forked from anchore/syft
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* main: add distroless debug image to published release (anchore#1106) update help formatting (anchore#1105) feat: implement haskell support (anchore#1096) Add the -r argument for gnu xargs (anchore#1103) fix: -o output option to include formats (anchore#1102) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
- Loading branch information
Showing
34 changed files
with
1,068 additions
and
48 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
FROM gcr.io/distroless/static-debian11:debug | ||
|
||
# create the /tmp dir, which is needed for image content cache | ||
WORKDIR /tmp | ||
|
||
COPY syft / | ||
|
||
ARG BUILD_DATE | ||
ARG BUILD_VERSION | ||
ARG VCS_REF | ||
ARG VCS_URL | ||
|
||
LABEL org.opencontainers.image.created=$BUILD_DATE | ||
LABEL org.opencontainers.image.title="syft" | ||
LABEL org.opencontainers.image.description="CLI tool and library for generating a Software Bill of Materials from container images and filesystems" | ||
LABEL org.opencontainers.image.source=$VCS_URL | ||
LABEL org.opencontainers.image.revision=$VCS_REF | ||
LABEL org.opencontainers.image.vendor="Anchore, Inc." | ||
LABEL org.opencontainers.image.version=$BUILD_VERSION | ||
LABEL org.opencontainers.image.licenses="Apache-2.0" | ||
LABEL io.artifacthub.package.readme-url="https://raw.githubusercontent.com/anchore/syft/main/README.md" | ||
LABEL io.artifacthub.package.logo-url="https://user-images.githubusercontent.com/5199289/136844524-1527b09f-c5cb-4aa9-be54-5aa92a6086c1.png" | ||
LABEL io.artifacthub.package.license="Apache-2.0" | ||
|
||
ENTRYPOINT ["/syft"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
package haskell | ||
|
||
import ( | ||
"github.com/anchore/syft/syft/pkg/cataloger/common" | ||
) | ||
|
||
// NewHackageCataloger returns a new Haskell cataloger object. | ||
func NewHackageCataloger() *common.GenericCataloger { | ||
globParsers := map[string]common.ParserFn{ | ||
"**/stack.yaml": parseStackYaml, | ||
"**/stack.yaml.lock": parseStackLock, | ||
"**/cabal.project.freeze": parseCabalFreeze, | ||
} | ||
return common.NewGenericCataloger(nil, globParsers, "hackage-cataloger") | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
package haskell | ||
|
||
import ( | ||
"bufio" | ||
"errors" | ||
"fmt" | ||
"io" | ||
"strings" | ||
|
||
"github.com/anchore/syft/syft/artifact" | ||
"github.com/anchore/syft/syft/pkg" | ||
"github.com/anchore/syft/syft/pkg/cataloger/common" | ||
) | ||
|
||
// integrity check | ||
var _ common.ParserFn = parseCabalFreeze | ||
|
||
// parseCabalFreeze is a parser function for cabal.project.freeze contents, returning all packages discovered. | ||
func parseCabalFreeze(_ string, reader io.Reader) ([]*pkg.Package, []artifact.Relationship, error) { | ||
r := bufio.NewReader(reader) | ||
pkgs := []*pkg.Package{} | ||
for { | ||
line, err := r.ReadString('\n') | ||
switch { | ||
case errors.Is(io.EOF, err): | ||
return pkgs, nil, nil | ||
case err != nil: | ||
return nil, nil, fmt.Errorf("failed to parse cabal.project.freeze file: %w", err) | ||
} | ||
|
||
if !strings.Contains(line, "any.") { | ||
continue | ||
} | ||
|
||
line = strings.TrimSpace(line) | ||
startPkgEncoding, endPkgEncoding := strings.Index(line, "any.")+4, strings.Index(line, ",") | ||
line = line[startPkgEncoding:endPkgEncoding] | ||
splits := strings.Split(line, " ==") | ||
|
||
pkgName, pkgVersion := splits[0], splits[1] | ||
pkgs = append(pkgs, &pkg.Package{ | ||
Name: pkgName, | ||
Version: pkgVersion, | ||
Language: pkg.Haskell, | ||
Type: pkg.HackagePkg, | ||
MetadataType: pkg.HackageMetadataType, | ||
Metadata: pkg.HackageMetadata{ | ||
Name: pkgName, | ||
Version: pkgVersion, | ||
}, | ||
}) | ||
} | ||
} |
Oops, something went wrong.