Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SPDX][TV] SBOM value format is incorrect for LicenseID #1651

Closed
surendrapathak opened this issue Mar 5, 2023 · 1 comment · Fixed by #1657
Closed

[SPDX][TV] SBOM value format is incorrect for LicenseID #1651

surendrapathak opened this issue Mar 5, 2023 · 1 comment · Fixed by #1657
Assignees
@kzantow
Labels
bug Something isn't working

Comments

@surendrapathak
Copy link

Summary

SPDX value format is missing or incorrect for LicenseID on line number 13888 in the linked SBOM.

LicenseID: LicenseRef-MIT/X11

Background

  1. Download syft version 0.73.0
  2. Generate sbom with syft packages {image}:{version} -o {syft_format} --file {out_file} for ubuntu tag kinetic
  3. Observe the following error:

SPDX value format is missing or incorrect for LicenseID

Expected behavior

LicenseID should be valid SPDX string.
Rule: "LicenseRef-"[idstring] where [idstring] is a unique string containing letters, numbers, . and/or -.
Error: LicenseID contains '/'

Screenshots

If applicable, add screenshots to help explain the problem.

Repository

Which repository causes this error?

  • ubuntu:kinetic

Additional Context

Optional - add any other context about the problem here.

Acceptance Criteria

The "done" criteria when this feature or problem is resolved. Such as:

  1. Unit Tests added and running in CI
  2. Functional Tests updated to cover feature, if applicable
  3. Demonstrate the set of capabilities to the product team

References

Limited to SPDX.
Finder: sbomqs
SBOM: sbomlc-ubuntu-kinetic
@surendrapathak surendrapathak added the bug Something isn't working label Mar 5, 2023
@kzantow kzantow self-assigned this Mar 6, 2023
@kzantow kzantow added this to OSS Mar 6, 2023
@kzantow kzantow moved this to In Progress in OSS Mar 6, 2023
@kzantow kzantow mentioned this issue Mar 6, 2023
Merged
@kzantow kzantow moved this from In Progress to In Review in OSS Mar 6, 2023
@kzantow
Copy link
Contributor

kzantow commented Mar 6, 2023

Good catch @surendrapathak! Will be fixed with PR #1657

@github-project-automation github-project-automation bot moved this from In Review to Done in OSS Mar 6, 2023
This was referenced Mar 9, 2023
Open
Open
Closed
Closed
Merged
Closed
Closed
Merged
@dependabot dependabot bot mentioned this issue Mar 20, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kzantow kzantow

Labels
bug Something isn't working
Projects
OSS
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: sanitize SPDX LicenseRefs kzantow-anchore/syft
2 participants
@surendrapathak @kzantow