ZIP support for rootfs #8090

tetzla · 2024-12-12T15:50:55Z

tetzla
Dec 12, 2024

Description

Hello,

I'm creating SBOMs via rootfs. JARs, WARs and EARs are automatically and recursively searched/unpacked. ZIPs, on the other hand, are skipped/ignored. Is this behavior intentional or this a bug?

Regards, Aline

Target

SBOM

Scanner

None

knqyf263 · 2024-12-16T04:58:45Z

knqyf263
Dec 16, 2024
Maintainer

Do you mean ZIP for Java archives?

0 replies

tetzla · 2024-12-16T09:22:55Z

tetzla
Dec 16, 2024
Author

No, just ZIPs (see attached example for reproduction).

I have to create SBOMs for deep nested directory structures containing ZIPs, EARs, WARs and JARs. These archives are often nested within each other (e.g. ZIP in ZIP, JAR in ZIP,...). At the beginning, I didn't even notice that ZIP files were being skipped, since there is no appropriate log message.

It would be nice if Trivy includes the contents of ZIP files when creating an SBOM.

wildfly-quickstart.zip

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ZIP support for rootfs #8090

{{title}}

Replies: 2 comments

{{title}}

{{title}}

Select a reply

ZIP support for rootfs #8090

tetzla Dec 12, 2024

Description

Target

Scanner

Replies: 2 comments

knqyf263 Dec 16, 2024 Maintainer

tetzla Dec 16, 2024 Author

tetzla
Dec 12, 2024

knqyf263
Dec 16, 2024
Maintainer

tetzla
Dec 16, 2024
Author