diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index eaf89dfc3..3edce4f6d 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -14,7 +14,7 @@ builds:
dir: ./cmd/syft
binary: syft
goos: [linux]
- goarch: [amd64, arm64, ppc64le, s390x]
+ goarch: [amd64, arm64, ppc64le, riscv64, s390x]
mod_timestamp: &build-timestamp '{{ .CommitTimestamp }}'
ldflags: &build-ldflags |
-w
@@ -114,6 +114,20 @@ dockers:
- "--build-arg=VCS_REF={{.FullCommit}}"
- "--build-arg=VCS_URL={{.GitURL}}"
+ - image_templates:
+ - anchore/syft:{{.Tag}}-riscv64
+ - ghcr.io/anchore/syft:{{.Tag}}-riscv64
+ goarch: riscv64
+ dockerfile: Dockerfile
+ use: buildx
+ build_flag_templates:
+ - "--platform=linux/riscv64"
+ - "--build-arg=DEBIAN_VERSION=13"
+ - "--build-arg=BUILD_DATE={{.Date}}"
+ - "--build-arg=BUILD_VERSION={{.Version}}"
+ - "--build-arg=VCS_REF={{.FullCommit}}"
+ - "--build-arg=VCS_URL={{.GitURL}}"
+
- image_templates:
- anchore/syft:{{.Tag}}-s390x
- ghcr.io/anchore/syft:{{.Tag}}-s390x
@@ -167,6 +181,20 @@ dockers:
- "--build-arg=VCS_REF={{.FullCommit}}"
- "--build-arg=VCS_URL={{.GitURL}}"
+ - image_templates:
+ - anchore/syft:{{.Tag}}-nonroot-riscv64
+ - ghcr.io/anchore/syft:{{.Tag}}-nonroot-riscv64
+ goarch: riscv64
+ dockerfile: Dockerfile.nonroot
+ use: buildx
+ build_flag_templates:
+ - "--platform=linux/riscv64"
+ - "--build-arg=DEBIAN_VERSION=13"
+ - "--build-arg=BUILD_DATE={{.Date}}"
+ - "--build-arg=BUILD_VERSION={{.Version}}"
+ - "--build-arg=VCS_REF={{.FullCommit}}"
+ - "--build-arg=VCS_URL={{.GitURL}}"
+
- image_templates:
- anchore/syft:{{.Tag}}-nonroot-s390x
- ghcr.io/anchore/syft:{{.Tag}}-nonroot-s390x
@@ -220,6 +248,20 @@ dockers:
- "--build-arg=VCS_REF={{.FullCommit}}"
- "--build-arg=VCS_URL={{.GitURL}}"
+ - image_templates:
+ - anchore/syft:{{.Tag}}-debug-riscv64
+ - ghcr.io/anchore/syft:{{.Tag}}-debug-riscv64
+ goarch: riscv64
+ dockerfile: Dockerfile.debug
+ use: buildx
+ build_flag_templates:
+ - "--platform=linux/riscv64"
+ - "--build-arg=DEBIAN_VERSION=13"
+ - "--build-arg=BUILD_DATE={{.Date}}"
+ - "--build-arg=BUILD_VERSION={{.Version}}"
+ - "--build-arg=VCS_REF={{.FullCommit}}"
+ - "--build-arg=VCS_URL={{.GitURL}}"
+
- image_templates:
- anchore/syft:{{.Tag}}-debug-s390x
- ghcr.io/anchore/syft:{{.Tag}}-debug-s390x
@@ -239,6 +281,7 @@ docker_manifests:
- anchore/syft:{{.Tag}}-amd64
- anchore/syft:{{.Tag}}-arm64v8
- anchore/syft:{{.Tag}}-ppc64le
+ - anchore/syft:{{.Tag}}-riscv64
- anchore/syft:{{.Tag}}-s390x
- name_template: ghcr.io/anchore/syft:latest
@@ -246,6 +289,7 @@ docker_manifests:
- ghcr.io/anchore/syft:{{.Tag}}-amd64
- ghcr.io/anchore/syft:{{.Tag}}-arm64v8
- ghcr.io/anchore/syft:{{.Tag}}-ppc64le
+ - ghcr.io/anchore/syft:{{.Tag}}-riscv64
- ghcr.io/anchore/syft:{{.Tag}}-s390x
- name_template: anchore/syft:{{.Tag}}
@@ -253,6 +297,7 @@ docker_manifests:
- anchore/syft:{{.Tag}}-amd64
- anchore/syft:{{.Tag}}-arm64v8
- anchore/syft:{{.Tag}}-ppc64le
+ - anchore/syft:{{.Tag}}-riscv64
- anchore/syft:{{.Tag}}-s390x
- name_template: ghcr.io/anchore/syft:{{.Tag}}
@@ -260,6 +305,7 @@ docker_manifests:
- ghcr.io/anchore/syft:{{.Tag}}-amd64
- ghcr.io/anchore/syft:{{.Tag}}-arm64v8
- ghcr.io/anchore/syft:{{.Tag}}-ppc64le
+ - ghcr.io/anchore/syft:{{.Tag}}-riscv64
- ghcr.io/anchore/syft:{{.Tag}}-s390x
# nonroot images...
@@ -268,6 +314,7 @@ docker_manifests:
- anchore/syft:{{.Tag}}-nonroot-amd64
- anchore/syft:{{.Tag}}-nonroot-arm64v8
- anchore/syft:{{.Tag}}-nonroot-ppc64le
+ - anchore/syft:{{.Tag}}-nonroot-riscv64
- anchore/syft:{{.Tag}}-nonroot-s390x
- name_template: ghcr.io/anchore/syft:nonroot
@@ -275,6 +322,7 @@ docker_manifests:
- ghcr.io/anchore/syft:{{.Tag}}-nonroot-amd64
- ghcr.io/anchore/syft:{{.Tag}}-nonroot-arm64v8
- ghcr.io/anchore/syft:{{.Tag}}-nonroot-ppc64le
+ - ghcr.io/anchore/syft:{{.Tag}}-nonroot-riscv64
- ghcr.io/anchore/syft:{{.Tag}}-nonroot-s390x
- name_template: anchore/syft:{{.Tag}}-nonroot
@@ -282,6 +330,7 @@ docker_manifests:
- anchore/syft:{{.Tag}}-nonroot-amd64
- anchore/syft:{{.Tag}}-nonroot-arm64v8
- anchore/syft:{{.Tag}}-nonroot-ppc64le
+ - anchore/syft:{{.Tag}}-nonroot-riscv64
- anchore/syft:{{.Tag}}-nonroot-s390x
- name_template: ghcr.io/anchore/syft:{{.Tag}}-nonroot
@@ -289,6 +338,7 @@ docker_manifests:
- ghcr.io/anchore/syft:{{.Tag}}-nonroot-amd64
- ghcr.io/anchore/syft:{{.Tag}}-nonroot-arm64v8
- ghcr.io/anchore/syft:{{.Tag}}-nonroot-ppc64le
+ - ghcr.io/anchore/syft:{{.Tag}}-nonroot-riscv64
- ghcr.io/anchore/syft:{{.Tag}}-nonroot-s390x
# debug images...
@@ -297,6 +347,7 @@ docker_manifests:
- anchore/syft:{{.Tag}}-debug-amd64
- anchore/syft:{{.Tag}}-debug-arm64v8
- anchore/syft:{{.Tag}}-debug-ppc64le
+ - anchore/syft:{{.Tag}}-debug-riscv64
- anchore/syft:{{.Tag}}-debug-s390x
- name_template: ghcr.io/anchore/syft:debug
@@ -304,6 +355,7 @@ docker_manifests:
- ghcr.io/anchore/syft:{{.Tag}}-debug-amd64
- ghcr.io/anchore/syft:{{.Tag}}-debug-arm64v8
- ghcr.io/anchore/syft:{{.Tag}}-debug-ppc64le
+ - ghcr.io/anchore/syft:{{.Tag}}-debug-riscv64
- ghcr.io/anchore/syft:{{.Tag}}-debug-s390x
- name_template: anchore/syft:{{.Tag}}-debug
@@ -311,6 +363,7 @@ docker_manifests:
- anchore/syft:{{.Tag}}-debug-amd64
- anchore/syft:{{.Tag}}-debug-arm64v8
- anchore/syft:{{.Tag}}-debug-ppc64le
+ - anchore/syft:{{.Tag}}-debug-riscv64
- anchore/syft:{{.Tag}}-debug-s390x
- name_template: ghcr.io/anchore/syft:{{.Tag}}-debug
@@ -318,6 +371,7 @@ docker_manifests:
- ghcr.io/anchore/syft:{{.Tag}}-debug-amd64
- ghcr.io/anchore/syft:{{.Tag}}-debug-arm64v8
- ghcr.io/anchore/syft:{{.Tag}}-debug-ppc64le
+ - ghcr.io/anchore/syft:{{.Tag}}-debug-riscv64
- ghcr.io/anchore/syft:{{.Tag}}-debug-s390x
sboms:
diff --git a/Dockerfile b/Dockerfile
index 9e682b2d6..86ff23db2 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,5 @@
-FROM gcr.io/distroless/static-debian12:latest AS build
+ARG DEBIAN_VERSION=12
+FROM gcr.io/distroless/static-debian${DEBIAN_VERSION}:latest AS build
FROM scratch
# needed for version check HTTPS request
diff --git a/Dockerfile.debug b/Dockerfile.debug
index bfabed8db..936b5ffc1 100644
--- a/Dockerfile.debug
+++ b/Dockerfile.debug
@@ -1,4 +1,5 @@
-FROM gcr.io/distroless/static-debian12:debug-nonroot
+ARG DEBIAN_VERSION=12
