Closed ArwynFr closed 1 month ago
@ArwynFr - taking a look...
@ArwynFr that SBOM has a ton of invalid Purls in it...
I'm writing code to try to cleanse the purls.
More info:
Only [16] in this screenshot is valid
This will be better in 0.5.0 with the following info:
I'm not sure what tool created the SBOM provided in the ticket, or if it was a copy paste problem, but the text in there does bind properly to a schema, but Sonatype will error on the bad purl.
I'm writing a SBOM files via Syft then merge them using cyclonedx-cli merge. The resulting file works fine with OSV but fails with ossindex when using bomber 0.4.8:
sbom.json
Also I think that bomber should not halt the process when an error occurs. Even a partial scan has value ; perhaps list the unscanned components in the output.