No packages discovered in SIF when image source not specified #1189
Description
What happened:
When a SIF container image is specified without the explicit singularity image source, no packages are discovered, and no error is returned:
$ syft packages alpine.sif
✔ Indexed alpine.sif
✔ Cataloged packages [0 packages]
No packages discovered
What you expected to happen:
The behaviour should be the same as when the image source is explicitly specified:
$ syft packages singularity:alpine.sif
✔ Parsed image
✔ Cataloged packages [14 packages]
NAME VERSION TYPE
alpine-baselayout 3.2.0-r22 apk
alpine-baselayout-data 3.2.0-r22 apk
alpine-keys 2.4-r1 apk
apk-tools 2.12.9-r3 apk
busybox 1.35.0-r17 apk
ca-certificates-bundle 20220614-r0 apk
libc-utils 0.7.2-r3 apk
libcrypto1.1 1.1.1q-r0 apk
libssl1.1 1.1.1q-r0 apk
musl 1.2.3-r0 apk
musl-utils 1.2.3-r0 apk
scanelf 1.3.4-r0 apk
ssl_client 1.35.0-r17 apk
zlib 1.2.12-r3 apkHow to reproduce it (as minimally and precisely as possible):
Build a SIF image and scan it without specifying the image source type:
$ singularity build alpine.sif docker://alpine
...
$ syft packages alpine.sif
...Anything else we need to know?:
Environment:
$ singularity --version
singularity-ce version 3.10.2
$ syft version
Application: syft
Version: 0.55.0
JsonSchemaVersion: 3.3.2
BuildDate: 2022-08-29T20:03:04Z
GitCommit: a7966a4d9d8155be788af33fe5e5af2e40043f82
GitDescription: v0.55.0
Platform: linux/amd64
GoVersion: go1.18.5
Compiler: gc