Ruby - Issues with dependencies displayed for Relationship DEPENDS_ON

opensbom-generator / spdx-sbom-generator

Support CI generation of SBOMs via golang tooling.

396 stars 109 forks source link

Ruby - Issues with dependencies displayed for Relationship DEPENDS_ON #138

Closed niruautomation closed 3 years ago

niruautomation commented 3 years ago

Tool Version Cloned code from main branch of https://github.com/spdx/spdx-sbom-generator on 11-06-2021 and built the tool Test Repo https://github.com/lewisojile/ruby-gem-sample OS Windows 10

_Issue1 - Relationship DEPENDSON not displayed even when Dependencies exists for package in gemspec

_Issue2 - Few dependencies are not displayed for Relationship DEPENDSON Dependency peck is missing in SPDX file

lewisojile commented 3 years ago

@niruautomation @niravpatel27 As observed in the gem plugin, a few dependencies such as 'hoe, peck & pry' have no metadata of any form in all gem locations in the local file system and vendor directory. This I verified by looking up all the gem paths displayed after running the 'gem env' command. Such dependencies were not included as we had no meta-data / gemspec files for them.

niruautomation commented 3 years ago

I cloned the code from master on 14-06-2021, build the tool and verified the ticket. Observed that the issue is fixed bom-bundler.spdx.txt