make test: "xmllint: No such file or directory"

[popey]

👋

What happened:

There appears to be a missing dependency when running make test.

PASS
ok      github.com/anchore/grype/test/integration       372.701s
go run cmd/grype/main.go alpine:latest
 ✔ Vulnerability DB                [updated]  
 ✔ Pulled image                    
 ✔ Loaded image                                                                                                                                                                                     alpine:latest
 ✔ Parsed image                                                                                                                           sha256:05455a08881ea9cf0e752bc48e61bbd71a34c029bb13df01e40e3e70e0d007bd
 ✔ Cataloged contents                                                                                                                            686b46a0213ffe2331b98dd30f3e0b552bb602845c2246ac85b8dea35403e62a
   ├── ✔ Packages                        [15 packages]  
   ├── ✔ File digests                    [80 files]  
   ├── ✔ File metadata                   [80 locations]  
   └── ✔ Executables                     [17 executables]  
 ✔ Scanned for vulnerabilities     [12 vulnerability matches]  
   ├── by severity: 0 critical, 0 high, 12 medium, 0 low, 0 negligible
   └── by status:   0 fixed, 12 not-fixed, 0 ignored 
NAME           INSTALLED   FIXED-IN  TYPE  VULNERABILITY   SEVERITY 
busybox        1.36.1-r15            apk   CVE-2023-42366  Medium    
busybox        1.36.1-r15            apk   CVE-2023-42365  Medium    
busybox        1.36.1-r15            apk   CVE-2023-42364  Medium    
busybox        1.36.1-r15            apk   CVE-2023-42363  Medium    
busybox-binsh  1.36.1-r15            apk   CVE-2023-42366  Medium    
busybox-binsh  1.36.1-r15            apk   CVE-2023-42365  Medium    
busybox-binsh  1.36.1-r15            apk   CVE-2023-42364  Medium    
busybox-binsh  1.36.1-r15            apk   CVE-2023-42363  Medium    
ssl_client     1.36.1-r15            apk   CVE-2023-42366  Medium    
ssl_client     1.36.1-r15            apk   CVE-2023-42365  Medium    
ssl_client     1.36.1-r15            apk   CVE-2023-42364  Medium    
ssl_client     1.36.1-r15            apk   CVE-2023-42363  Medium
cd schema/cyclonedx && make
make[1]: Entering directory '/home/alan/Source/anchore/grype/schema/cyclonedx'
go run ../../cmd/grype -c ../../test/grype-test-config.yaml ubuntu:latest -v -o cyclonedx-xml > bom.xml
[0000]  INFO grype version: [not provided]
[0012]  INFO found 40 vulnerability matches across 102 packages
xmllint --noout --schema ./cyclonedx.xsd bom.xml
make[1]: xmllint: No such file or directory
make[1]: *** [Makefile:9: validate-schema-xml] Error 127
make[1]: Leaving directory '/home/alan/Source/anchore/grype/schema/cyclonedx'
make: *** [Makefile:95: validate-cyclonedx-schema] Error 2

What you expected to happen:

Tests to run, and pass. 🤞

How to reproduce it (as minimally and precisely as possible):

1. Clone repo
2. make bootstrap
3. make test

Anything else we need to know?:

Environment:

• Output of grype version: Tip of git
• OS (e.g: cat /etc/os-release or similar):

cat /etc/os-release 
PRETTY_NAME="Ubuntu 23.10"
NAME="Ubuntu"
VERSION_ID="23.10"
VERSION="23.10 (Mantic Minotaur)"
VERSION_CODENAME=mantic
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=mantic
LOGO=ubuntu-logo

[spiffcs]

Definitely related to #1773

Grype seems to have some technical debt associated with it's current dev flows that are not observed in syft.

We should migrate grype over to use the binny workflows so that our installed tooling is consistent:
https://github.com/anchore/syft/blob/main/.binny.yaml

Thanks for the report @popey!