Skip to content

fix: split SBOM generation into separate steps for each format#21

Merged
ramonclaudio merged 1 commit intomainfrom
fix/sbom-format-issue
Sep 7, 2025
Merged

fix: split SBOM generation into separate steps for each format#21
ramonclaudio merged 1 commit intomainfrom
fix/sbom-format-issue

Conversation

@ramonclaudio
Copy link
Owner

@ramonclaudio ramonclaudio commented Sep 7, 2025

Summary

  • Split SBOM generation into three separate steps
  • Generate SPDX JSON, CycloneDX JSON, and CycloneDX XML independently
  • Fix workflow failure caused by unsupported comma-separated format string

Problem

The workflow was failing with:

ERROR 1 error occurred:
* unsupported output format "spdx-json,cyclonedx-json,cyclonedx-xml"

Syft v1.24.0 doesn't support comma-separated multiple output formats in a single command.

Solution

Run the anchore/sbom-action three times, once for each format:

  1. SPDX JSON → create-claude-VERSION.sbom.spdx.json
  2. CycloneDX JSON → create-claude-VERSION.sbom.cyclonedx.json
  3. CycloneDX XML → create-claude-VERSION.sbom.cyclonedx.xml

Testing

This fix ensures all three SBOM formats are generated correctly and the workflow completes successfully.

@ramonclaudio
fix: split SBOM generation into separate steps for each format
d7c86fc 
- Syft doesn't support comma-separated formats in a single command
- Generate SPDX JSON, CycloneDX JSON, and CycloneDX XML separately
- Each format gets its own anchore/sbom-action step with correct output filename
@ramonclaudio ramonclaudio merged commit 475f5d4 into main Sep 7, 2025
5 checks passed
@ramonclaudio ramonclaudio deleted the fix/sbom-format-issue branch September 7, 2025 16:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ramonclaudio