You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This seems to be invalid as cyclonedx cli crashes at exactly this point:
Unhandled exception: System.Text.Json.JsonException: The JSON value could not be converted to CycloneDX.Models.Dependency. Path: $.dependencies[4] | LineNumber: 4909 | BytePositionInLine: 5.
at CycloneDX.Json.Converters.DependencyConverter.Read(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options)
at System.Text.Json.Serialization.JsonConverter`1.TryRead(Utf8JsonReader& , Type , JsonSerializerOptions , ReadStack& , T& )
at System.Text.Json.Serialization.JsonCollectionConverter`2.OnTryRead(Utf8JsonReader& , Type , JsonSerializerOptions , ReadStack& , TCollection& )
at System.Text.Json.Serialization.JsonConverter`1.TryRead(Utf8JsonReader& , Type , JsonSerializerOptions , ReadStack& , T& )
at System.Text.Json.Serialization.Metadata.JsonPropertyInfo`1.ReadJsonAndSetMember(Object , ReadStack& , Utf8JsonReader& )
at System.Text.Json.Serialization.Converters.ObjectDefaultConverter`1.OnTryRead(Utf8JsonReader& , Type , JsonSerializerOptions , ReadStack& , T& )
at System.Text.Json.Serialization.JsonConverter`1.TryRead(Utf8JsonReader& , Type , JsonSerializerOptions , ReadStack& , T& )
at System.Text.Json.Serialization.JsonConverter`1.ReadCore(Utf8JsonReader& , JsonSerializerOptions , ReadStack& )
at System.Text.Json.JsonSerializer.ReadCore[TValue](JsonConverter , Utf8JsonReader& , JsonSerializerOptions , ReadStack& )
at System.Text.Json.JsonSerializer.ReadCore[TValue](JsonReaderState& , Boolean , ReadOnlySpan`1 , JsonSerializerOptions , ReadStack& , JsonConverter )
at System.Text.Json.JsonSerializer.ContinueDeserialize[TValue](ReadBufferState& , JsonReaderState& , ReadStack& , JsonConverter , JsonSerializerOptions )
at System.Text.Json.JsonSerializer.ReadAllAsync[TValue](Stream , JsonTypeInfo , CancellationToken )
at CycloneDX.Json.Serializer.DeserializeAsync(Stream jsonStream)
at CycloneDX.Cli.CliUtils.InputBomHelper(String filename, CycloneDXBomFormat format)
at CycloneDX.Cli.Commands.AnalyzeCommand.Analyze(AnalyzeCommandOptions options)
at System.CommandLine.Invocation.CommandHandler.GetExitCodeAsync(Object value, InvocationContext context)
at System.CommandLine.Invocation.ModelBindingCommandHandler.InvokeAsync(InvocationContext context)
at System.CommandLine.Invocation.InvocationPipeline.<>c__DisplayClass4_0.<<BuildInvocationChain>b__0>d.MoveNext()
--- End of stack trace from previous location ---
at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass23_0.<<UseParseErrorReporting>b__0>d.MoveNext()
--- End of stack trace from previous location ---
at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass16_0.<<UseHelp>b__0>d.MoveNext()
--- End of stack trace from previous location ---
at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass27_0.<<UseVersionOption>b__1>d.MoveNext()
--- End of stack trace from previous location ---
at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass25_0.<<UseTypoCorrections>b__0>d.MoveNext()
--- End of stack trace from previous location ---
at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<UseSuggestDirective>b__24_0>d.MoveNext()
--- End of stack trace from previous location ---
at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass22_0.<<UseParseDirective>b__0>d.MoveNext()
--- End of stack trace from previous location ---
at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass11_0.<<UseDebugDirective>b__0>d.MoveNext()
--- End of stack trace from previous location ---
at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<RegisterWithDotnetSuggest>b__10_0>d.MoveNext()
--- End of stack trace from previous location ---
at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass14_0.<<UseExceptionHandler>b__0>d.MoveNext()
Desired Behavior
Don't output "dependsOn": null.
Actual Behavior
see above, Trivy 0.41.0 did not do this
Reproduction Steps
1. Install trivy
2. Run trivy fs on a node project creating a cyclonedx json file
3. use cyclonedx cli to analyze the resulting file
...
kind/bugCategorizes issue or PR as related to a bug.triage/duplicateIndicates an issue is a duplicate of other open issue.
2 participants
Heading
Bold
Italic
Quote
Code
Link
Numbered list
Unordered list
Task list
Attach files
Mention
Reference
Menu
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Description
Trivy 0.42.0 creates cyclonedx json output that includes
"dependsOn": null:Example:
This seems to be invalid as cyclonedx cli crashes at exactly this point:
Desired Behavior
Don't output
"dependsOn": null.Actual Behavior
see above, Trivy 0.41.0 did not do this
Reproduction Steps
Target
Filesystem
Scanner
None
Output Format
CycloneDX
Mode
Standalone
Debug Output
Operating System
macOS, Linux (Debian)
Version
Checklist
trivy --resetBeta Was this translation helpful? Give feedback.
All reactions