Java - Maven - Warning message is displayed when SPDX file validated in the SPDX validator

opensbom-generator / spdx-sbom-generator

Support CI generation of SBOMs via golang tooling.

396 stars 109 forks source link

Java - Maven - Warning message is displayed when SPDX file validated in the SPDX validator #29

Closed niruautomation closed 3 years ago

niruautomation commented 3 years ago

Test Repo used for testing https://github.com/mlehotskylf/sample-java-programs

Clone the https://github.com/spdx/spdx-sbom-generator.git from main branch (Since latest version tool is not available followed this approach for testing)
Execute the make build-win to build the tool
Generate the SPDX file for JAVA module
Validate the generated SPDX file in https://tools.spdx.org/app/validate/
Observed that the warning message is displayed. PFA SPDX file for reference

bom-Java-Maven.txt

prathapbproximabiz commented 3 years ago

@niruautomation Could you please retest it as discussed in our call.

niruautomation commented 3 years ago

Verified with latest version(v0.0.5) of the tool and observed that the issue is fixed

niruautomation commented 3 years ago

@prathapbproximabiz Observed this issue again. This seems to be an intermittent issue. Because if I generate the SPDX file again the it is not reproducible

Tool Version Cloned code from main branch of https://github.com/spdx/spdx-sbom-generator on 11-06-2021 and built the tool Test Repo https://github.com/mybatis/mybatis-3 OS Windows 10

PFA files bom-javen-maven_withIssues.spdx.txt bom-javen-maven-withoutIssues.spdx.txt

Warning in SPDX validator

prathapbproximabiz commented 3 years ago

Test Repo https://github.com/mybatis/mybatis-3

@niruautomation Please take latest code once below PR is approved and merged. And retest it. https://github.com/spdx/spdx-sbom-generator/pull/143

niruautomation commented 3 years ago

This is an intermittent issue. Not able to reproduce the issue now