Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect using of AttributionText in SPDX output #7756

Open
knqyf263 opened this issue Oct 17, 2024 Discussed in #7715 · 0 comments
Open

Incorrect using of AttributionText in SPDX output #7756

knqyf263 opened this issue Oct 17, 2024 Discussed in #7715 · 0 comments
Labels
help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/bug Categorizes issue or PR as related to a bug. scan/sbom Issues relating to SBOM
Milestone
v0.57.0

Comments

@knqyf263
Copy link
Collaborator

Description

We should use annotations for scan metadata instead of attributionTexts.

"annotations" : [ {
    "annotationDate" : "2024-10-29T18:30:22Z",
    "annotationType" : "OTHER",
    "annotator" : "Tool: Trivy ()",
    "comment" : "Class: lang-pkgs"
  },
  {
    "annotationDate" : "2024-10-29T18:30:22Z",
    "annotationType" : "OTHER",
    "annotator" : "Tool: Trivy ()",
    "comment" : "Type: npm"
  },

trivy/pkg/sbom/spdx/marshal.go

Lines 369 to 378 in c8c14d3

func (m *Marshaler) spdxAttributionTexts(c *core.Component) []string {
var texts []string
for _, p := range c.Properties {
// Add properties that are not in other fields.
if !slices.Contains(duplicateProperties, p.Name) {
texts = m.appendAttributionText(texts, p.Name, p.Value)
}
}
return texts
}

Discussed in #7715
@knqyf263 knqyf263 added kind/bug Categorizes issue or PR as related to a bug. help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. scan/sbom Issues relating to SBOM labels Oct 17, 2024
@knqyf263 knqyf263 added this to the v0.57.0 milestone Oct 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/bug Categorizes issue or PR as related to a bug. scan/sbom Issues relating to SBOM
Projects
Trivy Roadmap
Status: No status
Milestone
v0.57.0
Development

No branches or pull requests
1 participant
@knqyf263