Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error when running sbom-generate #17

Closed
Tristramg opened this issue Aug 13, 2024 · 2 comments
Closed

Error when running sbom-generate #17

Tristramg opened this issue Aug 13, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@Tristramg
Copy link

On linux (archlinux):

❯ pipx --version
1.6.0
❯ python --version
Python 3.12.3
❯ git clone https://github.com/osrd-project/liblrs.git
❯ cd liblrs/
❯ pipx run compliance-assistant -v sbom-generate -d . -o ./sbom_data/bom.json

DEBUG: Trying paths: ['/home/tristram/.docker/config.json', '/home/tristram/.dockercfg']
DEBUG: No config file found
DEBUG: Trying paths: ['/home/tristram/.docker/config.json', '/home/tristram/.dockercfg']
DEBUG: No config file found
DEBUG: http://localhost:None "GET /version HTTP/11" 200 782
INFO: Generating SBOM for /home/tristram/travail/sncf/temp_test/liblrs using cdxgen
DEBUG: Running image 'ghcr.io/cyclonedx/cdxgen' on directory '/home/tristram/travail/sncf/temp_test/liblrs' with name 'liblrs_68f9d4' and output '/tmp/tmp06eblbtz'
DEBUG: http://localhost:None "POST /v1.45/containers/create?name=liblrs_68f9d4 HTTP/11" 201 88
DEBUG: http://localhost:None "GET /v1.45/containers/a4dd569272c9f5fa423408cdf00f8334392a5bb2f45dbc05bb381d0701c0330f/json HTTP/11" 200 None
DEBUG: http://localhost:None "POST /v1.45/containers/a4dd569272c9f5fa423408cdf00f8334392a5bb2f45dbc05bb381d0701c0330f/start HTTP/11" 204 0
DEBUG: http://localhost:None "GET /v1.45/containers/a4dd569272c9f5fa423408cdf00f8334392a5bb2f45dbc05bb381d0701c0330f/logs?stderr=0&stdout=1&timestamps=0&follow=1&tail=all HTTP/11" 200 None
DEBUG: http://localhost:None "GET /v1.45/containers/a4dd569272c9f5fa423408cdf00f8334392a5bb2f45dbc05bb381d0701c0330f/json HTTP/11" 200 None
DEBUG: http://localhost:None "POST /v1.45/containers/a4dd569272c9f5fa423408cdf00f8334392a5bb2f45dbc05bb381d0701c0330f/wait HTTP/11" 200 None
DEBUG: http://localhost:None "GET /v1.45/containers/a4dd569272c9f5fa423408cdf00f8334392a5bb2f45dbc05bb381d0701c0330f/logs?stderr=1&stdout=0&timestamps=0&follow=0&tail=all HTTP/11" 200 None
DEBUG: http://localhost:None "GET /v1.45/containers/a4dd569272c9f5fa423408cdf00f8334392a5bb2f45dbc05bb381d0701c0330f/json HTTP/11" 200 None
DEBUG: http://localhost:None "DELETE /v1.45/containers/a4dd569272c9f5fa423408cdf00f8334392a5bb2f45dbc05bb381d0701c0330f?v=False&link=False&force=False HTTP/11" 204 0
CRITICAL: Docker container wasn't able to start: Command '['-r', '/app', '-o', '/sbom_data/tmp06eblbtz']' in image 'ghcr.io/cyclonedx/cdxgen' returned non-zero exit status 1: b''

When running the docker by hand:

❯ docker run --rm  -v .:/app:rw -v ./sbom_data:/sbom_data -t ghcr.io/cyclonedx/cdxgen -r /app -o /sbom_data/sbom.json

The file is generated as expected

@mxmehl mxmehl added this to the v0.4.0 milestone Aug 14, 2024
@mxmehl mxmehl added the bug Something isn't working label Aug 14, 2024
@mxmehl
Copy link
Member

mxmehl commented Sep 3, 2024

I cannot reproduce this error and have no idea why the Docker container exits with 1. May I ask you to do the following to ensure we're using the same environment?

  1. docker pull ghcr.io/cyclonedx/cdxgen to use the latest image
  2. pipx upgrade compliance-assistant to ensure you're using version 3.x of this tool
  3. Use the new command structure, and ensure the file is created in the same directory: pipx run compliance-assistant sbom generate -d . -o bom.json -v

In any case, you're also free to use any other tool that generates a CycloneDX SBOM, and enrich the data on top of that (using the sbom enrich command). For example syft: syft scan . -o cyclonedx-json > bom.json. I will work towards making this clear in the docu, and extend the sbom generate command to support more than just cdxgen in Docker.

@mxmehl mxmehl removed this from the v0.4.0 milestone Sep 20, 2024
@mxmehl
Copy link
Member

mxmehl commented Sep 20, 2024

Since #27 you can also use other SBOM generators, e.g. syft and cdxgen as installed on your system.

I'd close this issues as I couldn't reproduce this issue with Docker. Please feel free to comment as soon as there is updated info. Thanks!

@mxmehl mxmehl closed this as completed Sep 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants