Suggestion: Missing `project.assets.json` as warning instead of an error
afrischk opened this issue · 1 comments
afrischk commented
I was looking for an alternative to https://github.com/microsoft/sbom-tool with CycloneDX support and came across this repo. Thanks for the tool! :-)
One suggestion though: The SBOM generation failed for me because I had no project.assets.json in one of my subprojects. As a result no SBOM was generated at all. My preference would be to see missing project.assets.json as an warning that does not prevent the generation of the SBOM.
and
What do you think?
patriksvensson commented
@afrischk I think that an error is the best way to go here. However, there really should be a way of saying "I don't care about this project" and exclude the project from the SBOM.