Scanning a git repository folder present in /tmp produce an empty sbom
m4nch0t opened this issue · comments
Hello !
What happened:
Scanning a git repository folder present in /tmp produce an empty sbom.
What you expected to happen:
I expect same result, no matter the parent path. I don't find in documentation this limitation. Is it normal?
Steps to reproduce the issue:
$ git clone git@github.com:anchore/syft.git /tmp/syft
$ syft scan dir:/tmp/syft --source-name syft --source-version "v1.3.0" -o cyclonedx-json
✔ Indexed file system /tmp/syft
✔ Cataloged contents f889822d7ce98e1a871a914d7749ebcaa7cc502bad903a47c99293135a510018
├── ✔ Packages [0 packages]
└── ✔ Executables [0 executables]
{"$schema":"http://cyclonedx.org/schema/bom-1.5.schema.json","bomFormat":"CycloneDX","specVersion":"1.5","serialNumber":"urn:uuid:dcf8363e-f836-47ae-8e39-b70ab49f656c","version":1,"metadata":{"timestamp":"2024-05-06T21:32:49+02:00","tools":{"components":[{"type":"application","author":"anchore","name":"syft","version":"1.3.0"}]},"component":{"bom-ref":"22576995f0b79f4c","type":"file","name":"syft","version":"v1.3.0"}}}
$ git clone git@github.com:anchore/syft.git ~/syft
$ syft scan dir:~/syft --source-name syft --source-version "v1.3.0" -o cyclonedx-json
✔ Indexed file system /home/user/syft
✔ Cataloged contents f889822d7ce98e1a871a914d7749ebcaa7cc502bad903a47c99293135a510018
├── ✔ Packages [869 packages]
├── ✔ File digests [3 files]
├── ✔ File metadata [3 locations]
└── ✔ Executables [1 executables]
{"$schema":"http://cyclonedx.org/schema/bom-1.5.schema.json","bomFormat":"CycloneDX","specVersion":"1.5","serialNumber":"urn:uuid:b94903cc-1697-4232-8171-6af1217e4bf1","version":1,"metadata":{"timestamp":"2024-05-06T21:34:22+02:00","tools":{"components":[{"type":"application","author":"anchore","name":"syft","version":"1.3.0"}]},"component":{"bom-ref":"f60be7f39b7b1cbd","type":"file","name":"syft","version":"v1.3.0"}},"components":[{"bom-ref":"cd49351a0c14e9ee","type":"library","name":"","purl":"pkg:gem/","properties":[{"name":"syft:package:foundBy","value":"ruby-gemspec-cataloger"},{"name":"syft:package:language","value":"ruby"},{"name":"syft:package:type","value":"gem"},{"name":"syft:package:metadataType","value":"ruby-gemspec"},{"name":"syft:location:0:path","value":"/syft/pkg/cataloger/ruby/test-fixtures/glob-paths/specifications/pkg/nested.gemspec"}]},{"bom-ref":"746f85750835e2df","type":"library","name":"","purl":"pkg:gem/","properties":[{"name":"syft:package:foundBy","value":"ruby-gemspec-cataloger"},{"name":"syft:package:language","value":"ruby"},{"name":"syft:package:type","value":"gem"},{"name":"syft:package:metadataType","value":"ruby-gemspec"},{"name":"syft:location:0:path","value":"/syft/pkg/cataloger/ruby/test-fixtures/glob-paths/specifications/root.gemspec"}]},{"bom-ref":"cc7fd08d2e893e18","type":"library","name":"./.github/actions/bootstrap","cpe":"cpe:2.3:a:.\\/.github\\/actions\\/bootstrap:.\\/.github\\/actions\\/bootstrap:*:*:*:*:*:*:*:*","properties":[{"name":"syft:package:foundBy","value":"github-actions-usage-cataloger"},{"name":"syft:package:type","value":"github-action"},{"name":"syft:location:0:path","value":"/.github/workflows/benchmark-testing.yaml"}]},{"bom-......Anything else we need to know?:
Environment:
- Output of
syft version:
syft --version
syft 1.3.0- OS (e.g:
cat /etc/os-releaseor similar):- Ubuntu 22.04.4 LTS
- Manjaro Linux
- Arch Linux
