Tool does not report correct number of components for nested CycloneDX SBOMs

Question

Closed this issue a year ago · 3 comments

The tool seems to not traverse the component graph properly, see for example:

sbomqs.exe score bom_issue_328_components.json
SBOM Quality Score:5.9  components:2    bom_issue_328_components.json

The SBOM obviously has 4 components described. 1 component in the BOM metadata and three libraries A, B, C.

Using the simple test case file from:

Answer 1 · 2023-04-06T11:57:23.000Z

Let me take a look will get back. I understand the issue, will fix it.

Answer 2 · 2023-04-06T15:29:13.000Z

OK we have a fix here #134, should be part of our next release, if u would like to use it earlier, let me know.

Answer 3 · 2023-04-07T13:28:21.000Z

A new version of the tool v0.0.13 has been released.