Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug(cyclonedx): cyclonedx vulnerability advisory == null #5039

Closed
DmitriyLewen opened this issue Aug 25, 2023 · 2 comments · Fixed by #5041
Closed

bug(cyclonedx): cyclonedx vulnerability advisory == null #5039

DmitriyLewen opened this issue Aug 25, 2023 · 2 comments · Fixed by #5041
Assignees
@DmitriyLewen
Labels
kind/bug Categorizes issue or PR as related to a bug. scan/sbom Issues relating to SBOM

Comments

@DmitriyLewen
Copy link
Contributor

Description

Vulnerabilities.Advisories field of Cyclonedx can't be null - Invalid type. Expected: array, given: null.
See more here - #4900 (comment).
@DmitriyLewen DmitriyLewen self-assigned this Aug 25, 2023
@DmitriyLewen DmitriyLewen added scan/sbom Issues relating to SBOM kind/bug Categorizes issue or PR as related to a bug. labels Aug 25, 2023
@DmitriyLewen DmitriyLewen mentioned this issue Aug 25, 2023
Closed
2 tasks
@nscuro
Copy link
Contributor

nscuro commented Aug 25, 2023

I assume this would have to be a bug in cyclonedx-go then, but I wonder how null can ever slip through encoding, given the advisories field is a slice pointer with omitempty tag... https://github.com/CycloneDX/cyclonedx-go/blob/83031d6697bd6d8b20bce2a0326347a0ea7691c7/cyclonedx.go#L607

@DmitriyLewen, were you able to reproduce this given the steps mentioned in #4900? I just tried an the file validates just fine for me.

@DmitriyLewen DmitriyLewen mentioned this issue Aug 25, 2023
Merged
6 tasks
@DmitriyLewen
Copy link
Contributor Author

Hello @nscuro

were you able to reproduce this given the steps mentioned in #4900?

Yes. I created PR to fix this. I wrote in PR description, why this happens.
This is nuance of json.
But perhaps a check should be added to cyclonex-go for this case.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DmitriyLewen DmitriyLewen

Labels
kind/bug Categorizes issue or PR as related to a bug. scan/sbom Issues relating to SBOM
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(sbom): cyclonedx advisory should omit null value DmitriyLewen/trivy
2 participants
@nscuro @DmitriyLewen