-
-
Notifications
You must be signed in to change notification settings - Fork 141
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cdxgen fails to find all dependencies #1094
Comments
@emcfins Have you tried running with |
We are using the same tooling for multiple projects - we have a mix of projects of different languages and some projects are a mix of languages so we use |
@emcfins have you tried without specifying any type? |
Oh - no I haven't. I'll give that a shot. Thank you! |
Not specifying didn't work. Unfortunately, that returned 4287 components |
@aryan-rajoria could you kindly work with @emcfins, since this is false negatives? |
So I did some digging.
Is it possible that cdxgen is just looking for a single Pipfile rather than all Pipfiles? |
@emcfins Let me know if you would like to sponsor or contribute this feature. |
I'm happy to sponsor - what does it take? |
When viewing the dependency graph for Connected Mobility Solution on AWS, it shows a total of 7,484.
But when I clone the repo and run
CDXGEN_DEBUG_MODE=debug FETCH_LICENSE=true cdxgen -t universal --spec-version 1.4 -o bom.json
, the components section of the bom.json file, the components section only has 4289.For example, I find some dependencies missing from the sbom that are defined in the lock file here
What am I doing wrong?
Thank you
The text was updated successfully, but these errors were encountered: