cdxgen command when run with --project-name and --project-version instead of --project-id parameter not working as intended #673
Comments
|
@visagansanthanam-unisys, 403 error is due to an invalid API key. Could you pass double quotes around the key and check for any extra space in the arguments etc? |
|
@prabhu the same key is used on the earlier statement, and it worked fine. The main issue here is.
|
|
@sahil3112, could you kindly replicate and suggest a fix if this turns out to be a problem? |
|
Hi @prabhu , I tried to reproduce the issue, and there are some issues, I am able to generate SBOM when there is no --project-version argument used SBOM not generated --project-version 1.0 SBOM not generated --project-version "1.0" SBOM Generated --project-version 1.0-r SBOM generated I will check with latest release |
|
@sahil3112 could you test this PR branch #684 |
|
@prabhu the issue does not seem to be completely resolved. cdxgen command is working fine when we pass the value for --project-version anything other than "1.0". if we pass a value as "1.0" it creates a new project in dependencytracker with version as "master" |
|
Hi @prabhu , I have uploaded the same SBOM multiple times and now no new project is created if we use the same project name and project version, I use the below command to verify Without Parent With Parent if the project name and version are the same then no new project is created, and SBOM is uploaded to the same existing project |
|
@prabhu I tested the version and it seems to be working fine now. Thanks for the fix. |
|
@visagansanthanam-unisys to confirm are you referring to the PR #721 ? |
|
Thank you so much for verifying the fixes! |
When we use the cdxgen command with project-name and project-version, and try to upload a sbom to a existing project, in dependency tracker the tool (cdxgen) creates a new project instead of uploading the sbom into existing project.
cdxgen -r -p --validate --deep --server-url https://ccd-1-api.na.uis.unisys.com --api-key redacted --project-name udb-account-service --project-version 1.0 -o sbom.jsonthe above command creates a new project instead of updating into existing project
When we try to provide a non existing project name and version, we get a following error
So in both cases, for a existing project or a new project, the parameters project-name and version doesnot work as intended. however usage of project-id works without any issues, but using project-name and version will help in automating sbom generation especially when there are more than one repository and versions in a project.
The text was updated successfully, but these errors were encountered: