Grype doesn't match u-boot in SBOM if type is set to firmware #2537
Labels
Comments
|
Hey @SebastianKonplan, you are right, we currently are not importing You can see the decoding function here. We could probably make this more lenient to include firmware, I've added this to our weekly livestream to discuss. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What happened: If a SBOM is passed with the component u-boot there is no match if the component type is set to firmware. If I change the type to application then the component is matched as expected.
What you expected to happen: Match independent from the type.
How to reproduce it (as minimally and precisely as [possible): grype sbom:u-boot.json
Environment:
Output of
grype version:Application: grype
Version: 0.89.1
BuildDate: 2025-03-13T20:22:27Z
GitCommit: 718ea30
GitDescription: v0.89.1
Platform: linux/amd64
GoVersion: go1.24.1
Compiler: gc
Syft Version: v1.20.0
Supported DB Schema: 6
OS (e.g:
cat /etc/os-releaseor similar): Ubuntu 22.04.5 LTSThe text was updated successfully, but these errors were encountered: