Giter Site home page Giter Site logo

Comments (8)

jpkrohling avatar jpkrohling commented on August 17, 2024 2

Thank you for the investigation!

from opentelemetry-collector-releases.

jpkrohling avatar jpkrohling commented on August 17, 2024

@cpanato, do you have an idea on what's going on?

@cartersocha, this is the issue we talked about during the SIG Security call.

from opentelemetry-collector-releases.

cpanato avatar cpanato commented on August 17, 2024

hum looks like it is doing working well with the .tar.gz, i think that is better only with the binary, i can change that

from opentelemetry-collector-releases.

cpanato avatar cpanato commented on August 17, 2024

seems we need to pass some config options

run locally (with the correct version now)

 syft scan otelcol-contrib_0.98.0_darwin_amd64.tar.gz -o spdx-json                                                                                                                                                                                                                                                                                                                                                                                                                                         ✔ Indexed file system                                                                                                                                                                                                                                                                                                                                                                                          /private/var/folders/kl/q9mydw095ln5s7wj971qcrx40000gn/T/syft-archive-contents-177865781   ✔ Cataloged contents                                                                                                                                                                                                                                                                                                                                                                                                                   f2d873bf5f6127ce965934c5ee10665f83195ae3264690a496e63b895f996567     ├── ✔ Packages                        [675 packages]                                                                                                                                                                                                                                                                                                                                                                                                                                                      └── ✔ Executables                     [1 executables]
{"spdxVersion":"SPDX-2.3","dataLicense":"CC0-1.0","SPDXID":"SPDXRef-DOCUMENT","name":"otelcol-contrib_0.98.0_darwin_amd64.tar.gz","documentNamespace":"https://anchore.com/syft/file/otelcol-contrib_0.98.0_darwin_amd64.tar.gz-0605e1c6-a055-45ad-bb22-611d8ad283b8","creationInfo":{"licenseListVersion":"3.23","creators":["Organization: Anchore, Inc","Tool: syft-1.1.1"],"created":"2024-04-12T08:27:15Z"},"packages":[{"name":"bitbucket.org/atlassian/go-asap/v2","SPDXID":"SPDXRef-Package-go-mod
ule-bitbucket.org-atlassian-go-asap-v2-249ebae86b40f5df","versionInfo":"v2.8.0","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"checksums":[{"algorithm":"SHA256","checksumValue":"24be2392dad94f71fc187924789d5109d849e5870ec9571c03fd9327869edc8d"}],"sourceInfo":"acquired package info from go module information: otelcol-contrib","licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategor
y":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:atlassian:go-asap\\/v2:v2.8.0:*:*:*:*:*:*:*"},{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:atlassian:go_asap\\/v2:v2.8.0:*:*:*:*:*:*:*"},{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:golang/bitbucket.org/atlassian/[email protected]#v2"}]},{"name":"cloud.google.com/go","SPDXID":"SPDXRef-Package-go-module-cloud.google.com-go-c5a7793790f
1ea74","versionInfo":"v0.112.2","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"checksums":[{"algorithm":"SHA256","checksumValue":"65a193e8b886edd0738baccd3af559c1a71a5e599fde546a9c2e03433ab2450c"}],"sourceInfo":"acquired package info from go module information: otelcol-contrib","licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","ref
erenceLocator":"pkg:golang/cloud.google.com/[email protected]"}]},{"name":"cloud.google.com/go/compute/metadata","SPDXID":"SPDXRef-Package-go-module-cloud.google.com-go-compute-metadata-e4175b7b6cf1e683","versionInfo":"v0.2.4-0.20230617002413-005d2dfb6b68","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"checksums":[{"algorithm":"SHA256","checksumValue":"69156a635a76209681192b5632c40ca6401af3770f9020cb97cd1e3a3d116f3e"}],"sourceInfo":"acquired package info fro
m go module information: otelcol-contrib","licenseConc
...

from opentelemetry-collector-releases.

cpanato avatar cpanato commented on August 17, 2024

i run the gorelease locally and the sboms was created with data

from opentelemetry-collector-releases.

cpanato avatar cpanato commented on August 17, 2024

we need to make sure we have the latest syft, checking that

from opentelemetry-collector-releases.

cpanato avatar cpanato commented on August 17, 2024

seems ok

was able to reproduce the issue with syft v1.1.0 with v1.1.1 was ok

from opentelemetry-collector-releases.

cpanato avatar cpanato commented on August 17, 2024

we need to wait for anchore/sbom-action#456

from opentelemetry-collector-releases.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.