support .sar for java ecosystem (#748)

Signed-off-by: Weston Steimel <weston.steimel@gmail.com>
2025-11-17 16:33:21 +01:00 · 2022-01-18 14:22:02 +00:00 · 2022-01-18 14:22:02 +00:00 · 46dcc84f1a
commit 46dcc84f1a
parent 86c3c1c531
5 changed files with 11 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -21,7 +21,7 @@ A CLI tool and Go library for generating a Software Bill of Materials (SBOM) fro

 ## Features
 - Catalog container images and filesystems to discover packages and libraries.
- Supports packages and libraries from various ecosystems (APK, DEB, RPM, Ruby Bundles, Python Wheel/Egg/requirements.txt, JavaScript NPM/Yarn, Java JAR/EAR/WAR, Jenkins plugins JPI/HPI, Go modules)
+- Supports packages and libraries from various ecosystems (APK, DEB, RPM, Ruby Bundles, Python Wheel/Egg/requirements.txt, JavaScript NPM/Yarn, Java JAR/EAR/WAR/PAR/SAR, Jenkins plugins JPI/HPI, Go modules)
 - Linux distribution identification (supports Alpine, BusyBox, CentOS/RedHat, Debian/Ubuntu flavored distributions)
 - Supports Docker and OCI image formats
 - Direct support for [Grype](https://github.com/anchore/grype), a fast and powerful vulnerability matcher.
--- a/syft/pkg/cataloger/java/archive_filename.go
+++ b/syft/pkg/cataloger/java/archive_filename.go
@ -113,7 +113,7 @@ func (a archiveFilename) extension() string {

 func (a archiveFilename) pkgType() pkg.Type {
 	switch strings.ToLower(a.extension()) {
-	case "jar", "war", "ear", "lpkg", "par":
+	case "jar", "war", "ear", "lpkg", "par", "sar":
 		return pkg.JavaPkg
 	case "jpi", "hpi":
 		return pkg.JenkinsPluginPkg
--- a/syft/pkg/cataloger/java/archive_filename_test.go
+++ b/syft/pkg/cataloger/java/archive_filename_test.go
@ -57,6 +57,13 @@ func TestExtractInfoFromJavaArchiveFilename(t *testing.T) {
 			name:      "pkg-extra-field-maven",
 			ty:        pkg.JavaPkg,
 		},
+		{
+			filename:  "pkg-extra-field-maven-4.3.2-rc1.sar",
+			version:   "4.3.2-rc1",
+			extension: "sar",
+			name:      "pkg-extra-field-maven",
+			ty:        pkg.JavaPkg,
+		},
 		{
 			filename:  "/some/path/pkg-extra-field-maven-4.3.2-rc1.jpi",
 			version:   "4.3.2-rc1",
--- a/syft/pkg/cataloger/java/archive_parser.go
+++ b/syft/pkg/cataloger/java/archive_parser.go
@ -21,6 +21,7 @@ var archiveFormatGlobs = []string{
 	"**/*.war",
 	"**/*.ear",
 	"**/*.par",
+	"**/*.sar",
 	"**/*.jpi",
 	"**/*.hpi",
 	"**/*.lpkg", // Zip-compressed package used to deploy applications
--- a/syft/pkg/cataloger/java/cataloger.go
+++ b/syft/pkg/cataloger/java/cataloger.go
@ -1,5 +1,5 @@
 /*
-Package java provides a concrete Cataloger implementation for Java archives (jar, war, ear, par, jpi, hpi formats).
+Package java provides a concrete Cataloger implementation for Java archives (jar, war, ear, par, sar, jpi, hpi formats).
 */
 package java