We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
What happened:
mfg@OptiPlex-7020 [10:21:12] [~/grype/test/cli/test-fixtures] -> % touch sbom-empty.json mfg@OptiPlex-7020 [10:21:20] [~/grype/test/cli/test-fixtures] -> % grype sbom:sbom-empty.json ⠋ Vulnerability DB [checking for update]panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0xbc0329] goroutine 27 [running]: github.com/anchore/syft/internal/formats/common/spdxhelpers.findLinuxReleaseByPURL(0x0) /Users/runner/go/pkg/mod/github.com/anchore/syft@v0.39.3/internal/formats/common/spdxhelpers/to_syft_model.go:41 +0x29 github.com/anchore/syft/internal/formats/common/spdxhelpers.ToSyftModel(0x159e160) /Users/runner/go/pkg/mod/github.com/anchore/syft@v0.39.3/internal/formats/common/spdxhelpers/to_syft_model.go:27 +0xa5 github.com/anchore/syft/internal/formats/spdx22tagvalue.decoder({0x159e160, 0xc00047cab0}) /Users/runner/go/pkg/mod/github.com/anchore/syft@v0.39.3/internal/formats/spdx22tagvalue/decoder.go:19 +0x75 github.com/anchore/syft/internal/formats/spdx22tagvalue.validator({0x159e160, 0xc00047cab0}) /Users/runner/go/pkg/mod/github.com/anchore/syft@v0.39.3/internal/formats/spdx22tagvalue/validator.go:8 +0x25 github.com/anchore/syft/syft/format.Format.Validate(...) /Users/runner/go/pkg/mod/github.com/anchore/syft@v0.39.3/syft/format/format.go:51 github.com/anchore/syft/internal/formats.Identify({0xc00033a400, 0x0, 0x200}) /Users/runner/go/pkg/mod/github.com/anchore/syft@v0.39.3/internal/formats/formats.go:31 +0x14e github.com/anchore/syft/syft.Decode({0x15a2440, 0xc0000be118}) /Users/runner/go/pkg/mod/github.com/anchore/syft@v0.39.3/syft/encode_decode.go:37 +0xb1 github.com/anchore/grype/grype/pkg.syftSBOMProvider({0x7ffffe440bbb, 0x6b8b05}) /Users/runner/work/grype/grype/grype/pkg/syft_sbom_provider.go:27 +0x33 github.com/anchore/grype/grype/pkg.Provide({0x7ffffe440bbb, 0x14}, {0xc00058a2a0, {0x1fb1e18, 0x0, 0x0}, {{0x1, 0x0, {0x12b18c6, 0x8}}}}) /Users/runner/work/grype/grype/grype/pkg/provider.go:16 +0x3b github.com/anchore/grype/cmd.startWorker.func1.2() /Users/runner/work/grype/grype/cmd/root.go:268 +0x225 created by github.com/anchore/grype/cmd.startWorker.func1 /Users/runner/work/grype/grype/cmd/root.go:260 +0x686
What you expected to happen: No SIGSEGV. A message telling me that the sbom file is empty would be helpful
How to reproduce it (as minimally and precisely as possible):
touch sbom-empty.json grype sbom:sbom-empty.json
Anything else we need to know?:
Environment:
grype version
cat /etc/os-release
The text was updated successfully, but these errors were encountered:
@ForceFaction Thanks for spotting this! I can reproduce this on my machine. We'll get a fix out shortly.
Sorry, something went wrong.
luhring
Successfully merging a pull request may close this issue.
What happened:
What you expected to happen:
No SIGSEGV. A message telling me that the sbom file is empty would be helpful
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know?:
Environment:
grype version
: d8e1c37cat /etc/os-release
or similar): Ubuntu 21.10The text was updated successfully, but these errors were encountered: