Adding creationInfo details for each sbom being processed
Closed this issue · 1 comments
surendrapathak commented
when --reportFormat
is JSON, we want to improve certain parts:
- In case of any error, wrap the error in JSON and set score to 0
- Include the "tool creator information with each file to help eliminate second parsing for downstream tools. e.g for Syft-0.73.0
"file_name": "/Users/spathak/Downloads/bomber.cyclonedx.json",
"spec": "spdx",
"spec_version": "SPDX-2.3",
"file_format": "json",
"avg_score": 7.945727482678983,
"creation_info": {
"name": "syft",
"version": "v0.73.0"
}
surendrapathak commented
Capturing key points from the discussion today: