Open Tristramg opened 1 month ago
I cannot reproduce this error and have no idea why the Docker container exits with 1. May I ask you to do the following to ensure we're using the same environment?
docker pull ghcr.io/cyclonedx/cdxgen
to use the latest imagepipx upgrade compliance-assistant
to ensure you're using version 3.x of this toolpipx run compliance-assistant sbom generate -d . -o bom.json -v
In any case, you're also free to use any other tool that generates a CycloneDX SBOM, and enrich the data on top of that (using the sbom enrich
command). For example syft: syft scan . -o cyclonedx-json > bom.json
. I will work towards making this clear in the docu, and extend the sbom generate
command to support more than just cdxgen in Docker.
On linux (archlinux):
When running the docker by hand:
The file is generated as expected