Closed Donkey-Hao closed 6 months ago
Hi, I was trying to run the tool in some repos cloned from github, which are not my repos and I got the msg:
2023/12/21 11:07:14 No dependencies found If you own this repository, check if Dependency Graph is enabled: https://github.com/ietf-wg-acme/acme/settings/security_analysis 2023/12/21 11:07:16 No dependencies found If you own this repository, check if Dependency Graph is enabled: https://github.com/GOATmessi7/ASFF/settings/security_analysis
I tried to open the urls but it is 404 page, is this a bug? Thanks.
I am sorry, I misunderstood it. I tested the tool on the tow projects ACME and ASFF one is archived and another isn't. I used the tool to generate SBOM for those 2 projects in CycloneDX format, it failed and got the msg. I wonder why it happened? Thanks.
Hello! As mentioned on the README, gh-sbom
relies on dependency graph in order to generate the SBOM document.
I suspect that those projects don't have GitHub's dependency graph enabled, and so this tool will not be able to generate a SBOM for them.
Hi, I was trying to run the tool in some repos cloned from github, which are not my repos and I got the msg:
I tried to open the urls but it is 404 page, is this a bug? Thanks.