sbomqs: DTrack Score: Failed to get project: invalid character '<'

Hello,

I’m trying to tag a Dtrack project with sbomqs score. The command I am running is:

sbomqs dtrackScore -D -t true -u https://dependency-track-host-url-of-my-company.com -k $DTRACK_API_KEY $DTRACK_PROJECT_UUID

The output is:

2023-08-24T18:39:24.329-0400	DEBUG	engine/dtrack.go:46	engine.DtrackScore()
2023-08-24T18:39:24.331-0400	DEBUG	engine/dtrack.go:48	Config: &{Url:https://dependency-track-host-url-of-my-company.com ApiKey:********* ProjectIds:[de46d3c2-f650-4ea3-a15b-db3bc38c02da] Json:false Basic:false Detailed:false TagProjectWithScore:true}
2023-08-24T18:39:24.331-0400	DEBUG	engine/dtrack.go:58	Processing project de46d3c2-f650-4ea3-a15b-db3bc38c02da
2023-08-24T18:39:24.736-0400	FATAL	engine/dtrack.go:62	Failed to get project: invalid character '<' looking for beginning of value
github.com/interlynk-io/sbomqs/pkg/engine.DtrackScore
	github.com/interlynk-io/sbomqs@v0.0.19/pkg/engine/dtrack.go:62
github.com/interlynk-io/sbomqs/cmd.glob..func1
	github.com/interlynk-io/sbomqs@v0.0.19/cmd/dtrackScore.go:48
github.com/spf13/cobra.(*Command).execute
	github.com/spf13/cobra@v1.7.0/command.go:940
github.com/spf13/cobra.(*Command).ExecuteC
	github.com/spf13/cobra@v1.7.0/command.go:1068
github.com/spf13/cobra.(*Command).Execute
	github.com/spf13/cobra@v1.7.0/command.go:992
github.com/interlynk-io/sbomqs/cmd.Execute
	github.com/interlynk-io/sbomqs@v0.0.19/cmd/root.go:42
main.main
	github.com/interlynk-io/sbomqs@v0.0.19/main.go:20
runtime.main
	runtime/proc.go:250

Tried from:

  • My local M2 MacBook Pro
  • Bitbucket Pipelines Cloud Runner, as part of our CI
~ sbomqs version
  ____    ____     ___    __  __    ___    ____
 / ___|  | __ )   / _ \  |  \/  |  / _ \  / ___|
 \___ \  |  _ \  | | | | | |\/| | | | | | \___ \
  ___) | | |_) | | |_| | | |  | | | |_| |  ___) |
 |____/  |____/   \___/  |_|  |_|  \__\_\ |____/
sbomqs: sbomqs application provides sbom quality scores.

GitVersion:    v0.0.19
GitCommit:     6744ad2ecf54ea0e22fb406db6bb56f8d1957871
GitTreeState:  clean
BuildDate:     '2023-07-13T20:56:47Z'
GoVersion:     go1.20.6
Compiler:      gc
Platform:      darwin/arm64

I have also tried with and without the -t option but to no avail.

Any idea on why this error is happening? I did confirm that the Project ID is accurate (copied from the URL after navigating to the project within Dependency Track)

Thank you!

About this issue

  • Original URL
  • State: closed
  • Created 10 months ago
  • Comments: 17 (10 by maintainers)

Most upvoted comments

Thank you @riteshnoronha ! It works perfectly now 🥳

+2
aravindparappil46 on Aug 25, 2023

@aravindparappil46 v0.0.20 has been released, i have attached a success log, and how it looks like it. Please feel free to reach out if you have any other suggestions or feedback.

sbomqs dtrackScore -D -u "http://localhost:8081/" -k "bAjCEERhYfm0gqi6GLzcu5FwuQgdcp5p" 7b381c1c-a7d2-4f49-a643-fc005cbe8260 -b -t
2023-08-24T23:01:29.047-0700    DEBUG   engine/dtrack.go:46     engine.DtrackScore()
2023-08-24T23:01:29.048-0700    DEBUG   engine/dtrack.go:48     Config: &{Url:http://localhost:8081/ ApiKey:bAjCEERhYfm0gqi6GLzcu5FwuQgdcp5p ProjectIds:[7b381c1c-a7d2-4f49-a643-fc005cbe8260] Json:false Basic:true Detailed:false TagProjectWithScore:true}
2023-08-24T23:01:29.048-0700    DEBUG   engine/dtrack.go:58     Processing project 7b381c1c-a7d2-4f49-a643-fc005cbe8260
2023-08-24T23:01:29.176-0700    DEBUG   engine/score.go:126     Processing file :/tmp/tmpfile-7b381c1c-a7d2-4f49-a643-fc005cbe82603568878701

2023-08-24T23:01:29.180-0700    DEBUG   sbom/sbom.go:151        SBOM detect spec:cyclonedx format:json
2023-08-24T23:01:29.194-0700    DEBUG   engine/dtrack.go:91     Project: []
2023-08-24T23:01:29.194-0700    DEBUG   engine/dtrack.go:100    Tagging project with sbomqs=8.3
2023-08-24T23:01:29.194-0700    DEBUG   engine/dtrack.go:101    Project: [{Name:sbomqs=8.3}]
8.3     ID: 7b381c1c-a7d2-4f49-a643-fc005cbe8260, Name: TestProject, Version: 1
+1
riteshnoronha on Aug 25, 2023

Yes, and failed to stat Error: stat : no such file or directory is an sbomqs bug, which i have fixed, and will release tomorrow.

+1
riteshnoronha on Aug 25, 2023

@aravindparappil46 two issues

  1. If you are running DT using the docker-compose file, it starts the api-server on port 8081. Hence your command should reflect it.
sbomqs dtrackScore -D -t true -u "https://dependency-track-host-url-of-my-company.com:8081" -k $DTRACK_API_KEY $DTRACK_PROJECT_UUID
  1. Found a bug in sbomqs, have fixed it with https://github.com/interlynk-io/sbomqs/pull/182. We have another fix we are working on, so we will release a new version 0.0.20 tomorrow.

Again please feel free for providing feedback or feature requests.

+1
riteshnoronha on Aug 25, 2023

Ok testing it locally will let u know

+1
riteshnoronha on Aug 25, 2023
Read more comments on GitHub
← intercom-ruby: Unable to delete custom_attributes fields
lmdeploy: [Bug] Memory leak for api_server →