oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2026-02-12 02:26:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

chore(deps): bump the go-minor-patch group with 3 updates (#4524)

Browse Source 
* chore(deps): bump the go-minor-patch group with 3 updates

Bumps the go-minor-patch group with 3 updates: [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml), [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) and [github.com/invopop/jsonschema](https://github.com/invopop/jsonschema).


Updates `github.com/BurntSushi/toml` from 1.5.0 to 1.6.0
- [Release notes](https://github.com/BurntSushi/toml/releases)
- [Commits](https://github.com/BurntSushi/toml/compare/v1.5.0...v1.6.0)

Updates `github.com/go-git/go-git/v5` from 5.16.3 to 5.16.4
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.16.3...v5.16.4)

Updates `github.com/invopop/jsonschema` from 0.7.0 to 0.13.0
- [Commits](https://github.com/invopop/jsonschema/compare/v0.7.0...v0.13.0)

---
updated-dependencies:
- dependency-name: github.com/BurntSushi/toml
  dependency-version: 1.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: github.com/go-git/go-git/v5
  dependency-version: 5.16.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: github.com/invopop/jsonschema
  dependency-version: 0.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* port breaking jsonschema lib changes

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* regenerate the existing json schema with new generation code

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
This commit is contained in:
dependabot[bot] 2026-01-06 15:25:43 +00:00 committed by GitHub
parent 81dd955871
commit 3ea6a03cd0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
9 changed files with 127 additions and 172 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -19,6 +19,7 @@ bin/
/.task
/generate
/specs
mise.toml
# changelog generation
CHANGELOG.md

11
go.mod
View File

@ -3,7 +3,7 @@ module github.com/anchore/syft
go 1.24.6
require (
github.com/BurntSushi/toml v1.5.0
github.com/BurntSushi/toml v1.6.0
github.com/CycloneDX/cyclonedx-go v0.9.3
github.com/Masterminds/semver/v3 v3.4.0
github.com/Masterminds/sprig/v3 v3.3.0
@ -42,7 +42,7 @@ require (
github.com/github/go-spdx/v2 v2.3.5
github.com/gkampitakis/go-snaps v0.5.19
github.com/go-git/go-billy/v5 v5.7.0
github.com/go-git/go-git/v5 v5.16.3
github.com/go-git/go-git/v5 v5.16.4
github.com/go-test/deep v1.1.1
github.com/go-viper/mapstructure/v2 v2.4.0
github.com/gohugoio/hashstructure v0.6.0
@ -56,7 +56,7 @@ require (
github.com/hashicorp/go-multierror v1.1.1
github.com/hashicorp/hcl/v2 v2.24.0
github.com/iancoleman/strcase v0.3.0
github.com/invopop/jsonschema v0.7.0
github.com/invopop/jsonschema v0.13.0
github.com/jedib0t/go-pretty/v6 v6.7.8
github.com/jinzhu/copier v0.4.0
github.com/kastenhq/goversion v0.0.0-20230811215019-93b2f8823953
@ -174,7 +174,6 @@ require (
github.com/hashicorp/go-version v1.8.0 // indirect
github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
github.com/huandu/xstrings v1.5.0 // indirect
github.com/iancoleman/orderedmap v0.3.0
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
github.com/kevinburke/ssh_config v1.2.0 // indirect
@ -282,6 +281,7 @@ require (
require (
github.com/cespare/xxhash/v2 v2.3.0
github.com/gpustack/gguf-parser-go v0.22.1
github.com/wk8/go-ordered-map/v2 v2.1.8
)
require (
@ -310,6 +310,8 @@ require (
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.12 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.41.5 // indirect
github.com/aws/smithy-go v1.24.0 // indirect
github.com/bahlo/generic-list-go v0.2.0 // indirect
github.com/buger/jsonparser v1.1.1 // indirect
github.com/clipperhouse/displaywidth v0.6.0 // indirect
github.com/clipperhouse/stringish v0.1.1 // indirect
github.com/clipperhouse/uax29/v2 v2.3.0 // indirect
@ -320,6 +322,7 @@ require (
github.com/hashicorp/aws-sdk-go-base/v2 v2.0.0-beta.70 // indirect
github.com/henvic/httpretty v0.1.4 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/nwaples/rardecode/v2 v2.2.0 // indirect

