Closed owtaylor closed 1 month ago
Pushed a version with the shortened line, new commit message:
When Syft scans an image and doesn't find any components, it generates
a SBOM without a "components" property (this is valid according to the
CycloneDX spec - note that it is not marked Required in
https://cyclonedx.org/docs/1.4/json/ - same for 1.5 and 1.6)
/ok-to-test
@owtaylor sorry for the delay - merged!
When Syft scans an image and doesn't find any components, it generates a SBOM without a "components" property (this is valid according to the CycloneDX spec.)
Log file snippet:
Maintainers will complete the following section
Note: if the contribution is external (not from an organization member), the CI pipeline will not run automatically. After verifying that the CI is safe to run:
/ok-to-test
(as is the standard for Pipelines as Code)