Skip to content

DOCKER_SBOM_OPTS default configuration generates an error

Using those releases :

  • component: $CI_SERVER_FQDN/to-be-continuous/docker/gitlab-ci-docker@6.1.3
  • component: $CI_SERVER_FQDN/to-be-continuous/docker/gitlab-ci-docker-gcp@6.1.3

Current error we get with the default configuration :

$ log_info "Syft version:" # collapsed multi-line command
[INFO] Syft version:
Application: syft
Version:    1.19.0
BuildDate:  2025-01-22T19:57:08Z
GitCommit:  222e6548a96f8c80015c1d24f01dea3052a04893
GitDescription: v1.19.0
Platform:   linux/amd64
GoVersion:  go1.23.4
Compiler:   gc

$ mkdir -p -m 777 reports
$ basename=$(echo "${DOCKER_SNAPSHOT_IMAGE}" | sed 's|[/:]|_|g')
$ /syft scan ${TRACE+-vv} $DOCKER_SNAPSHOT_IMAGE $DOCKER_SBOM_OPTS -o cyclonedx-json=reports/docker-sbom-${basename}.cyclonedx.json
[0008] ERROR 1 error occurred:
	* invalid expression: "file": unknown name or tag given
Uploading artifacts for failed job
00:01
Uploading artifacts...

image

Looks like this is related to this last -file option ?

--override-default-catalogers rpm-db-cataloger,alpm-db-cataloger,apk-db-cataloger,dpkg-db-cataloger,portage-cataloger --select-catalogers -file