Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scanning a git repository folder present in /tmp produce an empty sbom #2847

Open
m4nch0t opened this issue May 6, 2024 · 0 comments
Open

Scanning a git repository folder present in /tmp produce an empty sbom #2847

m4nch0t opened this issue May 6, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@m4nch0t
Copy link

m4nch0t commented May 6, 2024

Hello !

What happened:
Scanning a git repository folder present in /tmp produce an empty sbom.

What you expected to happen:
I expect same result, no matter the parent path. I don't find in documentation this limitation. Is it normal?

Steps to reproduce the issue:

$ git clone git@github.com:anchore/syft.git /tmp/syft
$ syft scan dir:/tmp/syft --source-name syft --source-version "v1.3.0" -o cyclonedx-json                                                                                                  
 ✔ Indexed file system                                                                                                                                                                                  /tmp/syft
 ✔ Cataloged contents                                                                                                                            f889822d7ce98e1a871a914d7749ebcaa7cc502bad903a47c99293135a510018
   ├── ✔ Packages                        [0 packages]  
   └── ✔ Executables                     [0 executables]  
{"$schema":"http://cyclonedx.org/schema/bom-1.5.schema.json","bomFormat":"CycloneDX","specVersion":"1.5","serialNumber":"urn:uuid:dcf8363e-f836-47ae-8e39-b70ab49f656c","version":1,"metadata":{"timestamp":"2024-05-06T21:32:49+02:00","tools":{"components":[{"type":"application","author":"anchore","name":"syft","version":"1.3.0"}]},"component":{"bom-ref":"22576995f0b79f4c","type":"file","name":"syft","version":"v1.3.0"}}} 

$ git clone git@github.com:anchore/syft.git ~/syft
$ syft scan dir:~/syft --source-name syft --source-version "v1.3.0" -o cyclonedx-json                                                                                                         
 ✔ Indexed file system                                                                                                                                                                         /home/user/syft
 ✔ Cataloged contents                                                                                                                            f889822d7ce98e1a871a914d7749ebcaa7cc502bad903a47c99293135a510018
   ├── ✔ Packages                        [869 packages]  
   ├── ✔ File digests                    [3 files]  
   ├── ✔ File metadata                   [3 locations]  
   └── ✔ Executables                     [1 executables]  
{"$schema":"http://cyclonedx.org/schema/bom-1.5.schema.json","bomFormat":"CycloneDX","specVersion":"1.5","serialNumber":"urn:uuid:b94903cc-1697-4232-8171-6af1217e4bf1","version":1,"metadata":{"timestamp":"2024-05-06T21:34:22+02:00","tools":{"components":[{"type":"application","author":"anchore","name":"syft","version":"1.3.0"}]},"component":{"bom-ref":"f60be7f39b7b1cbd","type":"file","name":"syft","version":"v1.3.0"}},"components":[{"bom-ref":"cd49351a0c14e9ee","type":"library","name":"","purl":"pkg:gem/","properties":[{"name":"syft:package:foundBy","value":"ruby-gemspec-cataloger"},{"name":"syft:package:language","value":"ruby"},{"name":"syft:package:type","value":"gem"},{"name":"syft:package:metadataType","value":"ruby-gemspec"},{"name":"syft:location:0:path","value":"/syft/pkg/cataloger/ruby/test-fixtures/glob-paths/specifications/pkg/nested.gemspec"}]},{"bom-ref":"746f85750835e2df","type":"library","name":"","purl":"pkg:gem/","properties":[{"name":"syft:package:foundBy","value":"ruby-gemspec-cataloger"},{"name":"syft:package:language","value":"ruby"},{"name":"syft:package:type","value":"gem"},{"name":"syft:package:metadataType","value":"ruby-gemspec"},{"name":"syft:location:0:path","value":"/syft/pkg/cataloger/ruby/test-fixtures/glob-paths/specifications/root.gemspec"}]},{"bom-ref":"cc7fd08d2e893e18","type":"library","name":"./.github/actions/bootstrap","cpe":"cpe:2.3:a:.\\/.github\\/actions\\/bootstrap:.\\/.github\\/actions\\/bootstrap:*:*:*:*:*:*:*:*","properties":[{"name":"syft:package:foundBy","value":"github-actions-usage-cataloger"},{"name":"syft:package:type","value":"github-action"},{"name":"syft:location:0:path","value":"/.github/workflows/benchmark-testing.yaml"}]},{"bom-......

Anything else we need to know?:

Environment:

  • Output of syft version:
syft --version
syft 1.3.0
  • OS (e.g: cat /etc/os-release or similar):
    • Ubuntu 22.04.4 LTS
    • Manjaro Linux
    • Arch Linux
@m4nch0t m4nch0t added the bug Something isn't working label May 6, 2024
@spiffcs spiffcs self-assigned this May 7, 2024
@spiffcs spiffcs removed their assignment May 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
OSS
Status: In Progress
Milestone
No milestone
Development

No branches or pull requests
2 participants
@m4nch0t @spiffcs