+FROM gcr.io/distroless/static-debian${DEBIAN_VERSION}:debug-nonroot
# create the /tmp dir, which is needed for image content cache
WORKDIR /tmp
diff --git a/Dockerfile.nonroot b/Dockerfile.nonroot
index 86b6b643f..c6789d4c7 100644
--- a/Dockerfile.nonroot
+++ b/Dockerfile.nonroot
@@ -1,4 +1,5 @@
-FROM gcr.io/distroless/static-debian12:nonroot
+ARG DEBIAN_VERSION=12
+FROM gcr.io/distroless/static-debian${DEBIAN_VERSION}:nonroot
# create the /tmp dir, which is needed for image content cache
WORKDIR /tmp
diff --git a/install.sh b/install.sh
index 41d0a22a8..f4921c255 100755
--- a/install.sh
+++ b/install.sh
@@ -154,6 +154,7 @@ uname_arch_check() (
mipsle) return 0 ;;
mips64) return 0 ;;
mips64le) return 0 ;;
+ riscv64) return 0 ;;
s390x) return 0 ;;
amd64p32) return 0 ;;
esac
diff --git a/schema/cyclonedx/cyclonedx.json b/schema/cyclonedx/cyclonedx.json
index c8d3d5e80..d720cc795 100644
--- a/schema/cyclonedx/cyclonedx.json
+++ b/schema/cyclonedx/cyclonedx.json
@@ -5132,6 +5132,7 @@
"armv9-a",
"armv9-m",
"s390x",
+ "riscv64",
"ppc64",
"ppc64le",
"other",
diff --git a/schema/cyclonedx/cyclonedx.xsd b/schema/cyclonedx/cyclonedx.xsd
index f90bb8e43..21a591414 100644
--- a/schema/cyclonedx/cyclonedx.xsd
+++ b/schema/cyclonedx/cyclonedx.xsd
@@ -6471,6 +6471,7 @@ limitations under the License.
+
diff --git a/test/install/1_download_snapshot_asset_test.sh b/test/install/1_download_snapshot_asset_test.sh
index 0590f1ce6..cde979c1c 100755
--- a/test/install/1_download_snapshot_asset_test.sh
+++ b/test/install/1_download_snapshot_asset_test.sh
@@ -92,6 +92,10 @@ run_test_case test_positive_snapshot_download_asset "linux" "ppc64le" "sbom"
run_test_case test_positive_snapshot_download_asset "linux" "ppc64le" "tar.gz"
run_test_case test_positive_snapshot_download_asset "linux" "ppc64le" "rpm"
run_test_case test_positive_snapshot_download_asset "linux" "ppc64le" "deb"
+run_test_case test_positive_snapshot_download_asset "linux" "riscv64" "sbom"
+run_test_case test_positive_snapshot_download_asset "linux" "riscv64" "tar.gz"
+run_test_case test_positive_snapshot_download_asset "linux" "riscv64" "rpm"
+run_test_case test_positive_snapshot_download_asset "linux" "riscv64" "deb"
run_test_case test_positive_snapshot_download_asset "linux" "s390x" "sbom"
run_test_case test_positive_snapshot_download_asset "linux" "s390x" "tar.gz"
run_test_case test_positive_snapshot_download_asset "linux" "s390x" "rpm"
diff --git a/test/install/3_install_asset_test.sh b/test/install/3_install_asset_test.sh
index 225d5370b..5c1df7762 100755
--- a/test/install/3_install_asset_test.sh
+++ b/test/install/3_install_asset_test.sh
@@ -43,6 +43,11 @@ test_positive_snapshot_install_asset() {
local_suffix="_power8"
fi
+ # note: this is a change made in goreleaser v2.4.0
+ if [ "${arch}" == "riscv64" ]; then
+ local_suffix="_rva20u64"
+ fi
+
assertFilesEqual \
"$(snapshot_dir)/${os}-build_${os}_${arch}${local_suffix}/${binary}" \
@@ -95,6 +100,7 @@ trap 'teardown_snapshot_server ${worker_pid}' EXIT
run_test_case test_positive_snapshot_install_asset "linux" "amd64" "tar.gz"
run_test_case test_positive_snapshot_install_asset "linux" "arm64" "tar.gz"
run_test_case test_positive_snapshot_install_asset "linux" "ppc64le" "tar.gz"
+run_test_case test_positive_snapshot_install_asset "linux" "riscv64" "tar.gz"
run_test_case test_positive_snapshot_install_asset "linux" "s390x" "tar.gz"
run_test_case test_positive_snapshot_install_asset "darwin" "amd64" "tar.gz"
run_test_case test_positive_snapshot_install_asset "darwin" "arm64" "tar.gz"
diff --git a/test/install/testdata/assets/invalid/checksums.txt b/test/install/testdata/assets/invalid/checksums.txt
index b38380486..9dbffd946 100644
--- a/test/install/testdata/assets/invalid/checksums.txt
+++ b/test/install/testdata/assets/invalid/checksums.txt
@@ -14,6 +14,10 @@ ee2b1289a1e4b0de9409c3a78867949ca42788a5f50072b8a6e6e04e6a269f9c syft_1.5.0_lin
dc4b8c4a02ffd8dd394ab94695ed44ed2bfceb06bc239835c51e84dd9b84a68c syft_1.5.0_linux_ppc64le.rpm
392044f2951ca6522d0bc71de43763202a548d40bf836098caf286041a7c8fa4 syft_1.5.0_linux_ppc64le.sbom
551d98b67f7476bc2e38453a588177b0b038933850a351a94c4bf360813f01d0 syft_1.5.0_linux_ppc64le.tar.gz
+98cd582d9484f428cccd7351031543038f26d4e3f1481c5916e08e65983f1e21 syft_1.5.0_linux_riscv64.deb
+3a5197d43a469feaa87c723448a47a2312cf26456eef4580b59eac447baef9d4 syft_1.5.0_linux_riscv64.rpm
+5805bfb3e30452c8860665ea88bfdf356e9536a35c1b8ba28ac5b4717f2e6388 syft_1.5.0_linux_riscv64.sbom
+ff15f556660cc4c4279ce41e2475bffe2a0f72eb4423c21edf7380b2484fbf68 syft_1.5.0_linux_riscv64.tar.gz
98cd582d9484f428cccd7351031543038f26d4e3f1481c5916e08e65983f1e21 syft_1.5.0_linux_s390x.deb
3a5197d43a469feaa87c723448a47a2312cf26456eef4580b59eac447baef9d4 syft_1.5.0_linux_s390x.rpm
5805bfb3e30452c8860665ea88bfdf356e9536a35c1b8ba28ac5b4717f2e6388 syft_1.5.0_linux_s390x.sbom
diff --git a/test/install/testdata/assets/valid/checksums.txt b/test/install/testdata/assets/valid/checksums.txt
index b1dfe76b9..fb1a5c692 100644
--- a/test/install/testdata/assets/valid/checksums.txt
+++ b/test/install/testdata/assets/valid/checksums.txt
@@ -14,6 +14,10 @@ a74549794fa5dac79ab9f6401ee7000db3bd9589435b302583c3ee4ca13fb8e3 syft_1.5.0_lin
dc4b8c4a02ffd8dd394ab94695ed44ed2bfceb06bc239835c51e84dd9b84a68c syft_1.5.0_linux_ppc64le.rpm
392044f2951ca6522d0bc71de43763202a548d40bf836098caf286041a7c8fa4 syft_1.5.0_linux_ppc64le.sbom
551d98b67f7476bc2e38453a588177b0b038933850a351a94c4bf360813f01d0 syft_1.5.0_linux_ppc64le.tar.gz
+98cd582d9484f428cccd7351031543038f26d4e3f1481c5916e08e65983f1e21 syft_1.5.0_linux_riscv64.deb
+3a5197d43a469feaa87c723448a47a2312cf26456eef4580b59eac447baef9d4 syft_1.5.0_linux_riscv64.rpm
+5805bfb3e30452c8860665ea88bfdf356e9536a35c1b8ba28ac5b4717f2e6388 syft_1.5.0_linux_riscv64.sbom
+ff15f556660cc4c4279ce41e2475bffe2a0f72eb4423c21edf7380b2484fbf68 syft_1.5.0_linux_riscv64.tar.gz
98cd582d9484f428cccd7351031543038f26d4e3f1481c5916e08e65983f1e21 syft_1.5.0_linux_s390x.deb
3a5197d43a469feaa87c723448a47a2312cf26456eef4580b59eac447baef9d4 syft_1.5.0_linux_s390x.rpm
5805bfb3e30452c8860665ea88bfdf356e9536a35c1b8ba28ac5b4717f2e6388 syft_1.5.0_linux_s390x.sbom