Skip to content

SBOM Utility passing SBOM with unexpected WITH clause #131

New issue
New issue
Open
Open
SBOM Utility passing SBOM with unexpected WITH clause#131
Labels
enhancementNew feature or requesthelp wantedExtra attention is neededworking as designedThe description indicates the tool is working as designed
@nigellh

Description

@nigellh
nigellh
opened on Jun 12, 2025

Our SBOM tool created an invalid license in that it was defined as an expression and not as it should have been as a name. (Currently being fixed.

We ran the SBOM Utility against it and it passed the validation, but it would not import into Dependency Track.

The issue is that what is in the expression is not a valid expression. DT correctly picked this up, but the utility passed it.

      {
        "expression": "Apache-2.0 WITH LLVM-exception"
      },

      "licenses": [
        {
          "expression": "Apache-2.0 WITH LLVM-exception"
        }
      ],

In this case, the tool should have thrown a wobbly as it is not valid.

Our work around is to change the license to Apache-2.0-with-LLVM-exception and that forces it to name.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requesthelp wantedExtra attention is neededworking as designedThe description indicates the tool is working as designed

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions