oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 16:33:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

support .sar for java ecosystem (#748)

Browse Source 
Signed-off-by: Weston Steimel <weston.steimel@gmail.com>
This commit is contained in:
Weston Steimel 2022-01-18 14:22:02 +00:00 committed by GitHub
parent 86c3c1c531
commit 46dcc84f1a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -21,7 +21,7 @@ A CLI tool and Go library for generating a Software Bill of Materials (SBOM) fro
## Features ## Features
- Catalog container images and filesystems to discover packages and libraries. - Catalog container images and filesystems to discover packages and libraries.
- Supports packages and libraries from various ecosystems (APK, DEB, RPM, Ruby Bundles, Python Wheel/Egg/requirements.txt, JavaScript NPM/Yarn, Java JAR/EAR/WAR, Jenkins plugins JPI/HPI, Go modules) - Supports packages and libraries from various ecosystems (APK, DEB, RPM, Ruby Bundles, Python Wheel/Egg/requirements.txt, JavaScript NPM/Yarn, Java JAR/EAR/WAR/PAR/SAR, Jenkins plugins JPI/HPI, Go modules)
- Linux distribution identification (supports Alpine, BusyBox, CentOS/RedHat, Debian/Ubuntu flavored distributions) - Linux distribution identification (supports Alpine, BusyBox, CentOS/RedHat, Debian/Ubuntu flavored distributions)
- Supports Docker and OCI image formats - Supports Docker and OCI image formats
- Direct support for [Grype](https://github.com/anchore/grype), a fast and powerful vulnerability matcher. - Direct support for [Grype](https://github.com/anchore/grype), a fast and powerful vulnerability matcher.

2
syft/pkg/cataloger/java/archive_filename.go
View File

@ -113,7 +113,7 @@ func (a archiveFilename) extension() string {
func (a archiveFilename) pkgType() pkg.Type { func (a archiveFilename) pkgType() pkg.Type {
switch strings.ToLower(a.extension()) { switch strings.ToLower(a.extension()) {
case "jar", "war", "ear", "lpkg", "par": case "jar", "war", "ear", "lpkg", "par", "sar":
return pkg.JavaPkg return pkg.JavaPkg
case "jpi", "hpi": case "jpi", "hpi":
return pkg.JenkinsPluginPkg return pkg.JenkinsPluginPkg

7
syft/pkg/cataloger/java/archive_filename_test.go
View File

@ -57,6 +57,13 @@ func TestExtractInfoFromJavaArchiveFilename(t *testing.T) {
name: "pkg-extra-field-maven", name: "pkg-extra-field-maven",
ty: pkg.JavaPkg, ty: pkg.JavaPkg,
}, },
{
filename: "pkg-extra-field-maven-4.3.2-rc1.sar",
version: "4.3.2-rc1",
extension: "sar",
name: "pkg-extra-field-maven",
ty: pkg.JavaPkg,
},
{ {
filename: "/some/path/pkg-extra-field-maven-4.3.2-rc1.jpi", filename: "/some/path/pkg-extra-field-maven-4.3.2-rc1.jpi",
version: "4.3.2-rc1", version: "4.3.2-rc1",

1
syft/pkg/cataloger/java/archive_parser.go
View File

@ -21,6 +21,7 @@ var archiveFormatGlobs = []string{
"**/*.war", "**/*.war",
"**/*.ear", "**/*.ear",
"**/*.par", "**/*.par",
"**/*.sar",
"**/*.jpi", "**/*.jpi",
"**/*.hpi", "**/*.hpi",
"**/*.lpkg", // Zip-compressed package used to deploy applications "**/*.lpkg", // Zip-compressed package used to deploy applications

2
syft/pkg/cataloger/java/cataloger.go
View File

@ -1,5 +1,5 @@
/* /*
Package java provides a concrete Cataloger implementation for Java archives (jar, war, ear, par, jpi, hpi formats). Package java provides a concrete Cataloger implementation for Java archives (jar, war, ear, par, sar, jpi, hpi formats).
*/ */
package java package java