cyclonedx-cli icon indicating copy to clipboard operation
cyclonedx-cli copied to clipboard
verified publisher icon CycloneDX

musl binaries depend on libc.musl

Open jayvdb opened this issue 6 months ago • 1 comments

The binary releases of cyclonedx hosted on the Github releases depend on libc.musl-x86_64.so.1, which is not always present. While users can install this, and other libs, it is useful to statically link these dependencies so that the GitHub release binary is more likely to work on any host. c.f. https://github.com/taiki-e/install-action/pull/1000

jayvdb avatar Jun 15 '25 03:06 jayvdb

And this dependency is not mentioned at https://github.com/CycloneDX/cyclonedx-cli/blob/f934c99826339cb8dbb83b439eb2c465fb253fb3/README.md?plain=1#L346

Also it would be good if some of the other deps mentioned there are staticly linked in the GitHub release.

For Ubuntu these are libc6 libgcc1 libgssapi-krb5-2 libicu66 libssl1.1 libstdc++6 zlib1g.

libicu66 especially would be good to statically link , given that it isnt a significant risk of CVEs, with only two in NVD, both in 2007.

jayvdb avatar Jun 15 '25 06:06 jayvdb