Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gemspec file generating empty SBOMs #1952

Closed
diptanshumittal opened this issue Jul 25, 2023 · 5 comments
Closed

Gemspec file generating empty SBOMs #1952

diptanshumittal opened this issue Jul 25, 2023 · 5 comments
Labels
bug Something isn't working changelog-ignore Don't include this issue in the release changelog

Comments

@diptanshumittal
Copy link

What happened:
Empty SBOMs are generated using the *.gemspec file. Syft is not able to detect any package using the gemspec file even tough gemspec is a valid cataloger.

What you expected to happen:
Expected the SBOMs to atleast have a single package with gem details in it. Similar to other languages like Javascript.

Steps to reproduce the issue:
Run syft packages -o spdx-json for the file
Anything else we need to know?:

Environment:

  • Output of syft version: 0.85.0
  • OS (e.g: cat /etc/os-release or similar): macOS 13.4.1
@diptanshumittal diptanshumittal added the bug Something isn't working label Jul 25, 2023
@tgerla
Copy link
Contributor

tgerla commented Aug 3, 2023

Hi @diptanshumittal, thank you for the report and the information necessary to reproduce this issue. We'll take a look when we are able.

@spiffcs
Copy link
Contributor

spiffcs commented Aug 10, 2023

👋 hey @diptanshumittal!

It looks like it's enabled only for the image cataloger by default

syft/syft/pkg/cataloger/cataloger.go

Lines 42 to 62 in a90cff1

func ImageCatalogers(cfg Config) []pkg.Cataloger {
return filterCatalogers([]pkg.Cataloger{
alpm.NewAlpmdbCataloger(),
apkdb.NewApkdbCataloger(),
binary.NewCataloger(),
deb.NewDpkgdbCataloger(),
dotnet.NewDotnetPortableExecutableCataloger(),
golang.NewGoModuleBinaryCataloger(cfg.Golang),
java.NewJavaCataloger(cfg.Java()),
java.NewNativeImageCataloger(),
javascript.NewPackageCataloger(),
nix.NewStoreCataloger(),
php.NewComposerInstalledCataloger(),
portage.NewPortageCataloger(),
python.NewPythonPackageCataloger(),
r.NewPackageCataloger(),
rpm.NewRpmDBCataloger(),
ruby.NewGemSpecCataloger(),
sbom.NewSBOMCataloger(),
}, cfg.Catalogers)
}

Can you try updating your configuration code to enable that cataloger. See the configuration here:
https://github.com/anchore/syft#configuration

@spiffcs spiffcs moved this to Backlog in OSS Aug 17, 2023
@spiffcs spiffcs moved this from Backlog to Awaiting Response in OSS Aug 17, 2023
@willmurphyscode
Copy link
Contributor

Depending on where the *.gemspec file is, it looks like enabling the cataloger still might not find it:

syft/syft/pkg/cataloger/ruby/catalogers.go

Line 19 in 5d48882

WithParserByGlobs(parseGemSpecEntries, "**/specifications/**/*.gemspec")
shows the glob to be **/specifications/**/*.gemspec, but if the gem is defined in the directory being scanned, for example, I'm not sure that the gemspec would be under the specifications directory.

See also #2128

@wagoodman
Copy link
Contributor

I think this might solve the confusion with this pr/comment, but it's not clear if it is being currently updated or is stale

@tgerla tgerla added the changelog-ignore Don't include this issue in the release changelog label Nov 9, 2023
@tgerla
Copy link
Contributor

tgerla commented Nov 9, 2023

I believe this is fixed thanks to #1971 so I'll close this issue, but feel free to re-open if you are still having problems. Thanks!

@tgerla tgerla closed this as completed Nov 9, 2023
@github-project-automation github-project-automation bot moved this from Awaiting Response to Done in OSS Nov 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working changelog-ignore Don't include this issue in the release changelog
Projects
OSS
Archived in project
Milestone
No milestone
Development

No branches or pull requests
5 participants
@tgerla @wagoodman @willmurphyscode @spiffcs @diptanshumittal