-
Notifications
You must be signed in to change notification settings - Fork 515
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
False positives for github.com/hashicorp/consul: Installed version reported as v0.0.0 #1863
Comments
@kevin-niland thanks for the issue! Here are some more details regarding your request and steps I tried to reproduce. When consul is installed as a go module on my local I do not see the
When I run
If I run syft against the binary I see:
I also copied this binary into a docker container built it and also do not see the behavior you're seeing. Is there more information about the binary you're using? We should be able to extract the version here given the LD flags and how it's compiled. Can you show me the match |
@kevin-niland my grype version |
grype is reporting the installed consul version as v0.0.0, regardless of the actual version installed
Tested with a docker image which has consul v1.17.3 installed:
Output of grype:
I have seen other issues already raised pertaining to how go provides versions - does this fall under this issue/is it something that is already being addressed? In regards to the image I tested, the consul binary is downloaded from a specified location (this binary is already built) and the binary is then moved to /usr/bin/consul, if that makes any difference.
The text was updated successfully, but these errors were encountered: