Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SPDX SBOM doesn't get generated for Java Gradle projects #300

Open
usmanklodhi opened this issue Aug 13, 2023 · 1 comment
Open

SPDX SBOM doesn't get generated for Java Gradle projects #300

usmanklodhi opened this issue Aug 13, 2023 · 1 comment
Labels
bug Something isn't working

Comments

@usmanklodhi
Copy link

Summary

SPDX SBOM doesn't work for Java Gradle projects. Though the projects are able to build fine locally, when I run the spdx-sbom-generator, it gives out a dependency error sometimes or failure to read modules.

Background

Provide context to the issue - provide steps to reproduce the behavior, such as:

  1. Download sbom-spdx-generator version 1.0.X (Installed using homebrew install sbom-spdx-generator on M1 Mac)
  2. Clone repository https://github.com/MinecraftForge/ForgeGradle
  3. Run spdx-sbom-generator in the default branch of aforementioned repository
  4. Observe the following error:
INFO[2023-08-12T19:42:54+05:00] Starting to generate SPDX ...                
INFO[2023-08-12T19:42:54+05:00] Running generator for Module Manager: `Java-Gradle` with output `bom-Java-Gradle.spdx` 
INFO[2023-08-12T19:42:56+05:00] Current Language Version 
------------------------------------------------------------
Gradle 8.1.1
------------------------------------------------------------

Build time:   2023-04-21 12:31:26 UTC
Revision:     1cf537a851c635c364a4214885f8b9798051175b

Kotlin:       1.8.10
Groovy:       3.0.15
Ant:          Apache Ant(TM) version 1.10.11 compiled on July 10 2021
JVM:          1.8.0_333 (Oracle Corporation 25.333-b02)
OS:           Mac OS X 13.4 x86_64
 
INFO[2023-08-12T19:42:56+05:00] Global Setting File                          
2023/08/12 19:43:04 Head "file:/Users/usmankhanlodhi/.m2/repository/de/siegmar/fastcsv/2.2.1%20%28n%29/fastcsv-2.2.1%20%28n%29.jar": unsupported protocol scheme "file"
ERRO[2023-08-12T19:43:05+05:00] Could not find download location for "de.siegmar:fastcsv:2.2.1 (n)" 
INFO[2023-08-12T19:43:05+05:00] Command has completed with errors for some package managers, see details below 
INFO[2023-08-12T19:43:05+05:00] Plugin Java-Gradle return error failed to read modules

Expected behavior

I wanted it to generate the spdx document, which it does for Java Maven applications.

Repository

Which repository causes this error?

Acceptance Criteria

When the SPDX document for Java Gradle applications gets generated, that will be an indicator of this service working.
@usmanklodhi usmanklodhi added the bug Something isn't working label Aug 13, 2023
@ba11b0y
Copy link
Contributor

ba11b0y commented Aug 13, 2023

Hey @usmanklodhi
We're trying to revamp this project to use the parsers project.
Gradle parser is yet to be tested and tried. Will try to address this issue once we fix it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ba11b0y @usmanklodhi