syft icon indicating copy to clipboard operation
syft copied to clipboard
verified publisher icon anchore

Remove duplicates in cyclonedx-json format when same bom-ref

Open arkajnag23 opened this issue 1 year ago • 1 comments

What would you like to be added: Remove duplicates in cyclonedx-json format when same bom-ref

Why is this needed: As we plan to report the json file to governance for EU and US audit, having duplicate records, feels wrong. I understand when determining the bom-ref, we are adding a package-id for making it unique for a library, but can't we remove that and
add within the properties with multiple json objects showing the source of the package.

               {
                    "name": "source",
                    "value": "<path 1>"
                },
                {
                    "name": "source",
                    "value": "<path 2>"
                }

Additional context:

arkajnag23 avatar Aug 15 '24 19:08 arkajnag23

Hi @arkajnag23,

Could you help us understand this problem a little bit more specifically? The JSON you included isn't enough information for me to understand what the problem is. Which fields are being duplicated?

My recommendation is to scan a publicly available Docker image (so you don't have any confidentiality concerns on posting it) and attach a cyclonedx-json output to this issue, and discuss what information is duplicated in order to illustrate the problem.

willmurphyscode avatar Aug 28 '24 14:08 willmurphyscode