-
Notifications
You must be signed in to change notification settings - Fork 187
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Generating CycloneDX SBOM fails #1097
Labels
bug
Something went wrong
Comments
Thanks for the report @JDemler! Will get going on a fix for this. |
rnjudge
added a commit
to rnjudge/tern
that referenced
this issue
Jan 14, 2022
Commit 0891287 introduced using the OCIImage class instead of DockerImage for container image analysis. There is a difference in the name and type of the variable that holds the repository tag ('repotags' list for DockerImage vs 'repotag' string for OCIImage) which is causing the CycloneDX format to break. This was not caught prior to the release because there are no tests for the CycloneDX format in the ci test file. This commit resolves the CycloneDX format bug by using the repository tag variable name depending on image type and also adds an appropriate test in the ci test file to try to avoid this issue in the future. Lastly, we add 'undefined-variable' to the list of pylint warnings to ignore as it was being incorrectly surfaced during prospector runs. Resolves tern-tools#1097 Signed-off-by: Rose Judge <rjudge@vmware.com>
rnjudge
added a commit
to rnjudge/tern
that referenced
this issue
Jan 14, 2022
Commit 0891287 introduced using the OCIImage class instead of DockerImage for container image analysis. There is a difference in the name and type of the variable that holds the repository tag ('repotags' list for DockerImage vs 'repotag' string for OCIImage) which is causing the CycloneDX format to break. This was not caught prior to the release because there are no tests for the CycloneDX format in the ci test file. This commit resolves the CycloneDX format bug by using the repository tag variable name depending on image type and also adds an appropriate test in the ci test file to try to avoid this issue in the future. Lastly, we add 'undefined-variable' to the list of pylint and pyflakes warnings to ignore as it was being incorrectly surfaced during prospector runs. Resolves tern-tools#1097 Signed-off-by: Rose Judge <rjudge@vmware.com>
rnjudge
added a commit
to rnjudge/tern
that referenced
this issue
Jan 20, 2022
Commit 0891287 introduced using the OCIImage class instead of DockerImage for container image analysis. There is a difference in the name and type of the variable that holds the repository tag ('repotags' list for DockerImage vs 'repotag' string for OCIImage) which is causing the CycloneDX format to break. This was not caught prior to the release because there are no tests for the CycloneDX format in the ci test file. This commit resolves the CycloneDX format bug by using the repository tag variable name depending on image type and also adds an appropriate test in the ci test file to try to avoid this issue in the future. Resolves tern-tools#1097 Signed-off-by: Rose Judge <rjudge@vmware.com>
nishakm
pushed a commit
that referenced
this issue
Jan 20, 2022
Commit 0891287 introduced using the OCIImage class instead of DockerImage for container image analysis. There is a difference in the name and type of the variable that holds the repository tag ('repotags' list for DockerImage vs 'repotag' string for OCIImage) which is causing the CycloneDX format to break. This was not caught prior to the release because there are no tests for the CycloneDX format in the ci test file. This commit resolves the CycloneDX format bug by using the repository tag variable name depending on image type and also adds an appropriate test in the ci test file to try to avoid this issue in the future. Resolves #1097 Signed-off-by: Rose Judge <rjudge@vmware.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
./docker_run.sh ternd "report -f cyclonedxjson -i debian:buster" > bom.json
fails withAttributeError: 'OCIImage' object has no attribute 'repotags'
To Reproduce
Steps to reproduce the behavior:
docker build -f docker/Dockerfile -t ternd .
./docker_run.sh ternd "report -f cyclonedxjson -i debian:buster" > bom.json
Error in terminal
Expected behavior
When removing the
-f cyclonedxjson
flag everything works as expected.Environment you are running Tern on
Enter all that apply
On WSL2 Ubuntu:
Linux --- 5.10.60.1-microsoft-standard-WSL2 #1 SMP Wed Aug 25 23:20:18 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
The text was updated successfully, but these errors were encountered: