tngraf
commented
2 months ago I agree that it does not work.
bom merge empty.json empty.json => OK
bom merge trivy.json trivy.json => OK
bom merge trivy.json empty.json => OK
bom merge empty.json trivy.json => messed up
But bom merge just loads an SBOM, copies components and then saves the SBOM. CaPyCLI does not modify the dependencies - all this is done by the underlying cyclonedx-python-lib.
We are using version 3.1.5, the next version is 4.0.0, the latest version is 7.6.0 ... and they did a lot of changes.
Hello All, I have tried using 'capycli bom merge' command and finds that it removes some information from the resultant file.
I have tried to merge an empty json file and a json file generated by 'trivy' in 'CycloneDX' format.
Command I used --> capycli bom merge empty.json trivy.json
When I compare the results, some informations are lost.
under the 'dependencies' section 'dependsOn' information is coming as empty in the resultant file.
Sharing a screenshot for reference.
Also sharing the empty.json and trivy.json files which I use to run bom merge command trivy.json empty.json