Recognition of files in a folder works inconsistently between Linux distributions. #2808
Labels
bug
Something isn't working
needs-reproduction
missing steps to reproduce or steps have not been confirmed
What happened:
Syft does not recognize binary files on archlinux that are recognized on rockylinux even though the contents of the folder are identical.
I have prepared a script that reproduces this behavior.
The script using 'incus' starts two VMs with different Linux distributions (rockylinux and archlinux) and runs syft from a container inside the VMs to scan the folder. The folder contains the unpacked docker-ce rpm package.
I decided to unpack the rpm before scanning because the purl/cpe generated by syft from the packed package does not allow finding CVEs assigned to docker. Which in most databases are either assigned to the moby project or to the github/docker/docker repository or prul pkg:rpm/docker repository.
What you expected to happen:
Syft should produce the same report from folders containing the same files on both Linux distributions.
Steps to reproduce the issue:
Anything else we need to know?:
To run the script, you must have 'incus' or
lxd
installed with the ability to create virtual machines. In the case of lxd, replace the 'incus' command withlxc
in the script.Environment:
syft version
:cat /etc/os-release
:The text was updated successfully, but these errors were encountered: