Syft convert from cdx.json -> syft.json -> cdx.json fails #3574

henrysachs · 2025-01-09T10:34:48Z

What happened:

I tried to convert a cyclone dx json to syft-json and back to cyclone dx, after that i received an error from syft

[0000] ERROR failed to decode SBOM: unable to decode syft-json document: unable to find source metadata type=""

What you expected to happen:

I receive a file in the CycloneDX JSON format

Steps to reproduce the issue:

taken the example cyclonedx json from: https://github.com/CycloneDX/bom-examples/blob/master/SBOM/keycloak-10.0.2/bom.json

syft convert bom.json -o syft-json > bom-syft.json
syft convert bom-syft.json -o cyclonedx-json

Anything else we need to know?:

I already dug a bit deeper into this and its because the whole source area is empty as soon as you write "directory" into type for example everything works

Environment:

Output of syft version:

Application: syft
Version:    1.18.1
BuildDate:  2024-12-13T18:41:10Z
GitCommit:  5e16e5031a13f8a11057feb8544decebfc43b4ed
GitDescription: v1.18.1
Platform:   darwin/arm64
GoVersion:  go1.23.4
Compiler:   gc

OS (e.g: cat /etc/os-release or similar):
MacOs 15.2

The text was updated successfully, but these errors were encountered:

henrysachs added the bug Something isn't working label Jan 9, 2025

anchoretoolsops added this to OSS Jan 9, 2025

henrysachs mentioned this issue Jan 9, 2025

syft convert cycloneDx Metadata is lost after reconvert #3575

Open

spiffcs added the needs-investigation label Jan 15, 2025

spiffcs moved this to Backlog in OSS Jan 15, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Syft convert from cdx.json -> syft.json -> cdx.json fails #3574

Syft convert from cdx.json -> syft.json -> cdx.json fails #3574

henrysachs commented Jan 9, 2025

Syft convert from cdx.json -> syft.json -> cdx.json fails #3574

Syft convert from cdx.json -> syft.json -> cdx.json fails #3574

Comments

henrysachs commented Jan 9, 2025