Closed wujunhuge closed 1 week ago
Hi @wujunhuge, thanks for the report. Unfortunately, most of the fields in the report were not fill out by you, making it hard for us to reproduce what the root cause of you problem is.
Apparently, the, repository
field is missing the ORT result JSON file that you are trying to load. As the ORT analyzer definitely writes this mandatory field, it looks like the ORT result JSON file has been tampered with. Can you share how this is file was created exactly?
it looks like the ORT result JSON file has been tampered with.
Or actually, judging from the file name name bom.json
in your title, it looks like the input is not an ORT result file at all. Basically, the input to the ort report
command is the file that gets written by the ort analyze
command. Also see the tutorial.
Thank you for your reply. I am trying to use tools to analyze a C++project and convert it into a CycloneDx format BOM. JSON. However, after reading the tutorial, I feel a bit confused. Do I need to add any configurations when analyzing?
Do I need to add any configurations when analyzing?
That depends a bit on which, if any, package manager your C++ project is using. Can you share some details on that?
In any case, that does not explain why the repository
field seems to be missing in the ORT result file. Can you please also share the exact command line you're using to run ort analyze
?
Can my C++project be scanned without a package manager like Conan? The command I am using now is: ort -- info analyze - i- o . -f JSON
Can my C++project be scanned without a package manager like Conan?
It can be scanned in the meaning of running ort scan
with the analyzer input, but none of its dependencies will be recognized or scanned. Only what's contained in the directory / repository ort analyze
was given as the input will be scanned.
And please note that ort analyze
currently expects the input directory to be under version control. If that's not the case for you, you can trick ORT by creating a temporary Git working tree directory in your input directory by running git init
, git add .
, git commit -m "Dummy commit for ORT"
first.
I believe all questions have been answered.
Describe the bug
A clear and concise description of what the bug is.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
Console / log output
Environment
Output of the
ort requirements
command:Or manually specify:
And specify (relevant parts of) your ORT configuration (
config.yml
):Additional context
Add any other context about the problem here.