You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Ingesting an SPDX and CDX SBOM for the same "vulnerable image" fails on ENT. Both SBOMs are attached to this image for testing and to recreate the issue.
Specifically, Occurrence and hasSBOM:
{"level":"info","ts":1712322439.5772312,"caller":"helpers/bulk.go:127","msg":"assembling IsOccurrence: 3878"}
{"level":"error","ts":1712322439.757308,"caller":"helpers/bulk.go:130","msg":"ingestIsOccurrences failed with error: isOccurrencesPkg failed with error: input: ingestOccurrences IngestOccurrences :: bulk upsert Occurrence node: ent: constraint failed: insert nodes to table \"occurrences\": pq: insert or update on table \"occurrences\" violates foreign key constraint \"occurrences_artifacts_artifact\"\n","stacktrace":"github.com/guacsec/guac/pkg/assembler/clients/helpers.GetBulkAssembler.func1\n\t/Users/parth/Documents/pxp928/artifact-ff/pkg/assembler/clients/helpers/bulk.go:130\ngithub.com/guacsec/guac/pkg/ingestor.Ingest\n\t/Users/parth/Documents/pxp928/artifact-ff/pkg/ingestor/ingestor.go:62\ngithub.com/guacsec/guac/cmd/guacone/cmd.init.func6.1\n\t/Users/parth/Documents/pxp928/artifact-ff/cmd/guacone/cmd/files.go:125\ngithub.com/guacsec/guac/pkg/handler/collector.Collect\n\t/Users/parth/Documents/pxp928/artifact-ff/pkg/handler/collector/collector.go:97\ngithub.com/guacsec/guac/cmd/guacone/cmd.init.func6\n\t/Users/parth/Documents/pxp928/artifact-ff/cmd/guacone/cmd/files.go:145\ngithub.com/spf13/cobra.(*Command).execute\n\t/Users/parth/go/pkg/mod/github.com/spf13/cobra@v1.8.0/command.go:987\ngithub.com/spf13/cobra.(*Command).ExecuteC\n\t/Users/parth/go/pkg/mod/github.com/spf13/cobra@v1.8.0/command.go:1115\ngithub.com/spf13/cobra.(*Command).Execute\n\t/Users/parth/go/pkg/mod/github.com/spf13/cobra@v1.8.0/command.go:1039\ngithub.com/guacsec/guac/cmd/guacone/cmd.Execute\n\t/Users/parth/Documents/pxp928/artifact-ff/cmd/guacone/cmd/root.go:56\nmain.main\n\t/Users/parth/Documents/pxp928/artifact-ff/cmd/guacone/main.go:23\nruntime.main\n\t/opt/homebrew/Cellar/go/1.22.1/libexec/src/runtime/proc.go:271"}
{"level":"info","ts":1712322439.783575,"caller":"helpers/bulk.go:183","msg":"assembling HasSBOM: 1"}
{"level":"error","ts":1712322439.863877,"caller":"helpers/bulk.go:190","msg":"ingestHasSBOMs failed with error: hasSBOMPkgs failed with error: input: ingestHasSBOMs IngestHasSBOMs failed with err: input: IngestHasSbom :: input: generateSBOMCreate :: updateHasSBOMWithIncludeArtifacts: update for IncludedSoftwareArtifactIDs hasSBOM node failed with error: ent: constraint failed: add m2m edge for table bill_of_materials_included_software_artifacts: pq: insert or update on table \"bill_of_materials_included_software_artifacts\" violates foreign key constraint \"bill_of_materials_included_software_artifacts_artifact_id\"\n","stacktrace":"github.com/guacsec/guac/pkg/assembler/clients/helpers.GetBulkAssembler.func1\n\t/Users/parth/Documents/pxp928/artifact-ff/pkg/assembler/clients/helpers/bulk.go:190\ngithub.com/guacsec/guac/pkg/ingestor.Ingest\n\t/Users/parth/Documents/pxp928/artifact-ff/pkg/ingestor/ingestor.go:62\ngithub.com/guacsec/guac/cmd/guacone/cmd.init.func6.1\n\t/Users/parth/Documents/pxp928/artifact-ff/cmd/guacone/cmd/files.go:125\ngithub.com/guacsec/guac/pkg/handler/collector.Collect\n\t/Users/parth/Documents/pxp928/artifact-ff/pkg/handler/collector/collector.go:97\ngithub.com/guacsec/guac/cmd/guacone/cmd.init.func6\n\t/Users/parth/Documents/pxp928/artifact-ff/cmd/guacone/cmd/files.go:145\ngithub.com/spf13/cobra.(*Command).execute\n\t/Users/parth/go/pkg/mod/github.com/spf13/cobra@v1.8.0/command.go:987\ngithub.com/spf13/cobra.(*Command).ExecuteC\n\t/Users/parth/go/pkg/mod/github.com/spf13/cobra@v1.8.0/command.go:1115\ngithub.com/spf13/cobra.(*Command).Execute\n\t/Users/parth/go/pkg/mod/github.com/spf13/cobra@v1.8.0/command.go:1039\ngithub.com/guacsec/guac/cmd/guacone/cmd.Execute\n\t/Users/parth/Documents/pxp928/artifact-ff/cmd/guacone/cmd/root.go:56\nmain.main\n\t/Users/parth/Documents/pxp928/artifact-ff/cmd/guacone/main.go:23\nruntime.main\n\t/opt/homebrew/Cellar/go/1.22.1/libexec/src/runtime/proc.go:271"}
The text was updated successfully, but these errors were encountered:
pxp928
added
bug
Something isn't working
trust
issues describing providing additional information so that consumers can trust GUAC's results
priority
Pretty important
labels
Apr 5, 2024
Describe the bug
Ingesting an SPDX and CDX SBOM for the same "vulnerable image" fails on ENT. Both SBOMs are attached to this image for testing and to recreate the issue.
Specifically,
Occurrence
andhasSBOM
:To Reproduce
run ENT container:
Run graphQL Server:
Ingest SPDX or CDX SBOM
Ingest second remaining SBOM
Expected behavior
There should be no ingestion errors
GUAC version
main
SBOMs for testing
cdx_vuln.json
spdx_vuln.json
The text was updated successfully, but these errors were encountered: