syft produces different output when run with sudo

[Hritik14]

Please provide a set of steps on how to reproduce the issue
On an arm machine (Technically, any machine other than x86 will do).

syft rust:1.42-slim-buster | grep x86
 ✔ Parsed image
 ✔ Cataloged packages      [113 packages]
binutils-x86-64-linux-gnu  2.31.1-16               deb

sudo syft rust:1.42-slim-buster | grep x86
 ✔ Loaded image
 ✔ Parsed image
 ✔ Cataloged packages      [111 packages]

sudo syft rust:1.42-slim-buster | grep aarch
 ✔ Pulled image
 ✔ Loaded image
 ✔ Parsed image
 ✔ Cataloged packages      [111 packages]
binutils-aarch64-linux-gnu  2.31.1-16               deb

What happened:
syft running with sudo yields different results than without sudo.

What you expected to happen:
Both runs should have same output.

Anything else we need to know?:
When run with sudo, docker daemon is available and is used. Without sudo, syft uses OCI registry via stereoscope.
Stereoscope takes the following approach while determining image pull methodology:

// DetermineDefaultImagePullSource takes an image reference string as input, and
// determines a Source to use to pull the image. If the input doesn't specify an
// image reference (i.e. an image that can be _pulled_), UnknownSource is
// returned. Otherwise, if the Docker daemon is available, DockerDaemonSource is
// returned, and if not, OciRegistrySource is returned.
func DetermineDefaultImagePullSource(userInput string) Source {

Source: https://github.com/anchore/stereoscope/blob/3b80d983223f6e6fc2d33b0ffa003d30268418e9/pkg/image/source.go#L134-L139

and because there are inconsistencies between OCI source and docker daemon in stereoscope when respective Providers are run without supplying a platform, it bubbles out to syft yielding different images (one x86 and other arm) and thus different SBOMs.
See:

• Stereoscope pulls different images when using docker: vs registry: from multi-platform images  stereoscope#149

This can be avoided by having a correct default value for platform

Environment:

• Output of syft version:

Application:        syft
Version:            0.62.3
JsonSchemaVersion:  6.0.0
BuildDate:          2022-11-30T19:01:12Z
GitCommit:          247b054ab56f848c477495218754166272f470b5
GitDescription:     v0.62.3
Platform:           linux/arm64
GoVersion:          go1.18.8
Compiler:           gc

• OS (e.g: cat /etc/os-release or similar):

NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"

[kzantow]

Hi @Hritik14 -- this is effectively the issue you reported against stereoscope, right? anchore/stereoscope#149

[Hritik14]

@kzantow Hi, Yes. Keeping it here as an end-user issue.