Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Syft Not reading components with Dots in Names from requirements.txt #3080

Closed
Ajit-15 opened this issue Jul 29, 2024 · 4 comments · Fixed by #3070
Closed

Syft Not reading components with Dots in Names from requirements.txt #3080

Ajit-15 opened this issue Jul 29, 2024 · 4 comments · Fixed by #3070
Labels
bug Something isn't working duplicate This issue or pull request already exists

Comments

@Ajit-15
Copy link

Ajit-15 commented Jul 29, 2024

What happened:
Syft fails to read and process components listed in requirements.txt if the component names contain dots ("."). This leads to incomplete dependency analysis and compliance issue.

What you expected to happen: Ideally it should read all the dependencies from requirements.txt.

Steps to reproduce the issue: Create a requirements.txt using below dependencies and run the syft tool, you will observe that those components wont be there in output.
zope.event==5.0
zope.interface==6.4.post2

Anything else we need to know?: Using command - Syft scan dir:. --scope AllLayers -o json> ./Syft-output.json

Environment:
Windows, running syft on command line
@Ajit-15 Ajit-15 added the bug Something isn't working label Jul 29, 2024
@popey
Copy link
Contributor

popey commented Jul 29, 2024
edited
Loading

Thanks for the issue @Ajit-15
This looks to be fixed by pr #3070

@popey popey added the duplicate This issue or pull request already exists label Jul 29, 2024
@Ajit-15
Copy link
Author

Ajit-15 commented Jul 29, 2024

Thank you for Quick action. :)

@Ajit-15
Copy link
Author

Ajit-15 commented Jul 30, 2024

Would it be possible to kindly provide the timeline information for the newer version?

@kzantow
Copy link
Contributor

kzantow commented Jul 30, 2024

Hi @Ajit-15 a new version of Syft is out with this change: https://github.com/anchore/syft/releases/tag/v1.10.0

@kzantow kzantow closed this as not planned Won't fix, can't repro, duplicate, stale Jul 30, 2024
@github-project-automation github-project-automation bot moved this to Done in OSS Jul 30, 2024
@kzantow kzantow linked a pull request Jul 30, 2024 that will close this issue
python requirements.txt cataloger: allow dots in python package names #3070
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working duplicate This issue or pull request already exists
Projects
OSS
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

python requirements.txt cataloger: allow dots in python package names Mikcl/syft
3 participants
@popey @kzantow @Ajit-15