Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CycloneDX group field not symmetrically handled by encoder/decoders #2981

Open
wagoodman opened this issue Jun 20, 2024 · 2 comments
Open

CycloneDX group field not symmetrically handled by encoder/decoders #2981

wagoodman opened this issue Jun 20, 2024 · 2 comments
Labels
bug Something isn't working format:cyclonedx CycloneDX related enhancement or bug needs-discussion

Comments

@wagoodman
Copy link
Contributor

We have a few issues around the group field in CycloneDX:

Ultimately what should happen is that:

  • the encoders for CycloneDX should consider spitting the name into name and group based on the package ecosystem
  • the decoders for CycloneDS should consider combining the group back into the name based on the package ecosystem

This would at least help with a few of the grype issues, though, there is more work in grype needed to consider if group should be removed or added when searching for vulnerabilities (which is different than specific SBOM considerations).
@wagoodman wagoodman added bug Something isn't working format:cyclonedx CycloneDX related enhancement or bug labels Jun 20, 2024
@metametadata metametadata mentioned this issue Aug 12, 2024
Closed
@willmurphyscode
Copy link
Contributor

Should be discussed with #1202 and anchore/grype#1886 since these are all interconnected.

@willmurphyscode
Copy link
Contributor

Found another issue that is part of the same cluster of issues: anchore/grype#2037

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working format:cyclonedx CycloneDX related enhancement or bug needs-discussion
Projects
OSS
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wagoodman @willmurphyscode