Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to find encoder for "spdx-json=spdx.json" #3515

Open
wieringen opened this issue Dec 10, 2024 · 1 comment
Open

Unable to find encoder for "spdx-json=spdx.json" #3515

wieringen opened this issue Dec 10, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@wieringen
Copy link

wieringen commented Dec 10, 2024

What happened:

What you expected to happen:
I'm trying to sign and generate a SBOM and output it to a file. One of the options syft attest --help tells me exist is:

-o, --output stringArray report output format (<format>=<file> to output to a file), formats=[cyclonedx-json cyclonedx-xml github-json spdx-json spdx-tag-value syft-json syft-table syft-text template] (default [syft-json])

But when I try this option, it outputs the following error:
ERROR unable to write SBOM to file: unable to find encoder for "spdx-json=spdx.json"

I looked in the source and this behavior doesn't seem to be implemented. Any thoughts?

Steps to reproduce the issue:
go run cmd/syft/main.go attest DIGEST --key=KEY -o spdx-json=spdx.json

or

syft attest DIGEST --key=KEY -o spdx-json=spdx.json

@wieringen wieringen added the bug Something isn't working label Dec 10, 2024
@kzantow
Copy link
Contributor

kzantow commented Dec 10, 2024

As I understand it, when you use the syft attest command, it invokes cosign and pushes the signed SBOM w/attestation alongside the image using the same OCI registry. This means there really aren't files on the filesystem that get produced, so outputting to a file isn't implemented today. But it seems like a reasonable request to output the contents that would otherwise get pushed to the registry to a specified file -- is this what you are hoping to do?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
Status: No status
Development

No branches or pull requests

2 participants