vulnxscan fails if the Nix output path is a JSON file
nlewo opened this issue · comments
First of all, thanks for you project!
The nix2container project produces container image specification as JSON file. When running vulnxscan
on a nix2container output path, it fails such as:
$ nix run github:tiiuae/sbomnix#vulnxscan -- ./result
CRITICAL Specified target is not a nix artifact: 'result'
$ file ./result
./result: symbolic link to /nix/store/7s4y6dcmfc6frqv38j8y6g7ifmazh5hx-image-bash.json
It seems to be because vulnxscan only consider non JSON file as Nix artifact:
sbomnix/scripts/vulnxscan/vulnxscan.py
Line 338 in f763f71
Instead of testing the file type, maybe you should run a Nix command on this store path to let Nix deciding if it is a Nix artefact or not. (nix-store -q <FILE>
for instance).
Note this is related to this nix2container issue.
Tested and lgtm. Thx.
Thanks, the fix is no merged to main: c8d02ef