Skip to content

UPX broke the SBOM generation #259

New issue
New issue
Closed
Closed
UPX broke the SBOM generation#259
Labels
bugSomething isn't working
@migmartri

Description

@migmartri
migmartri
opened on Jul 20, 2023

It seems that the SBOM scanning that we do in our container images during release can not now find the symbols in the binaries. This is probably due to the compression that we do via UPX #241

We have different options

  • Disable compression or try to make the compressor to expose the symbols
  • Run the SBOM generator in our source code instead of the binary. That should be ok since our container images are basically scratch images.
  • Run the scan before we compress. This could be tricky though since the compression is tackled during the goreleaser lifecycle

On another note, @gr0 has noticed https://discord.com/channels/1037381970189111326/1131604583114883214 a segment fault in the CLI in MAC and could be related to this change

cc/ @danlishka

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions