oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 16:33:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Turn off the SBOM cataloger by default (#2527)

Browse Source 
* turn off the SBOM cataloger by default

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix integration tests

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
This commit is contained in:
Alex Goodman 2024-01-22 12:32:45 -05:00 committed by GitHub
parent 4c77783461
commit 03b7938fbf
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 39 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
internal/task/package_tasks.go
View File

@ -123,6 +123,6 @@ func DefaultPackageTaskFactories() PackageTaskFactories {
}, },
pkgcataloging.DeclaredTag, pkgcataloging.DirectoryTag, pkgcataloging.InstalledTag, pkgcataloging.ImageTag, "linux", "kernel", pkgcataloging.DeclaredTag, pkgcataloging.DirectoryTag, pkgcataloging.InstalledTag, pkgcataloging.ImageTag, "linux", "kernel",
), ),
newSimplePackageTaskFactory(sbomCataloger.NewCataloger, pkgcataloging.ImageTag, pkgcataloging.DeclaredTag, pkgcataloging.DirectoryTag, "sbom"), // note: not evidence of installed packages newSimplePackageTaskFactory(sbomCataloger.NewCataloger, "sbom"), // note: not evidence of installed packages
} }
} }

3
test/integration/package_catalogers_represented_test.go
View File

@ -53,6 +53,9 @@ func TestAllPackageCatalogersReachableInTasks(t *testing.T) {
assert.Equal(t, len(taskTagsByName), constructorCount, "mismatch in number of cataloger constructors and task names") assert.Equal(t, len(taskTagsByName), constructorCount, "mismatch in number of cataloger constructors and task names")
for taskName, tags := range taskTagsByName { for taskName, tags := range taskTagsByName {
if taskName == "sbom-cataloger" {
continue // this is a special case
}
if !strset.New(tags...).HasAny(pkgcataloging.ImageTag, pkgcataloging.DirectoryTag) { if !strset.New(tags...).HasAny(pkgcataloging.ImageTag, pkgcataloging.DirectoryTag) {
t.Errorf("task %q is missing 'directory' or 'image' a tag", taskName) t.Errorf("task %q is missing 'directory' or 'image' a tag", taskName)
} }

54
test/integration/sbom_cataloger_test.go
View File

@ -4,31 +4,47 @@ import (
"testing" "testing"
"github.com/anchore/syft/syft/pkg" "github.com/anchore/syft/syft/pkg"
"github.com/anchore/syft/syft/sbom"
"github.com/anchore/syft/syft/source" "github.com/anchore/syft/syft/source"
) )
func TestSbomCataloger(t *testing.T) { func TestSbomCataloger(t *testing.T) {
// The image contains a go.mod file with 2 dependencies and an spdx json sbom. assertCount := func(t *testing.T, sbom sbom.SBOM, expectedGoModCatalogerPkgs int, expectedSbomCatalogerPkgs int) {
// The go.mod file contains 2 dependencies, and the sbom includes a go dependency actualSbomPkgs := 0
// that overlaps with the go.mod actualGoModPkgs := 0
sbom, _ := catalogFixtureImage(t, "image-sbom-cataloger", source.SquashedScope, "+go-module-file-cataloger")
expectedSbomCatalogerPkgs := 1 for p := range sbom.Artifacts.Packages.Enumerate(pkg.GoModulePkg) {
expectedGoModCatalogerPkgs := 2 if p.FoundBy == "go-module-file-cataloger" {
actualSbomPkgs := 0 actualGoModPkgs += 1
actualGoModPkgs := 0 } else if p.FoundBy == "sbom-cataloger" {
for p := range sbom.Artifacts.Packages.Enumerate(pkg.GoModulePkg) { actualSbomPkgs += 1
if p.FoundBy == "go-module-file-cataloger" { }
actualGoModPkgs += 1 }
} else if p.FoundBy == "sbom-cataloger" {
actualSbomPkgs += 1 if actualGoModPkgs != expectedGoModCatalogerPkgs {
t.Errorf("unexpected number of packages from go mod cataloger: %d != %d", expectedGoModCatalogerPkgs, actualGoModPkgs)
}
if actualSbomPkgs != expectedSbomCatalogerPkgs {
t.Errorf("unexpected number of packages from sbom cataloger: %d != %d", expectedSbomCatalogerPkgs, actualSbomPkgs)
} }
} }
if actualGoModPkgs != expectedGoModCatalogerPkgs { t.Run("default catalogers", func(t *testing.T) {
t.Errorf("unexpected number of packages from go mod cataloger: %d != %d", expectedGoModCatalogerPkgs, actualGoModPkgs) sbom, _ := catalogFixtureImage(t, "image-sbom-cataloger", source.SquashedScope, "+go-module-file-cataloger")
}
if actualSbomPkgs != expectedSbomCatalogerPkgs { expectedSbomCatalogerPkgs := 0
t.Errorf("unexpected number of packages from sbom cataloger: %d != %d", expectedSbomCatalogerPkgs, actualSbomPkgs) expectedGoModCatalogerPkgs := 2
} assertCount(t, sbom, expectedGoModCatalogerPkgs, expectedSbomCatalogerPkgs)
})
// The image contains a go.mod file with 2 dependencies and an spdx json sbom.
// The go.mod file contains 2 dependencies, and the sbom includes a go dependency
// that overlaps with the go.mod
t.Run("with sbom cataloger", func(t *testing.T) {
sbom, _ := catalogFixtureImage(t, "image-sbom-cataloger", source.SquashedScope, "+go-module-file-cataloger", "+sbom-cataloger")
expectedSbomCatalogerPkgs := 1
expectedGoModCatalogerPkgs := 2
assertCount(t, sbom, expectedGoModCatalogerPkgs, expectedSbomCatalogerPkgs)
})
} }