Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Detect when a user specifies an empty SBOM #695

Merged
merged 2 commits into from Mar 24, 2022

Conversation

luhring
Copy link
Contributor

@luhring luhring commented Mar 24, 2022

This PR fixes #693.

A related PR fixes the underlying panic in the Syft library, but that PR isn't strictly necessary to fix #693 now that the "empty SBOM" case is detected earlier in execution.

Additionally, I noticed that an unrelated test was failing locally: TestGetter_GetFile/client_doesn't_trust_server's_CA. This test appeared to be failing only on macOS environments, and only when using Go 1.18. This PR makes an adjustment to the test logic to avoid this new failure. (For more information, see https://go.dev/doc/go1.18#minor_library_changes, in the section "crypto/x509".)

Signed-off-by: Dan Luhring <dan+github@luhrings.com>
Signed-off-by: Dan Luhring <dan+github@luhrings.com>
@luhring luhring merged commit 1e020d7 into anchore:main Mar 24, 2022
@luhring luhring deleted the fix-panic-on-empty-sbom branch March 24, 2022 14:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

grype cannot handle empty sboms, results in SIGSEGV
2 participants