cdxgen silently crashes when generating SBOM for large Windows Docker Images

[Taha-cmd]

It appears that cdxgen is silently crashing when trying extract large layers from a Windows docker image.

When running cdxgen mcr.microsoft.com/dotnet/aspnet:8.0-windowsservercore-ltsc2019 -o aspnet.json -t docker -p --fail-on-error, the process will return without any error messages after hanging for about 1 minute trying the extract the first layer. In this case, the layer tar is 3.7GB.

Exporting smaller windows images, like nanoserver, works fine. So I have to assume that the problem is not related to Windows Images, but rather their size.

[prabhu]

@Taha-cmd, thank you for the issue. We have not done much testing with Windows images. Could you add some console.log statements in the code and identify where the issue might be? Also, try playing with heap memory allocated to node using --max-old-space-size 8000.

[Taha-cmd]

Hi @prabhu, thank you for the quick response. Unfortunately, I don't have the experience to debug node.js applications nor do I have the capacity to try to learn it or to reverse-engineer what the code is doing. I was hoping that one of the project's maintainers would help,

[prabhu]

Thanks @Taha-cmd. Have added labels. We don't have anyone full time on cdxgen. Hopefully someone would contribute a patch or sponsor an engineer's time to look into these.