Comments (2)
I think this is because the binary classifier for redis matches against the amd64 build of redis but _not_the arm64 build.
❯ syft -q --platform=linux/amd64 docker.io/bitnami/redis@sha256:c1843bcdb2f413d2aff67adbaf482082673cd40ec602fa9fefad74ec685cb813 | grep -i ^redis
redis 7.2.4 binary
❯ syft -q --platform=linux/arm64 docker.io/bitnami/redis@sha256:c1843bcdb2f413d2aff67adbaf482082673cd40ec602fa9fefad74ec685cb813 | grep -i ^redis
I believe the digest points to a multi-architecture manifest, so when syft asks docker to pull the image, the client decides which platform to pull, and if the client pulls the linux/amd64 platform, redis is found, but not if it pulls the linux/arm64 platform.
I'll leave this issue open as a request to enhance the binary classifier to detect the arm64 build of redis.
from syft.
Please let me report additional not listed cases.
syft does not detect redis frmo 3/8 OS/ARCH of redis:latest.
$ syft -q --platform=linux/386 redis | grep redis
$
$ syft -q --platform=linux/arm/v5 redis | grep redis
$
$ syft -q --platform=linux/arm/v7 redis | grep redis
$
format includes text - buildkitsandbox
$ docker run -it --rm --platform linux/386 redis sh -c "apt update && apt install -y binutils && strings /usr/local/bin/redis-server | grep -E '7\.2\.4'"
:
:
:
7.2.4
7.2.4buildkitsandbox-1712714399000000000
$ docker run -it --rm --platform linux/arm/v5 redis sh -c "apt update && apt install -y binutils && strings /usr/local/bin/redis-server | grep -E '7\.2\.4'"
:
:
:
7.2.4
7.2.4buildkitsandbox-1712788833000000000
$ docker run -it --rm --platform linux/arm/v7 redis sh -c "apt update && apt install -y binutils && strings /usr/local/bin/redis-server | grep -E '7\.2\.4'"
:
:
:
7.2.4
7.2.4buildkitsandbox-1712788833000000000
bitnami
$ docker run -it --rm --platform=linux/arm64 --user root docker.io/bitnami/redis@sha256:c1843bcdb2f413d2aff67adbaf482082673cd40ec602fa9fefad74ec685cb813 sh -c "apt update && apt install -y binutils && strings /opt/bitnami/redis/bin/redis-server | grep -E '7\.2\.4'"
:
:
:
7.2.4
7.2.4af940fca2d06-1706617069000000000
/bitnami/blacksmith-sandox/redis-7.2.4/src
/bitnami/blacksmith-sandox/redis-7.2.4/deps/hiredis
from syft.
Related Issues (20)
- Regression in 1.1 cataloging openjdk: generates version containing a null byte HOT 13
- Syft reports some fw* pckages, which are nowhere to find HOT 4
- Add support for dnf packages HOT 1
- Support Swift Package Manager Package.resolved schema version 3 HOT 2
- Catalog TiDB binary
- License not pickedup for binaries like java (openjdk), node (nodejs) HOT 4
- Ignore Go compiler affecting CVE when Docker image only contains a binary compiled with Go HOT 2
- Pom parser not resolving all dependency versions
- SBOM is generated with empty name HOT 4
- components inside tar.gz / tgz not picked up HOT 2
- Golang: Search remote licenses not working in a CI pipeline when scanning Docker image HOT 4
- Clearly document the fact that CPE strings could be made up HOT 1
- Recognition of files in a folder works inconsistently between Linux distributions. HOT 1
- New version 1.3.0 leads to "too many open files" while scanning bigger images HOT 1
- Add `bun-lock-cataloger` & `bun-binary-cataloger` catalogers HOT 1
- Improve linting for `defer Close` type issues HOT 2
- Binary copied to image omitted from SBOM HOT 4
- Relationships / Dependencies are present in Syft json and SPDX json files but not in Cyclonedx json file format HOT 3
- Not all the packages are getting imported in Blackduck scanner HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from syft.