Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

No hashes in boms

See original GitHub issue

Upgraded from 4.0.21 to 4.0.41 and the boms being produced do not have hashes included for the components. Sorry if I’ve missed something obvious. command used: cdxgen -t java -o bom.xml A sample of each output is below.

4.0.21 <component type="library" bom-ref="pkg:maven/p2.eclipse-plugin/org.apache.commons.jxpath@1.3.0.v200911051830?type=jar"> <group>p2.eclipse-plugin</group> <name>org.apache.commons.jxpath</name> <version>1.3.0.v200911051830</version> <scope>optional</scope> <hashes> <hash alg="MD5">dd4d333f38384e6570c3cdced36f1ba7</hash> <hash alg="SHA-1">7aba488947c98427d91318f885ccd99e3fcb0785</hash> <hash alg="SHA-256">0278be02a3027aadb3e37a15dd48c536bb27d7327ec9cee7700be19032c0eb98</hash> <hash alg="SHA-384">fdc1a7ea6af6cc177d136d2bcccff27ba2c044ea5d63ba2290b757b0351374303daab838b363bb7483284bd23a206371</hash> <hash alg="SHA-512">ff24dc78613083fefa3a6e3528ced4dc0b9fb4ac30a99fed4b90aa8ce85a3d90b064ddaa856de3630a7629944a9125b070aaaee2dc4deb35921d523007f71003</hash> </hashes> <purl>pkg:maven/p2.eclipse-plugin/org.apache.commons.jxpath@1.3.0.v200911051830?type=jar</purl> </component>

4.0.41: <component type="library" bom-ref="pkg:maven/p2.eclipse-plugin/org.apache.commons.jxpath@1.3.0.v200911051830"> <group>p2.eclipse-plugin</group> <name>org.apache.commons.jxpath</name> <version>1.3.0.v200911051830</version> <description/> <scope>optional</scope> <licenses/> <purl>pkg:maven/p2.eclipse-plugin/org.apache.commons.jxpath@1.3.0.v200911051830</purl> </component>

Issue Analytics

  • State:closed
  • Created a year ago
  • Comments:5

github_iconTop GitHub Comments

prabhucommented, Nov 3, 2022

Thanks @reynoldsaltair . Please take the latest version which includes the fix.

reynoldsaltaircommented, Nov 3, 2022

Yep. Will let you know the result!

Read more comments on GitHub >

github_iconTop Results From Across the Web

Add "Hash of all the hashes" to speed up processing bom ...
Dtrack can gather hashes of the all components in the uploaded bom and generates the new one to compare against "last uploaded sbom...
Read more >
hashcat Forum - No hashes loaded, line length exception?
I think there is some special byte in there, like the windows BOM etc. Hashcat doesn't expect that there is any other bytes...
Read more >
MD5 of an UTF16LE (without BOM and 0-Byte End) in Swift
but I am not able to generate the correct MD5 hash. I generated a byte array of the input string and removed the...
Read more >
john-users - Re: Getting error while using john command
I understand why we care about character encodings in wordlists, but not in password hash files. Also, why is seeing a UTF-16 BOM...
Read more >
john the ripper, on kali linux it outputs no password hashes ...
I'm going to guess that you're testing this on Kali itself; having ran the following command successfully:
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found