segmentation violation when running trivy in convert mode
nikpivkin opened this issue · comments
Nikita Pivkin commented
Discussed in #6775
Originally posted by scott-boost May 25, 2024
Description
When I try to convert a Trivy JSON to CycloneDX, I get the following error:
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x28 pc=0x10941ea6c]
Desired Behavior
a cyclonedx json file
Actual Behavior
segmentation violation error
Reproduction Steps
1. `trivy image --format cyclonedx ubuntu:latest --output /tmp/cdx_without_vulns.json`
2. `trivy sbom --format json --output /tmp/trivy_with_vulns.json /tmp/cdx_without_vulns.json`
3. `trivy convert --format cyclonedx /tmp/trivy_with_vulns.json`
Target
SBOM
Scanner
Vulnerability
Output Format
CycloneDX
Mode
Standalone
Debug Output
2024-05-24T14:06:54-04:00 DEBUG ["cyclonedx" "spdx" "spdx-json" "github"] automatically enables '--list-all-pkgs'.
2024-05-24T14:06:54-04:00 DEBUG Parsed severities severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL]
2024-05-24T14:06:54-04:00 INFO "--format cyclonedx" disables security scanning. Specify "--scanners vuln" explicitly if you want to include vulnerabilities in the CycloneDX report.
2024-05-24T14:06:54-04:00 DEBUG Writing report to output...
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x28 pc=0x106772a6c]
goroutine 1 [running]:
github.com/aquasecurity/trivy/pkg/sbom/core.(*BOM).Root(0x0)
github.com/aquasecurity/trivy/pkg/sbom/core/bom.go:279 +0x1c
github.com/aquasecurity/trivy/pkg/sbom/io.(*Encoder).rootComponent(_, {0x2, {0x137f2660, 0xedde2cb7d, 0x10f5ce840}, {0x14001720ca0, 0x1b}, {0x14002cdc9a7, 0x9}, {0x0, ...}, ...})
github.com/aquasecurity/trivy/pkg/sbom/io/encode.go:86 +0x140
github.com/aquasecurity/trivy/pkg/sbom/io.(*Encoder).Encode(_, {0x2, {0x137f2660, 0xedde2cb7d, 0x10f5ce840}, {0x14001720ca0, 0x1b}, {0x14002cdc9a7, 0x9}, {0x0, ...}, ...})
github.com/aquasecurity/trivy/pkg/sbom/io/encode.go:31 +0x4c
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*Marshaler).MarshalReport(_, {_, _}, {0x2, {0x137f2660, 0xedde2cb7d, 0x10f5ce840}, {0x14001720ca0, 0x1b}, {0x14002cdc9a7, ...}, ...})
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx/marshal.go:52 +0x6c
github.com/aquasecurity/trivy/pkg/report/cyclonedx.Writer.Write({{_, _}, _, {{_, _}, _, _}}, {_, _}, {0x2, ...})
github.com/aquasecurity/trivy/pkg/report/cyclonedx/cyclonedx.go:31 +0x78
github.com/aquasecurity/trivy/pkg/report.Write({_, _}, {0x2, {0x137f2660, 0xedde2cb7d, 0x10f5ce840}, {0x14001720ca0, 0x1b}, {0x14002cdc9a7, 0x9}, ...}, ...)
github.com/aquasecurity/trivy/pkg/report/writer.go:99 +0x778
github.com/aquasecurity/trivy/pkg/commands/convert.Run({_, _}, {{{0x108856773, 0xa}, 0x0, 0x0, 0x1, 0x0, 0x45d964b800, {0x1400281a8a0, ...}, ...}, ...})
github.com/aquasecurity/trivy/pkg/commands/convert/run.go:43 +0x498
github.com/aquasecurity/trivy/pkg/commands.NewConvertCommand.func2(0x140028eb208, {0x14002b6e840, 0x1, 0x4})
github.com/aquasecurity/trivy/pkg/commands/app.go:525 +0x154
github.com/spf13/cobra.(*Command).execute(0x140028eb208, {0x14002b6e800, 0x4, 0x4})
github.com/spf13/cobra@v1.8.0/command.go:983 +0x840
github.com/spf13/cobra.(*Command).ExecuteC(0x14000205208)
github.com/spf13/cobra@v1.8.0/command.go:1115 +0x344
github.com/spf13/cobra.(*Command).Execute(0x1088c4026?)
github.com/spf13/cobra@v1.8.0/command.go:1039 +0x1c
main.run()
github.com/aquasecurity/trivy/cmd/trivy/main.go:41 +0x158
main.main()
github.com/aquasecurity/trivy/cmd/trivy/main.go:19 +0x20
Operating System
macOS Sonoma 14.4.1
Version
Version: 0.51.4
Checklist
- Run
trivy image --reset
- Read the troubleshooting