Bug: Missing JSON report when running as Dockerized

[kaiorafael]

Expected Behavior

When Dockerized deepscan should generate the .json file as well.

Actual Behavior

When running as described in the documentation, I can find a /tmp/report-docker.json file output

depscan --src /tmp/image.tar -o /tmp/report.json -t docker

However, when Dockerized, I am not able to find the .json file report. I can only find .html and .pdf reports, instead.

Steps to Reproduce

1. git clone repository
2. build it as: docker build -t deepscan .
3. collect image inventory using cdxgen
4. Run against a SBOM file generated in 3:

docker run -v /tmp:/tmp -v $HOME/.cache:/root/.cache -e VDB_HOME=/root/.cache deepscan --bom /tmp/cdxgen2.json --reports-dir /tmp/bar -o /tmp/bar/report.json

Inside of /tmp/bar there are only the following files:

.
├── report.html
└── report.pdf

Additional Information

No response

[prabhu]

@kaiorafael since you invoke with --bom /tmp/cdxgen2.json, is there a file named --bom /tmp/cdxgen2.vdr.json getting generated? The reports-dir argument needs to be improved. Also note that the .json is a jsonlines formatted file which is going away in v6. So best to consume the .vdr.json file

[kaiorafael]

@kaiorafael since you invoke with --bom /tmp/cdxgen2.json, is there a file named --bom /tmp/cdxgen2.vdr.json getting generated?

No