Closed carlosthe19916 closed 4 days ago
@ctron
I expect it's due to the broken SBOM:
Invalid reference 'SPDXRef-0aee0343-801b-4c5a-ae35-6c4a5fa163be' of relationship 'SPDXRef-0aee0343-801b-4c5a-ae35-6c4a5fa163be' -[ContainedBy]-> 'SPDXRef-2faf6cb8-246f-4ad9-964e-c5e161ad16d0'
[… plus many more …]
I agree that we need better error reporting though.
I got the impression that the importers stops whenever the first error appears. When I import SBOMs it always stop at the 108 SBOM imported.
My concern was that, let's say we have 200 SBOMs to be ingested, and while ingesting the SBOM number 108 we found an error, then all the rest of SBOMs won't be ingested due to the error found.
But it might be just a coincidence and actually the redhat-sbom
repository only has 108 SBOMs and there is nothing to be worried about
My expectation is that it keeps running. On subsequent runs, it will only process changes. According to the report, we have 557 SBOMs with 123 faulty ones.
Just did a check myself. I think you're right. It's aborting the run. I'll dig into that.
Steps to reproduce:
redhat-sbom
. Let it run for some minutes and the importer should generate a reportGET api/v1/importer/redhat-sbom/report
with the following response:You can see there is an error
insert or update on table \"package_relates_to_package\" violates foreign key constraint \"package_relates_to_package_sbom_id_left_node_id_fkey\"