Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Components in the SBOM under 'metadata.component.components' are not imported #2955

Closed
2 tasks done
malice00 opened this issue Aug 15, 2023 · 3 comments · Fixed by DependencyTrack/hyades-apiserver#278 or #3357
Closed
2 tasks done

Components in the SBOM under 'metadata.component.components' are not imported #2955

malice00 opened this issue Aug 15, 2023 · 3 comments · Fixed by DependencyTrack/hyades-apiserver#278 or #3357
Labels
defect Something isn't working pending release
Milestone
4.11

Comments

@malice00
Copy link
Contributor

Current Behavior

I generate an SBOM from a multi-module Gradle project, using cdxgen. When I import this, my modules are not imported as components and therefore the dependency tree doesn't work.

This is most likely because cdxgen puts the sub-projects under 'metadata.component.components' instead of directly under 'components'. (See the specs for 1.4)

Steps to Reproduce

  1. Generate an SBOM for a Gradle project with cdxgen
  2. Import the SBOM

Expected Behavior

I expect my modules to be added just as any other components and the dependency tree to be available.

Dependency-Track Version

4.8.2

Dependency-Track Distribution

Container Image

Database Server

N/A

Database Server Version

No response

Browser

Mozilla Firefox

Checklist
@malice00 malice00 added defect Something isn't working in triage labels Aug 15, 2023
malice00 added a commit to malice00/dependency-track that referenced this issue Aug 15, 2023
@malice00
Fix DependencyTrack#2955: Import components that are located under 'm…
f626f18 
…etadata.component.components'.

Signed-off-by: Roland Asmann <[email protected]>
@malice00 malice00 mentioned this issue Aug 15, 2023
Closed
5 tasks
malice00 added a commit to malice00/dependency-track that referenced this issue Aug 16, 2023
@malice00
Fix DependencyTrack#2955: Rudimentary check for duplicates
8f80dcd 
Signed-off-by: Roland Asmann <[email protected]>
@malice00 malice00 mentioned this issue Aug 19, 2023
Merged
5 tasks
@github-actions
Copy link
Contributor

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 19, 2023
@nscuro nscuro reopened this Oct 26, 2023
@DependencyTrack DependencyTrack unlocked this conversation Oct 26, 2023
@nscuro nscuro removed the in triage label Oct 26, 2023
@nscuro
Copy link
Member

nscuro commented Oct 26, 2023

This was closed by accident when implementing it in Hyades. Implementation for DT 4.x is still pending though.

@nscuro nscuro mentioned this issue Jan 7, 2024
Merged
3 tasks
@nscuro nscuro added this to the 4.11 milestone Jan 7, 2024
@github-actions GitHub Actions
Copy link
Contributor

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 26, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
defect Something isn't working pending release
Projects
None yet
Milestone
4.11
2 participants
@nscuro @malice00