Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: only output valid cyclonedx license choices #1879

Merged
merged 3 commits into from
Jun 22, 2023

Conversation

kzantow
Copy link
Contributor

@kzantow kzantow commented Jun 15, 2023

CycloneDX was potentially outputting invalid licenses, e.g. "license": [{}] (note the lack of required expression, license.id/name parameters). This PR ensures required parameters are output for CycloneDX licenses.

Fixes #1877

kzantow added 3 commits June 15, 2023 10:52
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
@kzantow kzantow requested a review from a team June 15, 2023 19:12
@spiffcs spiffcs merged commit f79cb95 into anchore:main Jun 22, 2023
@kzantow kzantow deleted the fix/cyclonedx-empty-license branch November 29, 2023 18:23
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
* fix: only output valid cyclonedx license choices

Signed-off-by: Keith Zantow <kzantow@gmail.com>

* chore: update tests

Signed-off-by: Keith Zantow <kzantow@gmail.com>

* chore: return nil for emtpty cdx license list

Signed-off-by: Keith Zantow <kzantow@gmail.com>

---------

Signed-off-by: Keith Zantow <kzantow@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Invalid CycloneDX JSON generated for specific images like "eclipse-temurin:17-jre-alpine"
2 participants