Closed sophiewigmore closed 1 year ago
Hi @sophiewigmore -- I believe this was just fixed (with PR #1313) and a new version of Syft released (v0.60.3) with the fix in it; could you validate this fixes your issue?
Ah! Let me try.
Yes, that worked. Totally missed that fix. Thank you :)
Thanks for following up, @sophiewigmore!
Please provide a set of steps on how to reproduce the issue
What happened:
Running
syft packages <oci archive> --output cyclonedx-json --file sbom.json
panics during the cataloguing phase:This only occurs for one of our OCI archives, which has a lot of packages (800+). You can test this out by downloading an example OCI archive similar to the one I was testing with from our release: https://github.com/paketo-buildpacks/jammy-full-stack/releases/download/v0.0.31/jammy-full-stack-0.0.31-build.oci and then running the same
syft package
command on it with Syft 0.60.1What you expected to happen:
Expected SBOM generation to succeed as usual
Anything else we need to know?:
This issue only starting happening on 0.60.1 (and 0.60.2)
Environment:
syft version
: 0.60.1cat /etc/os-release
or similar): mac OS and Ubuntu 22.04.1