Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Stacktrace thrown when scanning cyclonedx SBOM created against Python project

See original GitHub issue

When running depscan against a bom.xml file generated by CycloneDX for a Python project, the following stack trace is thrown:

Traceback (most recent call last):
  File "/home/matthew/.local/bin/depscan", line 8, in <module>
    sys.exit(main())
  File "/home/matthew/.local/lib/python3.10/site-packages/depscan/cli.py", line 260, in main
    os.makedirs(reports_dir)
  File "/usr/lib/python3.10/os.py", line 225, in makedirs
    mkdir(name, mode)
FileNotFoundError: [Errno 2] No such file or directory: ''

How to reproduce:

  1. Clone the Google Microservice demo: git clone https://github.com/GoogleCloudPlatform/microservices-demo.git
  2. Open the email service (A Python project): cd microservices-demo/src/emailservice
  3. Create the SBOM file: cyclonedx-py -r --output bom.xml
  4. Scan the bom.xml file: depscan --bom "bom.xml" --type bom --report_file depscan.json

This is the sample bom.xml file: bom.zip

Issue Analytics

  • State:closed
  • Created a year ago
  • Comments:10 (6 by maintainers)

github_iconTop GitHub Comments

1reaction
mcaspersoncommented, Nov 1, 2022

@prabhu depscan --src $PWD does work ok.

0reactions
prabhucommented, Nov 22, 2022

Please also test with cdxgen https://github.com/AppThreat/cdxgen and let me know how it looks for your apps.

Read more comments on GitHub >

github_iconTop Results From Across the Web

CycloneDX Tool Center
Dependency Scanning analyzer that uses the GitLab Advisory Database and generates CycloneDX SBOMs. opensource github-action. Generate SBoM for Elixir project.
Read more >
CycloneDX Python SBOM Generation Tool - GitHub
Creates CycloneDX Software Bill of Materials (SBOM) from Python projects and ... This project provides a runnable Python-based application for generating ...
Read more >
Mend Server Release Notes
In a specific case, when the Unified Agent scanned a Gradle project, a stack trace exception was thrown without the error information. Addressed...
Read more >
1 - Update gemnasium to output CycloneDX SBOMs ... - GitLab
Release notes In order to align with a popular Software Bill of Materials (SBOM) industry format standard, Dependency Scanning's gemnasium ...
Read more >
Software Bill of Materials for next Python release
Python should also work on these lines to integrate SBOM in it's build pipeline. CycloneDx by OWASP provides excellent tools to construct SBOMs ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

The --recurse option is not supported for maven, ruby, php, rust, or golang

Next page

Log4J (CVE-2021-44228) was considered as low severity vulnerability