update container images (#1611)

* Use amazon corretto for java8 Signed-off-by: Prabhu Subramanian <[email protected]> * Use amazon corretto for java8 Signed-off-by: Prabhu Subramanian <[email protected]> * Update jdk 23 version. Adds golang to python310 and 311 image. Signed-off-by: Prabhu Subramanian <[email protected]> * Bump version Signed-off-by: Prabhu Subramanian <[email protected]> * Upgrade setuptools in python images Signed-off-by: Prabhu Subramanian <[email protected]> --------- Signed-off-by: Prabhu Subramanian <[email protected]>
CycloneDX · Jan 30, 2025 · 7fb050a · 7fb050a
1 parent 6e066ee
commit 7fb050a
Show file tree

Hide file tree

Showing 30 changed files with 61 additions and 42 deletions.
diff --git a/ci/Dockerfile b/ci/Dockerfile
@@ -16,7 +16,7 @@ ARG SWIFT_PLATFORM=ubi9
 ARG SWIFT_BRANCH=swift-6.0.3-release
 ARG SWIFT_VERSION=swift-6.0.3-RELEASE
 ARG SWIFT_WEBROOT=https://download.swift.org
-ARG JAVA_VERSION=23.0.1-tem
+ARG JAVA_VERSION=23.0.2-tem
 ARG SBT_VERSION=1.10.7
 ARG MAVEN_VERSION=3.9.9
 ARG GRADLE_VERSION=8.12.1
@@ -91,7 +91,7 @@ RUN set -e; \
     && alternatives --install /usr/bin/python3 python /usr/bin/python${PYTHON_VERSION} 10 \
     && alternatives --install /usr/bin/python3 python3 /usr/bin/python${PYTHON_VERSION} 10 \
     && /usr/bin/python${PYTHON_VERSION} --version \
-    && /usr/bin/python${PYTHON_VERSION} -m pip install --no-cache-dir --upgrade pip virtualenv \
+    && /usr/bin/python${PYTHON_VERSION} -m pip install --no-cache-dir --upgrade setuptools wheel pip virtualenv \
     && /usr/bin/python${PYTHON_VERSION} -m pip install --no-cache-dir --upgrade pipenv poetry blint atom-tools uv --target /opt/pypi \
     && /opt/pypi/bin/poetry --version \
     && /opt/pypi/bin/pipenv --version \

diff --git a/ci/Dockerfile-bun b/ci/Dockerfile-bun
@@ -16,7 +16,7 @@ ARG SWIFT_PLATFORM=ubi9
 ARG SWIFT_BRANCH=swift-6.0.3-release
 ARG SWIFT_VERSION=swift-6.0.3-RELEASE
 ARG SWIFT_WEBROOT=https://download.swift.org
-ARG JAVA_VERSION=23.0.1-tem
+ARG JAVA_VERSION=23.0.2-tem
 ARG SBT_VERSION=1.10.7
 ARG MAVEN_VERSION=3.9.9
 ARG GRADLE_VERSION=8.12.1

diff --git a/ci/Dockerfile-deno b/ci/Dockerfile-deno
@@ -16,7 +16,7 @@ ARG SWIFT_PLATFORM=ubi9
 ARG SWIFT_BRANCH=swift-6.0.3-release
 ARG SWIFT_VERSION=swift-6.0.3-RELEASE
 ARG SWIFT_WEBROOT=https://download.swift.org
-ARG JAVA_VERSION=23.0.1-tem
+ARG JAVA_VERSION=23.0.2-tem
 ARG SBT_VERSION=1.10.7
 ARG MAVEN_VERSION=3.9.9
 ARG GRADLE_VERSION=8.12.1
@@ -86,7 +86,7 @@ RUN set -e; \
     && alternatives --install /usr/bin/python3 python /usr/bin/python${PYTHON_VERSION} 10 \
     && alternatives --install /usr/bin/python3 python3 /usr/bin/python${PYTHON_VERSION} 10 \
     && python${PYTHON_VERSION} --version \
-    && python${PYTHON_VERSION} -m pip install --no-cache-dir --upgrade pip virtualenv \
+    && python${PYTHON_VERSION} -m pip install --no-cache-dir --upgrade setuptools wheel pip virtualenv \
     && python${PYTHON_VERSION} -m pip install --no-cache-dir --upgrade pipenv poetry blint atom-tools uv --target /opt/pypi \
     && curl -fsSL https://deno.land/x/install/install.sh | sh \
     && deno install -g --allow-read --allow-env --allow-run --allow-sys=uid,systemMemoryInfo,gid,homedir --allow-write --allow-net -n cdxgen --node-modules-dir=auto "npm:@cyclonedx/cdxgen/cdxgen" \

diff --git a/ci/Dockerfile-secure b/ci/Dockerfile-secure
@@ -16,7 +16,7 @@ ARG SWIFT_PLATFORM=ubi9
 ARG SWIFT_BRANCH=swift-6.0.3-release
 ARG SWIFT_VERSION=swift-6.0.3-RELEASE
 ARG SWIFT_WEBROOT=https://download.swift.org
-ARG JAVA_VERSION=23.0.1-tem
+ARG JAVA_VERSION=23.0.2-tem
 ARG SBT_VERSION=1.10.7
 ARG MAVEN_VERSION=3.9.9
 ARG GRADLE_VERSION=8.12.1
@@ -97,7 +97,7 @@ RUN set -e; \
     && alternatives --install /usr/bin/python3 python /usr/bin/python${PYTHON_VERSION} 10 \
     && alternatives --install /usr/bin/python3 python3 /usr/bin/python${PYTHON_VERSION} 10 \
     && /usr/bin/python${PYTHON_VERSION} --version \
-    && /usr/bin/python${PYTHON_VERSION} -m pip install --no-cache-dir --upgrade pip virtualenv \
+    && /usr/bin/python${PYTHON_VERSION} -m pip install --no-cache-dir --upgrade setuptools wheel pip virtualenv \
     && /usr/bin/python${PYTHON_VERSION} -m pip install --no-cache-dir --upgrade pipenv poetry blint atom-tools uv --target /opt/pypi \
     && /opt/pypi/bin/poetry --version \
     && /opt/pypi/bin/pipenv --version \

diff --git a/ci/base-images/README.md b/ci/base-images/README.md
@@ -53,6 +53,14 @@ Java 11 version with Android 33 SDK and gcc
 docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $HOME/.m2:$HOME/.m2 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-java11:v11 -r /app -o /app/bom.json -t java
 ```
 
+Java 8
+
+Use the java 11 image but pass `-t java8`.
+
+```shell
+docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $HOME/.m2:$HOME/.m2 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-java11-slim:v11 -r /app -o /app/bom.json -t java8
+```
+
 Java 17 version
 
 ```shell

diff --git a/ci/base-images/debian/Dockerfile.dotnet6 b/ci/base-images/debian/Dockerfile.dotnet6
@@ -1,6 +1,6 @@
 FROM mcr.microsoft.com/dotnet/sdk:6.0-bookworm-slim
 
-ARG JAVA_VERSION=23.0.1-tem
+ARG JAVA_VERSION=23.0.2-tem
 ARG NODE_VERSION=22.13.1
 
 ENV JAVA_VERSION=$JAVA_VERSION \

diff --git a/ci/base-images/debian/Dockerfile.dotnet8 b/ci/base-images/debian/Dockerfile.dotnet8
@@ -1,6 +1,6 @@
 FROM mcr.microsoft.com/dotnet/sdk:8.0
 
-ARG JAVA_VERSION=23.0.1-tem
+ARG JAVA_VERSION=23.0.2-tem
 ARG NODE_VERSION=23.6.1
 
 ENV JAVA_VERSION=$JAVA_VERSION \

diff --git a/ci/base-images/debian/Dockerfile.dotnet9 b/ci/base-images/debian/Dockerfile.dotnet9
@@ -1,6 +1,6 @@
 FROM mcr.microsoft.com/dotnet/sdk:9.0
 
-ARG JAVA_VERSION=23.0.1-tem
+ARG JAVA_VERSION=23.0.2-tem
 ARG NODE_VERSION=23.6.1
 
 ENV JAVA_VERSION=$JAVA_VERSION \

diff --git a/ci/base-images/debian/Dockerfile.ruby33 b/ci/base-images/debian/Dockerfile.ruby33
@@ -1,6 +1,6 @@
 FROM ruby:3.3.6
 
-ARG JAVA_VERSION=23.0.1-tem
+ARG JAVA_VERSION=23.0.2-tem
 ARG NODE_VERSION=23.6.1
 ARG ATOM_RUBY_VERSION=3.4.1
 

diff --git a/ci/base-images/debian/Dockerfile.ruby34 b/ci/base-images/debian/Dockerfile.ruby34
@@ -1,6 +1,6 @@
 FROM ruby:3.4
 
-ARG JAVA_VERSION=23.0.1-tem
+ARG JAVA_VERSION=23.0.2-tem
 ARG NODE_VERSION=23.6.1
 
 ENV JAVA_VERSION=$JAVA_VERSION \

diff --git a/ci/base-images/opensuse/Dockerfile.python310 b/ci/base-images/opensuse/Dockerfile.python310
@@ -1,12 +1,15 @@
 FROM registry.opensuse.org/opensuse/bci/python:3.10
 
+ARG GO_VERSION=1.23.5
+
 ENV LC_ALL=en_US.UTF-8 \
     LANG=en_US.UTF-8 \
     LANGUAGE=en_US.UTF-8 \
+    GOPATH=/opt/app-root/go \
     npm_config_python=/usr/bin/python3.10 \
     PYTHONPATH=/opt/pypi
 
-ENV PATH=${PATH}:/usr/local/bin:/opt/pypi/bin:
+ENV PATH=${PATH}:/usr/local/bin:/opt/pypi/bin:${GOPATH}/bin:/usr/local/go/bin:
 RUN set -e; \
     ARCH_NAME="$(rpm --eval '%{_arch}')"; \
     url=; \
@@ -31,8 +34,12 @@ RUN set -e; \
     && update-alternatives --install /usr/bin/python python /usr/bin/python3.10 10 \
     && update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.10 10 \
     && mkdir /opt/pypi \
-    && python -m pip install --no-cache-dir --upgrade pip virtualenv \
+    && python -m pip install --no-cache-dir --upgrade setuptools pip virtualenv \
     && python -m pip install --no-cache-dir --upgrade poetry pipenv uv --target /opt/pypi \
+    && curl -LO "https://dl.google.com/go/go${GO_VERSION}.linux-${GOBIN_VERSION}.tar.gz" \
+    && tar -C /usr/local -xzf go${GO_VERSION}.linux-${GOBIN_VERSION}.tar.gz \
+    && rm go${GO_VERSION}.linux-${GOBIN_VERSION}.tar.gz \
+    && go telemetry off \
     && npm install -g npm \
     && npm install -g node-gyp corepack \
     && npx node-gyp install \

diff --git a/ci/base-images/opensuse/Dockerfile.python39 b/ci/base-images/opensuse/Dockerfile.python39
@@ -30,7 +30,7 @@ RUN set -e; \
     && update-alternatives --install /usr/bin/python python /usr/bin/python3.9 10 \
     && update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.9 10 \
     && mkdir /opt/pypi \
-    && python -m pip install --no-cache-dir --upgrade pip virtualenv \
+    && python -m pip install --no-cache-dir --upgrade setuptools pip virtualenv \
     && python -m pip install --no-cache-dir --upgrade poetry pipenv uv --target /opt/pypi \
     && npm install -g npm \
     && node -v \

diff --git a/ci/base-images/sle/Dockerfile.dotnet7 b/ci/base-images/sle/Dockerfile.dotnet7
@@ -1,6 +1,6 @@
 FROM registry.suse.com/bci/dotnet-sdk:7.0
 
-ARG JAVA_VERSION=23.0.1-tem
+ARG JAVA_VERSION=23.0.2-tem
 
 ENV DOTNET_GENERATE_ASPNET_CERTIFICATE=false \
     DOTNET_NOLOGO=true \

diff --git a/ci/base-images/sle/Dockerfile.java b/ci/base-images/sle/Dockerfile.java
@@ -43,9 +43,7 @@
     && sdk install maven $MAVEN_VERSION \
     && sdk install gradle $GRADLE_VERSION \
     && sdk install sbt $SBT_VERSION \
-    && sdk offline enable \
     && mv /root/.sdkman/candidates/* /opt/ \
-    && rm -rf /root/.sdkman \
     && mkdir -p ${ANDROID_HOME}/cmdline-tools \
     && curl -L https://dl.google.com/android/repository/commandlinetools-linux-8512546_latest.zip -o ${ANDROID_HOME}/cmdline-tools/android_tools.zip \
     && unzip ${ANDROID_HOME}/cmdline-tools/android_tools.zip -d ${ANDROID_HOME}/cmdline-tools/ \

diff --git a/ci/base-images/sle/Dockerfile.java-slim b/ci/base-images/sle/Dockerfile.java-slim
@@ -38,9 +38,7 @@ RUN set -e; \
     && sdk install maven $MAVEN_VERSION \
     && sdk install gradle $GRADLE_VERSION \
     && sdk install sbt $SBT_VERSION \
-    && sdk offline enable \
     && mv /root/.sdkman/candidates/* /opt/ \
-    && rm -rf /root/.sdkman \
     && curl -L --output /usr/bin/bazel https://github.com/bazelbuild/bazelisk/releases/latest/download/bazelisk-linux-${GOBIN_VERSION} \
     && chmod +x /usr/bin/bazel \
     && bazel --version \

diff --git a/ci/base-images/sle/Dockerfile.java17 b/ci/base-images/sle/Dockerfile.java17
@@ -41,9 +41,7 @@ RUN set -e; \
     && sdk install maven $MAVEN_VERSION \
     && sdk install gradle $GRADLE_VERSION \
     && sdk install sbt $SBT_VERSION \
-    && sdk offline enable \
     && mv /root/.sdkman/candidates/* /opt/ \
-    && rm -rf /root/.sdkman \
     && mkdir -p ${ANDROID_HOME}/cmdline-tools \
     && curl -L https://dl.google.com/android/repository/commandlinetools-linux-11076708_latest.zip -o ${ANDROID_HOME}/cmdline-tools/android_tools.zip \
     && unzip ${ANDROID_HOME}/cmdline-tools/android_tools.zip -d ${ANDROID_HOME}/cmdline-tools/ \

diff --git a/ci/base-images/sle/Dockerfile.java17-slim b/ci/base-images/sle/Dockerfile.java17-slim
@@ -37,9 +37,7 @@ RUN set -e; \
     && sdk install maven $MAVEN_VERSION \
     && sdk install gradle $GRADLE_VERSION \
     && sdk install sbt $SBT_VERSION \
-    && sdk offline enable \
     && mv /root/.sdkman/candidates/* /opt/ \
-    && rm -rf /root/.sdkman \
     && curl -L --output /usr/bin/bazel https://github.com/bazelbuild/bazelisk/releases/latest/download/bazelisk-linux-${GOBIN_VERSION} \
     && chmod +x /usr/bin/bazel \
     && bazel --version \

diff --git a/ci/base-images/sle/Dockerfile.lang b/ci/base-images/sle/Dockerfile.lang
@@ -1,6 +1,6 @@
 FROM registry.suse.com/bci/python:3.12
 
-ARG JAVA_VERSION=23.0.1-tem
+ARG JAVA_VERSION=23.0.2-tem
 ARG MAVEN_VERSION=3.9.9
 ARG GCC_VERSION=13
 ARG NODE_VERSION=23.6.1

diff --git a/ci/base-images/sle/Dockerfile.node20 b/ci/base-images/sle/Dockerfile.node20
@@ -1,6 +1,6 @@
 FROM registry.suse.com/bci/nodejs:20
 
-ARG JAVA_VERSION=23.0.1-tem
+ARG JAVA_VERSION=23.0.2-tem
 ARG GCC_VERSION=13
 
 ENV JAVA_VERSION=$JAVA_VERSION \

diff --git a/ci/base-images/sle/Dockerfile.python311 b/ci/base-images/sle/Dockerfile.python311
@@ -1,21 +1,23 @@
 FROM registry.suse.com/bci/python:3.11
 
-ARG JAVA_VERSION=23.0.1-tem
+ARG JAVA_VERSION=23.0.2-tem
 ARG MAVEN_VERSION=3.9.9
 ARG GCC_VERSION=13
 ARG NODE_VERSION=20.18.1
+ARG GO_VERSION=1.23.5
 
