Bug: Reachability scan fails about dep-scan HOT 3 OPEN

I tried running it by referring to the folder and not the .jar file, with the following result:

depscan --profile research -t java -i test --debug

DEBUG [2024-04-23 06:40:10,648] BOM Profile: research
DEBUG [2024-04-23 06:40:10,648] ⚡︎ Executing "cdxgen -r -t java -o test/bom.json --profile research test"
DEBUG [2024-04-23 06:40:11,530] Bom file doesn't exist. Check if cdxgen was invoked with the correct type argument.
Set the environment variable CDXGEN_DEBUG_MODE to debug to troubleshoot the issue further.

DEBUG [2024-04-23 06:40:11,531] Bom file test/bom.json was not created successfully

from dep-scan.

I realised that I should have been scanning the source, however I still get the following error:

depscan --profile research -t java -i ./VulnerableApp/src --debug

DEBUG [2024-04-23 07:00:36,166] BOM Profile: research
DEBUG [2024-04-23 07:00:36,166] ⚡︎ Executing "cdxgen -r -t java -o ./VulnerableApp/src/bom.json --profile research ./VulnerableApp/src"
DEBUG [2024-04-23 07:00:37,046] Bom file doesn't exist. Check if cdxgen was invoked with the correct type argument.
Set the environment variable CDXGEN_DEBUG_MODE to debug to troubleshoot the issue further.

DEBUG [2024-04-23 07:00:37,046] Bom file ./VulnerableApp/src/bom.json was not created successfully

from dep-scan.

@sjpritchard Is there a public repo for the app you are scanning? The -i or --src argument must point to the directory containing the source. Often this would be the root directory containing pom.xml or package-lock.json etc.

If you are already inside inside the application directory, you can pass dot as the directory name. -i .

from dep-scan.