From 6edb1162c828046138103dd304e8253c64ae4a83 Mon Sep 17 00:00:00 2001 From: Alex Goodman Date: Tue, 18 Nov 2025 13:28:18 -0500 Subject: [PATCH] split packages.yaml to multiple files by go package Signed-off-by: Alex Goodman --- internal/capabilities/README.md | 227 + internal/capabilities/appconfig.yaml | 60 + internal/capabilities/capabilities.go | 73 +- internal/capabilities/capabilities_test.go | 38 + internal/capabilities/generate/io.go | 654 +-- internal/capabilities/generate/main.go | 20 +- internal/capabilities/generate/merge.go | 20 +- .../capabilities/generate/metadata_check.go | 24 +- internal/capabilities/packages.yaml | 4310 ----------------- internal/capabilities/packages/ai.yaml | 46 + internal/capabilities/packages/alpine.yaml | 54 + internal/capabilities/packages/arch.yaml | 53 + internal/capabilities/packages/binary.yaml | 800 +++ internal/capabilities/packages/bitnami.yaml | 46 + internal/capabilities/packages/conda.yaml | 51 + internal/capabilities/packages/cpp.yaml | 122 + internal/capabilities/packages/dart.yaml | 88 + internal/capabilities/packages/debian.yaml | 100 + internal/capabilities/packages/dotnet.yaml | 186 + internal/capabilities/packages/elixir.yaml | 49 + internal/capabilities/packages/erlang.yaml | 87 + internal/capabilities/packages/gentoo.yaml | 51 + .../capabilities/packages/githubactions.yaml | 110 + internal/capabilities/packages/golang.yaml | 147 + internal/capabilities/packages/haskell.yaml | 107 + internal/capabilities/packages/homebrew.yaml | 43 + internal/capabilities/packages/java.yaml | 293 ++ .../capabilities/packages/javascript.yaml | 165 + internal/capabilities/packages/linux.yaml | 58 + internal/capabilities/packages/lua.yaml | 43 + internal/capabilities/packages/nix.yaml | 101 + internal/capabilities/packages/ocaml.yaml | 45 + internal/capabilities/packages/php.yaml | 214 + internal/capabilities/packages/python.yaml | 254 + internal/capabilities/packages/r.yaml | 43 + internal/capabilities/packages/redhat.yaml | 126 + internal/capabilities/packages/ruby.yaml | 134 + internal/capabilities/packages/rust.yaml | 99 + internal/capabilities/packages/sbom.yaml | 49 + internal/capabilities/packages/snap.yaml | 146 + internal/capabilities/packages/swift.yaml | 92 + internal/capabilities/packages/swipl.yaml | 46 + internal/capabilities/packages/terraform.yaml | 45 + internal/capabilities/packages/wordpress.yaml | 41 + 44 files changed, 4787 insertions(+), 4773 deletions(-) create mode 100644 internal/capabilities/README.md create mode 100644 internal/capabilities/appconfig.yaml create mode 100644 internal/capabilities/capabilities_test.go delete mode 100644 internal/capabilities/packages.yaml create mode 100644 internal/capabilities/packages/ai.yaml create mode 100644 internal/capabilities/packages/alpine.yaml create mode 100644 internal/capabilities/packages/arch.yaml create mode 100644 internal/capabilities/packages/binary.yaml create mode 100644 internal/capabilities/packages/bitnami.yaml create mode 100644 internal/capabilities/packages/conda.yaml create mode 100644 internal/capabilities/packages/cpp.yaml create mode 100644 internal/capabilities/packages/dart.yaml create mode 100644 internal/capabilities/packages/debian.yaml create mode 100644 internal/capabilities/packages/dotnet.yaml create mode 100644 internal/capabilities/packages/elixir.yaml create mode 100644 internal/capabilities/packages/erlang.yaml create mode 100644 internal/capabilities/packages/gentoo.yaml create mode 100644 internal/capabilities/packages/githubactions.yaml create mode 100644 internal/capabilities/packages/golang.yaml create mode 100644 internal/capabilities/packages/haskell.yaml create mode 100644 internal/capabilities/packages/homebrew.yaml create mode 100644 internal/capabilities/packages/java.yaml create mode 100644 internal/capabilities/packages/javascript.yaml create mode 100644 internal/capabilities/packages/linux.yaml create mode 100644 internal/capabilities/packages/lua.yaml create mode 100644 internal/capabilities/packages/nix.yaml create mode 100644 internal/capabilities/packages/ocaml.yaml create mode 100644 internal/capabilities/packages/php.yaml create mode 100644 internal/capabilities/packages/python.yaml create mode 100644 internal/capabilities/packages/r.yaml create mode 100644 internal/capabilities/packages/redhat.yaml create mode 100644 internal/capabilities/packages/ruby.yaml create mode 100644 internal/capabilities/packages/rust.yaml create mode 100644 internal/capabilities/packages/sbom.yaml create mode 100644 internal/capabilities/packages/snap.yaml create mode 100644 internal/capabilities/packages/swift.yaml create mode 100644 internal/capabilities/packages/swipl.yaml create mode 100644 internal/capabilities/packages/terraform.yaml create mode 100644 internal/capabilities/packages/wordpress.yaml diff --git a/internal/capabilities/README.md b/internal/capabilities/README.md new file mode 100644 index 000000000..b668f2c79 --- /dev/null +++ b/internal/capabilities/README.md @@ -0,0 +1,227 @@ +# Cataloger Capabilities Documentation + +This documentation describes the format and structure of cataloger capabilities YAML files. + +## File Organization + +Capabilities are centralized in the `internal/capabilities/` directory: +- **Cataloger capabilities**: Located in `internal/capabilities/packages/*.yaml` (one file per ecosystem: `golang.yaml`, `python.yaml`, etc.) +- **Application configuration**: Located in `internal/capabilities/appconfig.yaml` + +Each file in `packages/*.yaml` is partially auto-generated. Run `go generate ./internal/capabilities` to regenerate. +- Fields marked **AUTO-GENERATED** will be updated during regeneration +- All **capabilities** sections are **MANUAL** - edit these to describe cataloger behavior + +## Capability Sections + +There are two types of capability sections depending on cataloger type: + +### 1. Generic Catalogers (`type: generic`) +- Have capabilities at the **PARSER level** +- Each parser function has its own capabilities section +- Allows different parsers within the same cataloger to have different capabilities + +### 2. Custom Catalogers (`type: custom`) +- Have capabilities at the **CATALOGER level** +- Single capabilities section for the entire cataloger + +## Capabilities Format + +Capabilities use a field-based format with defaults and optional conditional overrides: + +```yaml +capabilities: + - field: # dot-notation path (e.g., "license", "dependency.depth") + default: # value when no conditions match + conditions: # optional - conditional overrides evaluated in order + - when: {ConfigField: val} # when these config fields match (AND logic) + value: # use this value instead + comment: "explanation" # optional - why this condition exists + evidence: # optional - source code references + - "StructName.FieldName" + comment: "explanation" # optional - general field explanation +``` + +## Detector Conditions + +Detectors (used by custom catalogers) can have optional conditions that control when they are active. This allows a single cataloger to have different detection behavior based on configuration. + +### Structure + +```yaml +detectors: + - method: glob # AUTO-GENERATED - detection method + criteria: ["**/*.jar"] # AUTO-GENERATED - patterns to match + comment: "always active" # MANUAL - optional explanation + - method: glob + criteria: ["**/*.zip"] + conditions: # MANUAL - when this detector is active + - when: {IncludeZipFiles: true} # config fields that must match + comment: "optional explanation" + comment: "ZIP detection requires config" +``` + +### Notes +- Conditions reference fields from the cataloger's config struct +- Multiple conditions in the array use **OR logic** (any condition can activate) +- Multiple fields in a `when` clause use **AND logic** (all must match) +- Detectors without conditions are always active +- Only custom catalogers support detectors with conditions + +## Condition Evaluation + +- Conditions are evaluated in array order (first match wins) +- Multiple fields in a `when` clause use **AND logic** (all must match) +- Multiple conditions in the array use **OR logic** (first matching condition) +- If no conditions match, the default value is used + +## Capability Fields + +Standard capability field names and their value types: + +### `license` (boolean) + +Whether license information is available. + +**Examples:** +```yaml +default: true # always available +default: false # never available +default: false # requires configuration + conditions: + - when: {SearchRemoteLicenses: true} + value: true +``` + +### `dependency.depth` (array of strings) + +Which dependency depths can be discovered. + +**Values:** `direct` (immediate deps), `indirect` (transitive deps) + +**Examples:** +```yaml +default: [direct] # only immediate dependencies +default: [direct, indirect] # full transitive closure +default: [] # no dependency information +``` + +### `dependency.edges` (string) + +Relationships between nodes and completeness of the dependency graph. + +**Values:** +- `""` - dependencies found but no edges between them +- `"flat"` - single level of dependencies with edges to root package only +- `"reduced"` - transitive reduction (redundant edges removed) +- `"complete"` - all relationships with accurate direct and indirect edges + +**Examples:** +```yaml +default: complete +default: "" +``` + +### `dependency.kinds` (array of strings) + +Types of dependencies that can be discovered. + +**Values:** `runtime`, `dev`, `build`, `test`, `optional` + +**Examples:** +```yaml +default: [runtime] # production dependencies only +default: [runtime, dev] # production and development +default: [runtime, dev, build] # all dependency types +default: [runtime] # with conditional dev deps + conditions: + - when: {IncludeDevDeps: true} + value: [runtime, dev] +``` + +### `package_manager.files.listing` (boolean) + +Whether file listings are available (which files belong to the package). + +**Examples:** +```yaml +default: true +default: false + conditions: + - when: {CaptureOwnedFiles: true} + value: true +``` + +### `package_manager.files.digests` (boolean) + +Whether file digests/checksums are included in listings. + +**Examples:** +```yaml +default: true +default: false +``` + +### `package_manager.package_integrity_hash` (boolean) + +Whether a hash for verifying package integrity is available. + +**Examples:** +```yaml +default: true +default: false +``` + +## Examples + +### Simple cataloger with no configuration + +```yaml +capabilities: + - name: license + default: true + comment: "license field always present in package.json" + - name: dependency.depth + default: [direct] + - name: dependency.edges + default: "" + - name: dependency.kinds + default: [runtime] + comment: "devDependencies not parsed by this cataloger" + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false +``` + +### Cataloger with configuration-dependent capabilities + +```yaml +capabilities: + - name: license + default: false + conditions: + - when: {SearchLocalModCacheLicenses: true} + value: true + comment: "searches for licenses in GOPATH mod cache" + - when: {SearchRemoteLicenses: true} + value: true + comment: "fetches licenses from proxy.golang.org" + comment: "license scanning requires configuration" + - name: dependency.depth + default: [direct, indirect] + - name: dependency.edges + default: flat + - name: dependency.kinds + default: [runtime, dev] + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: true + evidence: + - "GolangBinaryBuildinfoEntry.H1Digest" +``` diff --git a/internal/capabilities/appconfig.yaml b/internal/capabilities/appconfig.yaml new file mode 100644 index 000000000..2e599c180 --- /dev/null +++ b/internal/capabilities/appconfig.yaml @@ -0,0 +1,60 @@ +# Application-level configuration. See README.md for documentation. +# This file is partially auto-generated. Run 'go generate ./internal/capabilities' to regenerate. + +application: # AUTO-GENERATED - application-level config keys + - key: dotnet.dep-packages-must-claim-dll + description: only keep dep.json packages which have a runtime/resource DLL claimed in the deps.json targets section (but not necessarily found on disk). The package is also included if any child package claims a DLL, even if the package itself does not claim a DLL. + - key: dotnet.dep-packages-must-have-dll + description: only keep dep.json packages which an executable on disk is found. The package is also included if a DLL is found for any child package, even if the package itself does not have a DLL. + - key: dotnet.propagate-dll-claims-to-parents + description: treat DLL claims or on-disk evidence for child packages as DLL claims or on-disk evidence for any parent package + - key: dotnet.relax-dll-claims-when-bundling-detected + description: show all packages from the deps.json if bundling tooling is present as a dependency (e.g. ILRepack) + - key: golang.local-mod-cache-dir + description: specify an explicit go mod cache directory, if unset this defaults to $GOPATH/pkg/mod or $HOME/go/pkg/mod + - key: golang.local-vendor-dir + description: specify an explicit go vendor directory, if unset this defaults to ./vendor + - key: golang.main-module-version.from-build-settings + description: use the build settings (e.g. vcs.version & vcs.time) to craft a v0 pseudo version (e.g. v0.0.0-20220308212642-53e6d0aaf6fb) when a more accurate version cannot be found otherwise + - key: golang.main-module-version.from-contents + description: search for semver-like strings in the binary contents + - key: golang.main-module-version.from-ld-flags + description: look for LD flags that appear to be setting a version (e.g. -X main.version=1.0.0) + - key: golang.no-proxy + description: specifies packages which should not be fetched by proxy if unset this defaults to $GONOPROXY + - key: golang.proxy + description: remote proxy to use when retrieving go packages from the network, if unset this defaults to $GOPROXY followed by https://proxy.golang.org + - key: golang.search-local-mod-cache-licenses + description: search for go package licences in the GOPATH of the system running Syft, note that this is outside the container filesystem and potentially outside the root of a local directory scan + - key: golang.search-local-vendor-licenses + description: search for go package licences in the vendor folder on the system running Syft, note that this is outside the container filesystem and potentially outside the root of a local directory scan + - key: golang.search-remote-licenses + description: search for go package licences by retrieving the package from a network proxy + - key: java.maven-local-repository-dir + description: override the default location of the local Maven repository. the default is the subdirectory '.m2/repository' in your home directory + - key: java.maven-url + description: maven repository to use, defaults to Maven central + - key: java.max-parent-recursive-depth + description: depth to recursively resolve parent POMs, no limit if <= 0 + - key: java.resolve-transitive-dependencies + description: resolve transient dependencies such as those defined in a dependency's POM on Maven central + - key: java.use-maven-local-repository + description: 'use the local Maven repository to retrieve pom files. When Maven is installed and was previously used for building the software that is being scanned, then most pom files will be available in this repository on the local file system. this greatly speeds up scans. when all pom files are available in the local repository, then ''use-network'' is not needed. TIP: If you want to download all required pom files to the local repository without running a full build, run ''mvn help:effective-pom'' before performing the scan with syft.' + - key: java.use-network + description: enables Syft to use the network to fetch version and license information for packages when a parent or imported pom file is not found in the local maven repository. the pom files are downloaded from the remote Maven repository at 'maven-url' + - key: javascript.include-dev-dependencies + description: include development-scoped dependencies + - key: javascript.npm-base-url + description: base NPM url to use + - key: javascript.search-remote-licenses + description: enables Syft to use the network to fill in more detailed license information + - key: linux-kernel.catalog-modules + description: whether to catalog linux kernel modules found within lib/modules/** directories + - key: nix.capture-owned-files + description: enumerate all files owned by packages found within Nix store paths + - key: python.guess-unpinned-requirements + description: when running across entries in requirements.txt that do not specify a specific version (e.g. "sqlalchemy >= 1.0.0, <= 2.0.0, != 3.0.0, <= 3.0.0"), attempt to guess what the version could be based on the version requirements specified (e.g. "1.0.0"). When enabled the lowest expressible version when given an arbitrary constraint will be used (even if that version may not be available/published). + - key: python.pypi-base-url + description: base Pypi url to use + - key: python.search-remote-licenses + description: enables Syft to use the network to fill in more detailed license information diff --git a/internal/capabilities/capabilities.go b/internal/capabilities/capabilities.go index 9669e6536..abe4d206e 100644 --- a/internal/capabilities/capabilities.go +++ b/internal/capabilities/capabilities.go @@ -2,8 +2,10 @@ package capabilities import ( - _ "embed" + "embed" "fmt" + "io/fs" + "path/filepath" "sort" "github.com/scylladb/go-set/strset" @@ -14,16 +16,73 @@ import ( //go:generate go run ./generate -//go:embed packages.yaml -var catalogersYAML []byte +//go:embed appconfig.yaml +var appconfigYAML []byte + +//go:embed packages/*.yaml +var catalogerFiles embed.FS // LoadDocument loads and returns the complete document including configs and app-configs func LoadDocument() (*Document, error) { - var doc Document - if err := yaml.Unmarshal(catalogersYAML, &doc); err != nil { - return nil, fmt.Errorf("failed to parse embedded capabilities YAML: %w", err) + // parse application config + var appDoc struct { + Application []ApplicationConfigField `yaml:"application"` } - return &doc, nil + if err := yaml.Unmarshal(appconfigYAML, &appDoc); err != nil { + return nil, fmt.Errorf("failed to parse appconfig.yaml: %w", err) + } + + // walk the embedded filesystem to find all cataloger capabilities.yaml files + var catalogersDoc Document + catalogersDoc.ApplicationConfig = appDoc.Application + catalogersDoc.Configs = make(map[string]CatalogerConfigEntry) + + err := fs.WalkDir(catalogerFiles, ".", func(path string, d fs.DirEntry, err error) error { + if err != nil { + return err + } + + // skip non-yaml files and directories + if d.IsDir() || filepath.Ext(path) != ".yaml" || path == "." { + return nil + } + + // read the file + data, err := catalogerFiles.ReadFile(path) + if err != nil { + return fmt.Errorf("failed to read %s: %w", path, err) + } + + // parse the file + var capDoc struct { + Configs map[string]CatalogerConfigEntry `yaml:"configs"` + Catalogers []CatalogerEntry `yaml:"catalogers"` + } + if err := yaml.Unmarshal(data, &capDoc); err != nil { + return fmt.Errorf("failed to parse %s: %w", path, err) + } + + // merge configs + for k, v := range capDoc.Configs { + catalogersDoc.Configs[k] = v + } + + // merge catalogers + catalogersDoc.Catalogers = append(catalogersDoc.Catalogers, capDoc.Catalogers...) + + return nil + }) + + if err != nil { + return nil, fmt.Errorf("failed to walk cataloger capabilities: %w", err) + } + + // sort catalogers by name for consistency + sort.Slice(catalogersDoc.Catalogers, func(i, j int) bool { + return catalogersDoc.Catalogers[i].Name < catalogersDoc.Catalogers[j].Name + }) + + return &catalogersDoc, nil } // Packages loads and returns all cataloger capabilities from the embedded YAML file diff --git a/internal/capabilities/capabilities_test.go b/internal/capabilities/capabilities_test.go new file mode 100644 index 000000000..39e89bca5 --- /dev/null +++ b/internal/capabilities/capabilities_test.go @@ -0,0 +1,38 @@ +package capabilities + +import ( + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestLoadDocument(t *testing.T) { + doc, err := LoadDocument() + require.NoError(t, err) + require.NotNil(t, doc) + + // validate application config is loaded + assert.NotEmpty(t, doc.ApplicationConfig, "should have application config") + + // validate catalogers are loaded and merged from all packages/*.yaml files + assert.NotEmpty(t, doc.Catalogers, "should have catalogers") + assert.Greater(t, len(doc.Catalogers), 50, "should have at least 50 catalogers") + + // validate configs are loaded + assert.NotEmpty(t, doc.Configs, "should have configs") + + // check that catalogers are sorted by name + for i := 1; i < len(doc.Catalogers); i++ { + assert.LessOrEqual(t, doc.Catalogers[i-1].Name, doc.Catalogers[i].Name, + "catalogers should be sorted by name") + } +} + +func TestPackages(t *testing.T) { + catalogers, err := Packages() + require.NoError(t, err) + require.NotNil(t, catalogers) + + assert.Greater(t, len(catalogers), 50, "should have at least 50 catalogers") +} diff --git a/internal/capabilities/generate/io.go b/internal/capabilities/generate/io.go index 005c5ba0a..bb31f9e48 100644 --- a/internal/capabilities/generate/io.go +++ b/internal/capabilities/generate/io.go @@ -4,6 +4,9 @@ package main import ( "fmt" "os" + "path/filepath" + "regexp" + "strings" "gopkg.in/yaml.v3" @@ -12,203 +15,85 @@ import ( const autoGeneratedComment = "AUTO-GENERATED" -const capabilitiesHeaderComment = `This file is partially auto-generated. Run 'go generate ./internal/capabilities' to regenerate. -Fields marked AUTO-GENERATED will be updated during regeneration. -All 'capabilities' sections are MANUAL - edit these to describe cataloger behavior. - -CAPABILITY SECTIONS: - There are two types of capability sections depending on cataloger type: - - 1. Generic catalogers (type=generic): Have capabilities at the PARSER level - - Each parser function has its own capabilities section - - Allows different parsers within the same cataloger to have different capabilities - - 2. Custom catalogers (type=custom): Have capabilities at the CATALOGER level - - Single capabilities section for the entire cataloger - -CAPABILITIES FORMAT: - Capabilities use a field-based format with defaults and optional conditional overrides: - - capabilities: - - field: # dot-notation path (e.g., "license", "dependency.depth") - default: # value when no conditions match - conditions: # optional - conditional overrides evaluated in order - - when: {ConfigField: val} # when these config fields match (AND logic) - value: # use this value instead - comment: "explanation" # optional - why this condition exists - evidence: # optional - source code references - - "StructName.FieldName" - comment: "explanation" # optional - general field explanation - -DETECTOR CONDITIONS: - Detectors (used by custom catalogers) can have optional conditions that control when - they are active. This allows a single cataloger to have different detection behavior - based on configuration. - - Structure: - detectors: - - method: glob # AUTO-GENERATED - detection method - criteria: ["**/*.jar"] # AUTO-GENERATED - patterns to match - comment: "always active" # MANUAL - optional explanation - - method: glob - criteria: ["**/*.zip"] - conditions: # MANUAL - when this detector is active - - when: {IncludeZipFiles: true} # config fields that must match - comment: "optional explanation" - comment: "ZIP detection requires config" - - Notes: - - Conditions reference fields from the cataloger's config struct - - Multiple conditions in the array use OR logic (any condition can activate) - - Multiple fields in a 'when' clause use AND logic (all must match) - - Detectors without conditions are always active - - Only custom catalogers support detectors with conditions - -CONDITION EVALUATION: - - Conditions are evaluated in array order (first match wins) - - Multiple fields in a 'when' clause use AND logic (all must match) - - Multiple conditions in the array use OR logic (first matching condition) - - If no conditions match, the default value is used - -CAPABILITY FIELDS: - Standard capability field names and their value types: - - license: (boolean) - Whether license information is available. - Examples: - default: true # always available - default: false # never available - default: false # requires configuration - conditions: - - when: {SearchRemoteLicenses: true} - value: true - - dependency.depth: (array of strings) - Which dependency depths can be discovered. - Values: "direct" (immediate deps), "indirect" (transitive deps) - Examples: - default: [direct] # only immediate dependencies - default: [direct, indirect] # full transitive closure - default: [] # no dependency information - - dependency.edges: (string) - Relationships between nodes and completeness of the dependency graph. - Values: - - "" # dependencies found but no edges between them - - "flat" # single level of dependencies with edges to root package only - - "reduced" # transitive reduction (redundant edges removed) - - "complete" # all relationships with accurate direct and indirect edges - Examples: - default: complete - default: "" - - dependency.kinds: (array of strings) - Types of dependencies that can be discovered. - Values: "runtime", "dev", "build", "test", "optional" - Examples: - default: [runtime] # production dependencies only - default: [runtime, dev] # production and development - default: [runtime, dev, build] # all dependency types - default: [runtime] # with conditional dev deps - conditions: - - when: {IncludeDevDeps: true} - value: [runtime, dev] - - package_manager.files.listing: (boolean) - Whether file listings are available (which files belong to the package). - Examples: - default: true - default: false - conditions: - - when: {CaptureOwnedFiles: true} - value: true - - package_manager.files.digests: (boolean) - Whether file digests/checksums are included in listings. - Examples: - default: true - default: false - - package_manager.package_integrity_hash: (boolean) - Whether a hash for verifying package integrity is available. - Examples: - default: true - default: false - -EXAMPLES: - - # Simple cataloger with no configuration - capabilities: - - name: license - default: true - comment: "license field always present in package.json" - - name: dependency.depth - default: [direct] - - name: dependency.edges - default: "" - - name: dependency.kinds - default: [runtime] - comment: "devDependencies not parsed by this cataloger" - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - - # Cataloger with configuration-dependent capabilities - capabilities: - - name: license - default: false - conditions: - - when: {SearchLocalModCacheLicenses: true} - value: true - comment: "searches for licenses in GOPATH mod cache" - - when: {SearchRemoteLicenses: true} - value: true - comment: "fetches licenses from proxy.golang.org" - comment: "license scanning requires configuration" - - name: dependency.depth - default: [direct, indirect] - - name: dependency.edges - default: flat - - name: dependency.kinds - default: [runtime, dev] - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: true - evidence: - - "GolangBinaryBuildinfoEntry.H1Digest"` - // loadCapabilities loads the capabilities document from a YAML file. // Returns both the parsed document and the original YAML node tree to preserve comments. // Exported for use by the generator in generate/main.go -func loadCapabilities(path string) (*capabilities.Document, *yaml.Node, error) { - data, err := os.ReadFile(path) +func loadCapabilities(capabilitiesDir string) (*capabilities.Document, map[string]*yaml.Node, error) { + packagesDir := filepath.Join(capabilitiesDir, "packages") + + // load all packages/*.yaml files + files, err := filepath.Glob(filepath.Join(packagesDir, "*.yaml")) if err != nil { - if os.IsNotExist(err) { - // return empty document if file doesn't exist - return &capabilities.Document{}, nil, nil + return nil, nil, fmt.Errorf("failed to glob packages directory: %w", err) + } + + mergedDoc := &capabilities.Document{ + Configs: make(map[string]capabilities.CatalogerConfigEntry), + Catalogers: []capabilities.CatalogerEntry{}, + } + nodeMap := make(map[string]*yaml.Node) + + // load each package file + for _, file := range files { + data, err := os.ReadFile(file) + if err != nil { + return nil, nil, fmt.Errorf("failed to read %s: %w", file, err) } - return nil, nil, fmt.Errorf("failed to read capabilities file: %w", err) + + // parse into node tree to preserve comments + var rootNode yaml.Node + if err := yaml.Unmarshal(data, &rootNode); err != nil { + return nil, nil, fmt.Errorf("failed to parse %s into node tree: %w", file, err) + } + + // parse into struct + var doc struct { + Configs map[string]capabilities.CatalogerConfigEntry `yaml:"configs"` + Catalogers []capabilities.CatalogerEntry `yaml:"catalogers"` + } + if err := yaml.Unmarshal(data, &doc); err != nil { + return nil, nil, fmt.Errorf("failed to parse %s into struct: %w", file, err) + } + + // merge configs + for k, v := range doc.Configs { + mergedDoc.Configs[k] = v + } + + // merge catalogers + mergedDoc.Catalogers = append(mergedDoc.Catalogers, doc.Catalogers...) + + // store node tree by filename (basename without .yaml) + ecosystem := strings.TrimSuffix(filepath.Base(file), ".yaml") + nodeMap[ecosystem] = &rootNode } - // parse into node tree to preserve comments - var rootNode yaml.Node - if err := yaml.Unmarshal(data, &rootNode); err != nil { - return nil, nil, fmt.Errorf("failed to parse capabilities YAML into node tree: %w", err) + // load appconfig.yaml separately + appconfigPath := filepath.Join(capabilitiesDir, "appconfig.yaml") + if _, err := os.Stat(appconfigPath); err == nil { + data, err := os.ReadFile(appconfigPath) + if err != nil { + return nil, nil, fmt.Errorf("failed to read appconfig.yaml: %w", err) + } + + var appDoc struct { + Application []capabilities.ApplicationConfigField `yaml:"application"` + } + if err := yaml.Unmarshal(data, &appDoc); err != nil { + return nil, nil, fmt.Errorf("failed to parse appconfig.yaml: %w", err) + } + + mergedDoc.ApplicationConfig = appDoc.Application + + // load node tree for appconfig + var appNode yaml.Node + if err := yaml.Unmarshal(data, &appNode); err != nil { + return nil, nil, fmt.Errorf("failed to parse appconfig.yaml into node tree: %w", err) + } + nodeMap["appconfig"] = &appNode } - // also parse into struct for easy manipulation - var doc capabilities.Document - if err := yaml.Unmarshal(data, &doc); err != nil { - return nil, nil, fmt.Errorf("failed to parse capabilities YAML into struct: %w", err) - } - - return &doc, &rootNode, nil + return mergedDoc, nodeMap, nil } // writeYAMLToFile writes a YAML node to a file with proper encoding @@ -269,269 +154,173 @@ func addFieldComments(rootNode *yaml.Node) { } } -// SaveCapabilities saves the capabilities document to a YAML file with comments. -// If existingNode is provided, it updates the existing node tree in-place to preserve comments. -// If existingNode is nil, it creates a new node tree. -func saveCapabilities(path string, doc *capabilities.Document, existingNode *yaml.Node) error { - var rootNode yaml.Node +// SaveCapabilities saves the capabilities document to distributed YAML files with comments. +// Groups catalogers by ecosystem and writes each to packages/ECOSYSTEM.yaml. +// Also saves appconfig.yaml separately. +func saveCapabilities(capabilitiesDir string, doc *capabilities.Document, existingNodes map[string]*yaml.Node) error { + packagesDir := filepath.Join(capabilitiesDir, "packages") - if existingNode != nil { - // update existing node tree in-place to preserve all comments - rootNode = *existingNode - rootNode.HeadComment = capabilitiesHeaderComment // update header before processing - if err := updateNodeTree(&rootNode, doc); err != nil { - return fmt.Errorf("failed to update node tree: %w", err) + catalogersByEcosystem, configsByEcosystem := groupCatalogersByEcosystem(doc) + + // write each ecosystem file + for ecosystem, catalogers := range catalogersByEcosystem { + if err := writeEcosystemFile(packagesDir, ecosystem, catalogers, configsByEcosystem[ecosystem], existingNodes); err != nil { + return err } - } else { - // create a new yaml.Node for new files - if err := rootNode.Encode(doc); err != nil { - return fmt.Errorf("failed to encode document: %w", err) - } - rootNode.HeadComment = capabilitiesHeaderComment } - // add/update comments to fields - addFieldComments(&rootNode) + // save appconfig.yaml + if len(doc.ApplicationConfig) > 0 { + if err := writeAppconfigFile(capabilitiesDir, doc.ApplicationConfig, existingNodes); err != nil { + return err + } + } - // write to file - return writeYAMLToFile(path, &rootNode) + return nil } -// updateNodeTree updates an existing YAML node tree with new document data -// while preserving all existing comments (HeadComment, LineComment, FootComment). -func updateNodeTree(rootNode *yaml.Node, doc *capabilities.Document) error { - // encode the document into a new temporary node tree - var newNode yaml.Node - if err := newNode.Encode(doc); err != nil { - return fmt.Errorf("failed to encode document: %w", err) +// groupCatalogersByEcosystem groups catalogers and their configs by ecosystem +func groupCatalogersByEcosystem(doc *capabilities.Document) (map[string][]capabilities.CatalogerEntry, map[string]map[string]capabilities.CatalogerConfigEntry) { + catalogersByEcosystem := make(map[string][]capabilities.CatalogerEntry) + configsByEcosystem := make(map[string]map[string]capabilities.CatalogerConfigEntry) + + for _, cat := range doc.Catalogers { + ecosystem := mapCatalogerToEcosystem(cat) + catalogersByEcosystem[ecosystem] = append(catalogersByEcosystem[ecosystem], cat) + + // also group configs for this ecosystem + if cat.Config != "" { + if configEntry, exists := doc.Configs[cat.Config]; exists { + if configsByEcosystem[ecosystem] == nil { + configsByEcosystem[ecosystem] = make(map[string]capabilities.CatalogerConfigEntry) + } + configsByEcosystem[ecosystem][cat.Config] = configEntry + } + } } - // get the mapping node from root - var existingMapping *yaml.Node - var newMapping *yaml.Node + return catalogersByEcosystem, configsByEcosystem +} +// writeEcosystemFile writes a single ecosystem's catalogers and configs to a YAML file +func writeEcosystemFile(packagesDir, ecosystem string, catalogers []capabilities.CatalogerEntry, configs map[string]capabilities.CatalogerConfigEntry, existingNodes map[string]*yaml.Node) error { + ecosystemDoc := struct { + Configs map[string]capabilities.CatalogerConfigEntry `yaml:"configs,omitempty"` + Catalogers []capabilities.CatalogerEntry `yaml:"catalogers"` + }{ + Configs: configs, + Catalogers: catalogers, + } + + var rootNode yaml.Node + existingNode, hasExisting := existingNodes[ecosystem] + + if hasExisting && existingNode != nil { + // update existing node tree + rootNode = *existingNode + rootNode.HeadComment = "# Cataloger capabilities. See ../README.md for documentation.\n" + if err := updateNodeTreeEcosystem(&rootNode, &ecosystemDoc); err != nil { + return fmt.Errorf("failed to update node tree for %s: %w", ecosystem, err) + } + } else { + // create new node tree + if err := rootNode.Encode(&ecosystemDoc); err != nil { + return fmt.Errorf("failed to encode %s: %w", ecosystem, err) + } + rootNode.HeadComment = "# Cataloger capabilities. See ../README.md for documentation.\n" + } + + // add field comments + addFieldComments(&rootNode) + + // write file + ecosystemPath := filepath.Join(packagesDir, ecosystem+".yaml") + if err := writeYAMLToFile(ecosystemPath, &rootNode); err != nil { + return fmt.Errorf("failed to write %s: %w", ecosystem, err) + } + + return nil +} + +// writeAppconfigFile writes the application config to appconfig.yaml +func writeAppconfigFile(capabilitiesDir string, appConfig []capabilities.ApplicationConfigField, existingNodes map[string]*yaml.Node) error { + appconfigDoc := struct { + Application []capabilities.ApplicationConfigField `yaml:"application"` + }{ + Application: appConfig, + } + + var appNode yaml.Node + existingAppNode, hasExisting := existingNodes["appconfig"] + + if hasExisting && existingAppNode != nil { + appNode = *existingAppNode + if err := updateNodeTreeAppConfig(&appNode, &appconfigDoc); err != nil { + return fmt.Errorf("failed to update appconfig node tree: %w", err) + } + } else { + if err := appNode.Encode(&appconfigDoc); err != nil { + return fmt.Errorf("failed to encode appconfig: %w", err) + } + appNode.HeadComment = "# Application-level configuration. See README.md for documentation.\n# This file is partially auto-generated. Run 'go generate ./internal/capabilities' to regenerate.\n" + } + + addFieldComments(&appNode) + + appconfigPath := filepath.Join(capabilitiesDir, "appconfig.yaml") + if err := writeYAMLToFile(appconfigPath, &appNode); err != nil { + return fmt.Errorf("failed to write appconfig: %w", err) + } + + return nil +} + +// mapCatalogerToEcosystem determines which ecosystem file a cataloger belongs to +func mapCatalogerToEcosystem(cat capabilities.CatalogerEntry) string { + // first try using the source file path + if cat.Source.File != "" { + // extract directory from path like "syft/pkg/cataloger/golang/cataloger.go" + re := regexp.MustCompile(`syft/pkg/cataloger/([^/]+)/`) + if matches := re.FindStringSubmatch(cat.Source.File); len(matches) >= 2 { + return matches[1] + } + } + + // fallback to inferring from cataloger name (from merge.go) + return inferEcosystem(cat.Name) +} + +// updateNodeTreeEcosystem updates an existing ecosystem YAML node tree +func updateNodeTreeEcosystem(rootNode *yaml.Node, doc interface{}) error { + var newNode yaml.Node + if err := newNode.Encode(doc); err != nil { + return err + } + + var existingMapping *yaml.Node if rootNode.Kind == yaml.DocumentNode && len(rootNode.Content) > 0 { existingMapping = rootNode.Content[0] } else { existingMapping = rootNode } + var newMapping *yaml.Node if newNode.Kind == yaml.DocumentNode && len(newNode.Content) > 0 { newMapping = newNode.Content[0] } else { newMapping = &newNode } - if existingMapping == nil || newMapping == nil { - *rootNode = newNode - return nil - } - - // update or add configs section (AUTO-GENERATED, no comment preservation needed) - updateOrAddSection(existingMapping, newMapping, "configs") - - // update or add application section (AUTO-GENERATED, no comment preservation needed) - updateOrAddSection(existingMapping, newMapping, "application") - - // update catalogers section (preserve comments) - updateCatalogersSection(existingMapping, newMapping) - - return nil -} - -// updateCatalogersSection updates the catalogers section while preserving comments -func updateCatalogersSection(existingMapping, newMapping *yaml.Node) { - existingCatalogersNode := findSectionNode(existingMapping, "catalogers") - newCatalogersNode := findSectionNode(newMapping, "catalogers") - - if existingCatalogersNode == nil || newCatalogersNode == nil { - return - } - - // create a map of existing cataloger nodes by name for quick lookup - existingByName := make(map[string]*yaml.Node) - if existingCatalogersNode.Kind == yaml.SequenceNode { - for _, catalogerNode := range existingCatalogersNode.Content { - if catalogerNode.Kind == yaml.MappingNode { - name := findFieldValue(catalogerNode, "name") - if name != "" { - existingByName[name] = catalogerNode - } - } - } - } - - // update each cataloger in the new tree with preserved comments - if newCatalogersNode.Kind == yaml.SequenceNode { - for _, newCatalogerNode := range newCatalogersNode.Content { - if newCatalogerNode.Kind != yaml.MappingNode { - continue - } - - name := findFieldValue(newCatalogerNode, "name") - if existingNode := existingByName[name]; existingNode != nil { - // preserve comments from existing cataloger entry - newCatalogerNode.HeadComment = existingNode.HeadComment - newCatalogerNode.LineComment = existingNode.LineComment - newCatalogerNode.FootComment = existingNode.FootComment - - // preserve field-level and nested comments - preserveFieldComments(existingNode, newCatalogerNode) - } - } - } - - // replace the catalogers content - existingCatalogersNode.Content = newCatalogersNode.Content -} - -// updateOrAddSection updates or adds a section in the existing mapping from the new mapping -func updateOrAddSection(existingMapping, newMapping *yaml.Node, sectionName string) { - if existingMapping.Kind != yaml.MappingNode || newMapping.Kind != yaml.MappingNode { - return - } - - newSection := findSectionNode(newMapping, sectionName) - if newSection == nil { - return - } - - // find if section exists in existing mapping - existingSectionIdx := -1 - for i := 0; i < len(existingMapping.Content); i += 2 { - if existingMapping.Content[i].Value == sectionName { - existingSectionIdx = i - break - } - } - - if existingSectionIdx >= 0 { - // replace existing section value - existingMapping.Content[existingSectionIdx+1] = newSection - } else { - // add new section at the beginning (before catalogers) - keyNode := &yaml.Node{ - Kind: yaml.ScalarNode, - Value: sectionName, - } - existingMapping.Content = append([]*yaml.Node{keyNode, newSection}, existingMapping.Content...) - } -} - -// findSectionNode finds a section node by name in a mapping node -func findSectionNode(mappingNode *yaml.Node, sectionName string) *yaml.Node { - if mappingNode.Kind != yaml.MappingNode { - return nil - } - - for i := 0; i < len(mappingNode.Content); i += 2 { - if mappingNode.Content[i].Value == sectionName && i+1 < len(mappingNode.Content) { - return mappingNode.Content[i+1] - } + if existingMapping.Kind == yaml.MappingNode && newMapping.Kind == yaml.MappingNode { + existingMapping.Content = newMapping.Content } return nil } -// findFieldValue finds the value of a field in a mapping node -func findFieldValue(mappingNode *yaml.Node, fieldName string) string { - if mappingNode.Kind != yaml.MappingNode { - return "" - } - - for i := 0; i < len(mappingNode.Content); i += 2 { - if mappingNode.Content[i].Value == fieldName && i+1 < len(mappingNode.Content) { - return mappingNode.Content[i+1].Value - } - } - - return "" -} - -// preserveMappingNodeComments preserves comments for mapping nodes -func preserveMappingNodeComments(existingNode, newNode *yaml.Node) { - // create maps of existing fields by key for both keys and values - existingKeys := make(map[string]*yaml.Node) - existingValues := make(map[string]*yaml.Node) - for i := 0; i < len(existingNode.Content); i += 2 { - keyNode := existingNode.Content[i] - valueNode := existingNode.Content[i+1] - existingKeys[keyNode.Value] = keyNode - existingValues[keyNode.Value] = valueNode - } - - // preserve comments for matching fields in new node - for i := 0; i < len(newNode.Content); i += 2 { - keyNode := newNode.Content[i] - valueNode := newNode.Content[i+1] - - // preserve comments on the key node (for line comments like "# AUTO-GENERATED") - if existingKey := existingKeys[keyNode.Value]; existingKey != nil { - keyNode.HeadComment = existingKey.HeadComment - keyNode.LineComment = existingKey.LineComment - keyNode.FootComment = existingKey.FootComment - } - - // preserve comments on the value node - if existingValue := existingValues[keyNode.Value]; existingValue != nil { - valueNode.HeadComment = existingValue.HeadComment - valueNode.LineComment = existingValue.LineComment - valueNode.FootComment = existingValue.FootComment - - // recursively preserve nested comments - preserveFieldComments(existingValue, valueNode) - } - } -} - -// preserveSequenceNodeComments preserves comments for sequence nodes -func preserveSequenceNodeComments(existingNode, newNode *yaml.Node) { - // for sequences, preserve comments based on matching "parser_function" field (for parsers) - // or by array index as a fallback - existingByParser := make(map[string]*yaml.Node) - for _, existingItem := range existingNode.Content { - if existingItem.Kind == yaml.MappingNode { - parser := findFieldValue(existingItem, "parser_function") - if parser != "" { - existingByParser[parser] = existingItem - } - } - } - - // match parsers by parser_function if available - for i, newItem := range newNode.Content { - if newItem.Kind == yaml.MappingNode { - parser := findFieldValue(newItem, "parser_function") - if parser != "" && existingByParser[parser] != nil { - existingItem := existingByParser[parser] - newItem.HeadComment = existingItem.HeadComment - newItem.LineComment = existingItem.LineComment - newItem.FootComment = existingItem.FootComment - preserveFieldComments(existingItem, newItem) - } else if i < len(existingNode.Content) { - // fallback to index-based matching - existingItem := existingNode.Content[i] - newItem.HeadComment = existingItem.HeadComment - newItem.LineComment = existingItem.LineComment - newItem.FootComment = existingItem.FootComment - preserveFieldComments(existingItem, newItem) - } - } - } -} - -// preserveFieldComments recursively preserves comments from an existing node to a new node -func preserveFieldComments(existingNode, newNode *yaml.Node) { - if existingNode.Kind != newNode.Kind { - return - } - - switch newNode.Kind { - case yaml.MappingNode: - preserveMappingNodeComments(existingNode, newNode) - case yaml.SequenceNode: - preserveSequenceNodeComments(existingNode, newNode) - } +// updateNodeTreeAppConfig updates appconfig YAML node tree +func updateNodeTreeAppConfig(rootNode *yaml.Node, doc interface{}) error { + return updateNodeTreeEcosystem(rootNode, doc) } // addCatalogerFieldComment adds appropriate comment to a single cataloger field @@ -598,6 +387,23 @@ func addCatalogerFieldComment(keyNode, valueNode *yaml.Node, catalogerName strin } } +// findFieldValue finds a field in a YAML mapping node and returns its value +func findFieldValue(node *yaml.Node, fieldName string) string { + if node.Kind != yaml.MappingNode { + return "" + } + + for i := 0; i < len(node.Content); i += 2 { + keyNode := node.Content[i] + valueNode := node.Content[i+1] + if keyNode.Value == fieldName { + return valueNode.Value + } + } + + return "" +} + func addCatalogerComments(catalogersNode *yaml.Node) { // catalogersNode should be a sequence of cataloger entries if catalogersNode.Kind != yaml.SequenceNode { diff --git a/internal/capabilities/generate/main.go b/internal/capabilities/generate/main.go index eed4fca9c..666f1b11c 100644 --- a/internal/capabilities/generate/main.go +++ b/internal/capabilities/generate/main.go @@ -26,19 +26,19 @@ func main() { log.Fatalf("failed to find repo root: %v", err) } - yamlPath := filepath.Join(repoRoot, "internal/capabilities/packages.yaml") + capabilitiesDir := filepath.Join(repoRoot, "internal/capabilities") - fmt.Println("Regenerating packages.yaml...") + fmt.Println("Regenerating capabilities files...") fmt.Println() - stats, err := RegenerateCapabilities(yamlPath, repoRoot) + stats, err := RegenerateCapabilities(capabilitiesDir, repoRoot) if err != nil { log.Fatalf("failed to regenerate capabilities: %v", err) } printSummary(stats) - checkIncompleteCapabilities(yamlPath) - printMetadataTypeCoverageWarning(yamlPath, repoRoot) - printPackageTypeCoverageWarning(yamlPath, repoRoot) + checkIncompleteCapabilities(capabilitiesDir) + printMetadataTypeCoverageWarning(capabilitiesDir, repoRoot) + printPackageTypeCoverageWarning(capabilitiesDir, repoRoot) } func printSummary(stats *Statistics) { @@ -69,11 +69,11 @@ func printSummary(stats *Statistics) { } fmt.Println() - fmt.Println(successStyle.Render("✓ Updated packages.yaml successfully")) + fmt.Println(successStyle.Render("✓ Updated capabilities files successfully")) } -func checkIncompleteCapabilities(yamlPath string) { - doc, _, err := loadCapabilities(yamlPath) +func checkIncompleteCapabilities(capabilitiesDir string) { + doc, _, err := loadCapabilities(capabilitiesDir) if err != nil { log.Fatalf("failed to load updated capabilities: %v", err) } @@ -115,7 +115,7 @@ func checkIncompleteCapabilities(yamlPath string) { } fmt.Println() - fmt.Println(dimStyle.Render("Please update these entries in packages.yaml before running tests.")) + fmt.Println(dimStyle.Render("Please update these entries in the capabilities files before running tests.")) fmt.Println() fmt.Println(dimStyle.Render("Exit code: 1")) os.Exit(1) diff --git a/internal/capabilities/generate/merge.go b/internal/capabilities/generate/merge.go index 104df7eb6..2528014ef 100644 --- a/internal/capabilities/generate/merge.go +++ b/internal/capabilities/generate/merge.go @@ -128,10 +128,10 @@ type Statistics struct { UpdatedCatalogers []string } -// RegenerateCapabilities updates the YAML file with discovered catalogers +// RegenerateCapabilities updates the distributed YAML files with discovered catalogers // while preserving manually-edited capability information. // This is exported for use by the generator in generate/main.go -func RegenerateCapabilities(yamlPath string, repoRoot string) (*Statistics, error) { +func RegenerateCapabilities(capabilitiesDir string, repoRoot string) (*Statistics, error) { stats := &Statistics{} // 1-2. Discover all cataloger data @@ -140,9 +140,9 @@ func RegenerateCapabilities(yamlPath string, repoRoot string) (*Statistics, erro return nil, err } - // 3. Load existing YAML (if exists) - now returns both document and node tree - fmt.Print(" → Loading existing packages.yaml...") - existing, existingNode, err := loadCapabilities(yamlPath) + // 3. Load existing YAML files - now returns both document and node trees + fmt.Print(" → Loading existing capabilities files...") + existing, existingNodes, err := loadCapabilities(capabilitiesDir) if err != nil { return nil, fmt.Errorf("failed to load existing capabilities: %w", err) } @@ -187,13 +187,13 @@ func RegenerateCapabilities(yamlPath string, repoRoot string) (*Statistics, erro // 5. Check for orphaned parsers (parser functions that were renamed/deleted) if len(orphans) > 0 { - return nil, fmt.Errorf("orphaned parsers detected (parser