Comments (8)
Hi @nscuro , first, thank you for your quick response! Effectively, I added the env variable in the docker command, and it works well ๐ , this was my probe:
docker run -it \
-v "$(pwd):/usr/src/test" \
-v "$(pwd)/reports:/out" \
-e "GOCACHE=/tmp/gocache" \
cyclonedx/cyclonedx-gomod:v1.4 mod -json -output bom.json /usr/src/test
Thank you!!! Anyways, I saw your MR, which is merged, and I've tried also the docker latest
image, works well ๐
docker run -it \
-v "$(pwd):/usr/src/test" \
-v "$(pwd)/reports:/out" \
cyclonedx/cyclonedx-gomod mod -json -output /out/bom.json /usr/src/test
from cyclonedx-gomod.
Prob. related with not being able to download the private repo... or something related.
from cyclonedx-gomod.
Hello team, any updates about this issue? I tried using the docker image, tag v1.4
and I have the same error as @jeroendee reported. If I use the client locally in the laptop works well...
from cyclonedx-gomod.
Is it possible to provide some kind of minimal reproducer for this? I have not been able to replicate this so far.
Generally, if a project depends on private modules, then the usual setup of GOPRIVATE
etc. required for private modules is necessary to generate an SBOM for the project. If it works on your local machine, but doesn't in CI, then there's some sort of setup, config, or environment variable missing in CI, that exists on your local machine.
from cyclonedx-gomod.
From my side, I couldn't try it with Github actions, but I did it using docker.
If I execute the client app locally:
go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@latest
# in the dir of my project:
cyclonedx-gomod mod -json -output bom.json .
The BOM file is generated correctly.
But then, running the docker container, using as volume the root of my project:
docker run -it \
-v "$(pwd):/usr/src/test" \
-v "$(pwd)/reports:/out" \
cyclonedx/cyclonedx-gomod:v1.4 mod -json -output bom.json /usr/src/test
I have this output:
{"level":"error","error":"failed to download modules: command `/usr/local/go/bin/go mod why -m -vendor github.com/CycloneDX/cyclonedx-go` failed: exit status 1","time":"2023-08-03T11:38:44Z"}
I don't know the root cause, but with this, I'm not sure that's related to private repos, it seems an error executing the go mod why
command.
from cyclonedx-gomod.
Thanks for the input @bcordobaq. I ran the go mod why
command from within the container, and I got this error:
failed to initialize build cache at /.cache/go-build: mkdir /.cache: permission denied
Which lead me to this issue: golang/go#26280 (comment)
We use a non-root user in our Dockerfile
:
cyclonedx-gomod/Dockerfile.goreleaser
Lines 3 to 7 in c44a3b1
Adding this to the docker
command works for me:
-e "GOCACHE=/tmp/gocache"
Can you verify that this resolves the issue? If so, I'll get this added to our Dockerfile
and push a bugfix release out later today.
from cyclonedx-gomod.
I'll also see if I can improve the logging. Seems like currently we're swallowing the actual error message, which is not helpful.
from cyclonedx-gomod.
Actually it is logged in debug mode (with -verbose
flag):
$ docker run -it --rm -v "$(pwd):/work" cyclonedx/cyclonedx-gomod:v1.4.0 mod -verbose /work
4:00PM DBG executing command cmd="/usr/local/go/bin/go mod why -m -vendor github.com/CycloneDX/cyclonedx-go" dir=/work
4:00PM DBG failed to initialize build cache at /.cache/go-build: mkdir /.cache: permission denied
{"level":"error","error":"failed to download modules: command `/usr/local/go/bin/go mod why -m -vendor github.com/CycloneDX/cyclonedx-go` failed: exit status 1","time":"2023-08-03T16:00:03Z"}
from cyclonedx-gomod.
Related Issues (20)
- Capture vendored modules in stdlib
- Include OS and architecture in PURL qualifiers of main components
- sign binaries and container images with cosign HOT 1
- Generated BOM has incompatible '+' HOT 1
- Missing dependencies (e.g. ghodss/yaml missing in kubernetes/apimachinery) HOT 2
- mod failed due to calculating has of non go file HOT 8
- Troubles to scan vendored private modules if there's no access to the private repository HOT 1
- flag provided but not defined: -output-version HOT 2
- GitHub API rate limit HOT 2
- Support for non linux and amd64 for running unit test
- Can you please cut a new release? HOT 2
- Support optional name input
- 8:57PM ERR error="failed to convert modules: failed to calculate module hash: open /Makefile: no such file or directory" HOT 1
- I just want to plug in SBOM for my project, use cyclonedx-gomd command why download cyclonedx-go first, how to solve this problem HOT 3
- No Author information in SBOM HOT 2
- Add license text and copyright to SBOM
- cyclonedx-gomod mod -licenses -json -output ./sbom.json ็ๆ็่ฎธๅฏ่ฏไฟกๆฏไธบไปไนๆฏ่ฟ็ง "evidence": { "licenses": [ { "license": { "id": "MIT" } } ] }่ไธๆฏ "licenses": [ { "license": { "id": "MIT" } } ] HOT 1
- Last repository tag picked over first reachable when determining version HOT 3
- Failed to load stdlib module when executing cyclonedx-gomod HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cyclonedx-gomod.