Cyclone report doesn't contains vulnerability array #11789
-
|
I have exported Cyclone report but vulnerability array is missing, so it is importing 0 vulnerability currently I am using below command please help me regarding this |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
|
Could you let us know what you are tyring to achieve? Is it that you want to generate an SBOM for Defect Dojo? |
Beta Was this translation helpful? Give feedback.
-
|
yes, we are scanning repositories for generating sbom report to be imported in defectdojo |
Beta Was this translation helpful? Give feedback.
-
|
If the vulnerability array is missing in the SBOM, then you will see 0 vulnerabilities in Defect Dojo.
Here's the dosc which has an example with |
Beta Was this translation helpful? Give feedback.
-
|
Tried Grype earlier today, and it worked. However, I found GHSA vulnerabilities, although I was expecting CVE. But it's fine. Thanks, man! Appreciate it. |
Beta Was this translation helpful? Give feedback.
If the vulnerability array is missing in the SBOM, then you will see 0 vulnerabilities in Defect Dojo.
cdxgenby itself doesn't scan for vulnerabilities, it only generates the bill of material. If you're looking to scan also for vulnerabilities and include those in the SBOM, you'll need something liketrivyorgrype.Here's the dosc which has an example with
grype: https://docs.defectdojo.com/en/connecting_your_tools/parsers/file/cyclonedx/