search

opensbom-generator / spdx-sbom-generator

Support CI generation of SBOMs via golang tooling.
396 stars 109 forks source link

Multiple Package Manager repository - NPM - Data missing in 2 SPDX Document Information and 3 Package Information #28

Open niruautomation opened 3 years ago

niruautomation commented 3 years ago
  1. Clone repo https://github.com/nhantranleon/custom_auth
  2. Download the spdx-sbom-generator binaries to cloned repo folder
  3. Execute npm install in comman-line tool
  4. node_module will be created with all dependencies
  5. Execute composer install in comman-line tool
  6. Vendor folder will be created with all dependencies
  7. Execute ./spdx-sbom-generator to create SPDX files
  8. As expected SPDX file is created for both npm and composer. However data missing in 2 SPDX Document Information and in 3 Package Information for root package in npm SPDX file. PFA SPDX files for reference NOTE: Composer SPDX file has the data for both the sections image

custom_auth_multiSPDXfiles.zip

khalifapro commented 3 years ago

In package.json file https://github.com/nhantranleon/custom_auth/blob/master/package.json it does not contain name or version fields @niruautomation