[BUG] [ws-sbom-generator] Image Unusable When Overriding Entrypoint

[AlexWilson-GIS]

Bug Description
When overriding the entrypoint of the image to a shell, the SBOM generator fails to run to completion. This impacts my ability to use it inside a CI/CD system like Gitlab, where overriding the entrypoint of an image allows you to pass script steps in the pipeline file directly into the image, along with effortlessly importing previous job artifacts into the container and saving new ones out of the container at the end of the job. The alternative of running the image with its default entry point results in a convoluted situation where I have to create a docker-in-docker container, create a container from this image inside the first container, pass every environment variable through as a separate CLI flag, and create inter-container mount points to pass artifacts back and forth between the outer and inner containers. That extra level of hassle has resulted in me using a python container and installing the generator package through pip at the start of every run, rather than using this image.

Steps to Reproduce
Steps to reproduce the behavior:

1. Run this image locally and override the entrypoint to a shell
   • docker run --rm -it --entrypoint /bin/bash whitesourcetools/ws-sbom-generator:latest
   • docker run --rm -it --entrypoint /bin/sh whitesourcetools/ws-sbom-generator:latest
2. Try and generate an SBOM report from within the container
   • ws_sbom_generator -u <user token> -k <api key> -s <product token> --type json -o report.json
3. Program crashes

Expected Behavior
Generate SBOM file.

Environment Details

• OS: Ubuntu 20.04 on WSL, although this error occurs within the Docker image.

[rammatzkvosky]

Hi @AlexWilson-GIS , which WSL version you are using ? Is it 1/2/g ?

Also , could you please share your pipeline steps ? Can these samples assist you ?

[AlexWilson-GIS]

The WSL version is 2. The image also fails to run on my normal Ubuntu 20.04 Gitlab runner. The steps I outlined earlier were done on my local WSL after I couldn't get the image to work in my pipeline. I apologize for not being clear about that. The pipeline code is as follows:

.Generate SBOM for Specific Project:
  tags:
    - docker
  image: 
    #name: whitesourcetools/ws-sbom-generator
    name: python:slim
    entrypoint: [""]
  script:
    - pip install numpy ws-sbom-generator
    - ws_sbom_generator -t json -e $PATH_TO_EXTRA_AND_CONFIG_FILE -u $WS_USERKEY -k $WS_APIKEY -s $WS_PROJECTTOKEN -o $WS_OUT_DIR

Commenting out the pip install step and switching images will create the pipeline code I was attempting to use. The code in its current state is my alternative. I will look over the samples and see if they help me, thanks.

[DimarrWS]

Hi @AlexWilson-GIS !

I want to clarify our backlog. The SBOM-generator was updated a few times after March. Can you please confirm the issue, or can we close it? Thanks in advance, Dima

[tidharm]

@AlexWilson-GIS we haven't received any response on this issue recently, but regardless, as Mend has added to the core functionality the ability to export SBOM reports in SPDX format, we've started the process of deprecating this repository, so we'll be closing this issue.

If this use case is still relevant, please refer to Mend's documentation, for either exporting SBOM from the UI (The SBOM Export Report) or using Mend's API (Get SBOM Report with SPDX).