bug(bom): panic when scanning CycloneDX file without `metadata.component` into SBOM format

aquasecurity / trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

https://aquasecurity.github.io/trivy

Apache License 2.0

22.1k stars 2.18k forks source link

bug(bom): panic when scanning CycloneDX file without `metadata.component` into SBOM format #7050

Closed DmitriyLewen closed 1 week ago

DmitriyLewen commented 1 week ago

Description

metadata.component is an optional field and can be empty. We panic when scanning CycloneDX file without metadata.component into SBOM format. See example in #7035

aquasecurity / trivy

bug(bom): panic when scanning CycloneDX file without `metadata.component` into SBOM format #7050

Description

Discussed in https://github.com/aquasecurity/trivy/discussions/7035