You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Consider the following scenario of tracing an install that involves extracting a tarball during docker build.
WORKDIR /opt/
RUN wget https://download.com/cloud/tools/abc.tar.gz -O abc.tar.gz &&\
tar xvf abc.tar.gz &&\
rm abc.tar.gz &&\
The tartball abc.tar.gz contains the following directory and files. Notice that the tarball file name is different from the leading directory name in the tarball content, e.g. abc vs somedir.
/somedir/file1
/somedir/file2
Without knowing the tarball directory information, we do not know the precise destination path of the extracted files by just parsing a Dockerfile. Currently the trace uses the parent directory as the destination, e.g. /opt/, and could not produce a valid SBOM component for it.
The text was updated successfully, but these errors were encountered:
Consider the following scenario of tracing an install that involves extracting a tarball during docker build.
The tartball
abc.tar.gzcontains the following directory and files. Notice that the tarball file name is different from the leading directory name in the tarball content, e.g.abcvssomedir./somedir/file1
/somedir/file2
Without knowing the tarball directory information, we do not know the precise destination path of the extracted files by just parsing a Dockerfile. Currently the trace uses the parent directory as the destination, e.g.
/opt/, and could not produce a valid SBOM component for it.The text was updated successfully, but these errors were encountered: