You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the resulting manifest.spdx.json file created by SBOM Tool, the "relationships" are all defined as depending on SPDXRef-RootPackage instead of the proper subdependency.
Context
I have created a simple Hello-World C# project, and added some random dependencies. You can find the project I used here: hello-world-dotnet.zip
To be sure Component-Detection works as expected, I used .\componentdetection.exe scan --SourceDirectory . --SourceFileRoot . --ManifestFile componentdetection_manifest.json. This generated the file componentdetection_manifest.json. In this file, the dependencies are stored as a graph, not a flat list where all dependencies point to the root package:
But when executing .\sbom.exe Generate -b . -bc . -ps "MyTest" -pn "MyPackageName" -pv "1.0.0", this hierarchy is not kept in the resulting spdx file: manifest.spdx.json
The text was updated successfully, but these errors were encountered:
Problem
In the resulting
manifest.spdx.json
file created by SBOM Tool, the "relationships" are all defined as depending on SPDXRef-RootPackage instead of the proper subdependency.Context
I have created a simple Hello-World C# project, and added some random dependencies. You can find the project I used here:
hello-world-dotnet.zip
Then, I ran
dotnet restore
. This creates the project.assets.json file, which is read by Component-Detection.To be sure Component-Detection works as expected, I used
.\componentdetection.exe scan --SourceDirectory . --SourceFileRoot . --ManifestFile componentdetection_manifest.json
. This generated the file componentdetection_manifest.json. In this file, the dependencies are stored as a graph, not a flat list where all dependencies point to the root package:But when executing
.\sbom.exe Generate -b . -bc . -ps "MyTest" -pn "MyPackageName" -pv "1.0.0"
, this hierarchy is not kept in the resulting spdx file: manifest.spdx.jsonThe text was updated successfully, but these errors were encountered: