Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"DirectoryExclusionList" not working as expected #494

Closed
Niba-nazar opened this issue Feb 5, 2024 · 5 comments
Closed

"DirectoryExclusionList" not working as expected #494

Niba-nazar opened this issue Feb 5, 2024 · 5 comments
Labels
not planned We will not action on this

Comments

@Niba-nazar
Copy link

Niba-nazar commented Feb 5, 2024
edited

Hi,

I'm working on a project that requires generating an SBOM using sbom-tool. However, I'd like to exclude the 'node_modules' folder from the generated SBOM. I attempted the command below, but it doesn't seem to be functioning as expected:

$ sbom-tool generate -b . -bc . -pn Test -pv 1.0.0 -ps Test -nsb https://abc.test.com  -cd "--DirectoryExclusionList **node_modules**

The issue I'm encountering is that the file _manifest/spdx_2.2/manifest.spdx.json still contains scan results from the 'node_modules' folder.

      "fileName": "./node_modules/@mui/icons-material/KeyboardVoiceRounded.d.ts",
      "SPDXID": "SPDXRef-File--node-modules--mui-icons-material-KeyboardVoiceRounded.d.ts-E6C07A0189CAE2DF31AEECEA0E3E386449DF7918",
      "fileName": "./node_modules/@mui/icons-material/SuperscriptRounded.d.ts",
      "SPDXID": "SPDXRef-File--node-modules--mui-icons-material-SuperscriptRounded.d.ts-E6C07A0189CAE2DF31AEECEA0E3E386449DF7918",
      "fileName": "./node_modules/@mui/icons-material/SkipPreviousOutlined.js",
      "SPDXID": "SPDXRef-File--node-modules--mui-icons-material-SkipPreviousOutlined.js-ECFBD40739D5B791F9B674CC95318FCAD170393A",
      "fileName": "./node_modules/@mui/icons-material/SportsScoreSharp.js",
      "SPDXID": "SPDXRef-File--node-modules--mui-icons-material-SportsScoreSharp.js-F5FE8AE48FB4A63E0B3EDCCCCB6828B1DEE8B21F",
      "fileName": "./node_modules/@mui/icons-material/HdrWeakSharp.d.ts",
@sebasgomez238
Copy link
Collaborator

Hi, @Niba-nazar Can you try using **/node_modules/** instead?

@Niba-nazar
Copy link
Author

Niba-nazar commented Feb 7, 2024
edited

Hi @sebasgomez238,

Still the same

      "SPDXID": "SPDXRef-File--node-modules-flatpickr-dist-l10n-ar.d.ts-90924249CDD6917742E798AA7383439F5A5CE319",
      "fileName": "./node_modules/flatpickr/dist/l10n/fa.d.ts",
      "SPDXID": "SPDXRef-File--node-modules-flatpickr-dist-l10n-fa.d.ts-E6ADB13504B9CF404B73431A54CCB4C24B50E81B",
      "fileName": "./node_modules/flatpickr/dist/l10n/az.d.ts",
      "SPDXID": "SPDXRef-File--node-modules-flatpickr-dist-l10n-az.d.ts-DB15D2153361A061916279BE65D604211CA35222",
      "fileName": "./node_modules/flatpickr/dist/l10n/tr.d.ts",
      "SPDXID": "SPDXRef-File--node-modules-flatpickr-dist-l10n-tr.d.ts-E99D6A3C1D425F9582856D8BABB95664529593AD",
      "fileName": "./node_modules/flatpickr/dist/l10n/ru.js",
      "SPDXID": "SPDXRef-File--node-modules-flatpickr-dist-l10n-ru.js-8BB81331010AA480EA48587C6DA6CF6F0E988750",
      "fileName": "./node_modules/flatpickr/dist/l10n/et.js",
      "SPDXID": "SPDXRef-File--node-modules-flatpickr-dist-l10n-et.js-1D0CB4C4EF0E55FFAAA200EF3578E99F726E1830",
      "fileName": "./node_modules/flatpickr/dist/l10n/nl.js",

@jlperkins jlperkins added help wanted Extra attention is needed tabled We like this idea, but we are not going to action on it in the moment labels Feb 8, 2024
@jlperkins jlperkins mentioned this issue Feb 8, 2024
Closed
@pownkel
Copy link
Contributor

pownkel commented Feb 15, 2024
edited

I believe those files are still showing up because --DirectoryExclusionList is passed to the component detector, but the component detector is only used to populate the "packages" section of the SBOM. The "files" section is generated by walking the directory, and is not affected by component detector arguments. Adding an option to exclude files (not packages) would require a larger change on our side. Our team will triage this issue and decide whether to add this to our roadmap.

@pownkel pownkel added needs triage Default status upon issue submission and removed help wanted Extra attention is needed tabled We like this idea, but we are not going to action on it in the moment labels Feb 15, 2024
@jalkire
Copy link

jalkire commented Feb 29, 2024

Hi @Niba-nazar, we usually expect the directory for which an SBOM is generated to be the build drop containing the files that are eventually released for the product, so excluding directories is not typically applicable. Would it make sense in your use case to point the tool at a directory that only contains your build drop?

@pownkel pownkel added not planned We will not action on this and removed needs triage Default status upon issue submission labels Mar 7, 2024
@pownkel
Copy link
Contributor

pownkel commented Mar 7, 2024

Closing because per @jalkire comment, this is not a feature we planned to support for SBOMs

@pownkel pownkel closed this as completed Mar 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
not planned We will not action on this
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jalkire @jlperkins @pownkel @sebasgomez238 @Niba-nazar