search

devops-kung-fu / bomber

Scans Software Bill of Materials (SBOMs) for security vulnerabilities
https://devops-kung-fu.github.io/bomber/
Mozilla Public License 2.0
516 stars 45 forks source link

JSON output produces invalid json document #230

Closed AndriyDmytrenko closed 2 months ago

AndriyDmytrenko commented 3 months ago

Hi!

When using scan with output=json it produces invalid json document:

$ bomber scan merged-bom.json --output=json > scan-report.json
$ file scan-report.json
scan-report.json: Unicode text, UTF-8 text, with very long lines (10321), with escape sequences
$ head scan-report.json
■ Scanning Files:
    merged-bom.json
{
    "meta": {
        "generator": "bomber",
        "url": "https://github.com/devops-kung-fu/bomber",
        "version": "0.5.0",
        "provider": "osv",
        "severityFilter": "",
        "date": "2024-08-21T16:37:59.927949+03:00"
$
image

These two lines at the beginning make it invalid. So as a workaround I use command sed '1,2d' to skip them.

djschleen commented 2 months ago

I’ll check that out!

djschleen commented 2 months ago

Thanks for noticing that! This will be fixed in 0.5.1