UI incorrectly displays "No SBOM" at top-level for multi-artefact images

[alee-x]

Expected behavior and actual behavior:
When there are multiple artefacts for a tag, if any artefact has a SBOM the repo artefact list should indicate that a SBOM exists in the same way it does for tags with single artefacts. If this is not possible/desired, this should at least be called out in the Harbor documentation.
Screenshot of UI behaviour for single artefact tag (good/expected):

Actual behavior:
When there are multiple artefacts for a tag, the repo artefact list always displays "No SBOM", even when there is one. The user has to click through to the specific OCI index artefact's list to see if any SBOMs exist.
Screenshot of UI behaviour for multiple artefact tag (bad):

Screenshot of UI when clicked through to the OCI index artefact's list showing that there are SBOMs:

Steps to reproduce the problem:

1. Build multi-arch container (or container with attached provenance artefact).
2. Push to Harbor.
3. Go to the project repo in Harbor, select checkbox for the multi-arch image you've just pushed, and click "Generate SBOM". It will look like either nothing has happened or it has silently failed.
4. Refresh the page, the "SBOM" column will now say "No SBOM" (or sometimes will just be blank).
5. For the image in question, click on the folder icon ("Click to view this OCI index's artifact list") next to it.
6. See that there are SBOMs for at least one artefact.

This also happens with "Generate SBOM on push" project setting enabled.

Versions:
Please specify the versions of following systems.

• harbor version: v2.14.2-3a2df66d
• docker engine version: version 27.4.1, build b9d17ea
• docker-compose version: v2.32.1

[ipsitapp8]

Heyyy @alee-x !!
I’d like to work on this issue.

From my understanding, the UI currently determines the top-level SBOM
status based only on the parent artifact, which causes "No SBOM" to be
displayed even when one or more child artifacts contain SBOMs.

I plan to update the UI logic to evaluate SBOM availability across all
artifacts and only show "No SBOM" when none of the related artifacts
have SBOM data.

Please let me know if this approach sounds good. Thanks!

[bupd]

@alee-x I believe this is already fixed

• duplicate of UI displays 'No SBOM' for multi-architecture images despite SBOM availability #21424

[alee-x]

@alee-x I believe this is already fixed

• duplicate of UI displays 'No SBOM' for multi-architecture images despite SBOM availability #21424

As included in the bug report, I am running Harbor v2.14.2 (the latest) so there's possibly a regression between that fix and the current version, or that fix didn't actually fix it.

Also I see that the fix in that was to leave the column empty. I observed this happening in my instance, though it was 50/50 whether you'd get an empty column or a "No SBOM" entry. However, that still isn't desired behaviour as it's highly confusing.

If this isn't something that it's possible to fix, can this at least be explicitly called out in the Harbor documentation please? I wasted 4 hours troubleshooting today due to this and of the docs gave even a small hint of the behaviour it would have saved me a lot of aggravation!