Chapter 4. Known issues

Searching by SBOM version gives inconsistent results

When using Software Bill of Materials (SBOM) version numbers as search criteria, you can get inconsistent results. In some cases, the search engine can find SBOM version numbers that have the version number in the file name or in the document_id field. In other cases, the search engine finds no matching SBOM versions, even with a valid SBOM version number. There is currently no workaround for this issue.

SBOM uploads start at 100%

When uploading multiple files from the Upload page within the RHTPA Console, those SBOM documents waiting to be uploaded show 100%, instead of 0%. Currently, there is no workaround for this issue.

Long SBOM names display outside the pie chart boundaries

When a Software Bill of Materials (SBOM) has a long name, the name can exceed the pie chart boundaries. Currently, there is no workaround for this issue.

Remote server connection drops on bulk uploads that use the API

When uploading a compressed SBOM document that uses the RHTPA API, for example, a 350 MB compressed file, the connection to the remote RHTPA service can drop. This causes a partial uploading of the files. To workaround this issue, split the larger SBOM document into smaller sizes, for example, a compressed file roughly 10-20 MB in size. This allows the uploading to finish successfully.

Vulnerability information cannot be deleted by using the API

Using the RHTPA API to delete vulnerabilities and Common Vulnerabilities and Exposures (CVE) information gives a foreign key constraints error message. With this release, we added a Not implemented message in the return code. In a future release, we are going to deprecate this delete function.

No support for CPE version 2.3

The Common Platform Enumeration (CPE) specification and Software Bill of Materials (SBOM) formatted with string bindings does not render properly in the RHTPA console, and when exporting license information. There is currently no workaround for this issue.

Trusted Profile Analyzer 2.0 requires Helm version 3.17 or later

To install RHTPA 2.0, you must use Helm version 3.17 or later to deploy the Trusted Profile Analyzer service on the Red Hat OpenShift Container Platform.

No support for CVSS v4 scores

Currently, there is no support for Common Vulnerability Scoring System (CVSS) version 4 scores in RHTPA.

Advisories with an environment or temporal score fails to upload

A Common Security Advisory Framework (CSAF) document with a Common Vulnerability Scoring System (CVSS) vector that has an environment or temporal score can fail when uploading it to RHTPA. Because of this upload failure, you cannot see the advisory within the RHTPA console. Currently, there is no workaround for this issue.