23
go.sum
View File

@ -80,8 +80,8 @@ github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25
github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg=
github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
github.com/BurntSushi/toml v1.6.0 h1:dRaEfpa2VI55EwlIW72hMRHdWouJeRF7TPYhI+AUQjk=
github.com/BurntSushi/toml v1.6.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
github.com/CycloneDX/cyclonedx-go v0.9.3 h1:Pyk/lwavPz7AaZNvugKFkdWOm93MzaIyWmBwmBo3aUI=
github.com/CycloneDX/cyclonedx-go v0.9.3/go.mod h1:vcK6pKgO1WanCdd61qx4bFnSsDJQ6SbM2ZuMIgq86Jg=
@ -219,6 +219,8 @@ github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiE
github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8=
github.com/aymanbagabas/go-udiff v0.2.0 h1:TK0fH4MteXUDspT88n8CKzvK0X9O2xu9yQjWpi6yML8=
github.com/aymanbagabas/go-udiff v0.2.0/go.mod h1:RE4Ex0qsGkTAJoQdQQCA0uG+nAzJO/pI/QwceO5fgrA=
github.com/bahlo/generic-list-go v0.2.0 h1:5sz/EEAK+ls5wF+NeqDpk5+iNdMDXrh3z3nPnH1Wvgk=
github.com/bahlo/generic-list-go v0.2.0/go.mod h1:2KvAjgMlE5NNynlg/5iLrrCCZ2+5xWbdbCW3pNTGyYg=
github.com/becheran/wildmatch-go v1.0.0 h1:mE3dGGkTmpKtT4Z+88t8RStG40yN9T+kFEGj2PZFSzA=
github.com/becheran/wildmatch-go v1.0.0/go.mod h1:gbMvj0NtVdJ15Mg/mH9uxk2R1QCistMyU7d9KFzroX4=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@ -241,6 +243,8 @@ github.com/bodgit/windows v1.0.1 h1:tF7K6KOluPYygXa3Z2594zxlkbKPAOvqr97etrGNIz4=
github.com/bodgit/windows v1.0.1/go.mod h1:a6JLwrB4KrTR5hBpp8FI9/9W9jJfeQ2h4XDXU74ZCdM=
github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M=
github.com/bradleyjkemp/cupaloy/v2 v2.8.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0=
github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs=
github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
@ -434,8 +438,8 @@ github.com/go-git/go-billy/v5 v5.7.0 h1:83lBUJhGWhYp0ngzCMSgllhUSuoHP1iEWYjsPl9n
github.com/go-git/go-billy/v5 v5.7.0/go.mod h1:/1IUejTKH8xipsAcdfcSAlUlo2J7lkYV8GTKxAT/L3E=
github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
github.com/go-git/go-git/v5 v5.16.3 h1:Z8BtvxZ09bYm/yYNgPKCzgWtaRqDTgIKRgIRHBfU6Z8=
github.com/go-git/go-git/v5 v5.16.3/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8=
github.com/go-git/go-git/v5 v5.16.4 h1:7ajIEZHZJULcyJebDLo99bGgS0jRrOxzZG4uCk2Yb2Y=
github.com/go-git/go-git/v5 v5.16.4/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8=
github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
@ -625,9 +629,6 @@ github.com/henvic/httpretty v0.1.4 h1:Jo7uwIRWVFxkqOnErcoYfH90o3ddQyVrSANeS4cxYm
github.com/henvic/httpretty v0.1.4/go.mod h1:Dn60sQTZfbt2dYsdUSNsCljyF4AfdqnuJFDLJA1I4AM=
github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI=
github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
github.com/iancoleman/orderedmap v0.0.0-20190318233801-ac98e3ecb4b0/go.mod h1:N0Wam8K1arqPXNWjMo21EXnBPOPp36vB07FNRdD2geA=
github.com/iancoleman/orderedmap v0.3.0 h1:5cbR2grmZR/DiVt+VJopEhtVs9YGInGIxAoMJn+Ichc=
github.com/iancoleman/orderedmap v0.3.0/go.mod h1:XuLcCUkdL5owUCQeF2Ue9uuw1EptkJDkXXS7VoV7XGE=
github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho=
github.com/iancoleman/strcase v0.3.0 h1:nTXanmYxhfFAMjZL34Ov6gkzEsSJZ5DbhxWjvSASxEI=
github.com/iancoleman/strcase v0.3.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho=
@ -638,8 +639,8 @@ github.com/ianlancetaylor/demangle v0.0.0-20230524184225-eabc099b10ab/go.mod h1:
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
github.com/invopop/jsonschema v0.7.0 h1:2vgQcBz1n256N+FpX3Jq7Y17AjYt46Ig3zIWyy770So=
github.com/invopop/jsonschema v0.7.0/go.mod h1:O9uiLokuu0+MGFlyiaqtWxwqJm41/+8Nj0lD7A36YH0=
github.com/invopop/jsonschema v0.13.0 h1:KvpoAJWEjR3uD9Kbm2HWJmqsEaHt8lBUpd0qHcIi21E=
github.com/invopop/jsonschema v0.13.0/go.mod h1:ffZ5Km5SWWRAIN6wbDXItl95euhFz2uON45H2qjYt+0=
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
github.com/jedib0t/go-pretty/v6 v6.7.8 h1:BVYrDy5DPBA3Qn9ICT+PokP9cvCv1KaHv2i+Hc8sr5o=
@ -690,6 +691,7 @@ github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc8
github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
github.com/magiconair/properties v1.8.10 h1:s31yESBquKXCV9a/ScB3ESkOjUYYv+X0rg8SYxI99mE=
github.com/magiconair/properties v1.8.10/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
github.com/maruel/natural v1.1.1 h1:Hja7XhhmvEFhcByqDoHz9QZbkWey+COd9xWfCfn1ioo=
github.com/maruel/natural v1.1.1/go.mod h1:v+Rfd79xlw1AgVBjbO0BEQmptqb5HvL/k9GRHB7ZKEg=
@ -927,7 +929,6 @@ github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/
github.com/stretchr/testify v0.0.0-20161117074351-18a02ba4a312/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.3.1-0.20190311161405-34c6fa2dc709/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
@ -972,6 +973,8 @@ github.com/wagoodman/go-partybus v0.0.0-20230516145632-8ccac152c651 h1:jIVmlAFIq
github.com/wagoodman/go-partybus v0.0.0-20230516145632-8ccac152c651/go.mod h1:b26F2tHLqaoRQf8DywqzVaV1MQ9yvjb0OMcNl7Nxu20=
github.com/wagoodman/go-progress v0.0.0-20230925121702-07e42b3cdba0 h1:0KGbf+0SMg+UFy4e1A/CPVvXn21f1qtWdeJwxZFoQG8=
github.com/wagoodman/go-progress v0.0.0-20230925121702-07e42b3cdba0/go.mod h1:jLXFoL31zFaHKAAyZUh+sxiTDFe1L1ZHrcK2T1itVKA=
github.com/wk8/go-ordered-map/v2 v2.1.8 h1:5h/BUHu93oj4gIdvHHHGsScSTMijfx5PeYkE/fJgbpc=
github.com/wk8/go-ordered-map/v2 v2.1.8/go.mod h1:5nJHM5DyteebpVlHnWMV0rPz6Zp7+xBAnxjb1X5vnTw=
github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=

