First of all, thanks for you project!

The nix2container project produces container image specification as JSON file. When running vulnxscan on a nix2container output path, it fails such as:

$ nix run github:tiiuae/sbomnix#vulnxscan -- ./result
CRITICAL Specified target is not a nix artifact: 'result'

$ file ./result
./result: symbolic link to /nix/store/7s4y6dcmfc6frqv38j8y6g7ifmazh5hx-image-bash.json

It seems to be because vulnxscan only consider non JSON file as Nix artifact:

Instead of testing the file type, maybe you should run a Nix command on this store path to let Nix deciding if it is a Nix artefact or not. (nix-store -q <FILE> for instance).

Note this is related to this nix2container issue.

Thanks for the bug report @nlewo!

Can you verify if #57 fixes the issue?

Tested and lgtm. Thx.

Thanks, the fix is no merged to main: c8d02ef