Syft fails when /tmp is missing, but continues without exit code 0

[devfbe]

What happened: I ran syft in an environment where no /tmp folder existed (a really small scratch container). In this container I tried to scan a container image tar file.

Command: syft scan container.tar -o cyclonedx-json=sbom.json

Syft logs the error:

[0000]  WARN file could not be unarchived: unable to create tempdir for archive processing: stat /tmp: no such file or directory

but then continues and returns with exit code 0. The generated SBOM does not contain any dependency but the structure is valid.

What you expected to happen: I expect that syft either crashes with exit code != 0 and does not generate a sbom in this case or that it creates the tmp folder when it does not exist.

Steps to reproduce the issue: Run syft in a docker container and scan a container image tar there. Delete the /tmp/ folder before, then you should be able to reproduce the issue.

Anything else we need to know?: We ran this in GitLab and the error message [0000] WARN file could not be unarchived: unable to create tempdir for archive processing: stat /tmp: no such file or directory was not visible in the pipeline, it only appeared when running manually, maybe because a tty was missing?

Environment:

• Output of syft version: syft 1.9.0

• OS (e.g: cat /etc/os-release or similar): In my case it was a distroless docker container.