Confusing warning message
bisbell-ngc opened this issue · 0 comments
What happened:
For OS releases that are not EOL a warning message is displayed.
[0000] WARN failed to match cycle for distro Alpine Linux: <nil>
This leads the user to believe there is a problem.
What you expected to happen:
A debug message distro has been found.
Something like:
[0000] DEBUG matched cycle for distro Alpine Linux:3.17.5
How to reproduce it (as minimally and precisely as possible):
Run a scan on any container image or SBOM derived from one.
This example is using an sbom from the xeol:v0.9.10 container image.
$ xeol sbom:xeol.json
✔ EOL DB [no update available]
✔ Scanned for EOL [0 eol matches]
[0000] WARN failed to match cycle for distro Alpine Linux: <nil>
✅ no EOL software has been found
Anything else we need to know?:
A potential solution would be to update the log.Warnf in ByDistroCpe to something like:
log.Debugf("matched cycle for distro %s:%s", distro.Name, version)
By this point in the code the err will always be nil because any potential err has already been handled here.
This update will product the following output
$ xeol -vv sbom:xeol.json 2>&1 | grep -i alpine
[0000] DEBUG matching distro Alpine Linux with version 3.17.5
[0000] DEBUG matched cycle for distro Alpine Linux:3.17.5
Environment:
- xeol version: 0.9.10