3
internal/capabilities/internal/load_capabilities.go
View File

@ -45,6 +45,9 @@ func LoadCapabilities(catalogerDir, repoRoot string) (*capabilities.Document, ma
Catalogers []capabilities.CatalogerEntry `yaml:"catalogers"`
}
if err := yaml.Unmarshal(data, &doc); err != nil {
fmt.Printf("\n=== DEBUG: YAML Parse Error in %s ===\n", file)
fmt.Printf("Error: %v\n\n", err)
fmt.Printf("=== FULL FILE CONTENT ===\n%s\n=== END FILE ===\n", string(data))
return nil, nil, fmt.Errorf("failed to parse %s into struct: %w", file, err)
}

9
internal/jsonschema/comments.go
View File

@ -110,12 +110,9 @@ func warnMissingDescriptions(schema *jsonschema.Schema, metadataNames []string)
// check if fields have descriptions
if def.Properties != nil {
for _, fieldName := range def.Properties.Keys() {
fieldSchemaRaw, _ := def.Properties.Get(fieldName)
fieldSchema, ok := fieldSchemaRaw.(*jsonschema.Schema)
if !ok {
continue
}
for pair := def.Properties.Newest(); pair != nil; pair = pair.Prev() {
fieldName := pair.Key
fieldSchema := pair.Value
// skip if field has a description
if fieldSchema.Description != "" {

6
internal/jsonschema/comments_test.go
View File

@ -5,10 +5,10 @@ import (
"path/filepath"
"testing"
"github.com/iancoleman/orderedmap"
"github.com/invopop/jsonschema"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
orderedmap "github.com/wk8/go-ordered-map/v2"
)
// TestCopyAliasFieldComments verifies that field comments from source types are correctly copied to alias types.
@ -373,8 +373,8 @@ func TestWarnMissingDescriptions(t *testing.T) {
}
// helper to create an ordered map from a regular map
func newOrderedMap(m map[string]*jsonschema.Schema) *orderedmap.OrderedMap {
om := orderedmap.New()
func newOrderedMap(m map[string]*jsonschema.Schema) *orderedmap.OrderedMap[string, *jsonschema.Schema] {
om := orderedmap.New[string, *jsonschema.Schema]()
for k, v := range m {
om.Set(k, v)
}

12
internal/jsonschema/main.go
View File

@ -158,20 +158,18 @@ func build() *jsonschema.Schema {
// ensure the generated list of names is stable between runs
sort.Strings(metadataNames)
metadataTypes := []map[string]string{
metadataTypes := []*jsonschema.Schema{
// allow for no metadata to be provided
{"type": "null"},
{Type: "null"},
}
for _, name := range metadataNames {
metadataTypes = append(metadataTypes, map[string]string{
"$ref": fmt.Sprintf("#/$defs/%s", name),
metadataTypes = append(metadataTypes, &jsonschema.Schema{
Ref: fmt.Sprintf("#/$defs/%s", name),
})
}
// set the "anyOf" field for Package.Metadata to be a conjunction of several types
documentSchema.Definitions["Package"].Properties.Set("metadata", map[string][]map[string]string{
"anyOf": metadataTypes,
})
documentSchema.Definitions["Package"].Properties.Set("metadata", &jsonschema.Schema{AnyOf: metadataTypes})
// warn about missing descriptions
warnMissingDescriptions(documentSchema, metadataNames)

