Change the TMPDIR that Syft uses when unarchiving a file

caio.cfonseca · December 4, 2024, 7:19pm

Hello. I am using syft on a pipeline to scan .tar files. Normally, syft will unarchive the .tar file to the /tmp directory, but I am having problems with the /tmp volume because it is too small and it is kind complicated to make it bigger now.

A solution would be to redirect the unarchiving of the file do another volume, but I don´t know how to do it or if it is possible. There is another volume that is bigger and supports more data. Because of that error, syft is generating empty SBOM files (they are valid, but they have no components) and is messing with our vulnerabilities metrics.

Is there a way to change the TMPDIR that syft uses to unarchive this type of files?

the error that I am receiving is this one:

[0002] WARN file could not be unarchived: unable to create tempdir for archive processing: mkdir /tmp/syft-archive-contents-2026227825: no space left on device

I am currently using the latest version of syft (1.17.0)

willmurphy · December 4, 2024, 8:20pm

Hi @caio.cfonseca, thanks for the question!

If you set TMPDIR in the environment to some directory, Syft (and many other tools) will use that directory as their place for temporary files, e.g. TMPDIR=/path/to/some/large/disk syft ...

caio.cfonseca · December 4, 2024, 9:01pm

Thanks Will, I’ll try settings this in our pipeline… One question, do I have to worry about emptying the new TMPDIR after the pipeline execution or Syft will do it for me?

willmurphy · December 4, 2024, 9:03pm

Syft cleans it up for you.

caio.cfonseca · December 4, 2024, 9:17pm

Thanks a lot Will!! It should work with TMPDIR=$PWD too right? Syft is already installed in the directory that I want it to unarchive the .tar file.

example: TMPDIR=$PWD /security/syft/syft scan ./docker-image.tar --verbose -o cyclonedx-json=cyclonedx_report.json

it should go to the /security/syft, right?

willmurphy · December 5, 2024, 2:23pm

Assuming that when the command is run $PWD is the /security/syft, then yes, that will work. $PWD is the working directory of the shell, not necessarily the directory that Syft is in; I can’t tell from your example what PWD is set to. I would probably set the path you want to TMPDIR rather than try to figure out what PWD will be at a given step in CI. I also don’t know how much of an interactive shell your CI setup has: it might be that you specify env vars via a yaml file or something.

caio.cfonseca · December 5, 2024, 3:39pm

Thanks for the reply Will. I ended up setting the TMPDIR to $(Agent.TempDirectory) which is the temp directory of the Azure Devops agent and it is working fine.

Thanks so much for the fast reply!

Topic		Replies	Views
Does syft copies the files to a temp directory or reads in from memory? Syft	3	51	August 29, 2024
Does syft has internal exclusions? Syft	1	31	September 25, 2024
Why indexing an image is much shorter than file-system? Syft	4	33	September 26, 2024
RFD: configuring output General	1	14	November 15, 2024
Syft 1.8.0 Released Announcements	0	29	June 24, 2024

Change the TMPDIR that Syft uses when unarchiving a file

Related topics