Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Grant fails to scan a RHEL9 container containing the 'kernel-headers' package #122

Open
tapanagupta opened this issue Sep 3, 2024 · 0 comments
Open

Grant fails to scan a RHEL9 container containing the 'kernel-headers' package #122

tapanagupta opened this issue Sep 3, 2024 · 0 comments
Assignees
@spiffcs
Labels
bug Something isn't working

Comments

@tapanagupta
Copy link

What happened: Grant scan either runs out of memory or doesn't proceed to completion when scanning a RHEL9 based container image containing the kernel-headers package.

What you expected to happen: Scan should complete within a few seconds.

Steps to reproduce the issue:

  • Install kernel-headers on a RHEL9 based container image (kernel-headers-5.14.0-427.33.1.el9_4.x86_64.rpm)
  • Run a Syft scan on the image
  • Run a Grant scan using the SBOM from Syft as an input:
    grant check -o json syft.spdx-json.json | jq > grant.json

Anything else we need to know?:
The license-specific portion in the entry for kernel-headers in the Syft SBOM is as follows:
"licenseDeclared": "((GPL-2.0-only WITH Linux-syscall-note) OR BSD-2-Clause) AND ((GPL-2.0-only WITH Linux-syscall-note) OR BSD-3-Clause) AND ((GPL-2.0-only WITH Linux-syscall-note) OR CDDL-1.0) AND ((GPL-2.0-only WITH Linux-syscall-note) OR Linux-OpenIB) AND ((GPL-2.0-only WITH Linux-syscall-note) OR MIT) AND ((GPL-2.0-or-later WITH Linux-syscall-note) OR BSD-3-Clause) AND ((GPL-2.0-or-later WITH Linux-syscall-note) OR MIT) AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND BSD-3-Clause-Clear AND GFDL-1.1-no-invariants-or-later AND GPL-1.0-or-later AND (GPL-1.0-or-later OR BSD-3-Clause) AND (GPL-1.0-or-later WITH Linux-syscall-note) AND GPL-2.0-only AND (GPL-2.0-only OR Apache-2.0) AND (GPL-2.0-only OR BSD-2-Clause) AND (GPL-2.0-only OR BSD-3-Clause) AND (GPL-2.0-only OR CDDL-1.0) AND (GPL-2.0-only OR GFDL-1.1-no-invariants-or-later) AND (GPL-2.0-only OR GFDL-1.2-no-invariants-only) AND (GPL-2.0-only WITH Linux-syscall-note) AND GPL-2.0-or-later AND (GPL-2.0-or-later OR BSD-2-Clause) AND (GPL-2.0-or-later OR BSD-3-Clause) AND (GPL-2.0-or-later OR CC-BY-4.0) AND (GPL-2.0-or-later WITH GCC-exception-2.0) AND (GPL-2.0-or-later WITH Linux-syscall-note) AND ISC AND LGPL-2.0-or-later AND (LGPL-2.0-or-later OR BSD-2-Clause) AND (LGPL-2.0-or-later WITH Linux-syscall-note) AND LGPL-2.1-only AND (LGPL-2.1-only OR BSD-2-Clause) AND (LGPL-2.1-only WITH Linux-syscall-note) AND LGPL-2.1-or-later AND (LGPL-2.1-or-later WITH Linux-syscall-note) AND (Linux-OpenIB OR GPL-2.0-only) AND (Linux-OpenIB OR GPL-2.0-only OR BSD-2-Clause) AND Linux-man-pages-copyleft AND MIT AND (MIT OR GPL-2.0-only) AND (MIT OR GPL-2.0-or-later) AND (MIT OR LGPL-2.1-only) AND (MPL-1.1 OR GPL-2.0-only) AND (X11 OR GPL-2.0-only) AND (X11 OR GPL-2.0-or-later) AND Zlib"

Replaced this section in the SBOM with all the individual licenses 'AND'ed together(removed all the 'WITH's, 'OR's and brackets) and re-ran the scan - this time the scan completed within a few seconds.

Environment:

  • Output of grant version: 0.2.1
  • OS (e.g: cat /etc/os-release or similar): RHEL 9.4
@tapanagupta tapanagupta added the bug Something isn't working label Sep 3, 2024
@willmurphyscode willmurphyscode moved this to Ready in OSS Sep 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@spiffcs spiffcs

Labels
bug Something isn't working
Projects
OSS
Status: Ready
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tapanagupta @spiffcs