Skip to content

fix: correct the artifact report paths in mvn-sbom for Jib

Describe the bug

The mvn-sbom job in the Jib variant has mismatched artifacts.

Expected behavior

The job should find and upload the sbom artifacts produced by Syft.

Actual behavior

The job script defines the output of the scan results. The artifacts:paths and artifact:reports look for a different file.

Logs and/or screenshots

Company Confidential (snippet) below...

Uploading artifacts for successful job
Uploading artifacts...
WARNING: reports/mvn-jib-sbom-*.cyclonedx.json: no matching files
ERROR: No files to upload

Context & Configuration

Company confidential, however, this is clearly an issue introduced in the development of the template during the discussion of "naming" the jobs and artifacts. "My bad."