diff --git a/syft/pkg/cataloger/python/capabilities.yaml b/syft/pkg/cataloger/python/capabilities.yaml index 30211eb71..dfbadc272 100644 --- a/syft/pkg/cataloger/python/capabilities.yaml +++ b/syft/pkg/cataloger/python/capabilities.yaml @@ -113,6 +113,7 @@ catalogers: method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/uv.lock' + - '**/*.py.lock' metadata_types: # AUTO-GENERATED - pkg.PythonUvLockEntry package_types: # AUTO-GENERATED diff --git a/syft/pkg/cataloger/python/cataloger.go b/syft/pkg/cataloger/python/cataloger.go index dffc7b3fb..d7854b784 100644 --- a/syft/pkg/cataloger/python/cataloger.go +++ b/syft/pkg/cataloger/python/cataloger.go @@ -23,7 +23,10 @@ func NewPackageCataloger(cfg CatalogerConfig) pkg.Cataloger { WithParserByGlobs(poetryLockParser.parsePoetryLock, "**/poetry.lock"). WithParserByGlobs(pipfileLockParser.parsePipfileLock, "**/Pipfile.lock"). WithParserByGlobs(setupFileParser.parseSetupFile, "**/setup.py"). - WithParserByGlobs(uvLockParser.parseUvLock, "**/uv.lock"). + // uv lock files are named "uv.lock", but PEP 723 script lock files + // (created by "uv lock --script .py") are named ".py.lock" + // and use the same format, so catalog both. + WithParserByGlobs(uvLockParser.parseUvLock, "**/uv.lock", "**/*.py.lock"). WithParserByGlobs(pdmLockParser.parsePdmLock, "**/pdm.lock") } diff --git a/syft/pkg/cataloger/python/cataloger_test.go b/syft/pkg/cataloger/python/cataloger_test.go index 3d9f64311..8da2c6092 100644 --- a/syft/pkg/cataloger/python/cataloger_test.go +++ b/syft/pkg/cataloger/python/cataloger_test.go @@ -501,6 +501,7 @@ func Test_IndexCataloger_Globs(t *testing.T) { "src/poetry.lock", "src/Pipfile.lock", "src/uv.lock", + "src/script.py.lock", "src/pdm.lock", }, }, diff --git a/syft/pkg/cataloger/python/testdata/glob-paths/src/script.py.lock b/syft/pkg/cataloger/python/testdata/glob-paths/src/script.py.lock new file mode 100644 index 000000000..5ffba7b57 --- /dev/null +++ b/syft/pkg/cataloger/python/testdata/glob-paths/src/script.py.lock @@ -0,0 +1 @@ +bogus