search

docker / sbom-cli-plugin

Plugin for Docker CLI to support SBOM creation using Syft
Apache License 2.0
150 stars 15 forks source link

docker sbom leaves large files in /tmp #35

Open drjasonharrison opened 1 year ago

drjasonharrison commented 1 year ago

What happened: Ran 

docker sbom my-image

and file left in /tmp/sbom-cli-plugin-..../docker-daemon-image....

What you expected to happen:

SBOM output on STDOUT, and no files left on device

How to reproduce it (as minimally and precisely as possible):

ls /tmp/sbom* > before.txt 2>/dev/null
docker sbom my-image
ls /tmp/sbom* > after.txt 2>/dev/null
diff before.txt after.txt

Anything else we need to know?:

Confirmed on two machines (see below)

Environment:

Machine 1:

Client: Docker Engine - Community
 Version:           24.0.2
 API version:       1.43
 Go version:        go1.20.4
 Git commit:        cb74dfc
 Built:             Thu May 25 21:52:13 2023
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          24.0.2
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.20.4
  Git commit:       659604f
  Built:            Thu May 25 21:52:13 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.21
  GitCommit:        3dce8eb055cbb6872793272b4f20ed16117344f8
 runc:
  Version:          1.1.7
  GitCommit:        v1.1.7-0-g860f061
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

Machine 2:

docker version
Client:
 Version:           19.03.6
 API version:       1.40
 Go version:        go1.12.17
 Git commit:        369ce74a3c
 Built:             Wed Oct 14 19:03:30 2020
 OS/Arch:           linux/arm64
 Experimental:      false

Server:
 Engine:
  Version:          19.03.6
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.17
  Git commit:       369ce74a3c
  Built:            Wed Oct 14 16:52:50 2020
  OS/Arch:          linux/arm64
  Experimental:     false
 containerd:
  Version:          1.3.3-0ubuntu1~18.04.3
  GitCommit:        
 runc:
  Version:          spec: 1.0.1-dev
  GitCommit:        
 docker-init:
  Version:          0.18.0
  GitCommit:

Machine 1:

Application:        docker-sbom (0.6.1)
Provider:           syft (v0.46.3)
GitCommit:          02cf1c888ad6662109ac6e3be618392514a56316
GitDescription:     v0.6.1
Platform:           linux/amd64

Machine 2:

Application:        docker-sbom (0.6.1)
Provider:           syft (v0.46.3)
GitCommit:          02cf1c888ad6662109ac6e3be618392514a56316
GitDescription:     v0.6.1
Platform:           linux/arm64
mpoqq commented 10 months ago

Should be fixed by https://github.com/docker/sbom-cli-plugin/pull/24. Unfortunately there is no new release with the fix.