You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When executing syft to analyse a docker image with a dotnet application it is generating component entries with the file version of the dll and not the assembly version.
This causes a wrong cpe.
In my example it is the .net 8.0 System.Security.Cryptography.Xml.dll
Output of syft:
The library is just one example. This problem exist for all runtime libraries because the file version does not match the assembly- / runtime-version!
What you expected to happen:
I would expect to have the same version displayed in nuget and in the *.deps.json file of the project:
*.deps.json:
Output of syft with dotnet-deps-cataloger:
Steps to reproduce the issue:
create a docker image with an dotnet web application
run syft on the docker image
Anything else we need to know?:
Environment:
Output of syft version: 1.12.2
OS (e.g: cat /etc/os-release or similar): alpine image
The text was updated successfully, but these errors were encountered:
What happened:
When executing syft to analyse a docker image with a dotnet application it is generating component entries with the file version of the dll and not the assembly version.
This causes a wrong cpe.
In my example it is the .net 8.0 System.Security.Cryptography.Xml.dll
Output of syft:
The library is just one example. This problem exist for all runtime libraries because the file version does not match the assembly- / runtime-version!
What you expected to happen:
I would expect to have the same version displayed in nuget and in the *.deps.json file of the project:
*.deps.json:
Output of syft with dotnet-deps-cataloger:
Steps to reproduce the issue:
Anything else we need to know?:
Environment:
syft version
: 1.12.2cat /etc/os-release
or similar): alpine imageThe text was updated successfully, but these errors were encountered: