Test Results Summary Service

sbom_validator_job

Started by upstream project "build-scripts/jobs/release/jobs/jdk17u/jdk17u-release-linux-x64-temurin" build number 45 originally caused by: Started by upstream project "build-scripts/release-openjdk17-pipeline" build number 110 originally caused by: Started by upstream project "build-scripts/utils/releaseTrigger_jdk17u" build number 9406 originally caused by: Started by timer Running as SYSTEM Building remotely on jenkins-hetzner-worker (jsfsignX x64 git-hg gpgsign worker master) in workspace /home/jenkins/workspace/sbom_validator_job [WS-CLEANUP] Deleting project workspace... [WS-CLEANUP] Deferred wipeout is used... The recommended git tool is: git No credentials specified Cloning the remote Git repository Cloning repository https://github.com/adoptium/temurin-build > git init /home/jenkins/workspace/sbom_validator_job/temurin-build # timeout=10 Fetching upstream changes from https://github.com/adoptium/temurin-build > git --version # timeout=10 > git --version # 'git version 2.43.0' > git fetch --tags --force --progress -- https://github.com/adoptium/temurin-build +refs/heads/*:refs/remotes/origin/* # timeout=10 > git config remote.origin.url https://github.com/adoptium/temurin-build # timeout=10 > git config --add remote.origin.fetch +refs/heads/*:refs/remotes/origin/* # timeout=10 Avoid second fetch > git rev-parse refs/remotes/origin/master^{commit} # timeout=10 Checking out Revision a622596f4d89fa26320c73acb8e86b68df6648f2 (refs/remotes/origin/master) > git config core.sparsecheckout # timeout=10 > git checkout -f a622596f4d89fa26320c73acb8e86b68df6648f2 # timeout=10 Commit message: "Update TemurinGenCDXA to better support CDXA use cases (#4436)" > git rev-list --no-walk a622596f4d89fa26320c73acb8e86b68df6648f2 # timeout=10 Copied 2 artifacts from "build-scripts » jobs » release » jobs » jdk17u » jdk17u-release-linux-x64-temurin" build number 45 [sbom_validator_job] $ /bin/sh -xe /tmp/jenkins2729643728452094619.sh + ls /home/jenkins/workspace/sbom_validator_job/sboms OpenJDK17U-sbom_x64_linux_hotspot_17.0.19_10.json OpenJDK17U-sbom_x64_linux_hotspot_17.0.19_10-metadata.json + ls -1 /home/jenkins/workspace/sbom_validator_job/sboms/OpenJDK17U-sbom_x64_linux_hotspot_17.0.19_10-metadata.json /home/jenkins/workspace/sbom_validator_job/sboms/OpenJDK17U-sbom_x64_linux_hotspot_17.0.19_10.json + grep -v metadata + sh /home/jenkins/workspace/sbom_validator_job/temurin-build/tooling/validateSBOM.sh 17 jdk-17.0.19+10_adopt /home/jenkins/workspace/sbom_validator_job/sboms/OpenJDK17U-sbom_x64_linux_hotspot_17.0.19_10.json validateSBOM.sh: Setting up workspace directory /home/jenkins/workspace/sbom_validator_job/sbom_validation JDK_MAJOR_VERSION='17' SOURCE_TAG='jdk-17.0.19+10_adopt' SBOM_LOCATION='/home/jenkins/workspace/sbom_validator_job/sboms/OpenJDK17U-sbom_x64_linux_hotspot_17.0.19_10.json' validateSBOM.sh: Downloading CycloneDX CLI binary ... validateSBOM.sh: Downloaded CycloneDX CLI binary to 'cyclonedx-linux-x64' validateSBOM.sh: SBOM validation start. validateSBOM.sh: Running general SBOM validation from https://github.com/CycloneDX/cyclonedx-cli validateSBOM.sh: Running cyclonedx-linux-x64 ... Command: "/home/jenkins/workspace/sbom_validator_job/sbom_validation/cyclonedx-linux-x64" validate --input-file "/home/jenkins/workspace/sbom_validator_job/sboms/OpenJDK17U-sbom_x64_linux_hotspot_17.0.19_10.json" --input-format json BOM validated successfully. validateSBOM.sh: Passed CycloneDX validation check. validateSBOM.sh: Running command: sh validateSBOMcontent.sh "/home/jenkins/workspace/sbom_validator_job/sboms/OpenJDK17U-sbom_x64_linux_hotspot_17.0.19_10.json" "17" "jdk-17.0.19+10_adopt" SBOMFILE='/home/jenkins/workspace/sbom_validator_job/sboms/OpenJDK17U-sbom_x64_linux_hotspot_17.0.19_10.json' MAJORVERSION='17' EXPECTED_SCM_REF='jdk-17.0.19+10_adopt' /home/jenkins/workspace/sbom_validator_job/sboms/OpenJDK17U-sbom_x64_linux_hotspot_17.0.19_10.json /home/jenkins/workspace/sbom_validator_job/sboms/OpenJDK17U-sbom_x64_linux_hotspot_17.0.19_10.json BOOTJDK is 17.0.18+8 NOTE: ALSA version not 1.1.8 (SBOM has 1.1.6) - ignoring because ALSA version is determined by devkit now Checking for JDK source SHA validity... 2c052b14e3f92624589e3ad1984a3415095ba718 refs/heads/release 2c052b14e3f92624589e3ad1984a3415095ba718 refs/tags/jdk-17.0.19+10_adopt^{} SBOM SHA is a valid repository tag commit SHA: 2c052b14e3f92624589e3ad1984a3415095ba718 FREETYPE is 2.14.2 Checking for temurin-build SHA validity: Checking for temurin-build SHA a612825ee82a20ac872d60958c349854c1f29a8e in https://github.com/adoptium/temurin-build a612825ee82a20ac872d60958c349854c1f29a8e refs/heads/v2026.04.01 validateSBOMcontent.sh: PASSED SBOM validation complete. validateSBOM.sh: SBOM validation complete. [WS-CLEANUP] Deleting project workspace... [WS-CLEANUP] Deferred wipeout is used... [WS-CLEANUP] done Finished: SUCCESS