HTML report generation fails silently when processing entire folder containing an "empty" SBOM #208
Description
Generation of HTML report for an entire directory fails silently when the directory contains an "empty" SBOM. I'm using latest version 0.4.8 and the following invocation:
bomber scan --debug --output html ./temp
In temp folder I have multiple SBOMs (all json format, generated using the "CycloneDX Gradle plugin" in a multi-project gradle setup). Some of the SBOMs are from gradle projects that don't add any extra dependency, so the resulting SBOMs are "empty". As soon as Bomber encounters one of these empty SBOMs it stops processing without giving a meaningful error message. Also --debug output doesn't expose any useful information. When I remove all the "empty" SBOMs, Bomber works correctly.
An example of an "empty" SBOM :
{
"bomFormat" : "CycloneDX",
"specVersion" : "1.5",
"serialNumber" : "urn:uuid:339661e5-161c-4261-ae90-39e54cb9cd95",
"version" : 1,
"metadata" : {
"timestamp" : "2024-03-12T21:07:08Z",
"tools" : [
{
"vendor" : "CycloneDX",
"name" : "cyclonedx-gradle-plugin",
"version" : "1.8.2"
}
],
"component" : {
"group" : "xxxxxxx.xxx",
"name" : "mailReceiver",
"version" : "LOCAL-BUILD-SNAPSHOT",
"purl" : "pkg:maven/xxxxxxx.xxx/mailReceiver@LOCAL-BUILD-SNAPSHOT?type=jar",
"type" : "library",
"bom-ref" : "pkg:maven/xxxxxxx.xxx/mailReceiver@LOCAL-BUILD-SNAPSHOT?type=jar"
}
},
"dependencies" : [
{
"ref" : "pkg:maven/xxxxxxx.xxx/mailReceiver@LOCAL-BUILD-SNAPSHOT?type=jar",
"dependsOn" : [ ]
}
]
}