Scanning a git repository folder present in /tmp produce an empty sbom #2847

m4nch0t · 2024-05-06T19:40:04Z

Hello !

What happened:
Scanning a git repository folder present in /tmp produce an empty sbom.

What you expected to happen:
I expect same result, no matter the parent path. I don't find in documentation this limitation. Is it normal?

Steps to reproduce the issue:

$ git clone git@github.com:anchore/syft.git /tmp/syft
$ syft scan dir:/tmp/syft --source-name syft --source-version "v1.3.0" -o cyclonedx-json                                                                                                  
 ✔ Indexed file system                                                                                                                                                                                  /tmp/syft
 ✔ Cataloged contents                                                                                                                            f889822d7ce98e1a871a914d7749ebcaa7cc502bad903a47c99293135a510018
   ├── ✔ Packages                        [0 packages]  
   └── ✔ Executables                     [0 executables]  
{"$schema":"http://cyclonedx.org/schema/bom-1.5.schema.json","bomFormat":"CycloneDX","specVersion":"1.5","serialNumber":"urn:uuid:dcf8363e-f836-47ae-8e39-b70ab49f656c","version":1,"metadata":{"timestamp":"2024-05-06T21:32:49+02:00","tools":{"components":[{"type":"application","author":"anchore","name":"syft","version":"1.3.0"}]},"component":{"bom-ref":"22576995f0b79f4c","type":"file","name":"syft","version":"v1.3.0"}}} 

$ git clone git@github.com:anchore/syft.git ~/syft
$ syft scan dir:~/syft --source-name syft --source-version "v1.3.0" -o cyclonedx-json                                                                                                         
 ✔ Indexed file system                                                                                                                                                                         /home/user/syft
 ✔ Cataloged contents                                                                                                                            f889822d7ce98e1a871a914d7749ebcaa7cc502bad903a47c99293135a510018
   ├── ✔ Packages                        [869 packages]  
   ├── ✔ File digests                    [3 files]  
   ├── ✔ File metadata                   [3 locations]  
   └── ✔ Executables                     [1 executables]  
{"$schema":"http://cyclonedx.org/schema/bom-1.5.schema.json","bomFormat":"CycloneDX","specVersion":"1.5","serialNumber":"urn:uuid:b94903cc-1697-4232-8171-6af1217e4bf1","version":1,"metadata":{"timestamp":"2024-05-06T21:34:22+02:00","tools":{"components":[{"type":"application","author":"anchore","name":"syft","version":"1.3.0"}]},"component":{"bom-ref":"f60be7f39b7b1cbd","type":"file","name":"syft","version":"v1.3.0"}},"components":[{"bom-ref":"cd49351a0c14e9ee","type":"library","name":"","purl":"pkg:gem/","properties":[{"name":"syft:package:foundBy","value":"ruby-gemspec-cataloger"},{"name":"syft:package:language","value":"ruby"},{"name":"syft:package:type","value":"gem"},{"name":"syft:package:metadataType","value":"ruby-gemspec"},{"name":"syft:location:0:path","value":"/syft/pkg/cataloger/ruby/test-fixtures/glob-paths/specifications/pkg/nested.gemspec"}]},{"bom-ref":"746f85750835e2df","type":"library","name":"","purl":"pkg:gem/","properties":[{"name":"syft:package:foundBy","value":"ruby-gemspec-cataloger"},{"name":"syft:package:language","value":"ruby"},{"name":"syft:package:type","value":"gem"},{"name":"syft:package:metadataType","value":"ruby-gemspec"},{"name":"syft:location:0:path","value":"/syft/pkg/cataloger/ruby/test-fixtures/glob-paths/specifications/root.gemspec"}]},{"bom-ref":"cc7fd08d2e893e18","type":"library","name":"./.github/actions/bootstrap","cpe":"cpe:2.3:a:.\\/.github\\/actions\\/bootstrap:.\\/.github\\/actions\\/bootstrap:*:*:*:*:*:*:*:*","properties":[{"name":"syft:package:foundBy","value":"github-actions-usage-cataloger"},{"name":"syft:package:type","value":"github-action"},{"name":"syft:location:0:path","value":"/.github/workflows/benchmark-testing.yaml"}]},{"bom-......

Anything else we need to know?:

Environment:

Output of syft version:

syft --version
syft 1.3.0

OS (e.g: cat /etc/os-release or similar):
- Ubuntu 22.04.4 LTS
- Manjaro Linux
- Arch Linux

The text was updated successfully, but these errors were encountered:

willmurphyscode · 2024-05-24T17:54:05Z

Hi @m4nch0t!

Thanks for the report!

Would you mind running df and checking whether /tmp is mounted as a tmpfs? If it is, I think you're facing the same issue as #2894 .

m4nch0t added the bug Something isn't working label May 6, 2024

anchoretoolsops added this to OSS May 6, 2024

spiffcs self-assigned this May 7, 2024

spiffcs moved this to In Progress in OSS May 7, 2024

spiffcs removed their assignment May 20, 2024

willmurphyscode moved this from In Progress to Stalled in OSS May 24, 2024

willmurphyscode self-assigned this May 28, 2024

willmurphyscode moved this from Stalled to In Progress in OSS May 29, 2024

willmurphyscode mentioned this issue May 31, 2024

fix: skip tmpfs mounts only for select paths #2918

Merged

wagoodman moved this from In Progress to In Review in OSS Jun 3, 2024

wagoodman closed this as completed in #2918 Jun 4, 2024

github-project-automation bot moved this from In Review to Done in OSS Jun 4, 2024

BrewTestBot mentioned this issue Jun 10, 2024

syft 1.6.0 Homebrew/homebrew-core#174169

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Scanning a git repository folder present in /tmp produce an empty sbom #2847

Scanning a git repository folder present in /tmp produce an empty sbom #2847

m4nch0t commented May 6, 2024

willmurphyscode commented May 24, 2024

Scanning a git repository folder present in /tmp produce an empty sbom #2847

Scanning a git repository folder present in /tmp produce an empty sbom #2847

Comments

m4nch0t commented May 6, 2024

willmurphyscode commented May 24, 2024