Closed mthalman closed 2 months ago
[Triage]
This may end up being an issue with https://github.com/microsoft/sbom-tool. We need to investigate further to understand the issue.
[Triage] this appears to not be an issue any more: https://dev.azure.com/dnceng/internal/_build/results?buildId=2492525&view=logs&j=e27bb03b-8ee4-51d2-159a-afc23d6ec395&t=bd61d781-4732-5a57-18a0-b0bd68c2790c
As an example, this is the SBOM of an Alpine 3.17 Arm64 .NET 6 SDK image: manifest.spdx.json (internal link).
It contains no Linux packages.
Looking at the build log provides some more info:
This warning only shows up in the Arm build legs.