Skip to content

fix: revert #6326 to resolve snyk sbom failure#6463

Merged
mihaibuzgau merged 1 commit intomainfrom
fix/revert-6326-to-resolve-snyk-sbom-failure
Jan 22, 2026
Merged

fix: revert #6326 to resolve snyk sbom failure#6463
mihaibuzgau merged 1 commit intomainfrom
fix/revert-6326-to-resolve-snyk-sbom-failure

Conversation

@thomasschafer
Copy link
Copy Markdown
Contributor

@thomasschafer thomasschafer commented Jan 21, 2026

Pull Request Submission Checklist

  • Follows CONTRIBUTING guidelines
  • Commit messages
    are release-note ready, emphasizing
    what was changed, not how.
  • Includes detailed description of changes
  • Contains risk assessment (Low | Medium | High) - n/a
  • Highlights breaking API changes (if applicable) - n/a
  • Links to automated tests covering new functionality - n/a
  • Includes manual testing instructions (if necessary)
  • Updates relevant GitBook documentation (PR link: ___) - n/a
  • Includes product update to be announced in the next stable release notes - n/a

What does this PR do?

We're seeing issues like the following when running snyk sbom in valid Go projects with a replace directive:


 ERROR   Unspecified Error (SNYK-CLI-0000)

           packageURL validation failed: CustomError: name and packageURL name do not
           match

Docs:    https://docs.snyk.io/scan-with-snyk/error-catalog#snyk-cli-0000

This arose from this PR, which we're reverting here.

How should this be manually tested?

Create the following files:

go.mod:

module example.com/grpc-test

go 1.23.3

replace github.com/gorilla/mux => github.com/gorilla/handlers v1.5.1

require github.com/gorilla/mux v1.8.1

require github.com/felixge/httpsnoop v1.0.1 // indirect

go.sum:

github.com/felixge/httpsnoop v1.0.1 h1:lvB5Jl89CsZtGIWuTcDM1E/vkVs49/Ml7JJe07l8SPQ=
github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q=

main.go:

package main

import (
	"fmt"
	"net/http"

	"github.com/gorilla/mux"
)

func main() {
	r := mux.NewRouter()
	r.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
		fmt.Fprintf(w, "Hello World")
	})
	fmt.Println("Server would start on :8080")
}

and then run <path/to/local/cli/build> sbom on main and on this branch - you should see the aforementioned error on main, and a successfully created SBOM on this branch.

What's the product update that needs to be communicated to CLI users?

None

@mihaibuzgau mihaibuzgau marked this pull request as ready for review January 22, 2026 08:57
@mihaibuzgau mihaibuzgau requested review from a team as code owners January 22, 2026 08:57
@mihaibuzgau mihaibuzgau merged commit 5fbdbdc into main Jan 22, 2026
6 checks passed
@mihaibuzgau mihaibuzgau deleted the fix/revert-6326-to-resolve-snyk-sbom-failure branch January 22, 2026 09:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@CatalinSnyk CatalinSnyk CatalinSnyk approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@thomasschafer @CatalinSnyk @mihaibuzgau