Wrong UID for Component Data and `null` UUID
dlg1206 opened this issue · 1 comments
dlg1206 commented
The wrong Unique Identifier is used for adding components.
https://github.com/SoftwareDesignLab/plugfest-tooling/blob/110fe837b42d2c6ee4f240428b5e6f8d227d1ca5/core/src/main/java/org/nvip/plugfest/tooling/translator/TranslatorCDXXML.java#L240
It should be .getUUID(). UniqueID in this case refers to a unique SBOM identifier, ie bom-ref or SPDXID. This UUID is also never instantiated outside of the dependencyTree, so a new component will have a null UUID and cause issues as a key