Skip to content

sbom serialNumber validation handled #195

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
omidtavakoli merged 9 commits into from
Nov 17, 2025
Merged

sbom serialNumber validation handled #195

omidtavakoli merged 9 commits into from
Nov 17, 2025
+127 −5

Conversation

@omidtavakoli
Copy link
Contributor

@omidtavakoli omidtavakoli commented Nov 14, 2025

npm sbom createa an invalid serialNumber like this "serialNumber": "urn:uuid:***" in NodeJsDependencyGenerator. This MR handles and introduces tests on the plugin

@omidtavakoli omidtavakoli self-assigned this Nov 14, 2025
@omidtavakoli omidtavakoli marked this pull request as ready for review November 14, 2025 09:47
ocristian
ocristian reviewed Nov 14, 2025
View reviewed changes
Copy link
Contributor

@ocristian ocristian left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we also discussed removing that field from the JSON, right? Wouldn’t it be less work to simply remove it? If I remember correctly, @omidtavakoli confirmed that DependencyTrack does not require it.

@omidtavakoli
Copy link
Contributor Author

omidtavakoli commented Nov 14, 2025

@ocristian We discussed at the same time to generate the field in the plugin if it was including the *** to not break DependencyTrack in future if it there was an update which uses that field

@omidtavakoli omidtavakoli marked this pull request as draft November 14, 2025 12:14
@omidtavakoli omidtavakoli marked this pull request as ready for review November 14, 2025 15:25
@omidtavakoli omidtavakoli merged commit f1987ee into main Nov 17, 2025
1 check passed
@omidtavakoli omidtavakoli deleted the handle-invalid-serialNumber-sbom branch November 17, 2025 07:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@molikuner molikuner molikuner approved these changes

@felixoldenburg felixoldenburg Awaiting requested review from felixoldenburg

@mohammedalics mohammedalics Awaiting requested review from mohammedalics

@loiro loiro Awaiting requested review from loiro

@ocristian ocristian Awaiting requested review from ocristian

Assignees

@omidtavakoli omidtavakoli

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@omidtavakoli @ocristian @molikuner @free-now-github