 ENV JAVA_VERSION=$JAVA_VERSION \
     MAVEN_VERSION=$MAVEN_VERSION \
     JAVA_HOME="/opt/java/${JAVA_VERSION}" \
     MAVEN_HOME="/opt/maven/${MAVEN_VERSION}" \
+    GOPATH=/opt/app-root/go \
     LC_ALL=en_US.UTF-8 \
     LANG=en_US.UTF-8 \
     LANGUAGE=en_US.UTF-8 \
     NVM_DIR="/root/.nvm" \
     npm_config_python=/usr/bin/python3.11 \
     PYTHONPATH=/opt/pypi
-ENV PATH=${PATH}:/root/.nvm/versions/node/v${NODE_VERSION}/bin:${JAVA_HOME}/bin:${MAVEN_HOME}/bin:/usr/local/bin:/opt/pypi/bin:
+ENV PATH=${PATH}:/root/.nvm/versions/node/v${NODE_VERSION}/bin:${JAVA_HOME}/bin:${MAVEN_HOME}/bin:/usr/local/bin:/opt/pypi/bin:${GOPATH}/bin:/usr/local/go/bin:
 RUN set -e; \
     ARCH_NAME="$(rpm --eval '%{_arch}')"; \
     url=; \
@@ -41,10 +43,12 @@ RUN set -e; \
     && source "$HOME/.sdkman/bin/sdkman-init.sh" \
     && sdk install java $JAVA_VERSION \
     && sdk install maven $MAVEN_VERSION \
-    && sdk offline enable \
     && mv /root/.sdkman/candidates/* /opt/ \
-    && rm -rf /root/.sdkman \
-    && python3 -m pip install --no-cache-dir --upgrade pip virtualenv \
+    && curl -LO "https://dl.google.com/go/go${GO_VERSION}.linux-${GOBIN_VERSION}.tar.gz" \
+    && tar -C /usr/local -xzf go${GO_VERSION}.linux-${GOBIN_VERSION}.tar.gz \
+    && rm go${GO_VERSION}.linux-${GOBIN_VERSION}.tar.gz \
+    && go telemetry off \
+    && python3 -m pip install --no-cache-dir --upgrade setuptools pip virtualenv \
     && python3 -m pip install --no-cache-dir --upgrade pipenv poetry uv --target /opt/pypi \
     && curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash \
     && source /root/.nvm/nvm.sh \

diff --git a/ci/base-images/sle/Dockerfile.python36 b/ci/base-images/sle/Dockerfile.python36
@@ -41,7 +41,7 @@ RUN set -e; \
     && sdk offline enable \
     && mv /root/.sdkman/candidates/* /opt/ \
     && rm -rf /root/.sdkman \
-    && python3 -m pip install --no-cache-dir --upgrade pip virtualenv \
+    && python3 -m pip install --no-cache-dir --upgrade setuptools pip virtualenv \
     && python3 -m pip install --no-cache-dir --upgrade --user pipenv poetry \
     && curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash \
     && source /root/.nvm/nvm.sh \

diff --git a/deno.json b/deno.json
@@ -1,6 +1,6 @@
 {
   "name": "@cyclonedx/cdxgen",
-  "version": "11.1.5",
+  "version": "11.1.6",
   "exports": "./lib/cli/index.js",
   "compilerOptions": {
     "lib": ["deno.window"],

diff --git a/docs/ENV.md b/docs/ENV.md
@@ -75,7 +75,7 @@ The following environment variables are available to configure the bom generatio
 | JAVA17_TOOL                                 | Specifies the Java 17 toolchain version to use. Defaults to `17.0.14-tem` if not explicitly set. Can be overridden to point to a custom Java 17 version.                                                                                                                                                                            |
 | JAVA21_TOOL                                 | Specifies the Java 21 toolchain version to use. Defaults to `21.0.6-tem` if not explicitly set. Can be overridden to point to a custom Java 21 version.                                                                                                                                                                             |
 | JAVA22_TOOL                                 | Specifies the Java 22 toolchain version to use. Defaults to `22.0.2-tem` if not explicitly set. Can be overridden to point to a custom Java 22 version.                                                                                                                                                                             |
-| JAVA23_TOOL                                 | Specifies the Java 23 toolchain version to use. Defaults to `23.0.1-tem` if not explicitly set. Can be overridden to point to a custom Java 23 version.                                                                                                                                                                             |
+| JAVA23_TOOL                                 | Specifies the Java 23 toolchain version to use. Defaults to `23.0.2-tem` if not explicitly set. Can be overridden to point to a custom Java 23 version.                                                                                                                                                                             |
 | CDXGEN_PLUGINS_DIR                          | Defines the directory where cdxgen plugins are stored. If not set, defaults to an empty value, and a global node_modules path is used if available.                                                                                                                                                                                 |
 | GLOBAL_NODE_MODULES_PATH                    | Specifies the path to the global `node_modules` directory. Used when a local plugins directory is not provided.                                                                                                                                                                                                                     |
 | ASTGEN_IGNORE_DIRS                          | Comma-separated list of directories to ignore during abstract syntax tree (AST) generation. Defaults to a predefined list such as `venv` to avoid unnecessary parsing of certain directories.                                                                                                                                       |

diff --git a/jsr.json b/jsr.json
@@ -1,6 +1,6 @@
 {
   "name": "@cyclonedx/cdxgen",
-  "version": "11.1.5",
+  "version": "11.1.6",
   "exports": "./lib/cli/index.js",
   "include": ["*.js", "lib/**", "bin/**", "data/**", "types/**"],
   "exclude": [

diff --git a/lib/helpers/envcontext.js b/lib/helpers/envcontext.js
@@ -29,12 +29,12 @@ export const GIT_COMMAND = process.env.GIT_CMD || "git";
 
 // sdkman tool aliases
 export const SDKMAN_JAVA_TOOL_ALIASES = {
-  java8: process.env.JAVA8_TOOL || "8.0.432-tem",
+  java8: process.env.JAVA8_TOOL || "8.0.442-amzn", // Temurin no longer offers java8 :(
   java11: process.env.JAVA11_TOOL || "11.0.25-tem",
   java17: process.env.JAVA17_TOOL || "17.0.14-tem",
   java21: process.env.JAVA21_TOOL || "21.0.6-tem",
   java22: process.env.JAVA22_TOOL || "22.0.2-tem",
-  java23: process.env.JAVA23_TOOL || "23.0.1-tem",
+  java23: process.env.JAVA23_TOOL || "23.0.2-tem",
 };
 
 /**

diff --git a/lib/helpers/envcontext.test.js b/lib/helpers/envcontext.test.js
@@ -41,7 +41,7 @@ test("tools tests", () => {
 test("sdkman tests", () => {
   if (process.env?.SDKMAN_VERSION) {
     expect(isSdkmanAvailable()).toBeTruthy();
-    expect(isSdkmanToolAvailable("java", "23.0.1-tem")).toBeTruthy();
+    expect(isSdkmanToolAvailable("java", "23.0.2-tem")).toBeTruthy();
   }
 });
 

diff --git a/lib/helpers/utils.js b/lib/helpers/utils.js
@@ -12741,7 +12741,7 @@ export function getPipTreeForPackages(
     console.log(
       "Installing",
       pkgList.length,
-      "using the command",
+      "packages using the command",
       python_cmd_for_tree,
       pipInstallArgs.join(" "),
     );

diff --git a/lib/helpers/validator.js b/lib/helpers/validator.js
@@ -286,6 +286,13 @@ export function validateProps(bomJson) {
       if (!["library", "framework"].includes(comp.type)) {
         continue;
       }
+      // Limit to only npm and pypi for now
+      if (
+        !comp.purl?.startsWith("pkg:npm") &&
+        !comp.purl?.startsWith("pkg:pypi")
+      ) {
+        continue;
+      }
       if (!comp.properties) {
         if (!lacksProperties) {
           warningsList.push(`${comp["bom-ref"]} lacks properties.`);
@@ -313,8 +320,9 @@ export function validateProps(bomJson) {
             `${comp["bom-ref"]} lacks workspace-related properties.`,
           );
         }
-        if (!srcFilePropFound) {
+        if (!srcFilePropFound && !lacksProperties) {
           warningsList.push(`${comp["bom-ref"]} lacks SrcFile property.`);
+          lacksProperties = true;
         }
       }
       if (!comp.evidence && !lacksEvidence) {

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@cyclonedx/cdxgen",
-  "version": "11.1.5",
+  "version": "11.1.6",
   "description": "Creates CycloneDX Software Bill of Materials (SBOM) from source or container image",
   "homepage": "http://github.com/cyclonedx/cdxgen",
   "author": "Prabhu Subramanian <[email protected]>",

diff --git a/types/lib/helpers/validator.d.ts.map b/types/lib/helpers/validator.d.ts.map