Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Duplicates in Syft JSON "artifactRelationships" #2251

Closed
Joerki opened this issue Oct 24, 2023 · 5 comments
Closed

Duplicates in Syft JSON "artifactRelationships" #2251

Joerki opened this issue Oct 24, 2023 · 5 comments
Labels
bug Something isn't working

Comments

@Joerki
Copy link

Joerki commented Oct 24, 2023
edited

What happened:

In the "artifactRelationships" section there may be duplicates:

 ...
  "artifactRelationships": [
  {
   "parent": "01f4e15782e8ef55",
   "child": "983745821c840533",
   "type": "evident-by"
  },
  {
   "parent": "024f43ee9d2b0709",
   "child": "2a8438c8b82f4048",
   "type": "evident-by"
  },
  {
   "parent": "0319e43ee9c5a85f",
   "child": "f63c01b962849c5e",
   "type": "evident-by"
  },
  {
   "parent": "03bccb8ed860664f",
   "child": "05fee808ded509ab",
   "type": "contains"
  },
  {
   "parent": "03bccb8ed860664f",
   "child": "05fee808ded509ab",
   "type": "contains"
  },
  {
   "parent": "03bccb8ed860664f",
   "child": "05fee808ded509ab",
   "type": "contains"
  },
  {
   "parent": "03bccb8ed860664f",
   "child": "05fee808ded509ab",
   "type": "contains"
  },
  {
   "parent": "03bccb8ed860664f",
   "child": "05fee808ded509ab",
   "type": "contains"
  },..

What you expected to happen:
Any parent/child/type item is unique

Steps to reproduce the issue:
Generate a Syft JSON SBOM (from a Docker image in my case).

Anything else we need to know?:

  • N/A

Environment:

  • Output of syft version: 0.94.0
  • OS (e.g: cat /etc/os-release or similar): linux/amd64, PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
@Joerki Joerki added the bug Something isn't working label Oct 24, 2023
@tgerla
Copy link
Contributor

tgerla commented Oct 30, 2023

Hi @Joerki, thanks for the report! Is there a public Docker image that we can use to reproduce this problem? Thanks.

@Joerki
Copy link
Author

Joerki commented Nov 7, 2023

Hi Tim,
I'm sorry, I got this extract from our product and cannot provide a public sample at this time.
I just can tell you that we scan all layers of a container.

@tgerla
Copy link
Contributor

tgerla commented Nov 9, 2023

Hi @Joerki, no problem, I think we can make progress on this without your private image. We'll let you know if we need any more info to reproduce.

@Joerki
Copy link
Author

Joerki commented Jan 22, 2024

Is this the same issue described and fixed with #2509?

@spiffcs
Copy link
Contributor

spiffcs commented Jan 22, 2024

@Joerki - it's very similar, but my fix was specific to a double call of building relationships that was newly introduced after this issue was filed. If your specific example (I didn't see the image you used in the issue) is still showing duplicate relationships please let me know. I added a regression test in syft to try and protect against this happening in the future, but some odd edges could still exist.

If you still find duplicate relationships on the latest release please let us know! I will close this issue, but reopen if you find your case is still relevant =)

@spiffcs spiffcs closed this as completed Jan 22, 2024
@Porkepix Porkepix mentioned this issue Jan 26, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
OSS
Archived in project
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tgerla @Joerki @spiffcs