Skip to content

Calling SbomValidator.ValidateSbomAsync With Directory As OutputPath Returns False Positive #1093

New issue
New issue
Open
#1131
Open
Calling SbomValidator.ValidateSbomAsync With Directory As OutputPath Returns False Positive#1093
#1131
Assignees
JoseRenancopilot-swe-agent
Labels
acceptedWe are working on this and hope to release it into the product
@rdgillespie

Description

@rdgillespie
rdgillespie
opened on May 29, 2025

Current Behaviour

While validating a buildDropPath where one of the files has been intentionally tampered with, passing a directory to the outputPath parameter of the SbomValidator.ValidateSbomAsync method, the returned SBOMValidationResult has the IsSuccessful property set to true.

Expected Behaviour

While validating a buildDropPath where one of the files has been intentionally tampered with, passing a directory to the outputPath parameter of the SbomValidator.ValidateSbomAsync method, the returned SBOMValidationResult has the IsSuccessful property set to false.

Alternatively, an exception should be thrown if the output file cannot be written to.

Steps to Reproduce

  1. Created an artifact and generate an SBOM
  2. Tamper with one of the files so that hash changes
  3. Call ISBOMValidator.ValidateSbomAsync with the outputPath parameter as an existing directory path
  4. Inspect returned result

Additonal Context

Library version used: 3.1.0

Metadata

Metadata

Assignees

Labels

acceptedWe are working on this and hope to release it into the product

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions