Issue with converting json to cyclonedx format #5666
Closed
Kankarollo
started this conversation in
Bugs
Replies: 3 comments 4 replies
-
Hello @Kankarollo We currently don't include Lines 118 to 122 in b5874e3 But we have already removed the removal of |
Beta Was this translation helpful? Give feedback.
1 reply
-
Created #5765 for this task. |
Beta Was this translation helpful? Give feedback.
0 replies
-
I'm running Trivy 0.53.0. When I try to convert from JSON to CycloneDX, I lose the vulnerabilities. Is there a way to retain them? |
Beta Was this translation helpful? Give feedback.
3 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Description
When you try to convert json report to cyclonedx format with "convert" function of trivy it won't be the same as generating cyclonedx sbom with "image" function. Difference is that during convert "ratings" value in new sbom is empty. We are importing later these sboms to next tools that saves the vulnerabilities info, because of that issue the next tools couldn't recognize vulnerabilities in the report.
Additional misdirecting issue is that during converting json to sbom reports with convert you will receive info:
You will receive error as convert don't have --scanners flag.
Desired Behavior
Converting json report to cyclonedx will give the same output as generating cyclonedx report from the beginning with scan.
Actual Behavior
There is difference between file generated from convert function and file generated from "trivy image --format cyclonedx"
Reproduction Steps
Target
None
Scanner
None
Output Format
None
Mode
None
Debug Output
Operating System
Ubuntu 22.04
Version
Tested on 0.42.0 also. Same issue.
Checklist
trivy image --reset
Beta Was this translation helpful? Give feedback.
All reactions