117
schema/json/schema-16.1.2.json
View File

@ -793,7 +793,8 @@
"items": {
"$ref": "#/$defs/Package"
},
"type": "array"
"type": "array",
"description": "Artifacts is the list of packages discovered and placed into the catalog"
},
"artifactRelationships": {
"items": {
@ -805,19 +806,24 @@
"items": {
"$ref": "#/$defs/File"
},
"type": "array"
"type": "array",
"description": "note: must have omitempty"
},
"source": {
"$ref": "#/$defs/Source"
"$ref": "#/$defs/Source",
"description": "Source represents the original object that was cataloged"
},
"distro": {
"$ref": "#/$defs/LinuxRelease"
"$ref": "#/$defs/LinuxRelease",
"description": "Distro represents the Linux distribution that was detected from the source"
},
"descriptor": {
"$ref": "#/$defs/Descriptor"
"$ref": "#/$defs/Descriptor",
"description": "Descriptor is a block containing self-describing information about syft"
},
"schema": {
"$ref": "#/$defs/Schema"
"$ref": "#/$defs/Schema",
"description": "Schema is a block reserved for defining the version for the shape of this JSON document and where to find the schema document to validate the shape"
}
},
"type": "object",
@ -858,10 +864,8 @@
"description": "Type is type of entry could be package or project for internal refs"
},
"executables": {
"patternProperties": {
".*": {
"$ref": "#/$defs/DotnetPortableExecutableEntry"
}
"additionalProperties": {
"$ref": "#/$defs/DotnetPortableExecutableEntry"
},
"type": "object",
"description": "Executables are the map of .NET Portable Executable files within this package with their version resources"
@ -1797,10 +1801,8 @@
"description": "Scope is dependency scope determining when dependency is available (compile=default all phases, test=test compilation/execution only, runtime=runtime and test not compile, provided=expected from JDK or container)"
},
"extraFields": {
"patternProperties": {
".*": {
"type": "string"
}
"additionalProperties": {
"type": "string"
},
"type": "object",
"description": "Extra is additional custom properties not in standard Maven coordinates"
@ -1963,10 +1965,8 @@
"description": "Integrity is Subresource Integrity hash for verification using standard SRI format (sha512-... or sha1-...). npm changed from SHA-1 to SHA-512 in newer versions. For registry sources this is the integrity from registry, for remote tarballs it's SHA-512 of the file. npm verifies tarball matches this hash before unpacking, throwing EINTEGRITY error if mismatch detected."
},
"dependencies": {
"patternProperties": {
".*": {
"type": "string"
}
"additionalProperties": {
"type": "string"
},
"type": "object",
"description": "Dependencies is a map of dependencies and their version markers, i.e. \"lodash\": \"^1.0.0\""
@ -1987,10 +1987,8 @@
"description": "Resolution is the resolution information for the package"
},
"dependencies": {
"patternProperties": {
".*": {
"type": "string"
}
"additionalProperties": {
"type": "string"
},
"type": "object",
"description": "Dependencies is a map of dependencies and their versions"
@ -2014,10 +2012,8 @@
"description": "Integrity is Subresource Integrity hash for verification (SRI format)"
},
"dependencies": {
"patternProperties": {
".*": {
"type": "string"
}
"additionalProperties": {
"type": "string"
},
"type": "object",
"description": "Dependencies is a map of dependencies and their versions"
@ -2193,10 +2189,8 @@
"description": "VersionMagic is version magic string for compatibility checking (includes kernel version, SMP status, module loading capabilities like \"3.17.4-302.fc21.x86_64 SMP mod_unload modversions\"). Module will NOT load if vermagic doesn't match running kernel."
},
"parameters": {
"patternProperties": {
".*": {
"$ref": "#/$defs/LinuxKernelModuleParameter"
}
"additionalProperties": {
"$ref": "#/$defs/LinuxKernelModuleParameter"
},
"type": "object",
"description": "Parameters are the module parameters that can be configured at load time (user-settable values like module options)"
@ -2316,12 +2310,11 @@
"description": "AccessPath is the path used to retrieve file contents (which may or may not have hardlinks / symlinks in the path)"
},
"annotations": {
"patternProperties": {
".*": {
"type": "string"
}
"additionalProperties": {
"type": "string"
},
"type": "object"
"type": "object",
"description": "Arbitrary key-value pairs that can be used to annotate a location"
}
},
"type": "object",
@ -2358,10 +2351,8 @@
"description": "URL is the source download URL"
},
"dependencies": {
"patternProperties": {
".*": {
"type": "string"
}
"additionalProperties": {
"type": "string"
},
"type": "object",
"description": "Dependencies are the map of dependency names to version constraints"
@ -2856,37 +2847,29 @@
"description": "Dist is distribution archive information for production (typically zip/tar, default install method). Packaged version of released code."
},
"require": {
"patternProperties": {
".*": {
"type": "string"
}
"additionalProperties": {
"type": "string"
},
"type": "object",
"description": "Require is runtime dependencies with version constraints (package will not install unless these requirements can be met)"
},
"provide": {
"patternProperties": {
".*": {
"type": "string"
}
"additionalProperties": {
"type": "string"
},
"type": "object",
"description": "Provide is virtual packages/functionality provided by this package (allows other packages to depend on capabilities)"
},
"require-dev": {
"patternProperties": {
".*": {
"type": "string"
}
"additionalProperties": {
"type": "string"
},
"type": "object",
"description": "RequireDev is development-only dependencies (not installed in production, only when developing this package or running tests)"
},
"suggest": {
"patternProperties": {
".*": {
"type": "string"
}
"additionalProperties": {
"type": "string"
},
"type": "object",
"description": "Suggest is optional but recommended dependencies (suggestions for packages that would extend functionality)"
@ -2968,37 +2951,29 @@
"description": "Dist is distribution archive information for production (typically zip/tar, default install method). Packaged version of released code."
},
"require": {
"patternProperties": {
".*": {
"type": "string"
}
"additionalProperties": {
"type": "string"
},
"type": "object",
"description": "Require is runtime dependencies with version constraints (package will not install unless these requirements can be met)"
},
"provide": {
"patternProperties": {
".*": {
"type": "string"
}
"additionalProperties": {
"type": "string"
},
"type": "object",
"description": "Provide is virtual packages/functionality provided by this package (allows other packages to depend on capabilities)"
},
"require-dev": {
"patternProperties": {
".*": {
"type": "string"
}
"additionalProperties": {
"type": "string"
},
"type": "object",
"description": "RequireDev is development-only dependencies (not installed in production, only when developing this package or running tests)"
},
"suggest": {
"patternProperties": {
".*": {
"type": "string"
}
"additionalProperties": {
"type": "string"
},
"type": "object",
"description": "Suggest is optional but recommended dependencies (suggestions for packages that would extend functionality)"

