Closed niruautomation closed 3 years ago
@niruautomation @niravpatel27 As observed in the gem plugin, a few dependencies such as 'hoe, peck & pry' have no metadata of any form in all gem locations in the local file system and vendor directory. This I verified by looking up all the gem paths displayed after running the 'gem env' command. Such dependencies were not included as we had no meta-data / gemspec files for them.
I cloned the code from master on 14-06-2021, build the tool and verified the ticket. Observed that the issue is fixed bom-bundler.spdx.txt
Tool Version Cloned code from main branch of https://github.com/spdx/spdx-sbom-generator on 11-06-2021 and built the tool Test Repo https://github.com/lewisojile/ruby-gem-sample OS Windows 10
_Issue1 - Relationship DEPENDSON not displayed even when Dependencies exists for package in gemspec
_Issue2 - Few dependencies are not displayed for Relationship DEPENDSON Dependency peck is missing in SPDX file