Closed
Description
Hi We have a github repo using the following:
- uses: anchore/scan-action@2.0.3
with:
image: "${{ env.IMAGE }}:latest"
fail-build: false
severity-cutoff: critical
It was originally using:
- uses: anchore/scan-action@v2
with:
image: "${{ env.IMAGE }}:latest"
fail-build: false
severity-cutoff: critical
I changed to 2.0.3 today to see if it makes a difference it was working fine about 1 or 2 months ago since then this constant error is seen:
DEBUG cataloger 'rpmdb-cataloger' discovered '0' packages from-lib=syft
[0011] INFO Updated vulnerability DB to version=1 built="2021-02-05 08:25:54 +0000 UTC"
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0xd9aa56]
<cut>
goroutine 25 [running]:
github.com/anchore/syft/syft/cataloger/java.(*archiveParser).discoverPkgsFromPomProperties(0xc01f205c80, 0x0, 0x0, 0x0, 0x117e160, 0xc02019a801, 0xc01f205c80)
/Users/runner/work/grype/grype/cmd/root.go:197 +0xd9
created by github.com/anchore/grype/cmd.startWorker.func1
/Users/runner/work/grype/grype/cmd/root.go:195 +0x227
Error: Unexpected end of JSON input
Not sure what is causing this, any clues ?