grype icon indicating copy to clipboard operation
grype copied to clipboard

Published 20 hours ago verified publisher icon anchore

Grype should support all inputs as syft does

Open wagoodman opened this issue 11 months ago • 0 comments

It seems that grype is not behaving as syft does when passing individual files that are not sboms:

❯ syft -o json conan.lock > /tmp/sbom
 ✔ Indexed file system                                                                                                                                                              /Users/wagoodman/Downloads
 ✔ Cataloged contents                                                                                                                         85cd69f3c5c005fcd8d7e7210d9a50ea8fe9768e2b9dda0440c525350af9dd7e
   ├── ✔ Packages                        [1 packages]
   └── ✔ Executables                     [0 executables]

❯ grype /tmp/sbom
 ✔ Vulnerability DB                [no update available]
 ✔ Scanned for vulnerabilities     [0 vulnerability matches]
   ├── by severity: 0 critical, 0 high, 0 medium, 0 low, 0 negligible
   └── by status:   0 fixed, 0 not-fixed, 0 ignored
No vulnerabilities found

❯ grype conan.lock
 ✔ Vulnerability DB                [no update available]
failed to catalog: unable to decode sbom: sbom format not recognized

Expected behavior is for the conan.lock to be cataloged by syft then scanned by grype.

wagoodman avatar Mar 21 '24 20:03 wagoodman