Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Default for recently added base path, "", disables detection of symlinked *.jar files #1962

Closed
CLechleitner42 opened this issue Jul 26, 2023 · 0 comments · Fixed by #2359
Closed
Labels
bug Something isn't working

Comments

@CLechleitner42
Copy link

What happened:

When using syft packages against a temp directory with symlinks to *.jar files syft 0.85 in Linux does not find any package unless option --base-path / is used.

I suggest to change the default base path from "" to "/" (for unix type systems), but @kzantow suggests "We probably need a broader discussion to change the behavior", see #1867 (comment)

What you expected to happen:

I expected syft to find all packages represented by those symlinked *.jar files.

Steps to reproduce the issue:

  • create temp directory, say /tmp/foobar
  • symlink one or more *.jar files there ("good" jar files, that syft usually can detect the maven coordinates and license of)
  • perform somethink like syft packages /tmp/foobar -o cyclonedx-json --file syft-bom.cdx.json
  • the generated .cdx.json file has no packages
  • repeast command with --base-path / and you get a .cdx.json with the Maven package(s) listed

Anything else we need to know?:

  • I wasn't sure between reporting a bug or a feature request, but with a new feature changing behaviour (and breaking the core function for certain situations) I went for bug.

Environment:

  • Output of syft version:
Application:        syft
Version:            0.85.0
JsonSchemaVersion:  9.0.0
BuildDate:          2023-07-12T17:42:24Z
GitCommit:          4fc17edd146af34ab06f5b0443ef8ddac3aaf076
GitDescription:     v0.85.0
Platform:           linux/amd64
GoVersion:          go1.20.5
Compiler:           gc
  • OS (e.g: cat /etc/os-release or similar):
PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
NAME="Debian GNU/Linux"
VERSION_ID="12"
VERSION="12 (bookworm)"
VERSION_CODENAME=bookworm
ID=debian

Remark: We automatically download the latest syft_*_linux_amd64.deb (only if it has changed, wget -N) daily and distribute it internally via an internal-ish deb repository for 3rd party software.

@CLechleitner42 CLechleitner42 added the bug Something isn't working label Jul 26, 2023
@CLechleitner42 CLechleitner42 changed the title Make / default for recently added base path Default for recently added base path, "", disables detection of symlinked *.jar files Jul 26, 2023
@wagoodman wagoodman moved this to Backlog in OSS Jul 27, 2023
@github-project-automation github-project-automation bot moved this from Backlog to Done in OSS Nov 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
Archived in project
Development

Successfully merging a pull request may close this issue.

1 participant