The URL `acme` is 404.

[Donkey-Hao]

Hi, I was trying to run the tool in some repos cloned from github, which are not my repos and I got the msg:

2023/12/21 11:07:14 No dependencies found
If you own this repository, check if Dependency Graph is enabled:
https://github.com/ietf-wg-acme/acme/settings/security_analysis

2023/12/21 11:07:16 No dependencies found
If you own this repository, check if Dependency Graph is enabled:
https://github.com/GOATmessi7/ASFF/settings/security_analysis

I tried to open the urls but it is 404 page, is this a bug? Thanks.

[Donkey-Hao]

Hi, I was trying to run the tool in some repos cloned from github, which are not my repos and I got the msg:

2023/12/21 11:07:14 No dependencies found
If you own this repository, check if Dependency Graph is enabled:
https://github.com/ietf-wg-acme/acme/settings/security_analysis

2023/12/21 11:07:16 No dependencies found
If you own this repository, check if Dependency Graph is enabled:
https://github.com/GOATmessi7/ASFF/settings/security_analysis

I tried to open the urls but it is 404 page, is this a bug? Thanks.

I am sorry, I misunderstood it. I tested the tool on the tow projects ACME and ASFF one is archived and another isn't. I used the tool to generate SBOM for those 2 projects in CycloneDX format, it failed and got the msg. I wonder why it happened? Thanks.

[steiza]

Hello! As mentioned on the README, gh-sbom relies on dependency graph in order to generate the SBOM document.

I suspect that those projects don't have GitHub's dependency graph enabled, and so this tool will not be able to generate a SBOM for them.