Tool does not report correct number of components for nested CycloneDX SBOMs
Closed this issue · 3 comments
schlenk commented
The tool seems to not traverse the component graph properly, see for example:
sbomqs.exe score bom_issue_328_components.json
SBOM Quality Score:5.9 components:2 bom_issue_328_components.json
The SBOM obviously has 4 components described. 1 component in the BOM metadata and three libraries A, B, C.
Using the simple test case file from:
riteshnoronha commented
Let me take a look will get back. I understand the issue, will fix it.
riteshnoronha commented
OK we have a fix here #134, should be part of our next release, if u would like to use it earlier, let me know.
riteshnoronha commented
A new version of the tool v0.0.13 has been released.