-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
vendor: bump github.com/anchore/syft from 0.98.0 to 0.105.0 #94
Conversation
Current (0.98.0) and latest syft version still fails with amazonlinux image: https://github.com/docker/buildkit-syft-scanner/actions/runs/7883917948/job/21511817145?pr=94#step:7:75
|
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
FROM amazonlinux:2 AS base |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Syft v0.105.0 should account for the scanning issues you're having here 👍
internal/target.go
Outdated
|
||
result, err := syft.CreateSBOM(context.Background(), src, syft.DefaultCreateSBOMConfig()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks like earlier the image catalogers were being used regardless of the input source type. To replicate the same behavior you can add that ask to the CreateSBOMConfig
:
cfg := syft.DefaultCreateSBOMConfig().
WithCatalogerSelection(
pkgcataloging.NewSelectionRequest().
WithDefaults(pkgcataloging.ImageTag),
)
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
Dependabot can't bump to 0.101.0 because of a breaking change with the cataloger related to anchore/syft#1383: