SBOM is missing FE dependencies

XMLWordPrintable

    • Severity 3 - Minor

      Issue Summary

      FE dependencies are missing from the SBOM files (json and csv) in distribution which are customer use to do their own security scanning.

      Steps to Reproduce

      1. Download latest distribution zip (v9.6.4) from website 
      2. Unzip and open csv or json file in /sbom directory
      3. Inspect contexts for "npm" and find 0 results indicating FE dependencies are missing

      Expected Results

      • All FE dependencies should be listed with BE dependencies in the SBOM files (csv and json)

      Actual Results

      • SBOM files only contain BE dependencies (see attached files).

         

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

        1. atlassian-bitbucket-9.6.4.csv
          358 kB
        2. atlassian-bitbucket-9.6.4-cyclonedx-sbom.json
          4.20 MB

              Assignee:
              Khushbu Patel - KT
              Reporter:
              Matthew Hanselman
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: