Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: CycloneDX 1.6 SBOM being generated without dependency details #1618

Open
DennisClark opened this issue Mar 5, 2025 · 0 comments
Open

Bug: CycloneDX 1.6 SBOM being generated without dependency details #1618

DennisClark opened this issue Mar 5, 2025 · 0 comments
Assignees
@tdruez @DennisClark
Labels
bug Something isn't working high priority

Comments

@DennisClark
Copy link
Member

DennisClark commented Mar 5, 2025
edited
Loading

Using the scan-single-package pipeline I recently scanned scancode.io-34.9.5.tar.gz in SCIO v34.9.5. The scan identified 52 dependencies. When I generate an SPDX 2.3 SBOM from this project the dependency relationships are included in the generated document. When I generate a CycloneDX 1.6 SBOM from this same project the dependency relationships are not included in the generated document.

Attachments: the scan results, the SPDX SBOM, the CycloneDX SBOM

scancodeio_scio-v34.9.5.json.zip

scancodeio_scio-v34.9.5_results-2025-02-24-21-44-28.spdx.json.zip

scancodeio_scio-v34.9.5_results-2025-02-24-21-44-34.cdx.json.zip
@DennisClark DennisClark added the bug Something isn't working label Mar 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tdruez tdruez

@DennisClark DennisClark

Labels
bug Something isn't working high priority
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tdruez @DennisClark