Generated SBOMs include some Nulls/Unknowns

[davewichers]

Using jbom itself as an example, if you run: java -jar target/jbom-1.2.1.jar -f target/jbom-1.2.1.jar and then look at the generated SBOM, I see these null/unknown entries:

• "manufacture" : { "name" : "Unknown" }
• "bom-ref" : "null:byte-buddy-agent:agent/pom" -- And the "group" for this component is missing above as well.
• "bom-ref" : "null:maven-model:model/pom" -- And group missing.
• "bom-ref" : "null:plexus-utils:3.4.2" -- And group missing.

Under dependencies:

• "ref" : "com.fasterxml.jackson.dataformat:jackson-dataformat-xml:2.14.1",
  "dependsOn" : [
  "com.fasterxml.jackson.core:jackson-core:null",
  "com.fasterxml.jackson.core:jackson-annotations:null",
  "com.fasterxml.jackson.core:jackson-databind:null",
  "com.fasterxml.jackson.module:jackson-module-jakarta-xmlbind-annotations:null",
• "ref" : "null:byte-buddy-agent:agent/pom", (and maven-model and plexus-utils as well)
• "ref" : "net.java.dev.msv:xsdlib:INF/maven/net.java.dev.msv/xsdlib/pom",
  "dependsOn" : [
  "relaxngDatatype:relaxngDatatype:null",
  "junit:junit:null",
  "jdom:jdom:null"

It looks like the null's are caused by 1 or 2 different issues that, when fixed, will hopefully fix a bunch of these per fix.

[dhruvesh9]

Hello @davewichers / @JoeBeeton ,

I noticed that issue #18 is still open and unassigned. I have found a solution to this problem and I am interested in fixing it. Would it be possible to assign this issue to me so that I can create a pull request with the proposed fix?

Thank you for your time and consideration. I look forward to contributing to this project.

Best regards,
Dhruvesh

[davewichers]

@dhruvesh9 - Just submit your pull request and reference this issue. You don't need to have the issue assigned to you to do that. Thanks for researching/proposing a fix.

[planetlevel]

@dhruvesh9 - I assigned this to you... would love to see a PR. Thx.

[planetlevel]

@dhruvesh9 - any progress?