117
schema/json/schema-latest.json
View File

@ -793,7 +793,8 @@
"items": {
"$ref": "#/$defs/Package"
},
"type": "array"
"type": "array",
"description": "Artifacts is the list of packages discovered and placed into the catalog"
},
"artifactRelationships": {
"items": {
@ -805,19 +806,24 @@
"items": {
"$ref": "#/$defs/File"
},
"type": "array"
"type": "array",
"description": "note: must have omitempty"
},
"source": {
"$ref": "#/$defs/Source"
"$ref": "#/$defs/Source",
"description": "Source represents the original object that was cataloged"
},
"distro": {
"$ref": "#/$defs/LinuxRelease"
"$ref": "#/$defs/LinuxRelease",
"description": "Distro represents the Linux distribution that was detected from the source"
},
"descriptor": {
"$ref": "#/$defs/Descriptor"
"$ref": "#/$defs/Descriptor",
"description": "Descriptor is a block containing self-describing information about syft"
},
"schema": {
"$ref": "#/$defs/Schema"
"$ref": "#/$defs/Schema",
"description": "Schema is a block reserved for defining the version for the shape of this JSON document and where to find the schema document to validate the shape"
}
},
"type": "object",
@ -858,10 +864,8 @@
"description": "Type is type of entry could be package or project for internal refs"
},
"executables": {
"patternProperties": {
".*": {
"$ref": "#/$defs/DotnetPortableExecutableEntry"
}
"additionalProperties": {
"$ref": "#/$defs/DotnetPortableExecutableEntry"
},
"type": "object",
"description": "Executables are the map of .NET Portable Executable files within this package with their version resources"
@ -1797,10 +1801,8 @@
"description": "Scope is dependency scope determining when dependency is available (compile=default all phases, test=test compilation/execution only, runtime=runtime and test not compile, provided=expected from JDK or container)"
},
"extraFields": {
"patternProperties": {
".*": {
"type": "string"
}
"additionalProperties": {
"type": "string"
},
"type": "object",
"description": "Extra is additional custom properties not in standard Maven coordinates"
@ -1963,10 +1965,8 @@
"description": "Integrity is Subresource Integrity hash for verification using standard SRI format (sha512-... or sha1-...). npm changed from SHA-1 to SHA-512 in newer versions. For registry sources this is the integrity from registry, for remote tarballs it's SHA-512 of the file. npm verifies tarball matches this hash before unpacking, throwing EINTEGRITY error if mismatch detected."
},
"dependencies": {
"patternProperties": {
".*": {
"type": "string"
}
"additionalProperties": {
"type": "string"
},
"type": "object",
"description": "Dependencies is a map of dependencies and their version markers, i.e. \"lodash\": \"^1.0.0\""
@ -1987,10 +1987,8 @@
"description": "Resolution is the resolution information for the package"
},
"dependencies": {
"patternProperties": {
".*": {
"type": "string"
}
"additionalProperties": {
"type": "string"
},
"type": "object",
"description": "Dependencies is a map of dependencies and their versions"
@ -2014,10 +2012,8 @@
"description": "Integrity is Subresource Integrity hash for verification (SRI format)"
},
"dependencies": {
"patternProperties": {
".*": {
"type": "string"
}
"additionalProperties": {
"type": "string"
},
"type": "object",
"description": "Dependencies is a map of dependencies and their versions"
@ -2193,10 +2189,8 @@
"description": "VersionMagic is version magic string for compatibility checking (includes kernel version, SMP status, module loading capabilities like \"3.17.4-302.fc21.x86_64 SMP mod_unload modversions\"). Module will NOT load if vermagic doesn't match running kernel."
},
"parameters": {
"patternProperties": {
".*": {
"$ref": "#/$defs/LinuxKernelModuleParameter"
}
"additionalProperties": {
"$ref": "#/$defs/LinuxKernelModuleParameter"
},
"type": "object",
"description": "Parameters are the module parameters that can be configured at load time (user-settable values like module options)"
@ -2316,12 +2310,11 @@
"description": "AccessPath is the path used to retrieve file contents (which may or may not have hardlinks / symlinks in the path)"
},
"annotations": {
"patternProperties": {
".*": {
"type": "string"
}
"additionalProperties": {
"type": "string"
},
"type": "object"
"type": "object",
"description": "Arbitrary key-value pairs that can be used to annotate a location"
}
},
"type": "object",
@ -2358,10 +2351,8 @@
"description": "URL is the source download URL"
},
"dependencies": {
"patternProperties": {
".*": {
"type": "string"
}
"additionalProperties": {
"type": "string"
},
"type": "object",
"description": "Dependencies are the map of dependency names to version constraints"
@ -2856,37 +2847,29 @@
"description": "Dist is distribution archive information for production (typically zip/tar, default install method). Packaged version of released code."
},
"require": {
"patternProperties": {
".*": {
"type": "string"
}
"additionalProperties": {
"type": "string"
},
"type": "object",
"description": "Require is runtime dependencies with version constraints (package will not install unless these requirements can be met)"
},
"provide": {
"patternProperties": {
".*": {
"type": "string"
}
"additionalProperties": {
"type": "string"
},
"type": "object",
"description": "Provide is virtual packages/functionality provided by this package (allows other packages to depend on capabilities)"
},
"require-dev": {
"patternProperties": {
".*": {
"type": "string"
}
"additionalProperties": {
"type": "string"
},
"type": "object",
"description": "RequireDev is development-only dependencies (not installed in production, only when developing this package or running tests)"
},
"suggest": {
"patternProperties": {
".*": {
"type": "string"
}
"additionalProperties": {
"type": "string"
},
"type": "object",
"description": "Suggest is optional but recommended dependencies (suggestions for packages that would extend functionality)"
@ -2968,37 +2951,29 @@
"description": "Dist is distribution archive information for production (typically zip/tar, default install method). Packaged version of released code."
},
"require": {
"patternProperties": {
".*": {
"type": "string"
}
"additionalProperties": {
"type": "string"
},
"type": "object",
"description": "Require is runtime dependencies with version constraints (package will not install unless these requirements can be met)"
},
"provide": {
"patternProperties": {
".*": {
"type": "string"
}
"additionalProperties": {
"type": "string"
},
"type": "object",
"description": "Provide is virtual packages/functionality provided by this package (allows other packages to depend on capabilities)"
},
"require-dev": {
"patternProperties": {
".*": {
"type": "string"
}
"additionalProperties": {
"type": "string"
},
"type": "object",
"description": "RequireDev is development-only dependencies (not installed in production, only when developing this package or running tests)"
},
"suggest": {
"patternProperties": {
".*": {
"type": "string"
}
"additionalProperties": {
"type": "string"
},
"type": "object",
"description": "Suggest is optional but recommended dependencies (suggestions for packages that would extend functionality)"