Open kashishtopi opened 1 year ago
DimarrWS
commented
1 year ago Hi @kashishtopi ! Please, provide me with more details. Can you send me your command line? Please, correct me if I'm wrong: the "components" section contains data for libraries and has not tag "email". Thanks in advance, Dima
kashishtopi
commented
1 year ago Hello @DimarrWS, Sure thing.
When we convert the SPDX formatted SBOM to CycloneDX format, field email: "NO ASSERTION" was found in the components part.
But, originally it came from the (Packages -> supplier/orgranization) section of SPDX-2.2 SBOM which is created by default using the WhiteSource /mend agent. WhiteSource SBOM Report Generator tool was used to create SPDX-2.2 formatted SBOM. Thank you.
DimarrWS
commented
1 year ago Hello @kashishtopi ! Our SBOM generator tool can create CycloneDx format as an output format (like SPDX format). Do you use SBOM generator tool for the creation CycloneDx or you created SPRDX output with our tool and after this converted it to CycloneDx format?
kashishtopi
commented
1 year ago Hello @DimarrWS, I created SPDX Format with the tool and then converted it to cycloneDX. Also, I thought Mend didn't had the capability to generate CycloneDX formats, but it seems that it can. Thank you.
When we get Mend Generated CycloneDX Formatted SBOM, we come across a field
email: "NO ASSERTION"in the components part, When we try to validate these SBOMs, it causes trouble. Can we fix this No Assertion Issue? Opinions?