diff --git a/syft/format/common/spdxhelpers/to_format_model.go b/syft/format/common/spdxhelpers/to_format_model.go index 643c5aa9f..4adf40e68 100644 --- a/syft/format/common/spdxhelpers/to_format_model.go +++ b/syft/format/common/spdxhelpers/to_format_model.go @@ -247,6 +247,7 @@ func toRootPackage(s source.Description) *spdx.Package { PackageSupplier: &spdx.Supplier{ Supplier: helpers.NOASSERTION, }, + PackageCopyrightText: helpers.NOASSERTION, PackageDownloadLocation: helpers.NOASSERTION, PackageLicenseConcluded: helpers.NOASSERTION, PackageLicenseDeclared: helpers.NOASSERTION, @@ -631,10 +632,11 @@ func toFiles(s sbom.SBOM) (results []*spdx.File) { FileSPDXIdentifier: toSPDXID(coordinates), FileComment: comment, // required, no attempt made to determine license information - LicenseConcluded: noAssertion, - Checksums: toFileChecksums(digests), - FileName: coordinates.RealPath, - FileTypes: toFileTypes(metadata), + LicenseConcluded: noAssertion, + FileCopyrightText: noAssertion, + Checksums: toFileChecksums(digests), + FileName: coordinates.RealPath, + FileTypes: toFileTypes(metadata), LicenseInfoInFiles: []string{ // required in SPDX 2.2 helpers.NOASSERTION, }, diff --git a/syft/format/internal/testutil/test-fixtures/snapshot/TestSPDXJSONImageEncoder.golden b/syft/format/internal/testutil/test-fixtures/snapshot/TestSPDXJSONImageEncoder.golden new file mode 100644 index 000000000..737aed468 --- /dev/null +++ b/syft/format/internal/testutil/test-fixtures/snapshot/TestSPDXJSONImageEncoder.golden @@ -0,0 +1,106 @@ +{ + "spdxVersion": "SPDX-2.3", + "dataLicense": "CC0-1.0", + "SPDXID": "SPDXRef-DOCUMENT", + "name": "user-image-input", + "documentNamespace":"redacted", + "creationInfo": { + "licenseListVersion":"redacted", + "creators": [ + "Organization: Anchore, Inc", + "Tool: syft-v0.42.0-bogus" + ], + "created":"redacted" + }, + "packages": [ + { + "name": "package-1", + "SPDXID": "SPDXRef-Package-python-package-1-c5cf7ac34cbca450", + "versionInfo": "1.0.1", + "supplier": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "sourceInfo": "acquired package info from installed python package manifest file: /somefile-1.txt", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:*:some:package:1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "a-purl-1" + } + ] + }, + { + "name": "package-2", + "SPDXID": "SPDXRef-Package-deb-package-2-4b756c6f6fb127a3", + "versionInfo": "2.0.1", + "supplier": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "sourceInfo": "acquired package info from DPKG DB: /somefile-2.txt", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:deb/debian/package-2@2.0.1" + } + ] + }, + { + "name": "user-image-input", + "SPDXID": "SPDXRef-DocumentRoot-Image-user-image-input", + "versionInfo": "sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368", + "supplier": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:oci/user-image-input@sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368?arch=" + } + ], + "primaryPackagePurpose": "CONTAINER" + } + ], + "relationships": [ + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-user-image-input", + "relatedSpdxElement": "SPDXRef-Package-python-package-1-c5cf7ac34cbca450", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-user-image-input", + "relatedSpdxElement": "SPDXRef-Package-deb-package-2-4b756c6f6fb127a3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DOCUMENT", + "relatedSpdxElement": "SPDXRef-DocumentRoot-Image-user-image-input", + "relationshipType": "DESCRIBES" + } + ] +} diff --git a/syft/format/internal/testutil/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden b/syft/format/internal/testutil/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden new file mode 100644 index 000000000..91df6366f --- /dev/null +++ b/syft/format/internal/testutil/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden @@ -0,0 +1,246 @@ +{ + "spdxVersion": "SPDX-2.3", + "dataLicense": "CC0-1.0", + "SPDXID": "SPDXRef-DOCUMENT", + "name": "user-image-input", + "documentNamespace":"redacted", + "creationInfo": { + "licenseListVersion":"redacted", + "creators": [ + "Organization: Anchore, Inc", + "Tool: syft-v0.42.0-bogus" + ], + "created":"redacted" + }, + "packages": [ + { + "name": "package-1", + "SPDXID": "SPDXRef-Package-python-package-1-c5cf7ac34cbca450", + "versionInfo": "1.0.1", + "supplier": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "sourceInfo": "acquired package info from installed python package manifest file: /somefile-1.txt", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:*:some:package:1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "a-purl-1" + } + ] + }, + { + "name": "package-2", + "SPDXID": "SPDXRef-Package-deb-package-2-4b756c6f6fb127a3", + "versionInfo": "2.0.1", + "supplier": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "sourceInfo": "acquired package info from DPKG DB: /somefile-2.txt", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:deb/debian/package-2@2.0.1" + } + ] + }, + { + "name": "user-image-input", + "SPDXID": "SPDXRef-DocumentRoot-Image-user-image-input", + "versionInfo": "sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368", + "supplier": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:oci/user-image-input@sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368?arch=" + } + ], + "primaryPackagePurpose": "CONTAINER" + } + ], + "files": [ + { + "fileName": "/a1/f6", + "SPDXID": "SPDXRef-File-a1-f6-9c2f7510199b17f6", + "fileTypes": [ + "OTHER" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION" + }, + { + "fileName": "/d1/f3", + "SPDXID": "SPDXRef-File-d1-f3-c6f5b29dca12661f", + "fileTypes": [ + "OTHER" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION" + }, + { + "fileName": "/d2/f4", + "SPDXID": "SPDXRef-File-d2-f4-c641caa71518099f", + "fileTypes": [ + "OTHER" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION" + }, + { + "fileName": "/f1", + "SPDXID": "SPDXRef-File-f1-5265a4dde3edbf7c", + "fileTypes": [ + "OTHER" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION" + }, + { + "fileName": "/f2", + "SPDXID": "SPDXRef-File-f2-f9e49132a4b96ccd", + "fileTypes": [ + "OTHER" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION" + }, + { + "fileName": "/z1/f5", + "SPDXID": "SPDXRef-File-z1-f5-839d99ee67d9d174", + "fileTypes": [ + "OTHER" + ], + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "0000000000000000000000000000000000000000" + } + ], + "licenseConcluded": "NOASSERTION", + "licenseInfoInFiles": [ + "NOASSERTION" + ], + "copyrightText": "NOASSERTION" + } + ], + "relationships": [ + { + "spdxElementId": "SPDXRef-Package-python-package-1-c5cf7ac34cbca450", + "relatedSpdxElement": "SPDXRef-File-f1-5265a4dde3edbf7c", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-python-package-1-c5cf7ac34cbca450", + "relatedSpdxElement": "SPDXRef-File-z1-f5-839d99ee67d9d174", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-python-package-1-c5cf7ac34cbca450", + "relatedSpdxElement": "SPDXRef-File-a1-f6-9c2f7510199b17f6", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-python-package-1-c5cf7ac34cbca450", + "relatedSpdxElement": "SPDXRef-File-d2-f4-c641caa71518099f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-python-package-1-c5cf7ac34cbca450", + "relatedSpdxElement": "SPDXRef-File-d1-f3-c6f5b29dca12661f", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-python-package-1-c5cf7ac34cbca450", + "relatedSpdxElement": "SPDXRef-File-f2-f9e49132a4b96ccd", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-user-image-input", + "relatedSpdxElement": "SPDXRef-Package-python-package-1-c5cf7ac34cbca450", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DocumentRoot-Image-user-image-input", + "relatedSpdxElement": "SPDXRef-Package-deb-package-2-4b756c6f6fb127a3", + "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-DOCUMENT", + "relatedSpdxElement": "SPDXRef-DocumentRoot-Image-user-image-input", + "relationshipType": "DESCRIBES" + } + ] +} diff --git a/syft/format/internal/testutil/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden b/syft/format/internal/testutil/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden index 888146329..90b0e78e6 100644 Binary files a/syft/format/internal/testutil/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden and b/syft/format/internal/testutil/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden differ diff --git a/syft/format/spdxjson/test-fixtures/snapshot/TestSPDX22JSONRequredProperties.golden b/syft/format/spdxjson/test-fixtures/snapshot/TestSPDX22JSONRequredProperties.golden index 118247b1d..8614a8c6d 100644 --- a/syft/format/spdxjson/test-fixtures/snapshot/TestSPDX22JSONRequredProperties.golden +++ b/syft/format/spdxjson/test-fixtures/snapshot/TestSPDX22JSONRequredProperties.golden @@ -48,7 +48,7 @@ }, { "SPDXID": "SPDXRef-DocumentRoot-Unknown-", - "copyrightText": "", + "copyrightText": "NOASSERTION", "downloadLocation": "NOASSERTION", "filesAnalyzed": false, "licenseConcluded": "NOASSERTION", @@ -71,7 +71,7 @@ "licenseInfoInFiles": [ "NOASSERTION" ], - "copyrightText": "", + "copyrightText": "NOASSERTION", "comment": "layerID: ac897d978b6c38749a1" } ], diff --git a/syft/format/spdxjson/test-fixtures/snapshot/TestSPDXJSONDirectoryEncoder.golden b/syft/format/spdxjson/test-fixtures/snapshot/TestSPDXJSONDirectoryEncoder.golden index 35433f6f5..6298e796a 100644 --- a/syft/format/spdxjson/test-fixtures/snapshot/TestSPDXJSONDirectoryEncoder.golden +++ b/syft/format/spdxjson/test-fixtures/snapshot/TestSPDXJSONDirectoryEncoder.golden @@ -69,6 +69,7 @@ "filesAnalyzed": false, "licenseConcluded": "NOASSERTION", "licenseDeclared": "NOASSERTION", + "copyrightText": "NOASSERTION", "primaryPackagePurpose": "FILE" } ], diff --git a/syft/format/spdxjson/test-fixtures/snapshot/TestSPDXJSONImageEncoder.golden b/syft/format/spdxjson/test-fixtures/snapshot/TestSPDXJSONImageEncoder.golden index 737aed468..f2c43a5ef 100644 --- a/syft/format/spdxjson/test-fixtures/snapshot/TestSPDXJSONImageEncoder.golden +++ b/syft/format/spdxjson/test-fixtures/snapshot/TestSPDXJSONImageEncoder.golden @@ -76,6 +76,7 @@ ], "licenseConcluded": "NOASSERTION", "licenseDeclared": "NOASSERTION", + "copyrightText": "NOASSERTION", "externalRefs": [ { "referenceCategory": "PACKAGE-MANAGER", diff --git a/syft/format/spdxjson/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden b/syft/format/spdxjson/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden index 54533ae4c..138166baa 100644 --- a/syft/format/spdxjson/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden +++ b/syft/format/spdxjson/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden @@ -76,6 +76,7 @@ ], "licenseConcluded": "NOASSERTION", "licenseDeclared": "NOASSERTION", + "copyrightText": "NOASSERTION", "externalRefs": [ { "referenceCategory": "PACKAGE-MANAGER", @@ -103,7 +104,7 @@ "licenseInfoInFiles": [ "NOASSERTION" ], - "copyrightText": "" + "copyrightText": "NOASSERTION" }, { "fileName": "/d1/f3", @@ -121,7 +122,7 @@ "licenseInfoInFiles": [ "NOASSERTION" ], - "copyrightText": "" + "copyrightText": "NOASSERTION" }, { "fileName": "/d2/f4", @@ -139,7 +140,7 @@ "licenseInfoInFiles": [ "NOASSERTION" ], - "copyrightText": "" + "copyrightText": "NOASSERTION" }, { "fileName": "/f1", @@ -157,7 +158,7 @@ "licenseInfoInFiles": [ "NOASSERTION" ], - "copyrightText": "" + "copyrightText": "NOASSERTION" }, { "fileName": "/f2", @@ -175,7 +176,7 @@ "licenseInfoInFiles": [ "NOASSERTION" ], - "copyrightText": "" + "copyrightText": "NOASSERTION" }, { "fileName": "/z1/f5", @@ -193,7 +194,7 @@ "licenseInfoInFiles": [ "NOASSERTION" ], - "copyrightText": "" + "copyrightText": "NOASSERTION" } ], "relationships": [ diff --git a/syft/format/spdxtagvalue/test-fixtures/snapshot/TestSPDXJSONSPDXIDs.golden b/syft/format/spdxtagvalue/test-fixtures/snapshot/TestSPDXJSONSPDXIDs.golden index dd946aa23..626f0ea53 100644 --- a/syft/format/spdxtagvalue/test-fixtures/snapshot/TestSPDXJSONSPDXIDs.golden +++ b/syft/format/spdxtagvalue/test-fixtures/snapshot/TestSPDXJSONSPDXIDs.golden @@ -18,6 +18,7 @@ PrimaryPackagePurpose: FILE FilesAnalyzed: false PackageLicenseConcluded: NOASSERTION PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION ##### Package: @at-sign diff --git a/syft/format/spdxtagvalue/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden b/syft/format/spdxtagvalue/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden index 75cab71eb..ac7a8585d 100644 --- a/syft/format/spdxtagvalue/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden +++ b/syft/format/spdxtagvalue/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden @@ -16,6 +16,7 @@ FileType: OTHER FileChecksum: SHA1: 0000000000000000000000000000000000000000 LicenseConcluded: NOASSERTION LicenseInfoInFile: NOASSERTION +FileCopyrightText: NOASSERTION FileName: /d1/f3 SPDXID: SPDXRef-File-d1-f3-c6f5b29dca12661f @@ -23,6 +24,7 @@ FileType: OTHER FileChecksum: SHA1: 0000000000000000000000000000000000000000 LicenseConcluded: NOASSERTION LicenseInfoInFile: NOASSERTION +FileCopyrightText: NOASSERTION FileName: /d2/f4 SPDXID: SPDXRef-File-d2-f4-c641caa71518099f @@ -30,6 +32,7 @@ FileType: OTHER FileChecksum: SHA1: 0000000000000000000000000000000000000000 LicenseConcluded: NOASSERTION LicenseInfoInFile: NOASSERTION +FileCopyrightText: NOASSERTION FileName: /f1 SPDXID: SPDXRef-File-f1-5265a4dde3edbf7c @@ -37,6 +40,7 @@ FileType: OTHER FileChecksum: SHA1: 0000000000000000000000000000000000000000 LicenseConcluded: NOASSERTION LicenseInfoInFile: NOASSERTION +FileCopyrightText: NOASSERTION FileName: /f2 SPDXID: SPDXRef-File-f2-f9e49132a4b96ccd @@ -44,6 +48,7 @@ FileType: OTHER FileChecksum: SHA1: 0000000000000000000000000000000000000000 LicenseConcluded: NOASSERTION LicenseInfoInFile: NOASSERTION +FileCopyrightText: NOASSERTION FileName: /z1/f5 SPDXID: SPDXRef-File-z1-f5-839d99ee67d9d174 @@ -51,6 +56,7 @@ FileType: OTHER FileChecksum: SHA1: 0000000000000000000000000000000000000000 LicenseConcluded: NOASSERTION LicenseInfoInFile: NOASSERTION +FileCopyrightText: NOASSERTION ##### Package: user-image-input @@ -64,6 +70,7 @@ FilesAnalyzed: false PackageChecksum: SHA256: 2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368 PackageLicenseConcluded: NOASSERTION PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION ExternalRef: PACKAGE-MANAGER purl pkg:oci/user-image-input@sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368?arch= ##### Package: package-2 diff --git a/syft/format/spdxtagvalue/test-fixtures/snapshot/TestSPDXTagValueDirectoryEncoder.golden b/syft/format/spdxtagvalue/test-fixtures/snapshot/TestSPDXTagValueDirectoryEncoder.golden index bccd8acc0..77a52d6f3 100644 --- a/syft/format/spdxtagvalue/test-fixtures/snapshot/TestSPDXTagValueDirectoryEncoder.golden +++ b/syft/format/spdxtagvalue/test-fixtures/snapshot/TestSPDXTagValueDirectoryEncoder.golden @@ -18,6 +18,7 @@ PrimaryPackagePurpose: FILE FilesAnalyzed: false PackageLicenseConcluded: NOASSERTION PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION ##### Package: package-2 diff --git a/syft/format/spdxtagvalue/test-fixtures/snapshot/TestSPDXTagValueImageEncoder.golden b/syft/format/spdxtagvalue/test-fixtures/snapshot/TestSPDXTagValueImageEncoder.golden index c93fb6329..8818fda7a 100644 --- a/syft/format/spdxtagvalue/test-fixtures/snapshot/TestSPDXTagValueImageEncoder.golden +++ b/syft/format/spdxtagvalue/test-fixtures/snapshot/TestSPDXTagValueImageEncoder.golden @@ -20,6 +20,7 @@ FilesAnalyzed: false PackageChecksum: SHA256: 2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368 PackageLicenseConcluded: NOASSERTION PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION ExternalRef: PACKAGE-MANAGER purl pkg:oci/user-image-input@sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368?arch= ##### Package: package-2 diff --git a/syft/format/syftjson/test-fixtures/snapshot/TestImageEncoder.golden b/syft/format/syftjson/test-fixtures/snapshot/TestImageEncoder.golden index f013f2026..5168d855c 100644 --- a/syft/format/syftjson/test-fixtures/snapshot/TestImageEncoder.golden +++ b/syft/format/syftjson/test-fixtures/snapshot/TestImageEncoder.golden @@ -9,7 +9,7 @@ "locations": [ { "path": "/somefile-1.txt", - "layerID": "sha256:100d5a55f9032faead28b7427fa3e650e4f0158f86ea89d06e1489df00cb8c6f", + "layerID": "sha256:dfefe618c89b08fef0f9c7f1a2682521dddbe03d6678f4a9fb9b078381d8eb45", "accessPath": "/somefile-1.txt" } ], @@ -49,7 +49,7 @@ "locations": [ { "path": "/somefile-2.txt", - "layerID": "sha256:000fb9200890d3a19138478b20023023c0dce1c54352007c2863716780f049eb", + "layerID": "sha256:38ddc2847fb6bcafd7401b4bf27c10014b5d60e2400bc188890c7cb7cdd7cd6c", "accessPath": "/somefile-2.txt" } ], @@ -77,13 +77,13 @@ ], "artifactRelationships": [], "source": { - "id": "34d40fdc6ca13e9a3fa18415db216b50bff047716fae7d95a225c09732fe83fb", + "id": "62d3f24eca2930d1ebfe6ee78ef47964fd8dc624b2e22886275facf322d1720a", "name": "user-image-input", "version": "sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368", "type": "image", "metadata": { "userInput": "user-image-input", - "imageID": "sha256:bf783ea304a3f02b5c7d2ece521800f5e2182e65ed5bb5116f578e17d6e82be4", + "imageID": "sha256:35a6658e24fab92eae9ec6fc252dec58986c4c007891758d4d37c7e43fbbe0c5", "manifestDigest": "sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368", "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "tags": [ @@ -93,17 +93,17 @@ "layers": [ { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", - "digest": "sha256:100d5a55f9032faead28b7427fa3e650e4f0158f86ea89d06e1489df00cb8c6f", + "digest": "sha256:dfefe618c89b08fef0f9c7f1a2682521dddbe03d6678f4a9fb9b078381d8eb45", "size": 22 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", - "digest": "sha256:000fb9200890d3a19138478b20023023c0dce1c54352007c2863716780f049eb", + "digest": "sha256:38ddc2847fb6bcafd7401b4bf27c10014b5d60e2400bc188890c7cb7cdd7cd6c", "size": 16 } ], - "manifest": "eyJzY2hlbWFWZXJzaW9uIjoyLCJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiY29uZmlnIjp7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuY29udGFpbmVyLmltYWdlLnYxK2pzb24iLCJzaXplIjo2NzIsImRpZ2VzdCI6InNoYTI1NjpiZjc4M2VhMzA0YTNmMDJiNWM3ZDJlY2U1MjE4MDBmNWUyMTgyZTY1ZWQ1YmI1MTE2ZjU3OGUxN2Q2ZTgyYmU0In0sImxheWVycyI6W3sibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjIwNDgsImRpZ2VzdCI6InNoYTI1NjoxMDBkNWE1NWY5MDMyZmFlYWQyOGI3NDI3ZmEzZTY1MGU0ZjAxNThmODZlYTg5ZDA2ZTE0ODlkZjAwY2I4YzZmIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MjA0OCwiZGlnZXN0Ijoic2hhMjU2OjAwMGZiOTIwMDg5MGQzYTE5MTM4NDc4YjIwMDIzMDIzYzBkY2UxYzU0MzUyMDA3YzI4NjM3MTY3ODBmMDQ5ZWIifV19", - "config": "eyJhcmNoaXRlY3R1cmUiOiJhcm02NCIsImNvbmZpZyI6eyJFbnYiOlsiUEFUSD0vdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iXSwiV29ya2luZ0RpciI6Ii8iLCJPbkJ1aWxkIjpudWxsfSwiY3JlYXRlZCI6IjIwMjMtMDktMjhUMTI6MjM6MzUuNDAwNjcyODg1WiIsImhpc3RvcnkiOlt7ImNyZWF0ZWQiOiIyMDIzLTA5LTI4VDEyOjIzOjM1LjM5Mzk4NjUxWiIsImNyZWF0ZWRfYnkiOiJBREQgZmlsZS0xLnR4dCAvc29tZWZpbGUtMS50eHQgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyMy0wOS0yOFQxMjoyMzozNS40MDA2NzI4ODVaIiwiY3JlYXRlZF9ieSI6IkFERCBmaWxlLTIudHh0IC9zb21lZmlsZS0yLnR4dCAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifV0sIm9zIjoibGludXgiLCJyb290ZnMiOnsidHlwZSI6ImxheWVycyIsImRpZmZfaWRzIjpbInNoYTI1NjoxMDBkNWE1NWY5MDMyZmFlYWQyOGI3NDI3ZmEzZTY1MGU0ZjAxNThmODZlYTg5ZDA2ZTE0ODlkZjAwY2I4YzZmIiwic2hhMjU2OjAwMGZiOTIwMDg5MGQzYTE5MTM4NDc4YjIwMDIzMDIzYzBkY2UxYzU0MzUyMDA3YzI4NjM3MTY3ODBmMDQ5ZWIiXX19", + "manifest": "eyJzY2hlbWFWZXJzaW9uIjoyLCJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiY29uZmlnIjp7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuY29udGFpbmVyLmltYWdlLnYxK2pzb24iLCJzaXplIjo2NTgsImRpZ2VzdCI6InNoYTI1NjozNWE2NjU4ZTI0ZmFiOTJlYWU5ZWM2ZmMyNTJkZWM1ODk4NmM0YzAwNzg5MTc1OGQ0ZDM3YzdlNDNmYmJlMGM1In0sImxheWVycyI6W3sibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjIwNDgsImRpZ2VzdCI6InNoYTI1NjpkZmVmZTYxOGM4OWIwOGZlZjBmOWM3ZjFhMjY4MjUyMWRkZGJlMDNkNjY3OGY0YTlmYjliMDc4MzgxZDhlYjQ1In0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MjA0OCwiZGlnZXN0Ijoic2hhMjU2OjM4ZGRjMjg0N2ZiNmJjYWZkNzQwMWI0YmYyN2MxMDAxNGI1ZDYwZTI0MDBiYzE4ODg5MGM3Y2I3Y2RkN2NkNmMifV19", + "config": "eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImNvbmZpZyI6eyJFbnYiOlsiUEFUSD0vdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iXSwiV29ya2luZ0RpciI6Ii8ifSwiY3JlYXRlZCI6IjIwMjQtMTEtMDRUMDQ6MTM6NDMuMzQwNTA3MTc1WiIsImhpc3RvcnkiOlt7ImNyZWF0ZWQiOiIyMDI0LTExLTA0VDA0OjEzOjQzLjMyMDg2OTk2OFoiLCJjcmVhdGVkX2J5IjoiQUREIGZpbGUtMS50eHQgL3NvbWVmaWxlLTEudHh0ICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjQtMTEtMDRUMDQ6MTM6NDMuMzQwNTA3MTc1WiIsImNyZWF0ZWRfYnkiOiJBREQgZmlsZS0yLnR4dCAvc29tZWZpbGUtMi50eHQgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn1dLCJvcyI6ImxpbnV4Iiwicm9vdGZzIjp7InR5cGUiOiJsYXllcnMiLCJkaWZmX2lkcyI6WyJzaGEyNTY6ZGZlZmU2MThjODliMDhmZWYwZjljN2YxYTI2ODI1MjFkZGRiZTAzZDY2NzhmNGE5ZmI5YjA3ODM4MWQ4ZWI0NSIsInNoYTI1NjozOGRkYzI4NDdmYjZiY2FmZDc0MDFiNGJmMjdjMTAwMTRiNWQ2MGUyNDAwYmMxODg4OTBjN2NiN2NkZDdjZDZjIl19fQ==", "repoDigests": [], "architecture": "", "os": "" diff --git a/syft/format/text/test-fixtures/snapshot/TestTextImageEncoder.golden b/syft/format/text/test-fixtures/snapshot/TestTextImageEncoder.golden index 0c49cecc0..87504c73e 100644 --- a/syft/format/text/test-fixtures/snapshot/TestTextImageEncoder.golden +++ b/syft/format/text/test-fixtures/snapshot/TestTextImageEncoder.golden @@ -1,11 +1,11 @@ [Image] Layer: 0 - Digest: sha256:100d5a55f9032faead28b7427fa3e650e4f0158f86ea89d06e1489df00cb8c6f + Digest: sha256:dfefe618c89b08fef0f9c7f1a2682521dddbe03d6678f4a9fb9b078381d8eb45 Size: 22 MediaType: application/vnd.docker.image.rootfs.diff.tar.gzip Layer: 1 - Digest: sha256:000fb9200890d3a19138478b20023023c0dce1c54352007c2863716780f049eb + Digest: sha256:38ddc2847fb6bcafd7401b4bf27c10014b5d60e2400bc188890c7cb7cdd7cd6c Size: 16 MediaType: application/vnd.docker.image.rootfs.diff.tar.gzip diff --git a/test/cli/spdx_tooling_validation_test.go b/test/cli/spdx_tooling_validation_test.go index cb3d789e7..257c84877 100644 --- a/test/cli/spdx_tooling_validation_test.go +++ b/test/cli/spdx_tooling_validation_test.go @@ -50,6 +50,18 @@ func TestSpdxValidationTooling(t *testing.T) { images: images, env: env, }, + { + name: "spdx validation tooling tag value", + syftArgs: []string{"scan", "-o", "spdx@2.2"}, + images: images, + env: env, + }, + { + name: "spdx validation tooling json", + syftArgs: []string{"scan", "-o", "spdx-json@2.2"}, + images: images, + env: env, + }, } for _, test := range tests {