CPE for amazoncorretto:19.0.1-al2 is incorrect #1337
Assignees
Labels
bug
Something isn't working
Comments
|
Please forgive me if this is not a bug in syft but there is a similar issue to do with invalid cpe for another package and I thought that syft developers should be aware of ths. |
|
Thanks @eccles -- I've reproduced this with the information you've provided and this definitely looks like an invalid CPE, we'll get this taken care of! |
kzantow
moved this from Backlog (Pulled Forward for Priority)
to In Progress (Actively Resolving)
in OSS
Repository owner
moved this from In Progress (Actively Resolving)
to Done
in OSS
Nov 14, 2022
This was referenced Nov 19, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Please provide a set of steps on how to reproduce the issue
syft -q packages --scope all-layers -o cyclonedx amazoncorretto:19.0.1-al2
What happened:
SBOM is created successfully but validation against schema produces the following failure:
CDX 1.4 is invalid: Failed to validate: 3183: Element '{http://cyclonedx.org/schema/bom/1.4}cpe': [facet 'pattern'] The value
'cpe:2.3:o:amazon:amazon_linux:2'is not accepted by the pattern '([c][pP][eE]:/[AHOaho]?(:[A-Za-z0-9.-~%]){0,6})|(cpe:2.3:aho*-{5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[*-]))(:(((?|*?)([a-zA-Z0-9-.]|(\[\*?!"#$$%&'()+,/:;<=>@[]^`{|}~]))+(?*|*?))|[*-])){4})'.What you expected to happen:
Validation to succeed
Environment:
syft version: 0.60.3cat /etc/os-releaseor similar): ubuntu:jammy docker imageThe text was updated successfully, but these errors were encountered: