search

anchore / scan-action

Anchore container analysis and scan provided as a GitHub Action
MIT License
201 stars 75 forks source link

Scan action fails decode syft-json document #298

Closed hkadakia closed 1 month ago

hkadakia commented 5 months ago

Seeing the below issue when running scan-action

Run anchore/sbom-action@9fece9e20048ca9590af301449208b2b8861333b
  with:
    image: nginx:latest
    format: syft-json
    output-file: /tmp/sbom.syft.json

Run anchore/scan-action@3343887d815d7b07465f6fdcd395bd66508d486a
  with:
    fail-build: false
    sbom: /tmp/sbom.syft.json
    output-format: json

Executing: grype -o json --fail-on medium sbom:/tmp/sbom.syft.json
  1 error occurred:
    * failed to catalog: unable to decode sbom: unable to decode syft-json document: json: cannot unmarshal object into Go struct field Document.artifacts of type string

Syft/Sbom-action version: 9fece9e20048ca9590af301449208b2b8861333b (v0.15.9) Grype/Scan-action version: 3343887d815d7b07465f6fdcd395bd66508d486a (v3.6.4)

popey commented 1 month ago

Hi @hkadakia - thanks so much for filing this issue. Apologies for the delay getting back to you. We have some confidence that this should be resolved in a newer release, but some more testing is required. Are you still seeing this behavior with the latest releases of sbom-action and scan-action?

popey commented 1 month ago

Hi @hkadakia - I'm going to close this issue, feel free to re-open or start a new one if this is an issue with the currently released version.

hkadakia commented 1 month ago

Yes I haven't noticed any issues so far.