grype icon indicating copy to clipboard operation
grype copied to clipboard

Published 20 hours ago verified publisher icon anchore

WARN unknown package metadata type="" for packageID="xxxx" from-lib=syft

Open Product opened this issue 2 years ago • 2 comments

how to solve this ? than you very much. #syft packages ./tidb/ -o syft-json > tidb_syft-packages.json #grype sbom:./tidb_syft-packages.json

---start--- ......... ......... ......... [0010] WARN unknown package metadata type="" for packageID="fd1baa641b196868" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="97a9b2528c9822e7" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="38affe9388ed3b8" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="a157b040ced78530" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="684efd559856dd1c" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="fceae70acbce789d" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="e0aa5ed6108ee4f7" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="4d6bcab1a2a83f82" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="41bae96d4773be57" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="12cbe3f01bea98ba" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="ead7e27f82a4d74d" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="bdc4877d73b9cfad" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="58efe9c1bf14ee2f" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="830ed7047c4c8cd0" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="ca3808e3cfe00a3d" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="8123b0f8e5bf3721" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="54ae3f17b618c474" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="6e203d67c4ec8eb8" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="7aa6de74a248c0d" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="bc905d1b1cdd4631" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="3a3b1538ed3d6ae" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="24bdcd062f4286cc" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="7b6c856d0f603a65" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="71ad5c1d353527ea" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="222992c076db09cb" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="7ddd18d15602edb5" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="b0e71cfd2515cd1a" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="77fed89b7611e9ae" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="23ebe0f9a76dd394" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="312735784ff694f2" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="282dd550d248f3c0" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="827b23a6cff6a87a" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="95a7949ee9147de7" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="345e7c27264bd389" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="8cda378dae1c579a" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="3353663f7ce947a6" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="46d7ed5af6c8152b" from-lib=syft [0010] WARN unknown package metadata type="" for packageID="96c0a60e0b53a4cd" from-lib=syft [0010] WARN some package(s) are missing CPEs. This may result in missing vulnerabilities. You may autogenerate these using: --add-cpes-if-none NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY github.com/prometheus/client_golang v1.11.0 go-module CVE-2022-21698 High
google.golang.org/protobuf v1.28.0 go-module CVE-2021-22570 High
google.golang.org/protobuf v1.27.1 go-module CVE-2015-5237 High
google.golang.org/protobuf v1.28.0 go-module CVE-2015-5237 High
google.golang.org/protobuf v1.27.1 go-module CVE-2021-22570 High

--end--

Product avatar May 24 '22 11:05 Product

Hi @Product, can you share what's in the ./tidb/ directory? That would help us figure out what's going on here.

luhring avatar May 24 '22 11:05 luhring

Hi @Product, can you share what's in the ./tidb/ directory? That would help us figure out what's going on here.

thank you for your reply . The tidb directory is uncompress dir ,the zip file download from here :https://github.com/pingcap/tidb/archive/refs/heads/master.zip

Product avatar May 24 '22 14:05 Product

Sorry for the delay responding to this one! I've been unable to reproduce this issue with the latest versions of Syft and Grype, so I'm going to go ahead and close this issue. If you are still having problems, feel free to re-open this issue or open a new one. Thanks!

tgerla avatar Jan 31 '23 18:01 tgerla

Thanks. I can confirm that this issue was resolved a few releases back.

On Tue, Jan 31, 2023 at 10:50 AM Tim Gerla @.***> wrote:

Closed #756 https://github.com/anchore/grype/issues/756 as not planned.

— Reply to this email directly, view it on GitHub https://github.com/anchore/grype/issues/756#event-8402776798, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAERGRTLUG3Y4H5SNTEYNDWVFNGHANCNFSM5WZHGAXA . You are receiving this because you are subscribed to this thread.Message ID: @.***>

-- Owen Rogers | Exortech Consulting @exortech https://twitter.com/exortech | http://exortech.com/

exortech avatar Jan 31 '23 18:01 exortech