Breaking change in the sbom.syft.json file v0.85.0 #1935
Comments
|
Hi, @psiservices-jerrybrimacombe -- this is somewhat expected, since a compatible version of Grype has not yet been released. We'll look to get this done soon. |
|
@kzantow Thanks for the quick answer. So going forward, what would you recommend we do- pin both Grype and Syft to a version and then only update them together? rather than running the latest on both? Should this not have been listed as a breaking change? |
|
@psiservices-jerrybrimacombe this PR was the cause of the breaking change, it was labeled as a breaking-change: #1846 along with the item in the release notes:
We're going to see how to make this type of breaking change more apparent in the readme. In the meantime, we've released Grype v0.64.0 that should solve the problem. As I believe this is fixed (and we've added an issue to try to keep this from happening again), I'm closing this one, but please reopen if you still have the issue with Grype v0.64! |
What happened:
Seems to be a breaking change in the sbom.syft.json file
What you expected to happen:
That the file created by syft could be used in Grype
Steps to reproduce the issue:
Install syft with
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/binInstall grypewith
curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/binRun syft with
syft <IMAGE> -o json=/Syft/sbom.syft.json -o spdx-json=/Syft/sbom.spdx.json -o table=/Syft/table.txtRun grype with
grype sbom:/Syft/sbom.syft.json -o table > /Grype/Grype.txtGet error
1 error occurred:
* failed to catalog: unable to decode sbom: unable to decode syft-json: unexpected end of JSON input
Anything else we need to know?:
if I do the same with v0.84.1 is works
Did not seem to be listed in the breaking changes section.
Environment:
syft version:v0.85.0
cat /etc/os-releaseor similar):Ubuntu linux
The text was updated successfully, but these errors were encountered: