Skip to content

Fixes issue of empty CBOM creation when no SonarQube rule is activated #388

Open
medha-14 wants to merge 2 commits intocbomkit:mainfrom
medha-14:empty_cbom_fix
Open

Fixes issue of empty CBOM creation when no SonarQube rule is activated #388
medha-14 wants to merge 2 commits intocbomkit:mainfrom
medha-14:empty_cbom_fix

Conversation

@medha-14
Copy link
Copy Markdown

@medha-14 medha-14 commented May 2, 2026

fixes #265

@medha-14 medha-14 requested a review from a team as a code owner May 2, 2026 19:03
@medha-14
fixed empty cbom creation
30b9cd0 
Signed-off-by: medha-14 <medha140904@gmail.com>
@medha-14
Copy link
Copy Markdown
Author

medha-14 commented May 2, 2026

I’ve addressed the issue with the empty cbom.json creation. Please review it when you get a chance and let me know if any further changes are required.

n1ckl0sk0rtge
n1ckl0sk0rtge approved these changes May 5, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@n1ckl0sk0rtge n1ckl0sk0rtge left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution, @medha-14! 🙌

LGTM!

One friendly nudge: if it's feasible, a small regression test asserting "no CBOM file is written when aggregators are empty" would lock this in. I noticed there aren't any existing tests for OutputFileJob / ScannerManager (the static aggregators make it a bit awkward to test cleanly), so this is a nice-to-have rather than a blocker — happy to merge as-is.

Approving. Thanks again!

n1ckl0sk0rtge
n1ckl0sk0rtge previously approved these changes May 5, 2026
View reviewed changes
@medha-14
added test
118e2c4 
Signed-off-by: medha-14 <medha140904@gmail.com>
@medha-14
Copy link
Copy Markdown
Author

medha-14 commented May 8, 2026

@n1ckl0sk0rtge Thanks for the review. I have added the tests, please have a look and let me know if anything else is needed. I’d be happy to iterate further on this if needed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@n1ckl0sk0rtge n1ckl0sk0rtge n1ckl0sk0rtge left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Empty CBOM will be generated even if no SonarQube rule is activated

2 participants

@medha-14 @n1ckl0sk0rtge