Open Pierre-Gronau-ndaal opened 1 week ago
What happened: export SYFT_FILE_METADATA_SELECTION="all"
syft scan "${REPO_PATH}" -o cyclonedx-json > sbom.json syft scan "${REPO_PATH}" -o spdx-json > sbom.json
What you expected to happen:
for -o cyclonedx-json I expect that all files of the directory are in the sbom
Steps to reproduce the issue:
with -o spdx-json the sbom filled up
Anything else we need to know?:
cat sbom.json {"$schema":"http://cyclonedx.org/schema/bom-1.6.schema.json","bomFormat":"CycloneDX","specVersion":"1.6","serialNumber":"urn:uuid:d9f32702-f7d9-44a4-bd21-7b02f4c2ff67","version":1,"metadata":{"timestamp":"2024-11-11T19:10:42+01:00","tools":{"components":[{"type":"application","author":"anchore","name":"syft","version":"1.16.0"}]},"component":{"bom-ref":"c89118b3fe999aab","type":"file","name":"/***"}}}
Environment:
syft version
cat /etc/os-release
What happened: export SYFT_FILE_METADATA_SELECTION="all"
syft scan "${REPO_PATH}" -o cyclonedx-json > sbom.json syft scan "${REPO_PATH}" -o spdx-json > sbom.json
What you expected to happen:
for -o cyclonedx-json I expect that all files of the directory are in the sbom
Steps to reproduce the issue:
syft scan "${REPO_PATH}" -o cyclonedx-json > sbom.json syft scan "${REPO_PATH}" -o spdx-json > sbom.json
with -o spdx-json the sbom filled up
Anything else we need to know?:
cat sbom.json {"$schema":"http://cyclonedx.org/schema/bom-1.6.schema.json","bomFormat":"CycloneDX","specVersion":"1.6","serialNumber":"urn:uuid:d9f32702-f7d9-44a4-bd21-7b02f4c2ff67","version":1,"metadata":{"timestamp":"2024-11-11T19:10:42+01:00","tools":{"components":[{"type":"application","author":"anchore","name":"syft","version":"1.16.0"}]},"component":{"bom-ref":"c89118b3fe999aab","type":"file","name":"/***"}}}
Environment:
syft version: 1.16.0cat /etc/os-releaseor similar): Linux and macos