Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect using of AttributionText in SPDX output #7756

Closed
knqyf263 opened this issue Oct 17, 2024 Discussed in #7715 · 4 comments · Fixed by #7811
Closed

Incorrect using of AttributionText in SPDX output #7756

knqyf263 opened this issue Oct 17, 2024 Discussed in #7715 · 4 comments · Fixed by #7811
Assignees
@DmitriyLewen
Labels
kind/bug Categorizes issue or PR as related to a bug. scan/sbom Issues relating to SBOM
Milestone
v0.57.0

Comments

@knqyf263
Copy link
Collaborator

Description

We should use annotations for scan metadata instead of attributionTexts.

"annotations" : [ {
    "annotationDate" : "2024-10-29T18:30:22Z",
    "annotationType" : "OTHER",
    "annotator" : "Tool: Trivy ()",
    "comment" : "Class: lang-pkgs"
  },
  {
    "annotationDate" : "2024-10-29T18:30:22Z",
    "annotationType" : "OTHER",
    "annotator" : "Tool: Trivy ()",
    "comment" : "Type: npm"
  },

trivy/pkg/sbom/spdx/marshal.go

Lines 369 to 378 in c8c14d3

func (m *Marshaler) spdxAttributionTexts(c *core.Component) []string {
var texts []string
for _, p := range c.Properties {
// Add properties that are not in other fields.
if !slices.Contains(duplicateProperties, p.Name) {
texts = m.appendAttributionText(texts, p.Name, p.Value)
}
}
return texts
}

Discussed in #7715
@knqyf263 knqyf263 added kind/bug Categorizes issue or PR as related to a bug. help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. scan/sbom Issues relating to SBOM labels Oct 17, 2024
@knqyf263 knqyf263 added this to the v0.57.0 milestone Oct 17, 2024
@knqyf263
Copy link
Collaborator Author

@DmitriyLewen Do you think we can fix it for v0.57.0? If this task takes some time, I'll put it into v0.58.0.

@DmitriyLewen
Copy link
Contributor

I will take a look today and write to you

@DmitriyLewen DmitriyLewen mentioned this issue Oct 29, 2024
Merged
6 tasks
@DmitriyLewen DmitriyLewen self-assigned this Oct 29, 2024
@DmitriyLewen
Copy link
Contributor

@knqyf263 while I was checking - I created #7811 😄

@knqyf263 knqyf263 removed the help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. label Oct 29, 2024
@DmitriyLewen
Copy link
Contributor

fixed in #7811

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DmitriyLewen DmitriyLewen

Labels
kind/bug Categorizes issue or PR as related to a bug. scan/sbom Issues relating to SBOM
Projects
Trivy Roadmap
Status: No status
Milestone
v0.57.0
Development

Successfully merging a pull request may close this issue.

fix(sbom): use Annotation instead of AttributionTexts for SPDX formats DmitriyLewen/trivy
3 participants
@knqyf263 @DmitriyLewen and others