Comments (3)
thaJeztah
commented on August 20, 2024
/cc @cdupuis
from scout-cli.
willdeane
commented on August 20, 2024
I'm also getting this error when scanning the Chainguard Wolfi image.
$ docker pull cgr.dev/chainguard/wolfi-base
Using default tag: latest
latest: Pulling from chainguard/wolfi-base
33f07347d8b7: Pull complete
Digest: sha256:d141305384203efd88710c735d71a3975371174ad882c181b5ce0bdb583615e6
Status: Downloaded newer image for cgr.dev/chainguard/wolfi-base:latest
cgr.dev/chainguard/wolfi-base:latest
$
$ docker sbom cgr.dev/chainguard/wolfi-base
Syft v0.43.0
✔ Loaded image
✔ Parsed image
✔ Cataloged packages [14 packages]
NAME VERSION TYPE
apk-tools 2.14.0-r0 apk
busybox 1.36.1-r2 apk
ca-certificates-bundle 20230506-r0 apk
glibc 2.38-r1 apk
glibc-locale-posix 2.38-r1 apk
ld-linux 2.38-r1 apk
libcrypt1 2.38-r1 apk
libcrypto3 3.1.3-r0 apk
libssl3 3.1.3-r0 apk
openssl-config 3.1.3-r0 apk
wolfi-base 1-r3 apk
wolfi-baselayout 20230201-r6 apk
wolfi-keys 1-r5 apk
zlib 1.3-r0 apk
$
$ docker scout cves cgr.dev/chainguard/wolfi-base
Analyzing image cgr.dev/chainguard/wolfi-base
✓ Image stored for indexing
⠋ Indexing panic: runtime error: index out of range [0] with length 0
goroutine 13 [running]:
github.com/anchore/syft/syft/pkg/cataloger/apkdb.stripVersionSpecifier(...)
/home/runner/go/pkg/mod/github.com/anchore/[email protected]/syft/pkg/cataloger/apkdb/parse_apk_db.go:356
github.com/anchore/syft/syft/pkg/cataloger/apkdb.discoverPackageDependencies({0x14000292c00, 0xe, 0x140012312d2?})
/home/runner/go/pkg/mod/github.com/anchore/[email protected]/syft/pkg/cataloger/apkdb/parse_apk_db.go:316 +0x898
github.com/anchore/syft/syft/pkg/cataloger/apkdb.parseApkDB({0x14000126e58?, 0x140004af0c8?}, 0x1400101a2b0, {{{{0x140004af0c8, 0x15}, {0x14000fa73b0, 0x47}}, {0x140012263c0, 0x15}, {0x86, ...}}, ...})
/home/runner/go/pkg/mod/github.com/anchore/[email protected]/syft/pkg/cataloger/apkdb/parse_apk_db.go:101 +0x614
github.com/anchore/syft/syft/pkg/cataloger/generic.(*Cataloger).Catalog(0x14001929920, {0x106953c90, 0x14000126e58})
/home/runner/go/pkg/mod/github.com/anchore/[email protected]/syft/pkg/cataloger/generic/cataloger.go:129 +0x6b8
github.com/anchore/syft/syft/pkg/cataloger.runCataloger({0x106944740, 0x14001929920}, {0x106953c90?, 0x14000126e58})
/home/runner/go/pkg/mod/github.com/anchore/[email protected]/syft/pkg/cataloger/catalog.go:57 +0x15c
github.com/anchore/syft/syft/pkg/cataloger.Catalog.func1()
/home/runner/go/pkg/mod/github.com/anchore/[email protected]/syft/pkg/cataloger/catalog.go:127 +0xcc
created by github.com/anchore/syft/syft/pkg/cataloger.Catalog
/home/runner/go/pkg/mod/github.com/anchore/[email protected]/syft/pkg/cataloger/catalog.go:122 +0x250
from scout-cli.
cdupuis
commented on August 20, 2024
@willdeane what version of the Scout CLI are you on? I believe this was fixed already.
❯ docker scout cves cgr.dev/chainguard/wolfi-base
✓ Pulled
✓ Image stored for indexing
✓ Indexed 16 packages
✓ No vulnerable package detected
## Overview
│ Analyzed Image
────────────────────┼─────────────────────────────────────────
Image reference │ cgr.dev/chainguard/wolfi-base:latest
│ 43f3fb67f990
platform │ linux/arm64
vulnerabilities │ 0C 0H 0M 0L
size │ 4.7 MB
packages │ 16
## Packages and Vulnerabilities
from scout-cli.
Related Issues (20)
- Docker Scout does not honor Chainguard's advisory data/secdb HOT 2
- Image Analyze can't finish
- SPDX output into the file
- temporary file/cache location configurability HOT 11
- Non-JSON output with `--format sarif`
- Docker scout installation folder does not fit on Windows 11
- docker-scout in Jenkins is getting permission denied error HOT 4
- Docker scout false positive on [email protected] HOT 2
- docker scout skip not-fixed [feature request] HOT 2
- ERROR Status: could not get repositories for org <org_name>: could not list skills: failed to list integration configurations: 403 403 Forbidden, CodEe: 1 HOT 5
- Docker scout is misreading base image version number HOT 2
- Finding vulnerabilities in python pip packages HOT 3
- Change release names so that they can be matched with uname
- I cannot record an image to an environment (Windows) HOT 2
- docker scout fails on aarch64 HOT 6
- After update of Docker Desktop (4.27.0), cant scan any local image anymore HOT 7
- docker scout doesn't use proxy settings HOT 5
- docker scout could not get the image from cache HOT 6
- False positive when a *.deps.json file contains a dependency to a vulnerable package HOT 7
- Compare/analyze SBOMs HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from scout-cli.