I have run the sbomqs compilance test on a local SPDX SBOM and the dependencies on other components field shows an error broken-dependencies File-usr-bin-rsync not found. But looking in the SBOM, I can find such a SPDXRef. It seems that this happens for all components that do not define its dependencies in the SBOM.
Steps to reproduce:
Run sbomqs compliance -s test-sbom.spdx.json
Environment:
GitVersion: v2.0.6
GitCommit: 11de6ca
GitTreeState: clean
BuildDate: 2026-03-31T07:17:51Z
GoVersion: go1.25.0
Compiler: gc
Platform: linux/amd64
System: Ubuntu 25.10
Or am I overlooking some issue in the SBOM myself?
Thanks!
test-sbom.spdx.json
test-sbomqs.txt
I have run the sbomqs compilance test on a local SPDX SBOM and the dependencies on other components field shows an error broken-dependencies File-usr-bin-rsync not found. But looking in the SBOM, I can find such a SPDXRef. It seems that this happens for all components that do not define its dependencies in the SBOM.
Steps to reproduce:
Run sbomqs compliance -s test-sbom.spdx.json
Environment:
GitVersion: v2.0.6
GitCommit: 11de6ca
GitTreeState: clean
BuildDate: 2026-03-31T07:17:51Z
GoVersion: go1.25.0
Compiler: gc
Platform: linux/amd64
System: Ubuntu 25.10
Or am I overlooking some issue in the SBOM myself?
Thanks!
test-sbom.spdx.json
test-sbomqs.txt