Component detection does not scan Linux file system if the image is not a docker image. #691
Labels
detector:linux
The Linux detector
status:requirements
Full requirements are not yet known, so implementation should not be started
type:feature
Feature (new functionality)
Hello,
We were trying to create SBOM for our production image using sbom-tool but it seems we have hit a blocker.
Our image is not created using docker, its a VM image created using packer.
SBOM tool uses component-detection tool to get the dependencies and for Linux it seems only way is passing docker image to the tool.
We tried running to component-detection tool directly on the VM from which we create the image but it does not capture any Linux packages installed on the image.
Linux scanner logs "No instructions received to scan docker images." and then returns.
syft tool does support scanning of a file system which is what component-detection tool uses for Linux scanner.
What is the workaround to detect Linux packages from the filesystem? We are blocked on this currently and unable to meet our SBOM requirement.
AB#2088307
The text was updated successfully, but these errors were encountered: