Replies: 2 comments 5 replies
-
Please find attached the output of running |
Beta Was this translation helpful? Give feedback.
1 reply
-
This is indeed a bug. |
Beta Was this translation helpful? Give feedback.
4 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Description
SPDX-JSON files generated with Trivy version
v0.41.0
produces the next warning several times in the SPDX validation tool:This is caused by the
files
array being included for each package instead of being part of the top level document. This seems to be a bug introduced in thev0.41.0
release, asv0.40.0
generates correct SPDX files (according to the same validation tool). Also thehasFiles
property is missing from SPDX files generated withv0.41.0
.Desired Behavior
files
array is properly generated at the top level of the document.Actual Behavior
Reproduction Steps
Target
Filesystem
Scanner
None
Output Format
SPDX
Mode
Standalone
Debug Output
Checklist
trivy --reset
Beta Was this translation helpful? Give feedback.
All reactions