Closed rashmimehta300 closed 1 year ago
It does if you add --verbose, but now that you mention it, I think it should always do that for SBOM formats. I will look into changing the default behavior for those.
Fixed in 4.3.1
It does if you add --verbose, but now that you mention it, I think it should always do that for SBOM formats. I will look into changing the default behavior for those.
after this change how to get only vulnerable components?
@ashutoshvimal The default behavior for generating SBOM has changed. And SBOM should contain all the components. While the other usecase of retire is same i.e by default it will only show vulnerable components.
Is your feature request related to a problem? Please describe. When creating cyclonedx SBOM retire only list down vulnerable js. If I upload this sbom to dependency track I will only be able to monitor vulnerable js.
Describe the solution you'd like Can we have a feature where retire can create sbom for all the js scanned and not just vulnerable js