I'm trying to embed the Anchore syft library within my Go app to generate CycloneDX SBOMs for multiple containers. The function below executes fine on the first call but subsequent calls fail with an error when the Execute is called on the cobra command.
func generateCycloneDX(ociArchiveName string, jsonOutputName string) {
syftId := clio.Identification{Name: "syft"}
syftCommand := cli.Command(syftId)
syftCommand.SetArgs([]string{ociArchiveName, "-o", jsonOutputName})
err := syftCommand.Execute()
if err != nil {
panic(err)
}
}
The error is
panic: replace existing redaction store (probably unintentional)
goroutine 1 [running]:
github.com/anchore/syft/internal/redact.Set(...)
go/pkg/mod/github.com/anchore/[email protected]/internal/redact/redact.go:11
github.com/anchore/syft/cmd/syft/cli.create.func2(0xc000490a90?)
go/pkg/mod/github.com/anchore/[email protected]/cmd/syft/cli/cli.go:64 +0x1a5
github.com/anchore/clio.(*application).runInitializers(0xc0013bc1a0)
go/pkg/mod/github.com/anchore/[email protected]/application.go:110 +0x66
github.com/anchore/clio.(*application).PostLoad(0xc0013bc1a0)
go/pkg/mod/github.com/anchore/[email protected]/application.go:105 +0xbb
github.com/anchore/fangs.postLoad({0x1f81f40?, 0xc0013bc1a0?, 0xc0013bc1a0?})
go/pkg/mod/github.com/anchore/[email protected]/load.go:201 +0x1e5
github.com/anchore/fangs.loadConfig({{0x26109f8, 0x349e4e0}, {0x1ff3df6, 0x4}, {0x2004cda, 0xc}, {0x0, 0x0}, {0xc002b25e30, 0x5, ...}}, ...)
go/pkg/mod/github.com/anchore/[email protected]/load.go:80 +0x7d1
github.com/anchore/fangs.Load({{0x26109f8, 0x349e4e0}, {0x1ff3df6, 0x4}, {0x2004cda, 0xc}, {0x0, 0x0}, {0xc002b25e30, 0x5, ...}}, ...)
go/pkg/mod/github.com/anchore/[email protected]/load.go:16 +0x74
github.com/anchore/clio.(*application).loadConfigs(0xc0013bc1a0, 0xc000033870?, {0xc0004909f0, 0x1, 0xc0013b2700?})
go/pkg/mod/github.com/anchore/[email protected]/application.go:95 +0x1a5
github.com/anchore/clio.(*application).setupCommand.func1.(*application).Setup.func1(0x4?, {0xd631f2?, 0xc0013b2700?, 0xc000033af0?})
go/pkg/mod/github.com/anchore/[email protected]/application.go:74 +0x45
github.com/anchore/clio.(*application).setupCommand.func1(0xc0013b2700?, {0xc002e20870, 0x1, 0x3})
go/pkg/mod/github.com/anchore/[email protected]/application.go:316 +0x82
github.com/spf13/cobra.(*Command).execute(0xc000845200, {0xc002e20660, 0x3, 0x3})
go/pkg/mod/github.com/spf13/[email protected]/command.go:925 +0x7f6
github.com/spf13/cobra.(*Command).ExecuteC(0xc000845200)
go/pkg/mod/github.com/spf13/[email protected]/command.go:1068 +0x3a5
github.com/spf13/cobra.(*Command).Execute(...)
go/pkg/mod/github.com/spf13/[email protected]/command.go:992
I can't see a way to reset the cobra command so it can be called multiple times. Is this possible?
I reached out to the Anchore Community who were able to solve my problem.
I needed to use the Syft library directly rather than via the cobra command.
For an example see https://gist.github.com/spiffcs/3027638b7ba904d07e482a712bc00d3d
Many thanks to Christopher Phillips