anthonyharrison / sbom4files Goto Github PK

I have created docker based sbom4files Please have a look : https://hub.docker.com/r/netwrkspider/sbom4files

The CycloneDX json files created by sbom4files generate hashes like this:

     "hashes": [
        {
          "alg": "SHA1",
          "content": "9ffc0d3f5c8be409335699037ac8bafbda9e940c"
        },
        {
          "alg": "SHA256",
          "content": "b97a4c91d68acb2ba07a382e4849ef86f156459b85dfe6dbac104332d782fe1e"
        },
        {
          "alg": "SHA512",
          "content": "7f4ba8017754306f4ac93b71b736c7efe14920ff735cb8b189518018f68508ab31ca1d0dbf6a0dfbdd0349f981e8e65564dd14a1ab051b7fd9cffc8e47e4be97"
        }
      ],

However, the tools from CycloneDX have a problem with the "alg" names - they expect "SHA-1", "SHA-256", "SHA-512" (i.e. with a '-' sign after SHA).

It looks like sbom4files does not conform to the specification. See here for details: https://cyclonedx.org/docs/1.5/json/#components_items_hashes_items_alg

Thanks!

When running the "-r" option on a large project folder (with many sub directory levels) on Windows 11, the execution bombs out with the following error below.

In particular, the open source project it was ran against at the top level was: https://github.com/awslabs/visual-asset-management-system

This was run against a clean Git clone (before NPM installs)

Traceback (most recent call last):
  File "C:\Program Files\Python310\lib\runpy.py", line 196, in _run_module_as_main
    return _run_code(code, main_globals, None,
  File "C:\Program Files\Python310\lib\runpy.py", line 86, in _run_code
    exec(code, run_globals)
  File "C:\Program Files\Python310\Scripts\sbom4files.exe\__main__.py", line 7, in <module>
  File "C:\Program Files\Python310\lib\site-packages\sbom4files\cli.py", line 170, in main
    if file_scanner.scan_file(entry):
  File "C:\Program Files\Python310\lib\site-packages\sbom4files\filescanner.py", line 157, in scan_file
    mimetype = magic.from_file(str(filename), mime=True)
  File "C:\Program Files\Python310\lib\site-packages\magic\magic.py", line 135, in from_file
    return m.from_file(filename)
  File "C:\Program Files\Python310\lib\site-packages\magic\magic.py", line 91, in from_file
    return self._handle509Bug(e)
  File "C:\Program Files\Python310\lib\site-packages\magic\magic.py", line 100, in _handle509Bug
    raise e
  File "C:\Program Files\Python310\lib\site-packages\magic\magic.py", line 89, in from_file
    return maybe_decode(magic_file(self.cookie, filename))
  File "C:\Program Files\Python310\lib\site-packages\magic\magic.py", line 255, in magic_file
    return _magic_file(cookie, coerce_filename(filename))
  File "C:\Program Files\Python310\lib\site-packages\magic\magic.py", line 196, in errorcheck_null
    raise MagicException(err)
magic.magic.MagicException: b"line I64u: regex error 14 for `^[[:space:]]*class[[:space:]]+[[:digit:][:alpha:]:_]+[[:space:]]*\\{(.*[\n]*)*\\}(;)?$', (failed to get memory)"

Hi,

python: version 3.11.3
o/s: Windows 10

I installed the sbom4files as instructions. Tried to run it and received the following error:

Traceback (most recent call last):
File "", line 198, in run_module_as_main
File "", line 88, in run_code
File "\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.11_qbz5n2kfra8p0\LocalCache\local-packages\Python311\Scripts\sbom4files.exe_main.py", line 4, in
File "\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.11_qbz5n2kfra8p0\LocalCache\local-packages\Python311\site-packages\sbom4files\cli.py", line 16, in
from sbom4files.filescanner import FileScanner
File "\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.11_qbz5n2kfra8p0\LocalCache\local-packages\Python311\site-packages\sbom4files\filescanner.py", line 7, in
import magic
File "\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.11_qbz5n2kfra8p0\LocalCache\local-packages\Python311\site-packages\magic_init.py", line 209, in
libmagic = loader.load_lib()
^^^^^^^^^^^^^^^^^
File "\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.11_qbz5n2kfra8p0\LocalCache\local-packages\Python311\site-packages\magic\loader.py", line 49, in load_lib
raise ImportError('failed to find libmagic. Check your installation')
ImportError: failed to find libmagic. Check your installation

Hi,

if you try to process a directory like "C:\My Folder\My Project" sbom4files fails because of the blank space in the path.
The error is:

sbom4files: error: unrecognized arguments: Folder

In Windows environment it's common to fix that using double quotes. Something like this:

sbom4files -d "C:\My Folder\My Project" -p MyProject -r --sbom cyclonedx --format json

I tried single quotes too. It didn't work.

sbom4files -d 'C:\My Folder\My Project' -p MyProject -r --sbom cyclonedx --format json