Skip to content

bug: [0000] ERROR unable to determine case for -: unable to determine SBOM or licenses for stdin: sbom format not recognized #215

New issue
New issue
Open
Open
bug: [0000] ERROR unable to determine case for -: unable to determine SBOM or licenses for stdin: sbom format not recognized#215
Labels
bugSomething isn't working
@ElectricBlueSheep

Description

@ElectricBlueSheep
ElectricBlueSheep
opened on Jun 4, 2025

What happened:
When using grant check on my CycloneDX generated application.cdx.json SBOM from my JVM project, I get a wrong error log statement, although the check is working as expected without failure.

I verified that the check is still working by changing my grant configuration in the .grant.yaml and saw, that all configured rules get applied correctly.

Wrong log statement:
[0000] ERROR unable to determine case for -: unable to determine SBOM or licenses for stdin: sbom format not recognized

Full log output:

/grant -vvv check ./application/build/reports/application.cdx.json
[0000]  INFO grant version: 0.2.7
[0000] DEBUG config:
  log:
      quiet: false
      level: trace
      file: ""
  dev:
      profile: none
  config: .grant.yaml
  output: table
  show-packages: false
  non-spdx: false
  quiet: false
  osi-approved: false
  rules:
     - name: MIT
        reason: \<redacted>
        pattern: MIT
        severity: ""
        mode: allow
        exceptions: []
      \<redacted additional configured rules>  
      - name: default-deny-all
        reason: All licenses need to be explicitly allowed
        pattern: '*'
        severity: ""
        mode: deny
        exceptions: []  
[0000] ERROR unable to determine case for -: unable to determine SBOM or licenses for stdin: sbom format not recognized
[0000] TRACE worker stopped component=eventloop
[0000] TRACE signal exit component=eventloop
* ./application/build/reports/application.cdx.json
  * No License Violations Found for Rule MIT
  \<redacted additional configured rules>

What you expected to happen:
The wrong error log is not shown.

Steps to reproduce the issue:
I see the behavior with Grant versions 0.2.4 and 0.2.7 . I can only reproduce the bug in our CI. Grant runs there inside an Alpine 3.22.0 Docker image on a Linux host.

The bug does not occur when running Grant locally on macOS 15.5 . It also does not occur when I run the Alpine Docker image through Docker Desktop on my macOS machine.

My guess is that the bug should be reproducible on a machine running Linux natively.

Environment:

  • Output of grant version: 0.2.7
  • OS (e.g: cat /etc/os-release or similar): Alpine Linux 3.22.0 Docker Image on Linux host

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    OSS

    Status

    Ready

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions