Replies: 1 comment 2 replies
-
Without further details hard to say. I would start diffing the SBOMs to understand the differences. Probably it is then possible to get a better understanding what are the differences and what is the root cause.
Without testcases and further details on how to reproduce this issue I can't do anything |
Beta Was this translation helpful? Give feedback.
-
|
Thanks @m-1-k-3 for the response — that’s exactly what I’m trying to understand. I tested older versions (1.5.1 and 1.5.2) as well as the latest release (2.0.0), and they all exhibit the same behavior, at least for the software package I scanned. Additional findings Highly Possible Cause found |
Beta Was this translation helpful? Give feedback.
-
|
If p99 is different then you need to find the issue in pre-testing (extraction) phase. As this is the source for all the other modules it makes sense that we get different results if the p99 csv differs. Keep us updated. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
While investigating a CVE reporting issue, I noticed that different runs of EMBA generate different EMBA_cyclonedx_sbom.json files for the same software package, even though the environment and software contents remain identical.
Could you please explain why this nondeterministic behavior occurs?
Below are three runs with different EMBA_cyclonedx_sbom.json file sizes
74044 Dec 19 21:17 scan-log/SBOM/EMBA_cyclonedx_sbom.json
67384 Dec 19 21:50 scan-log/SBOM/EMBA_cyclonedx_sbom.json
70727 Dec 19 21:32 scan-log/SBOM/EMBA_cyclonedx_sbom.json
Beta Was this translation helpful? Give feedback.
All reactions