search

opensbom-generator / spdx-sbom-generator

Support CI generation of SBOMs via golang tooling.
398 stars 109 forks source link

SPDX SBOM doesn't get generated for Java Gradle projects #300

Open usmanklodhi opened 1 year ago

usmanklodhi commented 1 year ago

Summary

SPDX SBOM doesn't work for Java Gradle projects. Though the projects are able to build fine locally, when I run the spdx-sbom-generator, it gives out a dependency error sometimes or failure to read modules.

Background

Provide context to the issue - provide steps to reproduce the behavior, such as:

  1. Download sbom-spdx-generator version 1.0.X (Installed using homebrew install sbom-spdx-generator on M1 Mac)
  2. Clone repository https://github.com/MinecraftForge/ForgeGradle
  3. Run spdx-sbom-generator in the default branch of aforementioned repository
  4. Observe the following error:
INFO[2023-08-12T19:42:54+05:00] Starting to generate SPDX ...                
INFO[2023-08-12T19:42:54+05:00] Running generator for Module Manager: `Java-Gradle` with output `bom-Java-Gradle.spdx` 
INFO[2023-08-12T19:42:56+05:00] Current Language Version 
------------------------------------------------------------
Gradle 8.1.1
------------------------------------------------------------

Build time:   2023-04-21 12:31:26 UTC
Revision:     1cf537a851c635c364a4214885f8b9798051175b

Kotlin:       1.8.10
Groovy:       3.0.15
Ant:          Apache Ant(TM) version 1.10.11 compiled on July 10 2021
JVM:          1.8.0_333 (Oracle Corporation 25.333-b02)
OS:           Mac OS X 13.4 x86_64

INFO[2023-08-12T19:42:56+05:00] Global Setting File                          
2023/08/12 19:43:04 Head "file:/Users/usmankhanlodhi/.m2/repository/de/siegmar/fastcsv/2.2.1%20%28n%29/fastcsv-2.2.1%20%28n%29.jar": unsupported protocol scheme "file"
ERRO[2023-08-12T19:43:05+05:00] Could not find download location for "de.siegmar:fastcsv:2.2.1 (n)" 
INFO[2023-08-12T19:43:05+05:00] Command has completed with errors for some package managers, see details below 
INFO[2023-08-12T19:43:05+05:00] Plugin Java-Gradle return error failed to read modules

Expected behavior

I wanted it to generate the spdx document, which it does for Java Maven applications.

Repository

Which repository causes this error?

Acceptance Criteria

When the SPDX document for Java Gradle applications gets generated, that will be an indicator of this service working.

ba11b0y commented 1 year ago

Hey @usmanklodhi We're trying to revamp this project to use the parsers project. Gradle parser is yet to be tested and tried. Will try to address this issue once we fix it.