sbom-tool icon indicating copy to clipboard operation
sbom-tool copied to clipboard
verified publisher icon microsoft

Wrong supplier in RootPackage of SBOM

Open Brend-Smits opened this issue 3 years ago • 3 comments

Hey there,

I am working on generating an SBOM for a GitHub Action that sets up this SBOM-Tool in a convenient way (see: https://github.com/philips-software/sbom-tool-installer-action). After generating the SBOM, I noticed that the supplier field of the RootPackage is set to Organization: Microsoft, which seems incorrect. There should be a parameter to control this value.

I uploaded the SBOM as a Gist. Please have a look here: https://gist.github.com/Brend-Smits/90b62120de7abc989c2768c92a2a49c8#file-sbom-tool-installer-action-sbom-L10757-L10772

Brend-Smits avatar Jul 27 '22 10:07 Brend-Smits

Thanks for bringing this to our attention, will add a parameter to the tool for this.

aasim avatar Jul 29 '22 17:07 aasim

Thanks for bringing this to our attention, will add a parameter to the tool for this.

Is this something I can help with? I don't mind opening a PR.

Brend-Smits avatar Jul 30 '22 09:07 Brend-Smits

Thanks @Brend-Smits , @ByAgenT is already working on a fix for this. But how about you help us fixing https://github.com/microsoft/sbom-tool/issues/85?

edgarrs avatar Aug 02 '22 18:08 edgarrs