This repository has been archived by the owner on Jan 27, 2023. It is now read-only.
Regression in 31_file_package_verify analyzer introduced in v0.9.0. #965
Labels
Milestone
Comments
Vijay-P
changed the title
|
This impacts Engine v0.9.0+ |
|
This failure is only indicated by a log message in the analyzer service. The data itself is only exposed in the policy engine's "packages" gate via the "verify" trigger. Only users that leverage that specific trigger will be impacted. |
This was referenced Apr 7, 2021
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Is this a request for help?:
No
Is this a BUG REPORT or a FEATURE REQUEST? (choose one):
BUG REPORT - REGRESSION
Version of Anchore Engine and Anchore CLI if applicable:
engine version >= v0.9.0
What happened:
In 57d1c30, methods were removed from
anchore_engine/analyzers/utils.pythat were used byanchore_engine/analyzers/modules/31_file_package_verify.py. This caused the analyzer module in question to fail silently. Later, having mistaken this change to be intentional,31_file_package_verify.pywas removed in 48dec35.What did you expect to happen:
Analyzer should be present and functional.
Resolution Plan
Map new syft output containing RPM, DPKG, and APK file manifest data into file_package_verify analyzer output format (to be consumed by rest of system).
Related issue in Syft: anchore/syft#371
The text was updated successfully, but these errors were encountered: