You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This has a tangential relation to the earlier issue #3906.
When I use ort to generate an sbom, if the sbom type is SPDX, I see dependency graph information (at the end of the SBOM file). Whereas, if I select CycloneDX as the type, it appears that dependency graph information is missing.
My test case is a clone of the WebGoat project. I'm using a Docker install of ort... If I generate an Analyzer file with:
docker run --rm -v /MyStuff/:/project ort --info analyze -i /project/WebGoat --output-dir /project
and then an SPDX SBOM with:
docker run --rm -v /MyStuff/:/project ort --info report -i /project/analyzer-result.yml -f SpdxDocument -o /project
I see the expected dependency graph information at the end of the file. E.g., here's a snippet:
Apologies if that was a poor selection of word. My thinking was that #3906 had a Maven focus. I'm seeing the missing graph information for projects like WebGoat and Bootstrap...so, not just Maven.
This has a tangential relation to the earlier issue #3906.
When I use ort to generate an sbom, if the sbom type is SPDX, I see dependency graph information (at the end of the SBOM file). Whereas, if I select CycloneDX as the type, it appears that dependency graph information is missing.
My test case is a clone of the WebGoat project. I'm using a Docker install of ort... If I generate an Analyzer file with:
docker run --rm -v /MyStuff/:/project ort --info analyze -i /project/WebGoat --output-dir /project
and then an SPDX SBOM with:
docker run --rm -v /MyStuff/:/project ort --info report -i /project/analyzer-result.yml -f SpdxDocument -o /project
I see the expected dependency graph information at the end of the file. E.g., here's a snippet:
Whereas, if I generate a CycloneDX SBOM with:
docker run --rm -v /MyStuff/:/project ort --info report -i /project/analyzer-result.yml -f CycloneDx -o /project
I don't find any dependency data.
The text was updated successfully, but these errors were encountered: