search

CycloneDX / sbom-combiner

Lockheed Martin developed utility to combine multiple CycloneDX SBOMs
https://cyclonedx.org/
Other
11 stars 3 forks source link

Fix readme and script #4

Open jimklimov opened 1 year ago

jimklimov commented 1 year ago

A few inconsistencies I stumbled upon when trying to use this project :)

jimklimov commented 1 year ago

After some fiddling above I got this to at least compile and run, but indeed (as mentioned in #2 discussion) the "combine" addition to "comparator" does not seem completed:

:; time ./compare.sh -d ./2022_11-release-components/SBOM -o ./2022_11-release-components/SBOM-java -f json
...
  .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::                (v2.5.0)

2023-01-16 14:10:44.547  INFO 28848 --- [           main] c.l.e.s.c.SbomcomparatorApplication      : Starting SbomcomparatorApplicat
ion v1.2.1 using Java 17.0.3 on KIHOMI with PID 28848 (C:\Users\klimov\Documents\FOSS\sbom\sbom-combiner\target\sbomcomparator-1.2.1
.jar started by klimov in C:\Users\klimov\Documents\FOSS\sbom\sbom-combiner)
2023-01-16 14:10:44.549  INFO 28848 --- [           main] c.l.e.s.c.SbomcomparatorApplication      : No active profile set, falling
back to default profiles: default
2023-01-16 14:10:45.244  INFO 28848 --- [           main] c.l.e.s.c.SbomcomparatorApplication      : Started SbomcomparatorApplicati
on in 1.177 seconds (JVM running for 1.735)
2023-01-16 14:10:45.245  INFO 28848 --- [           main] o.s.b.a.ApplicationAvailabilityBean      : Application availability state
LivenessState changed to CORRECT
2023-01-16 14:10:45 ERROR SbomcomparatorApplication:259 - Failed to compare the two SBoms!
org.apache.commons.cli.UnrecognizedOptionException: Unrecognized option: -d
        at org.apache.commons.cli.DefaultParser.handleUnknownToken(DefaultParser.java:360)
        at org.apache.commons.cli.DefaultParser.handleShortAndLongOption(DefaultParser.java:497)
        at org.apache.commons.cli.DefaultParser.handleToken(DefaultParser.java:243)
        at org.apache.commons.cli.DefaultParser.parse(DefaultParser.java:120)
        at org.apache.commons.cli.DefaultParser.parse(DefaultParser.java:76)
        at org.apache.commons.cli.DefaultParser.parse(DefaultParser.java:60)
        at com.lmco.efoss.sbom.comparator.SbomcomparatorApplication.run(SbomcomparatorApplication.java:220)
        at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:786)
        at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:776)
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:344)
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:1336)
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:1325)
        at com.lmco.efoss.sbom.comparator.SbomcomparatorApplication.main(SbomcomparatorApplication.java:203)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:568)
        at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:49)
        at org.springframework.boot.loader.Launcher.launch(Launcher.java:108)
        at org.springframework.boot.loader.Launcher.launch(Launcher.java:58)
        at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:88)
2023-01-16 14:10:45 INFO  SbomcomparatorApplication:277 - It took 9 MILLISECONDS to fail, compare two SBom.
2023-01-16 14:10:45.259  INFO 28848 --- [           main] ConditionEvaluationReportLoggingListener :

Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled.
2023-01-16 14:10:45.289 ERROR 28848 --- [           main] o.s.boot.SpringApplication               : Application run failed

java.lang.IllegalStateException: Failed to execute ApplicationRunner
        at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:789) ~[spring-boot-2.5.0.jar!/:2.5.0]
        at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:776) ~[spring-boot-2.5.0.jar!/:2.5.0]
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:344) ~[spring-boot-2.5.0.jar!/:2.5.0]
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:1336) ~[spring-boot-2.5.0.jar!/:2.5.0]
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:1325) ~[spring-boot-2.5.0.jar!/:2.5.0]
        at com.lmco.efoss.sbom.comparator.SbomcomparatorApplication.main(SbomcomparatorApplication.java:203) ~[classes!/:1.2.1]
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[na:na]
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
        at java.base/java.lang.reflect.Method.invoke(Method.java:568) ~[na:na]
        at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:49) ~[sbomcomparator-1.2.1.jar:1.2.1]
        at org.springframework.boot.loader.Launcher.launch(Launcher.java:108) ~[sbomcomparator-1.2.1.jar:1.2.1]
        at org.springframework.boot.loader.Launcher.launch(Launcher.java:58) ~[sbomcomparator-1.2.1.jar:1.2.1]
        at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:88) ~[sbomcomparator-1.2.1.jar:1.2.1]
Caused by: org.apache.commons.cli.UnrecognizedOptionException: Unrecognized option: -d
        at org.apache.commons.cli.DefaultParser.handleUnknownToken(DefaultParser.java:360) ~[commons-cli-1.4.jar!/:1.4]
        at org.apache.commons.cli.DefaultParser.handleShortAndLongOption(DefaultParser.java:497) ~[commons-cli-1.4.jar!/:1.4]
        at org.apache.commons.cli.DefaultParser.handleToken(DefaultParser.java:243) ~[commons-cli-1.4.jar!/:1.4]
        at org.apache.commons.cli.DefaultParser.parse(DefaultParser.java:120) ~[commons-cli-1.4.jar!/:1.4]
        at org.apache.commons.cli.DefaultParser.parse(DefaultParser.java:76) ~[commons-cli-1.4.jar!/:1.4]
        at org.apache.commons.cli.DefaultParser.parse(DefaultParser.java:60) ~[commons-cli-1.4.jar!/:1.4]
        at com.lmco.efoss.sbom.comparator.SbomcomparatorApplication.run(SbomcomparatorApplication.java:220) ~[classes!/:1.2.1]
        at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:786) ~[spring-boot-2.5.0.jar!/:2.5.0]
        ... 13 common frames omitted

real    0m2.002s
user    0m0.030s
sys     0m0.109s
jimklimov commented 1 year ago

Help text is smaller than in README and only says:

usage: help
 -f,--format <arg>           (Optional) output file format, Valid values
                             json, xml.  Default is xml
 -f1,--orgsbom <arg>         original SBom file
 -f2,--newsbom <arg>         new SBom file
 -h,--help                   will print out the command line options.
 -o,--output <arg>           (Optional) output file name, default is
                             diff.json or diff.xml
 -ob,--outputBomFile <arg>   (Optional) output file name of the diff bom,
                             default is diffBom.json or diffBom.xml
 -t,--htmloutput <arg>       (Optional) output html file name, default
                             name is sbomcompared