Invalid purl/bom-ref field when contains '?' or ':' chars? #154

bruegth · 2022-05-25T13:58:03Z

When purl/bom-ref field contains a '?' char like this:

{
    "bomFormat": "CycloneDX",
    "specVersion": "1.4",
    "serialNumber": "urn:uuid:151b045d-ef9c-47e8-9943-7b325834a13b",
    "version": 1,
    "metadata": {
        "timestamp": "2022-05-25T11:38:14.899573013Z",
        "tools": [
            {
                "vendor": "aquasecurity",
                "name": "trivy",
                "version": "0.25.2"
            }
        ],
        "component": {
            "bom-ref": "pkg:oci/isp_aggregationdatahandler@sha256:4a5986dc98d7d899fa2fce87626862aed7bec168b44f83ffca2c5d179f917823?repository_url=...

then dependency graph not working. Maybe this can be an Issue in Trivy output otherwise? see here https://aquasecurity.github.io/trivy/v0.28.0/docs/sbom/cyclonedx/

The text was updated successfully, but these errors were encountered:

stevespringett · 2022-05-25T16:18:14Z

Do you have a bom from trivy that you can attach to the ticket?

bruegth · 2022-05-30T09:49:03Z

Do you have a bom from trivy that you can attach to the ticket?

Test-sbom.zip

bruegth · 2022-05-30T13:45:02Z

Duplicate of #85

bruegth added the question Further information is requested label May 25, 2022

bruegth closed this as completed May 30, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Invalid purl/bom-ref field when contains '?' or ':' chars? #154

Invalid purl/bom-ref field when contains '?' or ':' chars? #154

bruegth commented May 25, 2022

stevespringett commented May 25, 2022

bruegth commented May 30, 2022

bruegth commented May 30, 2022

Invalid purl/bom-ref field when contains '?' or ':' chars? #154

Invalid purl/bom-ref field when contains '?' or ':' chars? #154

Comments

bruegth commented May 25, 2022

stevespringett commented May 25, 2022

bruegth commented May 30, 2022

bruegth commented May 30, 2022