Comments (5)
sbaloo
commented on August 16, 2024
3
Does the correction can be simple to replace is if (!bomParser.isValid(bomFile)) by if (!bomParser.isValid(bomFile,schemaVersion))
in following code
`
private void writeXMLBom(final CycloneDxSchema.Version schemaVersion, final Bom bom)
throws GeneratorException, ParserConfigurationException, TransformerException, IOException {
final BomXmlGenerator bomGenerator = BomGeneratorFactory.createXml(schemaVersion, bom);
bomGenerator.generate();
final String bomString = bomGenerator.toXmlString();
final File bomFile = new File(buildDir, "reports/bom.xml");
getLogger().info(MESSAGE_WRITING_BOM_XML);
FileUtils.write(bomFile, bomString, StandardCharsets.UTF_8, false);
getLogger().info(MESSAGE_VALIDATING_BOM);
final Parser bomParser = new XmlParser();
try {
if (!bomParser.isValid(bomFile)) {
throw new GradleException(MESSAGE_VALIDATION_FAILURE);
}
} catch (Exception e) { // Changed to Exception.
// Gradle will erroneously report "exception IOException is never thrown in body of corresponding try statement"
throw new GradleException(MESSAGE_VALIDATION_FAILURE, e);
}
}
`
from cyclonedx-gradle-plugin.
thefang12
commented on August 16, 2024
1
@stevespringett yes it seems like this is still an issue with 1.3.0
Environment:
Gradle 7.0
Build time: 2021-04-09 22:27:31 UTC
Revision: d5661e3f0e07a8caff705f1badf79fb5df8022c4
Kotlin: 1.4.31
Groovy: 3.0.7
Ant: Apache Ant(TM) version 1.10.9 compiled on September 27 2020
JVM: 1.8.0_282 (AdoptOpenJDK 25.282-b08)
Command Output:
➜ gradle cyclonedxBom -info
Initialized native services in: /Users/arturo.alonso/.gradle/native
The client will now receive all logging from the daemon
(pid: 71940). The daemon log file: /Users/arturo.alonso/.gradle/daemon/7.0/daemon-71940.out.log
Starting 4th build in daemon [uptime: 1 mins 50.613 secs, performance: 99%, non-heap usage: 23% of 256 MiB]
Using 12 worker leases.
Now considering [/private/var/folders/xq/3yjf7y6d6kx4jfjjfyfn7hkr0000gq/T/junit2848716798378917290] as hierarchies to watch
Not watching anything anymore
Watching the file system is enabled if available
Starting Build
Settings evaluated using settings file '/private/var/folders/xq/3yjf7y6d6kx4jfjjfyfn7hkr0000gq/T/junit2848716798378917290/settings.gradle'.
Projects loaded. Root project using build file '/private/var/folders/xq/3yjf7y6d6kx4jfjjfyfn7hkr0000gq/T/junit2848716798378917290/build.gradle'.
Included projects: [root project 'hello-world']
> Configure project :
Evaluating root project 'hello-world' using build file '/private/var/folders/xq/3yjf7y6d6kx4jfjjfyfn7hkr0000gq/T/junit2848716798378917290/build.gradle'.
All projects evaluated.
Selected primary task 'cyclonedxBom' from project :
Tasks to be executed: [task ':cyclonedxBom']
Tasks that were excluded: []
:cyclonedxBom (Thread[Execution worker for ':',5,main]) started.
> Task :cyclonedxBom FAILED
Caching disabled for task ':cyclonedxBom' because:
Build cache is disabled
Task ':cyclonedxBom' is not up-to-date because:
Task has not declared any outputs despite executing actions.
CycloneDX: Parameters
------------------------------------------------------------------------
schemaVersion : VERSION_11
includeBomSerialNumber : true
------------------------------------------------------------------------
CycloneDX: Resolving Dependencies
CycloneDX: Creating BOM
CycloneDX: Writing BOM XML
CycloneDX: Validating BOM
:cyclonedxBom (Thread[Execution worker for ':',5,main]) completed. Took 0.042 secs.
FAILURE: Build failed with an exception.
* What went wrong:
Execution failed for task ':cyclonedxBom'.
> The BOM does not conform to the CycloneDX BOM standard
* Try:
Run with --stacktrace option to get the stack trace. Run with --debug option to get more log output. Run with --scan to get full insights.
* Get more help at https://help.gradle.org
BUILD FAILED in 594ms
1 actionable task: 1 executed
Sample project:
from cyclonedx-gradle-plugin.
stevespringett
commented on August 16, 2024
Is this still an issue with v1.3.0 of the plugin?
from cyclonedx-gradle-plugin.
technoo10201
commented on August 16, 2024
Hello guys, Hello @stevespringett,
I have the same issue here with 1.3.0, when i set schemaVersion 1.1.
CycloneDX: Parameters
------------------------------------------------------------------------
schemaVersion : VERSION_11
includeBomSerialNumber : true
------------------------------------------------------------------------
CycloneDX: Resolving Dependencies
CycloneDX: Creating BOM
CycloneDX: Writing BOM XML
CycloneDX: Validating BOM
:cyclonedxBom (Thread[Execution worker for ':',5,main]) completed.
from cyclonedx-gradle-plugin.
S-Callier
commented on August 16, 2024
I am stumbling on the same issue, the pull request is also fixing the issue for me.
Any idea when it my be merged / released?
from cyclonedx-gradle-plugin.
Related Issues (20)
- Plugin version 1.8.0 referencing version 1.7.4 in output HOT 1
- Version 1.8.0 doesn't actually produce SBOMs with 1.5 schema version HOT 1
- I made an error building the BOM table for multiple projects by using the --init-script option. I don't know what happened HOT 4
- Gradle configurations not being merged, resulting bom is made by a single random configuration
- I generated the SBOM error through init.gradle. Do you need to make any configuration changes? The error and configuration are as follows.
- Latest version 1.8.1 is not compatible with gradle 7.5.1. HOT 3
- Regex support for skipped and included configurations
- Capture Input Task Names and Extra Build Arguments in BOM
- Publish BOM files to Artifact repository with JAR file, like Maven plugin HOT 2
- Dependencies list is empty for :app module in Android project. HOT 2
- Android project: The BOM does not conform to the CycloneDX BOM standard HOT 6
- Cyclonedx version 1.7.3 causes "No signature of method: org.apache.maven.model.profile.activation.FileProfileActivator.setPathTranslator() is applicable for argument types: (org.apache.maven.model.path.DefaultPathTranslator) " HOT 1
- Should default config include test scope? HOT 1
- buildEnvironment missing?
- ProjectDependency are missing from the components section of the BOM HOT 3
- Make this plugin work in another project HOT 1
- XmlPullParserException when using with io.gatling.gradle:3.11.2 plugin HOT 2
- Mark components from test configurations
- cyclonedxBom feature for android library app not working HOT 6
- Issues using custom archive names with a multi-project setup
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cyclonedx-gradle-plugin.