Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SBOM API will show information logs when verbosity is set to be more restrictive #616

Open
gustavoaca1997 opened this issue Jul 17, 2024 · 1 comment
Open

SBOM API will show information logs when verbosity is set to be more restrictive #616

gustavoaca1997 opened this issue Jul 17, 2024 · 1 comment
Labels
tabled We like this idea, but we are not going to action on it in the moment

Comments

@gustavoaca1997
Copy link
Contributor

Even though we are setting the verbosity to values like Warning, Fatal or Error, we still see the information logs:

##[information]Finished execution of the Generate workflow SBOMTelemetry {Result=Success, Errors=ErrorContainer`1 {Count=0, Errors=[]}, Parameters=Configuration {BuildDropPath=ConfigurationSetting`1 {Value="bin\\debug\\net8.0\\", Source=SBOMApi, IsDefaultSource=False}, BuildComponentPath=ConfigurationSetting`1 {Value="C:\\Users\\gustavoca\\Repos\\github\\GenerateSbomTest\\GenerateSBOMTest", Source=SBOMApi, IsDefaultSource=False}, BuildListFile=null, ManifestPath=null, ManifestDirPath=ConfigurationSetting`1 {Value="bin\\debug\\net8.0\\_manifest", Source=Default, IsDefaultSource=True}, OutputPath=null, Parallelism=ConfigurationSetting`1 {Value=8, Source=SBOMApi, IsDefaultSource=False}, **Verbosity=ConfigurationSetting`1 {Value=Fatal**, Source=SBOMApi, IsDefaultSource=False}, ConfigFilePath=null, ManifestInfo=ConfigurationSetting`1 {Value=[ManifestInfo {Name="SPDX", Version="2.2"}], Source=SBOMApi, IsDefaultSource=False}, HashAlgorithm=null, RootPathFilter=null, CatalogFilePath=null, ValidateSignature=null, IgnoreMissing=null, ManifestToolAction=Generate, PackageName=ConfigurationSetting`1 {Value="GenerateSBOMTest", Source=SBOMApi, IsDefaultSource=False}, PackageVersion=ConfigurationSetting`1 {Value="1.0.0", Source=SBOMApi, IsDefaultSource=False}, PackageSupplier=ConfigurationSetting`1 {Value="Microsoft,Github", Source=SBOMApi, IsDefaultSource=False}, FilesList=null, PackagesList=null, TelemetryFilePath=null, DockerImagesToScan=null, ExternalDocumentReferenceListFile=null, AdditionalComponentDetectorArgs=null, NamespaceUriUniquePart=ConfigurationSetting`1 {Value=null, Source=SBOMApi, IsDefaultSource=False}, NamespaceUriBase=ConfigurationSetting`1 {Value="http://spdx.org/spdxdocs/GenerateSBOMTest", Source=SBOMApi, IsDefaultSource=False}, GenerationTimestamp=ConfigurationSetting`1 {Value=null, Source=SBOMApi, IsDefaultSource=False}, FollowSymlinks=ConfigurationSetting`1 {Value=True, Source=SBOMApi, IsDefaultSource=False}, DeleteManifestDirIfPresent=ConfigurationSetting`1 {Value=True, Source=SBOMApi, IsDefaultSource=False}, FailIfNoPackages=null, FetchLicenseInformation=null, EnablePackageMetadataParsing=null, SbomPath=null, SbomDir=null}, SBOMFormatsUsed=[SBOMFile {SbomFormatName=ManifestInfo {Name="SPDX", Version="2.2"}, SbomFilePath="bin\\debug\\net8.0\\_manifest\\spdx_2.2\\manifest.spdx.json", FileSizeInBytes=6037, TotalNumberOfPackages=2}], Timings=[Timing {EventName="Metadata build time for SPDX:2.2 format", TimeSpan="00:00:00.0059317"}, Timing {EventName="Relationships generation time", TimeSpan="00:00:00.0037158"}, Timing {EventName="External document reference generation time", TimeSpan="00:00:00.0034377"}, Timing {EventName="Packages generation time", TimeSpan="00:00:00.0363482"}, Timing {EventName="Files generation time", TimeSpan="00:00:00.4777338"}, Timing {EventName="Total generation time", TimeSpan="00:00:00.5764000"}], Switches={["DeleteManifestDirIfPresent"]=False}, Exceptions={}, APIExceptions={}, MetadataExceptions={}, TotalLicensesDetected=0, PackageDetailsEntries=0}
@gustavoaca1997 gustavoaca1997 mentioned this issue Jul 17, 2024
Merged
@jlperkins jlperkins added needs triage Default status upon issue submission tabled We like this idea, but we are not going to action on it in the moment and removed needs triage Default status upon issue submission labels Jul 25, 2024
@bstadick
Copy link
Contributor

This issue is a major detriment for using the msbuild tasks as it prints a bunch of extra info and clutters the log and console. It also seems to print this messy table to the console, but that seems to be controlled separate from the logging level.

Image

The core of the issue seems to be with the Microsoft.Sbom.Extensions.DependencyInjection.ServiceCollectionExtensions.AddSbomTool() which takes in a Serilog LogEventLevel which by default is set to the information level. There is also the AddSbomConfiguration method but that doesn't seem to be used in the tools currently.

The two uses of the AddSbomTool method in Microsoft.Sbom.Targets.GenerateSbom and Microsoft.Sbom.Tool.Program do not pass a log level value to the method. So I can only guess that is the cause for the verbosity level on the command line or the msbuild task always being information level.

I'm not familiar enough with the use of IHost and this tool's architecture to come up with a solution, but just hard coding the log level to warning in the AddSbomTool calls at least stops printing the information level messages. This proves the likelihood that this is the cause of the underlying issue.

The table shown above is still being printed and I haven't been able to track down where that is being generated in the code.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
tabled We like this idea, but we are not going to action on it in the moment
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bstadick @gustavoaca1997 @jlperkins