kubernetes-sigs / bom

A utility to generate SPDX-compliant Bill of Materials manifests

Home Page:https://kubernetes-sigs.github.io/bom/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Docker image for `bom` is broken

sbs2001 opened this issue · comments

Trying to obtain SBOM by using bom installed via docker image errors with

level=fatal msg="generating doc: creating SPDX document: generating package from directory: scanning go packages: opening new module path: building module package list: unable to get full list of packages, go executable not found "

To reproduce use following invocation:

podman run -v /home/shivam/work/bom:/opt/stuff/ k8s.gcr.io/bom/bom:v0.3.0  generate /opt/stuff/

hello @sbs2001, thanks for letting us know about this problem. It seems that bom requires to be go binary installed1, but the image does not have it, this is the root cause of the problem you are facing. Maybe mounting your go binary into the container image via one more
-v option, -v $(which go):/usr/local/bin/go smth like that, could solve the problem but it'd be a temporary solution. So, I'll try to figure this out ASAP for a permanent solution.

cc: @puerco @cpanato

Footnotes

  1. https://github.com/kubernetes-sigs/bom/blob/main/pkg/spdx/gomod.go#L257