Skip to content

Use the official CycloneDX image for source code scanning#14

Open
pashok2398 wants to merge 1 commit intoIBM:mainfrom
pashok2398:change-code-scan-image
Open

Use the official CycloneDX image for source code scanning#14
pashok2398 wants to merge 1 commit intoIBM:mainfrom
pashok2398:change-code-scan-image

Conversation

@pashok2398
Copy link

@pashok2398 pashok2398 commented Jan 29, 2025

The toolkit can not scan JAVA code, getting error:

/bin/sh: line 1: mvn: command not found

The above build errors could be due to:

1. Java version requirement: cdxgen container image bundles Java 23 with maven 3.9 which might be incompatible. Try running cdxgen with the custom JDK11-based image `ghcr.io/cyclonedx/cdxgen-java:v10`.
2. Private dependencies cannot be downloaded: Check if any additional arguments must be passed to maven and set them via MVN_ARGS environment variable.
3. Check if all required environment variables including any maven profile arguments are passed correctly to this tool.

The proposal is to use the official CycloneDX image for source code scanning.
Sources: https://github.com/CycloneDX/cdxgen?tab=readme-ov-file#installing

Signed-off-by: Author Name paveld@il.ibm.com
d0c75eb 
Signed-off-by: Pavel Druyan <paveld@il.ibm.com>
@pashok2398 pashok2398 force-pushed the change-code-scan-image branch from f118d06 to d0c75eb Compare January 29, 2025 14:56
@pashok2398 pashok2398 changed the title Signed-off-by: Author Name paveld@il.ibm.com Use the official CycloneDX image for source code scanning Use the official CycloneDX image for source code scanning Jan 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pashok2398