Discrepancies in Docker Scout security report data between macOS hosts vs Windows hosts #197
Description
docker scout cves -e fs://... often reports "No vulnerabilities" on Windows hosts, where macOS hosts do show findings, for the very same local file tree.
This happens when scanning the snyk-linux v1.1268.2.
https://github.com/snyk/cli/releases/tag/v1.1298.2
The problem appears to be specific to SBOM's collected via the local file system with fs://... By comparison, image scans seem to be consistent across Docker host operating systems.
Here's a quick idea for a practical solution: Go ahead an synthesize a dummy image housing the local files in question, then scan that. Perhaps that would fix security reporting on more hosts.
Please ensure that Docker Scout generates full, complete, and identical security reports, independent of which host OS is involved.