fields are not identical between scans in maven

[tomerse-sg]

What happened:
I'm scanning some private image I have containing jars. I scanned once and got the results, and after that scanned again and some of the data was changed (even though I didn't change the image).
What you expected to happen:
the exact same results.
Steps to reproduce the issue:
scan an image with jars twice
run diff between json outputs (syft-output).
Anything else we need to know?:
I had a similar issue a while ago which I reported and was resolved for a while. maybe something changed between upgrades in syft.
I can't share the image itself but I can share the diff results:

Please let me know If you need any additional information.

Thanks!

Environment:

• Output of syft version: 0.98.0
• OS (e.g: cat /etc/os-release or similar): maxOS

[tgerla]

Hi @tomerse-sg, thank you for the report. We are actually aware of this issue and we're tracking it here: #2405 -- we will hopefully get a fix together soon.

[kzantow]

I believe this should be fixed in the latest version of Syft 1.10.0, there was an issue identified and fixed, so I'm going to close this issue as I think it's a duplicate of #2967. Please let us know if you still see issues with nondeterminism.