "SPDXRef-File--node-modules-flatpickr-dist-l10n-ru.js-8BB81331010AA480EA48587C6DA6CF6F0E988750",
"fileName": "./node_modules/flatpickr/dist/l10n/et.js",
"SPDXID": "SPDXRef-File--node-modules-flatpickr-dist-l10n-et.js-1D0CB4C4EF0E55FFAAA200EF3578E99F726E1830",
"fileName": "./node_modules/flatpickr/dist/l10n/nl.js",
|
I believe those files are still showing up because --DirectoryExclusionList is passed to the component detector, but the component detector is only used to populate the "packages" section of the SBOM. The "files" section is generated by walking the directory, and is not affected by component detector arguments. Adding an option to exclude files (not packages) would require a larger change on our side. Our team will triage this issue and decide whether to add this to our roadmap. |
Hi @Niba-nazar, we usually expect the directory for which an SBOM is generated to be the build drop containing the files that are eventually released for the product, so excluding directories is not typically applicable. Would it make sense in your use case to point the tool at a directory that only contains your build drop? |
Closing because per @jalkire comment, this is not a feature we planned to support for SBOMs |
Hi,
I'm working on a project that requires generating an SBOM using sbom-tool. However, I'd like to exclude the 'node_modules' folder from the generated SBOM. I attempted the command below, but it doesn't seem to be functioning as expected:
The issue I'm encountering is that the file _manifest/spdx_2.2/manifest.spdx.json still contains scan results from the 'node_modules' folder.
The text was updated successfully, but these errors were encountered: