Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change in behavior - Leading zeroes on SPDXID between different Syft versions #2030

Closed
akhil-vasudevan opened this issue Aug 14, 2023 · 1 comment
Closed

Change in behavior - Leading zeroes on SPDXID between different Syft versions #2030

akhil-vasudevan opened this issue Aug 14, 2023 · 1 comment
Labels
bug Something isn't working

Comments

@akhil-vasudevan
Copy link

What happened:
We are observing leading zeroes on SPDXIDs between different Syft versions for the same package. Is this a new behavior ? We are not seeing this pattern for all packages though.

Example 1 with one zero prefixed in version v0.86.1, 052cf8f001ee1797
In Version v0.86.1

   "name": "HdrHistogram",
   "SPDXID": "SPDXRef-Package-java-archive-HdrHistogram-052cf8f001ee1797",
   "versionInfo": "2.1.12",

In Version v0.83.0

   "name": "HdrHistogram",
   "SPDXID": "SPDXRef-Package-java-archive-HdrHistogram-52cf8f001ee1797",
   "versionInfo": "2.1.12",

Example 2 with two zeroes prefixed here in version v0.86.1, 005b477c9a5c8808
In Version v0.86.1

   "name": "commons-exec",
   "SPDXID": "SPDXRef-Package-java-archive-commons-exec-005b477c9a5c8808",
   "versionInfo": "1.3",
   "downloadLocation": "NOASSERTION",
   "filesAnalyzed": false,

In Version v0.83.0

   "name": "commons-exec",
   "SPDXID": "SPDXRef-Package-java-archive-commons-exec-5b477c9a5c8808",
   "versionInfo": "1.3",
   "downloadLocation": "NOASSERTION",
   "filesAnalyzed": false,

What you expected to happen:
We are not expecting to see SPDXID changing between syft versions

Steps to reproduce the issue:

Anything else we need to know?:

Environment:

  • Output of syft version: Versions v0.83.0 and v0.86.1
  • OS (e.g: cat /etc/os-release or similar): Mac, Linux
@akhil-vasudevan akhil-vasudevan added the bug Something isn't working label Aug 14, 2023
@kzantow
Copy link
Contributor

kzantow commented Aug 14, 2023
edited
Loading

This is an intentional change to make the length of the hashes consistent.

#1882

@kzantow kzantow closed this as not planned Won't fix, can't repro, duplicate, stale Aug 14, 2023
@github-project-automation github-project-automation bot moved this to Done in OSS Aug 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
OSS
Archived in project
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kzantow @akhil-vasudevan