Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

BOMs from Docker image missing packages

See original GitHub issue

Using cdxgen on a Docker image will generate BOM, but not correct one. Many of the packages installed in our python project is missing, compared to running cdxgen on the project directly.

Our Docker image has a workdir of \app, could this be an issue? Does cdxgen want a specific workdir to work correctly?

Issue Analytics

State:
Created a year ago
Comments:21

Top GitHub Comments

1reaction

prabhucommented, May 13, 2022

Not a problem. Glad it worked!

1reaction

diblazecommented, May 13, 2022

@prabhu Now it works! I did not see that my previous log-snippet was badly formatted. Sorry!

Top Results From Across the Web

SBOM from a source code repos have missing or ... - GitHub

Yes, Syft is intended to generate an accurate SBOM from a root scan of the filesystem, e.g. for Linux distributions it should locate...

10 Docker Security Best Practices - Snyk

To achieve this, Snyk scans the base image for its dependencies: The operating system (OS) packages installed and managed by the package manager ......

Black Duck Docker Inspector

Black Duck Docker Inspector inspects Docker images to discover packages ... Duck to view the Bill of Materials (BOM) created by Black Duck...

Would You Run This Docker Image? - Towards Data Science

As you break down the image into distinct layers, your goal is to find vulnerabilities in the libraries and packages in the BOM....

Nodejs - BOM - Synopsys Community

BOM file generates 1,000s of transient dependencies, ... Using the --detect.npm.include.dev.dependencies=false property with Hub Detect ...