functions renamed or deleted):\n%s\n\nPlease manually remove these from %s or restore the parser functions in the code", - formatOrphans(orphans), yamlPath) + return nil, fmt.Errorf("orphaned parsers detected (parser functions renamed or deleted):\n%s\n\nPlease manually remove these from the capabilities files or restore the parser functions in the code", + formatOrphans(orphans)) } - // 6. Write back to YAML with comments, preserving existing node tree - fmt.Print(" → Writing updated packages.yaml...") - if err := saveCapabilities(yamlPath, updated, existingNode); err != nil { + // 6. Write back to YAML files with comments, preserving existing node trees + fmt.Print(" → Writing updated capabilities files...") + if err := saveCapabilities(capabilitiesDir, updated, existingNodes); err != nil { return nil, fmt.Errorf("failed to save capabilities: %w", err) } fmt.Println(" done") diff --git a/internal/capabilities/generate/metadata_check.go b/internal/capabilities/generate/metadata_check.go index 0eb60cc72..1a576a639 100644 --- a/internal/capabilities/generate/metadata_check.go +++ b/internal/capabilities/generate/metadata_check.go @@ -133,17 +133,17 @@ func collectReferencedMetadataTypes(doc *capabilities.Document) []string { // checkMetadataTypeCoverage compares metadata types from packagemetadata/generated.go // with types referenced in packages.yaml and returns unreferenced types -func checkMetadataTypeCoverage(yamlPath string, repoRoot string) ([]string, error) { +func checkMetadataTypeCoverage(capabilitiesDir string, repoRoot string) ([]string, error) { // parse packagemetadata/generated.go to get all types allTypes, err := parsePackageMetadataTypes(repoRoot) if err != nil { return nil, fmt.Errorf("failed to parse package metadata types: %w", err) } - // load packages.yaml to get referenced types - doc, _, err := loadCapabilities(yamlPath) + // load capabilities files to get referenced types + doc, _, err := loadCapabilities(capabilitiesDir) if err != nil { - return nil, fmt.Errorf("failed to load packages.yaml: %w", err) + return nil, fmt.Errorf("failed to load capabilities files: %w", err) } referencedTypes := collectReferencedMetadataTypes(doc) @@ -167,8 +167,8 @@ func checkMetadataTypeCoverage(yamlPath string, repoRoot string) ([]string, erro // printMetadataTypeCoverageWarning prints a warning if there are metadata types // from packagemetadata/generated.go that aren't referenced in packages.yaml -func printMetadataTypeCoverageWarning(yamlPath string, repoRoot string) { - unreferenced, err := checkMetadataTypeCoverage(yamlPath, repoRoot) +func printMetadataTypeCoverageWarning(capabilitiesDir string, repoRoot string) { + unreferenced, err := checkMetadataTypeCoverage(capabilitiesDir, repoRoot) if err != nil { // don't fail generation, just skip the check fmt.Printf("%s Could not check metadata type coverage: %v\n", warningStyleMeta.Render("⚠"), err) @@ -315,17 +315,17 @@ func collectReferencedPackageTypes(doc *capabilities.Document) []string { // checkPackageTypeCoverage compares package types from pkg.AllPkgs // with types referenced in packages.yaml and returns unreferenced types -func checkPackageTypeCoverage(yamlPath string, repoRoot string) ([]string, error) { +func checkPackageTypeCoverage(capabilitiesDir string, repoRoot string) ([]string, error) { // parse pkg/type.go to get all package types allTypes, err := parseAllPackageTypes(repoRoot) if err != nil { return nil, fmt.Errorf("failed to parse package types: %w", err) } - // load packages.yaml to get referenced types - doc, _, err := loadCapabilities(yamlPath) + // load capabilities files to get referenced types + doc, _, err := loadCapabilities(capabilitiesDir) if err != nil { - return nil, fmt.Errorf("failed to load packages.yaml: %w", err) + return nil, fmt.Errorf("failed to load capabilities files: %w", err) } referencedTypes := collectReferencedPackageTypes(doc) @@ -349,8 +349,8 @@ func checkPackageTypeCoverage(yamlPath string, repoRoot string) ([]string, error // printPackageTypeCoverageWarning prints a warning if there are package types // from pkg.AllPkgs that aren't referenced in packages.yaml -func printPackageTypeCoverageWarning(yamlPath string, repoRoot string) { - unreferenced, err := checkPackageTypeCoverage(yamlPath, repoRoot) +func printPackageTypeCoverageWarning(capabilitiesDir string, repoRoot string) { + unreferenced, err := checkPackageTypeCoverage(capabilitiesDir, repoRoot) if err != nil { // don't fail generation, just skip the check fmt.Printf("%s Could not check package type coverage: %v\n", warningStyleMeta.Render("⚠"), err) diff --git a/internal/capabilities/packages.yaml b/internal/capabilities/packages.yaml deleted file mode 100644 index f38f5247e..000000000 --- a/internal/capabilities/packages.yaml +++ /dev/null @@ -1,4310 +0,0 @@ -# This file is partially auto-generated. Run 'go generate ./internal/capabilities' to regenerate. -# Fields marked AUTO-GENERATED will be updated during regeneration. -# All 'capabilities' sections are MANUAL - edit these to describe cataloger behavior. - -# CAPABILITY SECTIONS: -# There are two types of capability sections depending on cataloger type: - -# 1. Generic catalogers (type=generic): Have capabilities at the PARSER level -# - Each parser function has its own capabilities section -# - Allows different parsers within the same cataloger to have different capabilities - -# 2. Custom catalogers (type=custom): Have capabilities at the CATALOGER level -# - Single capabilities section for the entire cataloger - -# CAPABILITIES FORMAT: -# Capabilities use a field-based format with defaults and optional conditional overrides: - -# capabilities: -# - field: # dot-notation path (e.g., "license", "dependency.depth") -# default: # value when no conditions match -# conditions: # optional - conditional overrides evaluated in order -# - when: {ConfigField: val} # when these config fields match (AND logic) -# value: # use this value instead -# comment: "explanation" # optional - why this condition exists -# evidence: # optional - source code references -# - "StructName.FieldName" -# comment: "explanation" # optional - general field explanation - -# DETECTOR CONDITIONS: -# Detectors (used by custom catalogers) can have optional conditions that control when -# they are active. This allows a single cataloger to have different detection behavior -# based on configuration. - -# Structure: -# detectors: -# - method: glob # AUTO-GENERATED - detection method -# criteria: ["**/*.jar"] # AUTO-GENERATED - patterns to match -# comment: "always active" # MANUAL - optional explanation -# - method: glob -# criteria: ["**/*.zip"] -# conditions: # MANUAL - when this detector is active -# - when: {IncludeZipFiles: true} # config fields that must match -# comment: "optional explanation" -# comment: "ZIP detection requires config" - -# Notes: -# - Conditions reference fields from the cataloger's config struct -# - Multiple conditions in the array use OR logic (any condition can activate) -# - Multiple fields in a 'when' clause use AND logic (all must match) -# - Detectors without conditions are always active -# - Only custom catalogers support detectors with conditions - -# CONDITION EVALUATION: -# - Conditions are evaluated in array order (first match wins) -# - Multiple fields in a 'when' clause use AND logic (all must match) -# - Multiple conditions in the array use OR logic (first matching condition) -# - If no conditions match, the default value is used - -# CAPABILITY FIELDS: -# Standard capability field names and their value types: - -# license: (boolean) -# Whether license information is available. -# Examples: -# default: true # always available -# default: false # never available -# default: false # requires configuration -# conditions: -# - when: {SearchRemoteLicenses: true} -# value: true - -# dependency.depth: (array of strings) -# Which dependency depths can be discovered. -# Values: "direct" (immediate deps), "indirect" (transitive deps) -# Examples: -# default: [direct] # only immediate dependencies -# default: [direct, indirect] # full transitive closure -# default: [] # no dependency information - -# dependency.edges: (string) -# Relationships between nodes and completeness of the dependency graph. -# Values: -# - "" # dependencies found but no edges between them -# - "flat" # single level of dependencies with edges to root package only -# - "reduced" # transitive reduction (redundant edges removed) -# - "complete" # all relationships with accurate direct and indirect edges -# Examples: -# default: complete -# default: "" - -# dependency.kinds: (array of strings) -# Types of dependencies that can be discovered. -# Values: "runtime", "dev", "build", "test", "optional" -# Examples: -# default: [runtime] # production dependencies only -# default: [runtime, dev] # production and development -# default: [runtime, dev, build] # all dependency types -# default: [runtime] # with conditional dev deps -# conditions: -# - when: {IncludeDevDeps: true} -# value: [runtime, dev] - -# package_manager.files.listing: (boolean) -# Whether file listings are available (which files belong to the package). -# Examples: -# default: true -# default: false -# conditions: -# - when: {CaptureOwnedFiles: true} -# value: true - -# package_manager.files.digests: (boolean) -# Whether file digests/checksums are included in listings. -# Examples: -# default: true -# default: false - -# package_manager.package_integrity_hash: (boolean) -# Whether a hash for verifying package integrity is available. -# Examples: -# default: true -# default: false - -# EXAMPLES: - -# # Simple cataloger with no configuration -# capabilities: -# - name: license -# default: true -# comment: "license field always present in package.json" -# - name: dependency.depth -# default: [direct] -# - name: dependency.edges -# default: "" -# - name: dependency.kinds -# default: [runtime] -# comment: "devDependencies not parsed by this cataloger" -# - name: package_manager.files.listing -# default: false -# - name: package_manager.files.digests -# default: false -# - name: package_manager.package_integrity_hash -# default: false - -# # Cataloger with configuration-dependent capabilities -# capabilities: -# - name: license -# default: false -# conditions: -# - when: {SearchLocalModCacheLicenses: true} -# value: true -# comment: "searches for licenses in GOPATH mod cache" -# - when: {SearchRemoteLicenses: true} -# value: true -# comment: "fetches licenses from proxy.golang.org" -# comment: "license scanning requires configuration" -# - name: dependency.depth -# default: [direct, indirect] -# - name: dependency.edges -# default: flat -# - name: dependency.kinds -# default: [runtime, dev] -# - name: package_manager.files.listing -# default: false -# - name: package_manager.files.digests -# default: false -# - name: package_manager.package_integrity_hash -# default: true -# evidence: -# - "GolangBinaryBuildinfoEntry.H1Digest" - -application: # AUTO-GENERATED - application-level config keys - - key: dotnet.dep-packages-must-claim-dll - description: only keep dep.json packages which have a runtime/resource DLL claimed in the deps.json targets section (but not necessarily found on disk). The package is also included if any child package claims a DLL, even if the package itself does not claim a DLL. - - key: dotnet.dep-packages-must-have-dll - description: only keep dep.json packages which an executable on disk is found. The package is also included if a DLL is found for any child package, even if the package itself does not have a DLL. - - key: dotnet.propagate-dll-claims-to-parents - description: treat DLL claims or on-disk evidence for child packages as DLL claims or on-disk evidence for any parent package - - key: dotnet.relax-dll-claims-when-bundling-detected - description: show all packages from the deps.json if bundling tooling is present as a dependency (e.g. ILRepack) - - key: golang.local-mod-cache-dir - description: specify an explicit go mod cache directory, if unset this defaults to $GOPATH/pkg/mod or $HOME/go/pkg/mod - - key: golang.local-vendor-dir - description: specify an explicit go vendor directory, if unset this defaults to ./vendor - - key: golang.main-module-version.from-build-settings - description: use the build settings (e.g. vcs.version & vcs.time) to craft a v0 pseudo version (e.g. v0.0.0-20220308212642-53e6d0aaf6fb) when a more accurate version cannot be found otherwise - - key: golang.main-module-version.from-contents - description: search for semver-like strings in the binary contents - - key: golang.main-module-version.from-ld-flags - description: look for LD flags that appear to be setting a version (e.g. -X main.version=1.0.0) - - key: golang.no-proxy - description: specifies packages which should not be fetched by proxy if unset this defaults to $GONOPROXY - - key: golang.proxy - description: remote proxy to use when retrieving go packages from the network, if unset this defaults to $GOPROXY followed by https://proxy.golang.org - - key: golang.search-local-mod-cache-licenses - description: search for go package licences in the GOPATH of the system running Syft, note that this is outside the container filesystem and potentially outside the root of a local directory scan - - key: golang.search-local-vendor-licenses - description: search for go package licences in the vendor folder on the system running Syft, note that this is outside the container filesystem and potentially outside the root of a local directory scan - - key: golang.search-remote-licenses - description: search for go package licences by retrieving the package from a network proxy - - key: java.maven-local-repository-dir - description: override the default location of the local Maven repository. the default is the subdirectory '.m2/repository' in your home directory - - key: java.maven-url - description: maven repository to use, defaults to Maven central - - key: java.max-parent-recursive-depth - description: depth to recursively resolve parent POMs, no limit if <= 0 - - key: java.resolve-transitive-dependencies - description: resolve transient dependencies such as those defined in a dependency's POM on Maven central - - key: java.use-maven-local-repository - description: 'use the local Maven repository to retrieve pom files. When Maven is installed and was previously used for building the software that is being scanned, then most pom files will be available in this repository on the local file system. this greatly speeds up scans. when all pom files are available in the local repository, then ''use-network'' is not needed. TIP: If you want to download all required pom files to the local repository without running a full build, run ''mvn help:effective-pom'' before performing the scan with syft.' - - key: java.use-network - description: enables Syft to use the network to fetch version and license information for packages when a parent or imported pom file is not found in the local maven repository. the pom files are downloaded from the remote Maven repository at 'maven-url' - - key: javascript.include-dev-dependencies - description: include development-scoped dependencies - - key: javascript.npm-base-url - description: base NPM url to use - - key: javascript.search-remote-licenses - description: enables Syft to use the network to fill in more detailed license information - - key: linux-kernel.catalog-modules - description: whether to catalog linux kernel modules found within lib/modules/** directories - - key: nix.capture-owned-files - description: enumerate all files owned by packages found within Nix store paths - - key: python.guess-unpinned-requirements - description: when running across entries in requirements.txt that do not specify a specific version (e.g. "sqlalchemy >= 1.0.0, <= 2.0.0, != 3.0.0, <= 3.0.0"), attempt to guess what the version could be based on the version requirements specified (e.g. "1.0.0"). When enabled the lowest expressible version when given an arbitrary constraint will be used (even if that version may not be available/published). - - key: python.pypi-base-url - description: base Pypi url to use - - key: python.search-remote-licenses - description: enables Syft to use the network to fill in more detailed license information -configs: # AUTO-GENERATED - config structs and their fields - dotnet.CatalogerConfig: - fields: - - key: DepPackagesMustHaveDLL - description: DepPackagesMustHaveDLL allows for deps.json packages to be included only if there is a DLL on disk for that package. - app_key: dotnet.dep-packages-must-have-dll - - key: DepPackagesMustClaimDLL - description: DepPackagesMustClaimDLL allows for deps.json packages to be included only if there is a runtime/resource DLL claimed in the deps.json targets section. This does not require such claimed DLLs to exist on disk. The behavior of this - app_key: dotnet.dep-packages-must-claim-dll - - key: PropagateDLLClaimsToParents - description: PropagateDLLClaimsToParents allows for deps.json packages to be included if any child (transitive) package claims a DLL. This applies to both the claims configuration and evidence-on-disk configurations. - app_key: dotnet.propagate-dll-claims-to-parents - - key: RelaxDLLClaimsWhenBundlingDetected - description: RelaxDLLClaimsWhenBundlingDetected will look for indications of IL bundle tooling via deps.json package names and, if found (and this config option is enabled), will relax the DepPackagesMustClaimDLL value to `false` only in those cases. - app_key: dotnet.relax-dll-claims-when-bundling-detected - golang.CatalogerConfig: - fields: - - key: SearchLocalModCacheLicenses - description: SearchLocalModCacheLicenses enables searching for go package licenses in the local GOPATH mod cache. - app_key: golang.search-local-mod-cache-licenses - - key: LocalModCacheDir - description: LocalModCacheDir specifies the location of the local go module cache directory. When not set, syft will attempt to discover the GOPATH env or default to $HOME/go. - app_key: golang.local-mod-cache-dir - - key: SearchLocalVendorLicenses - description: SearchLocalVendorLicenses enables searching for go package licenses in the local vendor directory relative to the go.mod file. - app_key: golang.search-local-vendor-licenses - - key: LocalVendorDir - description: LocalVendorDir specifies the location of the local vendor directory. When not set, syft will search for a vendor directory relative to the go.mod file. - app_key: golang.local-vendor-dir - - key: SearchRemoteLicenses - description: SearchRemoteLicenses enables downloading go package licenses from the upstream go proxy (typically proxy.golang.org). - app_key: golang.search-remote-licenses - - key: Proxies - description: Proxies is a list of go module proxies to use when fetching go module metadata and licenses. When not set, syft will use the GOPROXY env or default to https://proxy.golang.org,direct. - app_key: golang.proxy - - key: NoProxy - description: NoProxy is a list of glob patterns that match go module names that should not be fetched from the go proxy. When not set, syft will use the GOPRIVATE and GONOPROXY env vars. - app_key: golang.no-proxy - java.ArchiveCatalogerConfig: - fields: - - key: IncludeIndexedArchives - description: IncludeIndexedArchives indicates whether to search within indexed archive files (e.g., .zip). - - key: IncludeUnindexedArchives - description: IncludeUnindexedArchives indicates whether to search within unindexed archive files (e.g., .tar*). - - key: UseNetwork - description: UseNetwork enables network operations for java package metadata enrichment, such as fetching parent POMs and license information. - app_key: java.use-network - - key: UseMavenLocalRepository - description: UseMavenLocalRepository enables searching the local maven repository (~/.m2/repository by default) for parent POMs and other metadata. - app_key: java.use-maven-local-repository - - key: MavenLocalRepositoryDir - description: MavenLocalRepositoryDir specifies the location of the local maven repository. When not set, defaults to ~/.m2/repository. - app_key: java.maven-local-repository-dir - - key: MavenBaseURL - description: MavenBaseURL specifies the base URL(s) to use for fetching POMs and metadata from maven central or other repositories. When not set, defaults to https://repo1.maven.org/maven2. - app_key: java.maven-url - - key: MaxParentRecursiveDepth - description: MaxParentRecursiveDepth limits how many parent POMs will be fetched recursively before stopping. This prevents infinite loops or excessively deep parent chains. - app_key: java.max-parent-recursive-depth - - key: ResolveTransitiveDependencies - description: ResolveTransitiveDependencies enables resolving transitive dependencies for java packages found within archives. - app_key: java.resolve-transitive-dependencies - javascript.CatalogerConfig: - fields: - - key: SearchRemoteLicenses - description: SearchRemoteLicenses enables querying the NPM registry API to retrieve license information for packages that are missing license data in their local metadata. - app_key: javascript.search-remote-licenses - - key: NPMBaseURL - description: NPMBaseURL specifies the base URL for the NPM registry API used when searching for remote license information. - app_key: javascript.npm-base-url - - key: IncludeDevDependencies - description: IncludeDevDependencies controls whether development dependencies should be included in the catalog results, in addition to production dependencies. - app_key: javascript.include-dev-dependencies - kernel.LinuxKernelCatalogerConfig: - fields: - - key: CatalogModules - description: CatalogModules enables cataloging linux kernel modules (*.ko files) in addition to the kernel itself. - app_key: linux-kernel.catalog-modules - nix.Config: - fields: - - key: CaptureOwnedFiles - description: CaptureOwnedFiles determines whether to record the list of files owned by each Nix package discovered in the store. Recording owned files provides more detailed information but increases processing time and memory usage. - app_key: nix.capture-owned-files - python.CatalogerConfig: - fields: - - key: GuessUnpinnedRequirements - description: GuessUnpinnedRequirements attempts to infer package versions from version constraints when no explicit version is specified in requirements files. - app_key: python.guess-unpinned-requirements - - key: SearchRemoteLicenses - description: SearchRemoteLicenses enables querying the NPM registry API to retrieve license information for packages that are missing license data in their local metadata. - app_key: python.search-remote-licenses - - key: PypiBaseURL - description: PypiBaseURL specifies the base URL for the Pypi registry API used when searching for remote license information. - app_key: python.pypi-base-url -catalogers: - # alpm (arch / pacman) ################################################################################################# - - ecosystem: alpm # MANUAL - name: alpm-db-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/arch/cataloger.go - function: NewDBCataloger - selectors: # AUTO-GENERATED - - alpm - - archlinux - - directory - - image - - installed - - linux - - os - - package - - pacman - parsers: # AUTO-GENERATED structure - - function: parseAlpmDB # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/var/lib/pacman/local/**/desc' - metadata_types: # AUTO-GENERATED - - pkg.AlpmDBEntry - package_types: # AUTO-GENERATED - - alpm - json_schema_types: # AUTO-GENERATED - - AlpmDbEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: true - - name: dependency.depth - default: - - direct - - indirect - - name: dependency.edges - default: complete - - name: dependency.kinds - default: - - runtime - - name: package_manager.files.listing - default: true - evidence: - - AlpmDBEntry.Files - - name: package_manager.files.digests - default: true - evidence: - - AlpmDBEntry.Files[].Digests - - name: package_manager.package_integrity_hash - default: false - # Alpine linux (apk) ################################################################################################ - - ecosystem: alpine # MANUAL - name: apk-db-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/alpine/cataloger.go - function: NewDBCataloger - selectors: # AUTO-GENERATED - - alpine - - apk - - directory - - image - - installed - - linux - - os - - package - parsers: # AUTO-GENERATED structure - - function: parseApkDB # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/lib/apk/db/installed' - metadata_types: # AUTO-GENERATED - - pkg.ApkDBEntry - package_types: # AUTO-GENERATED - - apk - json_schema_types: # AUTO-GENERATED - - ApkDbEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: true - - name: dependency.depth - default: - - direct - - indirect - - name: dependency.edges - default: complete - - name: dependency.kinds - default: - - runtime - - name: package_manager.files.listing - default: true - evidence: - - ApkDBEntry.Files - - name: package_manager.files.digests - default: true - evidence: - - ApkDBEntry.Files[].Digest - - name: package_manager.package_integrity_hash - default: true - evidence: - - ApkDBEntry.Checksum - # Binary ############################################################################################################ - - ecosystem: binary # MANUAL - name: binary-classifier-cataloger # AUTO-GENERATED - type: custom # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/binary/classifier_cataloger.go - function: NewClassifierCataloger - selectors: # AUTO-GENERATED - - binary - - declared - - directory - - image - - installed - - package - detectors: # AUTO-GENERATED - - method: glob - criteria: - - '**/python*' - packages: - - class: python-binary - name: python - purl: pkg:generic/python - cpes: - - cpe:2.3:a:python_software_foundation:python:*:*:*:*:*:*:*:* - - cpe:2.3:a:python:python:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/libpython*.so*' - packages: - - class: python-binary-lib - name: python - purl: pkg:generic/python - cpes: - - cpe:2.3:a:python_software_foundation:python:*:*:*:*:*:*:*:* - - cpe:2.3:a:python:python:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/libpypy*.so*' - packages: - - class: pypy-binary-lib - name: pypy - purl: pkg:generic/pypy - cpes: [] - type: BinaryPkg - - method: glob - criteria: - - '**/go' - packages: - - class: go-binary - name: go - purl: pkg:generic/go - cpes: - - cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/libjulia-internal.so' - packages: - - class: julia-binary - name: julia - purl: pkg:generic/julia - cpes: - - cpe:2.3:a:julialang:julia:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/helm' - packages: - - class: helm - name: helm - purl: pkg:golang/helm.sh/helm - cpes: - - cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/redis-server' - packages: - - class: redis-binary - name: redis - purl: pkg:generic/redis - cpes: - - cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:* - - cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/node' - packages: - - class: nodejs-binary - name: node - purl: pkg:generic/node - cpes: - - cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/VERSION*' - packages: - - class: go-binary-hint - name: go - purl: pkg:generic/go - cpes: - - cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/busybox' - packages: - - class: busybox-binary - name: busybox - purl: pkg:generic/busybox - cpes: - - cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/getopt' - packages: - - class: util-linux-binary - name: util-linux - purl: pkg:generic/util-linux - cpes: - - cpe:2.3:a:kernel:util-linux:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/haproxy' - packages: - - class: haproxy-binary - name: haproxy - purl: pkg:generic/haproxy - cpes: - - cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/perl' - packages: - - class: perl-binary - name: perl - purl: pkg:generic/perl - cpes: - - cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/composer*' - packages: - - class: php-composer-binary - name: composer - purl: pkg:generic/composer - cpes: - - cpe:2.3:a:getcomposer:composer:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/httpd' - packages: - - class: httpd-binary - name: httpd - purl: pkg:generic/httpd - cpes: - - cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/memcached' - packages: - - class: memcached-binary - name: memcached - purl: pkg:generic/memcached - cpes: - - cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/traefik' - packages: - - class: traefik-binary - name: traefik - purl: pkg:generic/traefik - cpes: - - cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/arangosh' - packages: - - class: arangodb-binary - name: arangodb - purl: pkg:generic/arangodb - cpes: - - cpe:2.3:a:arangodb:arangodb:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/postgres' - packages: - - class: postgresql-binary - name: postgresql - purl: pkg:generic/postgresql - cpes: - - cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/mysql' - packages: - - class: mysql-binary - name: mysql - purl: pkg:generic/mysql - cpes: - - cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/mysql' - packages: - - class: mysql-binary - name: percona-server - purl: pkg:generic/percona-server - cpes: - - cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* - - cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/mysql' - packages: - - class: mysql-binary - name: percona-xtradb-cluster - purl: pkg:generic/percona-xtradb-cluster - cpes: - - cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* - - cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:* - - cpe:2.3:a:percona:xtradb_cluster:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/xtrabackup' - packages: - - class: xtrabackup-binary - name: percona-xtrabackup - purl: pkg:generic/percona-xtrabackup - cpes: - - cpe:2.3:a:percona:xtrabackup:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/{mariadb,mysql}' - packages: - - class: mariadb-binary - name: mariadb - purl: pkg:generic/mariadb - cpes: - - cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/libstd-????????????????.so' - packages: - - class: rust-standard-library-linux - name: rust - purl: pkg:generic/rust - cpes: - - cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/libstd-????????????????.dylib' - packages: - - class: rust-standard-library-macos - name: rust - purl: pkg:generic/rust - cpes: - - cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/ruby' - packages: - - class: ruby-binary - name: ruby - purl: pkg:generic/ruby - cpes: - - cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/erlexec' - packages: - - class: erlang-binary - name: erlang - purl: pkg:generic/erlang - cpes: - - cpe:2.3:a:erlang:erlang/otp:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/beam.smp' - packages: - - class: erlang-alpine-binary - name: erlang - purl: pkg:generic/erlang - cpes: - - cpe:2.3:a:erlang:erlang/otp:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/liberts_internal.a' - packages: - - class: erlang-library - name: erlang - purl: pkg:generic/erlang - cpes: - - cpe:2.3:a:erlang:erlang/otp:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/swipl' - packages: - - class: swipl-binary - name: swipl - purl: pkg:generic/swipl - cpes: - - cpe:2.3:a:erlang:erlang/otp:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/dart' - packages: - - class: dart-binary - name: dart - purl: pkg:generic/dart - cpes: - - cpe:2.3:a:dart:dart_software_development_kit:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/ghc*' - packages: - - class: haskell-ghc-binary - name: haskell/ghc - purl: pkg:generic/haskell/ghc - cpes: - - cpe:2.3:a:haskell:ghc:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/cabal' - packages: - - class: haskell-cabal-binary - name: haskell/cabal - purl: pkg:generic/haskell/cabal - cpes: - - cpe:2.3:a:haskell:cabal:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/stack' - packages: - - class: haskell-stack-binary - name: haskell/stack - purl: pkg:generic/haskell/stack - cpes: - - cpe:2.3:a:haskell:stack:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/consul' - packages: - - class: consul-binary - name: consul - purl: pkg:golang/github.com/hashicorp/consul - cpes: - - cpe:2.3:a:hashicorp:consul:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/vault' - packages: - - class: hashicorp-vault-binary - name: github.com/hashicorp/vault - purl: pkg:golang/github.com/hashicorp/vault - cpes: - - cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/nginx' - packages: - - class: nginx-binary - name: nginx - purl: pkg:generic/nginx - cpes: - - cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:* - - cpe:2.3:a:nginx:nginx:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/bash' - packages: - - class: bash-binary - name: bash - purl: pkg:generic/bash - cpes: - - cpe:2.3:a:gnu:bash:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/openssl' - packages: - - class: openssl-binary - name: openssl - purl: pkg:generic/openssl - cpes: - - cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/gcc' - packages: - - class: gcc-binary - name: gcc - purl: pkg:generic/gcc - cpes: - - cpe:2.3:a:gnu:gcc:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/fluent-bit' - packages: - - class: fluent-bit-binary - name: fluent-bit - purl: pkg:github/fluent/fluent-bit - cpes: - - cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/wp' - packages: - - class: wordpress-cli-binary - name: wp-cli - purl: pkg:generic/wp-cli - cpes: - - cpe:2.3:a:wp-cli:wp-cli:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/curl' - packages: - - class: curl-binary - name: curl - purl: pkg:generic/curl - cpes: - - cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/lighttpd' - packages: - - class: lighttpd-binary - name: lighttpd - purl: pkg:generic/lighttpd - cpes: - - cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/proftpd' - packages: - - class: proftpd-binary - name: proftpd - purl: pkg:generic/proftpd - cpes: - - cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/zstd' - packages: - - class: zstd-binary - name: zstd - purl: pkg:generic/zstd - cpes: - - cpe:2.3:a:facebook:zstandard:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/xz' - packages: - - class: xz-binary - name: xz - purl: pkg:generic/xz - cpes: - - cpe:2.3:a:tukaani:xz:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/gzip' - packages: - - class: gzip-binary - name: gzip - purl: pkg:generic/gzip - cpes: - - cpe:2.3:a:gnu:gzip:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/sqlcipher' - packages: - - class: sqlcipher-binary - name: sqlcipher - purl: pkg:generic/sqlcipher - cpes: - - cpe:2.3:a:zetetic:sqlcipher:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/jq' - packages: - - class: jq-binary - name: jq - purl: pkg:generic/jq - cpes: - - cpe:2.3:a:jqlang:jq:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/chrome' - packages: - - class: chrome-binary - name: chrome - purl: pkg:generic/chrome - cpes: - - cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/ffmpeg' - packages: - - class: ffmpeg-binary - name: ffmpeg - purl: pkg:generic/ffmpeg - cpes: - - cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/libav*' - packages: - - class: ffmpeg-library - name: ffmpeg - purl: pkg:generic/ffmpeg - cpes: - - cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/libswresample*' - packages: - - class: ffmpeg-library - name: ffmpeg - purl: pkg:generic/ffmpeg - cpes: - - cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/elixir' - packages: - - class: elixir-binary - name: elixir - purl: pkg:generic/elixir - cpes: - - cpe:2.3:a:elixir-lang:elixir:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/elixir/ebin/elixir.app' - packages: - - class: elixir-library - name: elixir - purl: pkg:generic/elixir - cpes: - - cpe:2.3:a:elixir-lang:elixir:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/java' - packages: - - class: java-binary - name: "" - purl: pkg:/ - cpes: [] - type: BinaryPkg - - class: java-binary-graalvm - name: graalvm - purl: pkg:generic/oracle/graalvm - cpes: - - cpe:2.3:a:oracle:graalvm:*:*:*:*:*:*:*:* - type: BinaryPkg - - class: java-binary-openjdk-zulu - name: zulu - purl: pkg:generic/azul/zulu - cpes: - - cpe:2.3:a:azul:zulu:*:*:*:*:*:*:*:* - type: BinaryPkg - - class: java-binary-openjdk-with-update - name: openjdk - purl: pkg:generic/oracle/openjdk - cpes: - - cpe:2.3:a:oracle:openjdk:{{.primary}}:update{{.update}}:*:*:*:*:*:* - type: BinaryPkg - - class: java-binary-openjdk - name: openjdk - purl: pkg:generic/oracle/openjdk - cpes: - - cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:* - type: BinaryPkg - - class: java-binary-ibm - name: java - purl: pkg:generic/ibm/java - cpes: - - cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:* - type: BinaryPkg - - class: java-binary-openjdk-fallthrough - name: jre - purl: pkg:generic/oracle/jre - cpes: - - cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:* - type: BinaryPkg - - class: java-binary-oracle - name: jre - purl: pkg:generic/oracle/jre - cpes: - - cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:* - type: BinaryPkg - - method: glob - criteria: - - '**/jdb' - packages: - - class: java-jdb-binary - name: "" - purl: pkg:/ - cpes: [] - type: BinaryPkg - - class: java-binary-graalvm - name: graalvm - purl: pkg:generic/oracle/graalvm - cpes: - - cpe:2.3:a:oracle:graalvm_for_jdk:*:*:*:*:*:*:*:* - type: BinaryPkg - - class: jdb-binary-openjdk-zulu - name: zulu - purl: pkg:generic/azul/zulu - cpes: - - cpe:2.3:a:azul:zulu:*:*:*:*:*:*:*:* - type: BinaryPkg - - class: java-jdb-binary-openjdk - name: openjdk - purl: pkg:generic/oracle/openjdk - cpes: - - cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:* - type: BinaryPkg - - class: java-sdk-binary-ibm - name: java_sdk - purl: pkg:generic/ibm/java_sdk - cpes: - - cpe:2.3:a:ibm:java_sdk:*:*:*:*:*:*:*:* - type: BinaryPkg - - class: java-binary-openjdk-fallthrough - name: openjdk - purl: pkg:generic/oracle/openjdk - cpes: - - cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:* - type: BinaryPkg - - class: java-binary-jdk - name: jdk - purl: pkg:generic/oracle/jdk - cpes: - - cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:* - type: BinaryPkg - metadata_types: # AUTO-GENERATED - - pkg.BinarySignature - package_types: # AUTO-GENERATED - - binary - json_schema_types: # AUTO-GENERATED - - BinarySignature - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - # TODO: what about shared libs, other elf packages, and os packages? this should work outside of the cataloger - - name: dependency.depth - default: [] - - name: dependency.edges - default: "" - - name: dependency.kinds - default: [] - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - - ecosystem: binary # MANUAL - name: elf-binary-package-cataloger # AUTO-GENERATED - type: custom # AUTO-GENERATED - source: # AUTO-GENERATED - file: "" - function: "" - selectors: # AUTO-GENERATED - - binary - - declared - - directory - - elf - - elf-package - - image - - installed - - package - detectors: # MANUAL - edit detectors here - - method: mimetype - criteria: - - application/x-executable - - application/x-mach-binary - - application/x-elf - - application/x-sharedlib - - application/vnd.microsoft.portable-executable - metadata_types: # AUTO-GENERATED - - pkg.ELFBinaryPackageNoteJSONPayload - package_types: # AUTO-GENERATED - - binary - - rpm - json_schema_types: # AUTO-GENERATED - - ElfBinaryPackageNoteJsonPayload - capabilities: # MANUAL - config-driven capability definitions - # licenses can be detected in some elf packages (via the licenses note field) - - name: license - default: true - # TODO: what about shared libs, other elf packages, and os packages? this should work outside of the cataloger - - name: dependency.depth - default: [] - - name: dependency.edges - default: "" - - name: dependency.kinds - default: [] - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - - ecosystem: binary # MANUAL - name: pe-binary-package-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/binary/pe_package_cataloger.go - function: NewPEPackageCataloger - selectors: # AUTO-GENERATED - - binary - - declared - - directory - - dll - - exe - - image - - installed - - package - - pe - - pe-package - parsers: # AUTO-GENERATED structure - - function: parsePE # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/*.dll' - - '**/*.exe' - metadata_types: # AUTO-GENERATED - - pkg.PEBinary - package_types: # AUTO-GENERATED - - binary - json_schema_types: # AUTO-GENERATED - - PeBinary - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - # TODO: what about shared libs, other elf packages, and os packages? this should work outside of the cataloger - - name: dependency.depth - default: [] - - name: dependency.edges - default: "" - - name: dependency.kinds - default: [] - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - # Bitnami ########################################################################################################### - - ecosystem: bitnami # MANUAL - name: bitnami-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/bitnami/cataloger.go - function: NewCataloger - selectors: # AUTO-GENERATED - - bitnami - - image - - installed - - package - parsers: # AUTO-GENERATED structure - - function: parseSBOM # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - /opt/bitnami/**/.spdx-*.spdx - metadata_types: # AUTO-GENERATED - - pkg.BitnamiSBOMEntry - package_types: # AUTO-GENERATED - - bitnami - json_schema_types: # AUTO-GENERATED - - BitnamiSbomEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: true - # the reach will vary for each ecosystem - - name: dependency.depth - default: - - direct - - indirect - - name: dependency.edges - default: complete - - name: dependency.kinds - default: - - runtime - - name: package_manager.files.listing - default: true - evidence: - - BitnamiSBOMEntry.Files - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - # Rust (cargo) ##################################################################################################### - - ecosystem: rust # MANUAL - name: cargo-auditable-binary-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/rust/cataloger.go - function: NewAuditBinaryCataloger - selectors: # AUTO-GENERATED - - binary - - directory - - image - - installed - - language - - package - - rust - parsers: # AUTO-GENERATED structure - - function: parseAuditBinary # AUTO-GENERATED - detector: # AUTO-GENERATED - method: mimetype # AUTO-GENERATED - criteria: # AUTO-GENERATED - - application/x-executable - - application/x-mach-binary - - application/x-elf - - application/x-sharedlib - - application/vnd.microsoft.portable-executable - - application/x-executable - metadata_types: # AUTO-GENERATED - - pkg.RustBinaryAuditEntry - package_types: # AUTO-GENERATED - - rust-crate - json_schema_types: # AUTO-GENERATED - - RustCargoAuditEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - indirect - - name: dependency.edges - default: complete - - name: dependency.kinds - default: - - runtime - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - - ecosystem: rust # MANUAL - name: rust-cargo-lock-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/rust/cataloger.go - function: NewCargoLockCataloger - selectors: # AUTO-GENERATED - - cargo - - declared - - directory - - language - - package - - rust - parsers: # AUTO-GENERATED structure - - function: parseCargoLock # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/Cargo.lock' - metadata_types: # AUTO-GENERATED - - pkg.RustCargoLockEntry - package_types: # AUTO-GENERATED - - rust-crate - json_schema_types: # AUTO-GENERATED - - RustCargoLockEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - indirect - - name: dependency.edges - default: complete - # though the toml has a dev/build section for deps, the lock has no knowledge of that - - name: dependency.kinds - default: - - runtime - - dev - - build - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: true - evidence: - - RustCargoLockEntry.Checksum - # Swift ######################################################################################################### - - ecosystem: swift # MANUAL - name: cocoapods-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/swift/cataloger.go - function: NewCocoapodsCataloger - selectors: # AUTO-GENERATED - - cocoapods - - declared - - directory - - language - - package - - swift - parsers: # AUTO-GENERATED structure - - function: parsePodfileLock # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/Podfile.lock' - metadata_types: # AUTO-GENERATED - - pkg.CocoaPodfileLockEntry - package_types: # AUTO-GENERATED - - pod - json_schema_types: # AUTO-GENERATED - - CocoaPodfileLockEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - indirect - # we raise up all nodes in the graph, but don't relate them together in any way - - name: dependency.edges - default: "" - - name: dependency.kinds - default: - - runtime - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: true - evidence: - - CocoaPodfileLockEntry.Checksum - - ecosystem: swift # MANUAL - name: swift-package-manager-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/swift/cataloger.go - function: NewSwiftPackageManagerCataloger - selectors: # AUTO-GENERATED - - declared - - directory - - language - - package - - spm - - swift - parsers: # AUTO-GENERATED structure - - function: parsePackageResolved # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/Package.resolved' - - '**/.package.resolved' - metadata_types: # AUTO-GENERATED - - pkg.SwiftPackageManagerResolvedEntry - package_types: # AUTO-GENERATED - - swift - json_schema_types: # AUTO-GENERATED - - SwiftPackageManagerLockEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - indirect - - name: dependency.edges - default: "" - - name: dependency.kinds - default: - - runtime - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - # C/C++ ############################################################################################################ - - ecosystem: c++ # MANUAL - name: conan-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/cpp/cataloger.go - function: NewConanCataloger - selectors: # AUTO-GENERATED - - conan - - cpp - - declared - - directory - - language - - package - parsers: # AUTO-GENERATED structure - - function: parseConanLock # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/conan.lock' - metadata_types: # AUTO-GENERATED - - pkg.ConanV1LockEntry - - pkg.ConanV2LockEntry - package_types: # AUTO-GENERATED - - conan - json_schema_types: # AUTO-GENERATED - - CConanLockEntry - - CConanLockV2Entry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - indirect - # we can detect nodes, but not how they relate to each other - - name: dependency.edges - default: "" - - name: dependency.kinds - default: - - runtime - - build - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: true - evidence: - - ConanV1LockEntry.Ref - - ConanV2LockEntry.RecipeRevision - - function: parseConanfile # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/conanfile.txt' - metadata_types: # AUTO-GENERATED - - pkg.ConanfileEntry - package_types: # AUTO-GENERATED - - conan - json_schema_types: # AUTO-GENERATED - - CConanFileEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - # we can detect nodes, but not how they relate to each other - - name: dependency.edges - default: "" - - name: dependency.kinds - default: - - runtime - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - - ecosystem: c++ # MANUAL - name: conan-info-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/cpp/cataloger.go - function: NewConanInfoCataloger - selectors: # AUTO-GENERATED - - conan - - cpp - - image - - installed - - language - - package - parsers: # AUTO-GENERATED structure - - function: parseConaninfo # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/conaninfo.txt' - metadata_types: # AUTO-GENERATED - - pkg.ConaninfoEntry - package_types: # AUTO-GENERATED - - conan - json_schema_types: # AUTO-GENERATED - - CConanInfoEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - name: dependency.edges - default: flat - - name: dependency.kinds - default: - - runtime - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - # Conda ############################################################################################################ - - ecosystem: conda # MANUAL - name: conda-meta-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/conda/cataloger.go - function: NewCondaMetaCataloger - selectors: # AUTO-GENERATED - - conda - - directory - - installed - - package - parsers: # AUTO-GENERATED structure - - function: parseCondaMetaJSON # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/conda-meta/*.json' - metadata_types: # AUTO-GENERATED - - pkg.CondaMetaPackage - package_types: # AUTO-GENERATED - - conda - json_schema_types: # AUTO-GENERATED - - CondaMetadataEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: true - - name: dependency.depth - default: - - direct - - name: dependency.edges - default: "" - - name: dependency.kinds - default: - - runtime - - name: package_manager.files.listing - default: true - evidence: - - CondaMetaPackage.Files - - CondaMetaPackage.PathsData.Paths - - name: package_manager.files.digests - default: true - evidence: - - CondaMetaPackage.PathsData.Paths.SHA256 - - name: package_manager.package_integrity_hash - default: true - evidence: - - CondaMetaPackage.MD5 - - CondaMetaPackage.SHA256 - # Dart ############################################################################################################# - - ecosystem: dart # MANUAL - name: dart-pubspec-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/dart/cataloger.go - function: NewPubspecCataloger - selectors: # AUTO-GENERATED - - dart - - declared - - directory - - language - - package - parsers: # AUTO-GENERATED structure - - function: parsePubspec # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/pubspec.yml' - - '**/pubspec.yaml' - metadata_types: # AUTO-GENERATED - - pkg.DartPubspec - package_types: # AUTO-GENERATED - - dart-pub - json_schema_types: # AUTO-GENERATED - - DartPubspec - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - name: dependency.edges - default: "" - - name: dependency.kinds - default: - - runtime - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - - ecosystem: dart # MANUAL - name: dart-pubspec-lock-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/dart/cataloger.go - function: NewPubspecLockCataloger - selectors: # AUTO-GENERATED - - dart - - declared - - directory - - language - - package - parsers: # AUTO-GENERATED structure - - function: parsePubspecLock # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/pubspec.lock' - metadata_types: # AUTO-GENERATED - - pkg.DartPubspecLockEntry - package_types: # AUTO-GENERATED - - dart-pub - json_schema_types: # AUTO-GENERATED - - DartPubspecLockEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - indirect - - name: dependency.edges - default: "" - - name: dependency.kinds - default: - - runtime - - dev - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - # Dpkg (debian) ################################################################################################### - - ecosystem: dpkg # MANUAL - name: dpkg-db-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/debian/cataloger.go - function: NewDBCataloger - selectors: # AUTO-GENERATED - - debian - - directory - - dpkg - - image - - installed - - linux - - os - - package - parsers: # AUTO-GENERATED structure - - function: parseDpkgDB # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/lib/dpkg/status' - - '**/lib/dpkg/status.d/*' - - '**/lib/opkg/info/*.control' - - '**/lib/opkg/status' - metadata_types: # AUTO-GENERATED - - pkg.DpkgDBEntry - package_types: # AUTO-GENERATED - - deb - json_schema_types: # AUTO-GENERATED - - DpkgDbEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: true - - name: dependency.depth - default: - - direct - - indirect - - name: dependency.edges - default: complete - - name: dependency.kinds - default: - - runtime - - name: package_manager.files.listing - default: true - evidence: - - DpkgDBEntry.Files - - name: package_manager.files.digests - default: true - evidence: - - DpkgDBEntry.Files[].Digest - - name: package_manager.package_integrity_hash - default: false - - ecosystem: dpkg # MANUAL - name: deb-archive-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/debian/cataloger.go - function: NewArchiveCataloger - selectors: # AUTO-GENERATED - - deb - - debian - - declared - - directory - - linux - - os - - package - parsers: # AUTO-GENERATED structure - - function: parseDebArchive # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/*.deb' - metadata_types: # AUTO-GENERATED - - pkg.DpkgArchiveEntry - package_types: # AUTO-GENERATED - - deb - json_schema_types: # AUTO-GENERATED - - DpkgArchiveEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: true - # an archive only has dependency CLAIMS in the metadata, but not dependencies incorporated as nodes/edges in the SBOM - - name: dependency.depth - default: [] - - name: dependency.edges - default: "" - - name: dependency.kinds - default: [] - - name: package_manager.files.listing - default: true - evidence: - - DpkgArchiveEntry.Files - - name: package_manager.files.digests - default: true - evidence: - - DpkgArchiveEntry.Files[].Digest - - name: package_manager.package_integrity_hash - default: false - # .NET ################################################################################################### - - ecosystem: dotnet # MANUAL - name: dotnet-deps-binary-cataloger # AUTO-GENERATED - type: custom # AUTO-GENERATED - source: # AUTO-GENERATED - file: "" - function: "" - selectors: # AUTO-GENERATED - - c# - - directory - - dotnet - - image - - installed - - language - - package - detectors: # MANUAL - edit detectors here - - method: glob - criteria: - - '**/*.deps.json' - - '**/*.dll' - - '**/*.exe' - metadata_types: # AUTO-GENERATED - - pkg.DotnetDepsEntry - - pkg.DotnetPortableExecutableEntry - package_types: # AUTO-GENERATED - - dotnet - - npm - json_schema_types: # AUTO-GENERATED - - DotnetDepsEntry - - DotnetPortableExecutableEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - indirect - - name: dependency.edges - default: complete - - name: dependency.kinds - default: - - runtime - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - - ecosystem: dotnet # MANUAL - name: dotnet-deps-cataloger # AUTO-GENERATED - type: custom # AUTO-GENERATED - source: # AUTO-GENERATED - file: "" - function: "" - selectors: # AUTO-GENERATED - - deprecated - - package - detectors: # MANUAL - edit detectors here - - method: glob - criteria: - - '**/*.deps.json' - metadata_types: # AUTO-GENERATED - - pkg.DotnetDepsEntry - package_types: # AUTO-GENERATED - - dotnet - json_schema_types: # AUTO-GENERATED - - DotnetDepsEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - indirect - - name: dependency.edges - default: complete - - name: dependency.kinds - default: - - runtime - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - - ecosystem: dotnet # MANUAL - name: dotnet-packages-lock-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/dotnet/cataloger.go - function: NewDotnetPackagesLockCataloger - selectors: # AUTO-GENERATED - - c# - - declared - - directory - - dotnet - - image - - language - - package - parsers: # AUTO-GENERATED structure - - function: parseDotnetPackagesLock # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/packages.lock.json' - metadata_types: # AUTO-GENERATED - - pkg.DotnetPackagesLockEntry - package_types: # AUTO-GENERATED - - dotnet - json_schema_types: # AUTO-GENERATED - - DotnetPackagesLockEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - indirect - - name: dependency.edges - default: complete - - name: dependency.kinds - default: - - runtime - - dev - - build - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: true - evidence: - - DotnetPackagesLockEntry.ContentHash - - ecosystem: dotnet # MANUAL - name: dotnet-portable-executable-cataloger # AUTO-GENERATED - type: custom # AUTO-GENERATED - source: # AUTO-GENERATED - file: "" - function: "" - config: dotnet.CatalogerConfig # AUTO-GENERATED - selectors: # AUTO-GENERATED - - deprecated - - package - detectors: # MANUAL - edit detectors here - - method: glob - criteria: - - '**/*.dll' - - '**/*.exe' - metadata_types: # AUTO-GENERATED - - pkg.DotnetPortableExecutableEntry - package_types: # AUTO-GENERATED - - dotnet - json_schema_types: # AUTO-GENERATED - - DotnetPortableExecutableEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: [] - - name: dependency.edges - default: "" - - name: dependency.kinds - default: [] - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - # Elixir ########################################################################################################## - - ecosystem: elixir # MANUAL - name: elixir-mix-lock-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/elixir/cataloger.go - function: NewMixLockCataloger - selectors: # AUTO-GENERATED - - declared - - directory - - elixir - - language - - package - parsers: # AUTO-GENERATED structure - - function: parseMixLock # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/mix.lock' - metadata_types: # AUTO-GENERATED - - pkg.ElixirMixLockEntry - package_types: # AUTO-GENERATED - - hex - json_schema_types: # AUTO-GENERATED - - ElixirMixLockEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - indirect - # we find nodes, but can't relate them together - - name: dependency.edges - default: "" - - name: dependency.kinds - default: - - runtime - - dev - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: true - evidence: - - ElixirMixLockEntry.PkgHash - - ElixirMixLockEntry.PkgHashExt - # Erlang ########################################################################################################## - - ecosystem: erlang # MANUAL - name: erlang-otp-application-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/erlang/cataloger.go - function: NewOTPCataloger - selectors: # AUTO-GENERATED - - declared - - directory - - erlang - - language - - otp - - package - parsers: # AUTO-GENERATED structure - - function: parseOTPApp # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/*.app' - package_types: # AUTO-GENERATED - - erlang-otp - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - name: dependency.edges - default: "" - - name: dependency.kinds - default: - - runtime - - dev - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - - ecosystem: erlang # MANUAL - name: erlang-rebar-lock-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/erlang/cataloger.go - function: NewRebarLockCataloger - selectors: # AUTO-GENERATED - - declared - - directory - - erlang - - language - - package - parsers: # AUTO-GENERATED structure - - function: parseRebarLock # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/rebar.lock' - metadata_types: # AUTO-GENERATED - - pkg.ErlangRebarLockEntry - package_types: # AUTO-GENERATED - - hex - json_schema_types: # AUTO-GENERATED - - ErlangRebarLockEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - name: dependency.edges - default: "" - - name: dependency.kinds - default: - - runtime - - dev - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: true - evidence: - - ErlangRebarLockEntry.PkgHash - - ErlangRebarLockEntry.PkgHashExt - # GitHub Actions ################################################################################################## - - ecosystem: github-actions # MANUAL - name: github-action-workflow-usage-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/githubactions/cataloger.go - function: NewWorkflowUsageCataloger - selectors: # AUTO-GENERATED - - declared - - directory - - github - - github-actions - - package - parsers: # AUTO-GENERATED structure - - function: parseWorkflowForWorkflowUsage # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/.github/workflows/*.yaml' - - '**/.github/workflows/*.yml' - metadata_types: # AUTO-GENERATED - - pkg.GitHubActionsUseStatement - package_types: # AUTO-GENERATED - - github-action-workflow - json_schema_types: # AUTO-GENERATED - - GithubActionsUseStatement - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - # no dependencies supported - - name: dependency.depth - default: [] - - name: dependency.edges - default: "" - - name: dependency.kinds - default: [] - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - - ecosystem: github-actions # MANUAL - name: github-actions-usage-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/githubactions/cataloger.go - function: NewActionUsageCataloger - selectors: # AUTO-GENERATED - - declared - - directory - - github - - github-actions - - package - parsers: # AUTO-GENERATED structure - - function: parseCompositeActionForActionUsage # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/.github/actions/*/action.yml' - - '**/.github/actions/*/action.yaml' - metadata_types: # AUTO-GENERATED - - pkg.GitHubActionsUseStatement - package_types: # AUTO-GENERATED - - github-action - json_schema_types: # AUTO-GENERATED - - GithubActionsUseStatement - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - # no dependencies supported - - name: dependency.depth - default: [] - - name: dependency.edges - default: "" - - name: dependency.kinds - default: [] - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - - function: parseWorkflowForActionUsage # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/.github/workflows/*.yaml' - - '**/.github/workflows/*.yml' - metadata_types: # AUTO-GENERATED - - pkg.GitHubActionsUseStatement - package_types: # AUTO-GENERATED - - github-action - json_schema_types: # AUTO-GENERATED - - GithubActionsUseStatement - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - # no dependencies supported - - name: dependency.depth - default: [] - - name: dependency.edges - default: "" - - name: dependency.kinds - default: [] - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - # Go ############################################################################################################## - - ecosystem: go # MANUAL - name: go-module-binary-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/golang/cataloger.go - function: NewGoModuleBinaryCataloger - config: golang.CatalogerConfig # AUTO-GENERATED - selectors: # AUTO-GENERATED - - binary - - directory - - go - - golang - - gomod - - image - - installed - - language - - package - parsers: # AUTO-GENERATED structure - - function: parseGoBinary # AUTO-GENERATED - detector: # AUTO-GENERATED - method: mimetype # AUTO-GENERATED - criteria: # AUTO-GENERATED - - application/x-executable - - application/x-mach-binary - - application/x-elf - - application/x-sharedlib - - application/vnd.microsoft.portable-executable - - application/x-executable - metadata_types: # AUTO-GENERATED - - pkg.GolangBinaryBuildinfoEntry - package_types: # AUTO-GENERATED - - go-module - json_schema_types: # AUTO-GENERATED - - GoModuleBuildinfoEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - conditions: - - when: - SearchLocalModCacheLicenses: true - value: true - - when: - SearchRemoteLicenses: true - value: true - - name: dependency.depth - default: - - direct - - indirect - - name: dependency.edges - default: flat - - name: dependency.kinds - default: - - runtime - - dev - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: true - evidence: - - GolangBinaryBuildinfoEntry.H1Digest - - ecosystem: go # MANUAL - name: go-module-file-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/golang/cataloger.go - function: NewGoModuleFileCataloger - config: golang.CatalogerConfig # AUTO-GENERATED - selectors: # AUTO-GENERATED - - declared - - directory - - go - - golang - - gomod - - language - - package - parsers: # AUTO-GENERATED structure - - function: parseGoModFile # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/go.mod' - metadata_types: # AUTO-GENERATED - - pkg.GolangModuleEntry - - pkg.GolangSourceEntry - package_types: # AUTO-GENERATED - - go-module - json_schema_types: # AUTO-GENERATED - - GoModuleEntry - - GoSourceEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - conditions: - - when: - SearchLocalModCacheLicenses: true - value: true - - when: - SearchRemoteLicenses: true - value: true - - name: dependency.depth - default: - - direct - - indirect - - name: dependency.edges - default: flat - - name: dependency.kinds - default: - - runtime - - dev - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: true - evidence: - - GolangModuleEntry.H1Digest - - GolangSourceEntry.H1Digest - # Java ############################################################################################################ - - ecosystem: java # MANUAL - name: java-archive-cataloger # AUTO-GENERATED - type: custom # MANUAL OVERRIDE - source: # AUTO-GENERATED - file: syft/pkg/cataloger/java/cataloger.go - function: NewArchiveCataloger - config: java.ArchiveCatalogerConfig # AUTO-GENERATED - selectors: # AUTO-GENERATED - - directory - - image - - installed - - java - - language - - maven - - package - detectors: # MANUAL - edit detectors here - - method: glob - criteria: - - '**/*.jar' - - '**/*.war' - - '**/*.ear' - - '**/*.par' - - '**/*.sar' - - '**/*.nar' - - '**/*.jpi' - - '**/*.hpi' - - '**/*.kar' - - '**/*.lpkg' - comment: JAR-based archives - always active - - method: glob - criteria: - - '**/*.zip' - conditions: - - when: - IncludeIndexedArchives: true - comment: ZIP archives require indexed archive support - - method: glob - criteria: - - '**/*.tar' - - '**/*.tar.gz' - - '**/*.tgz' - - '**/*.tar.bz' - - '**/*.tar.bz2' - - '**/*.tbz' - - '**/*.tbz2' - - '**/*.tar.br' - - '**/*.tbr' - - '**/*.tar.lz4' - - '**/*.tlz4' - - '**/*.tar.sz' - - '**/*.tsz' - - '**/*.tar.xz' - - '**/*.txz' - - '**/*.tar.zst' - - '**/*.tzst' - - '**/*.tar.zstd' - - '**/*.tzstd' - conditions: - - when: - IncludeUnindexedArchives: true - comment: TAR archives require unindexed archive support - metadata_types: # AUTO-GENERATED - - pkg.JavaArchive - package_types: # AUTO-GENERATED - - java-archive - json_schema_types: # AUTO-GENERATED - - JavaArchive - capabilities: # MANUAL - config-driven capability definitions - # TODO: online capabilities - - name: license - default: false - # TODO: this does not account for the various sources (maven/gradle/other) that have different dependency qualities - - name: dependency.depth - default: - - direct - - indirect - - name: dependency.edges - default: complete - - name: dependency.kinds - default: - - runtime - - dev - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - # note: only applicable to archives, but not raw gradle/maven files - default: true - evidence: - - JavaArchive.ArchiveDigests - - ecosystem: java # MANUAL - name: java-gradle-lockfile-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/java/cataloger.go - function: NewGradleLockfileCataloger - selectors: # AUTO-GENERATED - - declared - - directory - - gradle - - java - - language - - package - parsers: # AUTO-GENERATED structure - - function: parseGradleLockfile - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/gradle.lockfile*' - metadata_types: # AUTO-GENERATED - - pkg.JavaArchive - package_types: # AUTO-GENERATED - - java-archive - json_schema_types: # AUTO-GENERATED - - JavaArchive - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - indirect - # we detect nodes, but can't relate them together - - name: dependency.edges - default: "" - - name: dependency.kinds - default: - - runtime - - dev - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - - ecosystem: java # MANUAL - name: java-pom-cataloger # AUTO-GENERATED - type: custom # AUTO-GENERATED - source: # AUTO-GENERATED - file: "" - function: "" - selectors: # AUTO-GENERATED - - declared - - directory - - java - - language - - maven - - package - detectors: # MANUAL - edit detectors here - - method: glob - criteria: - - '*pom.xml' - metadata_types: # AUTO-GENERATED - - pkg.JavaArchive - package_types: # AUTO-GENERATED - - java-archive - json_schema_types: # AUTO-GENERATED - - JavaArchive - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: true - - name: dependency.depth - default: - - direct - - name: dependency.edges - default: complete - - name: dependency.kinds - default: - - runtime - - dev - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - - ecosystem: java # MANUAL - name: java-jvm-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/java/cataloger.go - function: NewJvmDistributionCataloger - selectors: # AUTO-GENERATED - - declared - - directory - - image - - installed - - java - - jdk - - jre - - jvm - - package - parsers: # AUTO-GENERATED structure - - function: parseJVMRelease - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/release' - metadata_types: # AUTO-GENERATED - - pkg.JavaVMInstallation - package_types: # AUTO-GENERATED - - binary - json_schema_types: # AUTO-GENERATED - - JavaJvmInstallation - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: true - - name: dependency.depth - default: - - direct - - indirect - - name: dependency.edges - default: "" - - name: dependency.kinds - default: - - runtime - - dev - - name: package_manager.files.listing - default: true - evidence: - - JavaVMInstallation.Files - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - - ecosystem: java # MANUAL - name: graalvm-native-image-cataloger # AUTO-GENERATED - type: custom # AUTO-GENERATED - source: # AUTO-GENERATED - file: "" - function: "" - selectors: # AUTO-GENERATED - - directory - - image - - installed - - java - - language - - package - detectors: # MANUAL - edit detectors here - - method: mimetype - criteria: - - application/x-executable - - application/x-mach-binary - - application/x-elf - - application/x-sharedlib - - application/vnd.microsoft.portable-executable - package_types: # MANUAL - edit package types here - - graalvm-native-image - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - indirect - comment: the dependencies ultimately depends on the quality of the embedded SBOM - - name: dependency.edges - default: complete - - name: dependency.kinds - default: - - runtime - - dev - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - # Haskell ######################################################################################################### - - ecosystem: haskell # MANUAL - name: haskell-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/haskell/cataloger.go - function: NewHackageCataloger - selectors: # AUTO-GENERATED - - cabal - - declared - - directory - - hackage - - haskell - - language - - package - parsers: # AUTO-GENERATED structure - - function: parseCabalFreeze # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/cabal.project.freeze' - package_types: # AUTO-GENERATED - - hackage - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - indirect - - name: dependency.edges - default: "" - - name: dependency.kinds - default: - - runtime - - dev - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - - function: parseStackLock # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/stack.yaml.lock' - metadata_types: # AUTO-GENERATED - - pkg.HackageStackYamlLockEntry - package_types: # AUTO-GENERATED - - hackage - json_schema_types: # AUTO-GENERATED - - HaskellHackageStackLockEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - indirect - - name: dependency.edges - default: "" - - name: dependency.kinds - default: - - runtime - - dev - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: true - evidence: - - HackageStackYamlLockEntry.PkgHash - - function: parseStackYaml # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/stack.yaml' - metadata_types: # AUTO-GENERATED - - pkg.HackageStackYamlEntry - package_types: # AUTO-GENERATED - - hackage - json_schema_types: # AUTO-GENERATED - - HaskellHackageStackEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - name: dependency.edges - default: "" - - name: dependency.kinds - default: - - runtime - - dev - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: true - evidence: - - HackageStackYamlEntry.PkgHash - # Homebrew ####################################################################################################### - - ecosystem: homebrew # MANUAL - name: homebrew-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/homebrew/cataloger.go - function: NewCataloger - selectors: # AUTO-GENERATED - - directory - - homebrew - - image - - installed - - package - parsers: # AUTO-GENERATED structure - - function: parseHomebrewFormula # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/Cellar/*/*/.brew/*.rb' - - '**/Library/Taps/*/*/Formula/*.rb' - metadata_types: # AUTO-GENERATED - - pkg.HomebrewFormula - package_types: # AUTO-GENERATED - - homebrew - json_schema_types: # AUTO-GENERATED - - HomebrewFormula - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: true - - name: dependency.depth - default: [] - - name: dependency.edges - default: "" - - name: dependency.kinds - default: [] - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - # JavaScript ###################################################################################################### - - ecosystem: javascript # MANUAL - name: javascript-lock-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/javascript/cataloger.go - function: NewLockCataloger - config: javascript.CatalogerConfig # AUTO-GENERATED - selectors: # AUTO-GENERATED - - declared - - directory - - javascript - - language - - node - - npm - - package - parsers: # AUTO-GENERATED structure - - function: parsePnpmLock # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/pnpm-lock.yaml' - metadata_types: # AUTO-GENERATED - - pkg.PnpmLockEntry - package_types: # AUTO-GENERATED - - npm - json_schema_types: # AUTO-GENERATED - - JavascriptPnpmLockEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - indirect - - name: dependency.edges - default: "" - - name: dependency.kinds - # note: though there are dev dependencies listed, they are in a different section in the document - default: - - runtime - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - - function: parseYarnLock # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/yarn.lock' - metadata_types: # AUTO-GENERATED - - pkg.YarnLockEntry - package_types: # AUTO-GENERATED - - npm - json_schema_types: # AUTO-GENERATED - - JavascriptYarnLockEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - indirect - - name: dependency.edges - default: "" - - name: dependency.kinds - # note: though there are dev dependencies listed, they are in a different section in the document - default: - - runtime - - dev - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: true - evidence: - - YarnLockEntry.Integrity - - function: parsePackageLock # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/package-lock.json' - metadata_types: # AUTO-GENERATED - - pkg.NpmPackageLockEntry - package_types: # AUTO-GENERATED - - npm - json_schema_types: # AUTO-GENERATED - - JavascriptNpmPackageLockEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: true - - name: dependency.depth - default: - - direct - - indirect - - name: dependency.edges - default: "" - - name: dependency.kinds - # note: though there are dev dependencies listed, they are in a different section in the document - default: - - runtime - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: true - evidence: - - NpmPackageLockEntry.Integrity - - ecosystem: javascript # MANUAL - name: javascript-package-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/javascript/cataloger.go - function: NewPackageCataloger - selectors: # AUTO-GENERATED - - image - - installed - - javascript - - language - - node - - package - parsers: # AUTO-GENERATED structure - - function: parsePackageJSON # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/package.json' - metadata_types: # AUTO-GENERATED - - pkg.NpmPackage - package_types: # AUTO-GENERATED - - npm - json_schema_types: # AUTO-GENERATED - - JavascriptNpmPackage - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: true - - name: dependency.depth - default: - - direct - - name: dependency.edges - default: "" - - name: dependency.kinds - # note: devDependencies not parsed by this cataloger - default: - - runtime - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - # Linux ########################################################################################################## - - ecosystem: linux # MANUAL - name: linux-kernel-cataloger # AUTO-GENERATED - type: custom # AUTO-GENERATED - source: # AUTO-GENERATED - file: "" - function: "" - config: kernel.LinuxKernelCatalogerConfig # AUTO-GENERATED - selectors: # AUTO-GENERATED - - declared - - directory - - image - - installed - - kernel - - linux - - package - detectors: # MANUAL - edit detectors here - - method: glob - criteria: - - '**/kernel' - - '**/kernel-*' - - '**/vmlinux' - - '**/vmlinux-*' - - '**/vmlinuz' - - '**/vmlinuz-*' - - '**/lib/modules/**/*.ko' - metadata_types: # AUTO-GENERATED - - pkg.LinuxKernel - - pkg.LinuxKernelModule - package_types: # AUTO-GENERATED - - linux-kernel - - linux-kernel-module - json_schema_types: # AUTO-GENERATED - - LinuxKernelArchive - - LinuxKernelModule - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: true - - name: dependency.depth - default: [] - - name: dependency.edges - default: "" - - name: dependency.kinds - default: [] - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - # Lua ############################################################################################################# - - ecosystem: lua # MANUAL - name: lua-rock-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/lua/cataloger.go - function: NewPackageCataloger - selectors: # AUTO-GENERATED - - directory - - image - - installed - - language - - lua - - package - parsers: # AUTO-GENERATED structure - - function: parseRockspec # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/*.rockspec' - metadata_types: # AUTO-GENERATED - - pkg.LuaRocksPackage - package_types: # AUTO-GENERATED - - lua-rocks - json_schema_types: # AUTO-GENERATED - - LuarocksPackage - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: true - - name: dependency.depth - default: [] - - name: dependency.edges - default: "" - - name: dependency.kinds - default: [] - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - # Nix ############################################################################################################# - - ecosystem: nix # MANUAL - name: nix-cataloger # AUTO-GENERATED - type: custom # AUTO-GENERATED - source: # AUTO-GENERATED - file: "" - function: "" - selectors: # AUTO-GENERATED - - directory - - image - - installed - - language - - nix - - package - detectors: # MANUAL - edit detectors here - - method: glob - criteria: - - '**/nix/var/nix/db/db.sqlite' - - '**/nix/store/*' - - '**/nix/store/*.drv' - metadata_types: # AUTO-GENERATED - - pkg.NixStoreEntry - package_types: # AUTO-GENERATED - - nix - json_schema_types: # AUTO-GENERATED - - NixStoreEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - indirect - - name: dependency.edges - default: complete - - name: dependency.kinds - default: - - runtime - - name: package_manager.files.listing - default: true - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: true - evidence: - - NixStoreEntry.OutputHash - - ecosystem: nix # MANUAL - name: nix-store-cataloger # AUTO-GENERATED - type: custom # AUTO-GENERATED - source: # AUTO-GENERATED - file: "" - function: "" - config: nix.Config # AUTO-GENERATED - selectors: # AUTO-GENERATED - - deprecated - - package - detectors: # MANUAL - edit detectors here - - method: glob - criteria: - - '**/nix/store/*' - - '**/nix/store/*.drv' - metadata_types: # AUTO-GENERATED - - pkg.NixStoreEntry - package_types: # AUTO-GENERATED - - nix - json_schema_types: # AUTO-GENERATED - - NixStoreEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - indirect - - name: dependency.edges - default: complete - - name: dependency.kinds - default: - - runtime - - name: package_manager.files.listing - default: false - conditions: - - when: - CaptureOwnedFiles: true - value: true - evidence: - - NixStoreEntry.Files - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: true - evidence: - - NixStoreEntry.OutputHash - # OCaml ########################################################################################################## - - ecosystem: ocaml # MANUAL - name: opam-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/ocaml/cataloger.go - function: NewOpamPackageManagerCataloger - selectors: # AUTO-GENERATED - - declared - - directory - - language - - ocaml - - opam - - package - parsers: # AUTO-GENERATED structure - - function: parseOpamPackage # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/*opam' - metadata_types: # AUTO-GENERATED - - pkg.OpamPackage - package_types: # AUTO-GENERATED - - opam - json_schema_types: # AUTO-GENERATED - - OpamPackage - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: true - - name: dependency.depth - default: - - direct - - name: dependency.edges - default: "" - - name: dependency.kinds - default: - - runtime - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - # PHP ############################################################################################################# - - ecosystem: php # MANUAL - name: php-composer-installed-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/php/cataloger.go - function: NewComposerInstalledCataloger - selectors: # AUTO-GENERATED - - composer - - image - - installed - - language - - package - - php - parsers: # AUTO-GENERATED structure - - function: parseInstalledJSON # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/installed.json' - metadata_types: # AUTO-GENERATED - - pkg.PhpComposerInstalledEntry - package_types: # AUTO-GENERATED - - php-composer - json_schema_types: # AUTO-GENERATED - - PhpComposerInstalledEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: true - - name: dependency.depth - default: - - direct - - indirect - - name: dependency.edges - default: "" - - name: dependency.kinds - default: - - runtime - - dev - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - - ecosystem: php # MANUAL - name: php-composer-lock-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/php/cataloger.go - function: NewComposerLockCataloger - selectors: # AUTO-GENERATED - - composer - - declared - - directory - - language - - package - - php - parsers: # AUTO-GENERATED structure - - function: parseComposerLock # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/composer.lock' - metadata_types: # AUTO-GENERATED - - pkg.PhpComposerLockEntry - package_types: # AUTO-GENERATED - - php-composer - json_schema_types: # AUTO-GENERATED - - PhpComposerLockEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: true - - name: dependency.depth - default: - - direct - - indirect - - name: dependency.edges - default: "" - - name: dependency.kinds - # note: the dev dependencies are in a separate section in the lock file - default: - - runtime - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: true - - ecosystem: php # MANUAL - name: php-interpreter-cataloger # AUTO-GENERATED - type: custom # AUTO-GENERATED - source: # AUTO-GENERATED - file: "" - function: "" - selectors: # AUTO-GENERATED - - binary - - declared - - directory - - image - - installed - - package - - php - detectors: # MANUAL - edit detectors here - - method: glob - criteria: - - '**/php*/**/*.so' - - '**/php-fpm*' - - '**/apache*/**/libphp*.so' - metadata_types: # AUTO-GENERATED - - pkg.BinarySignature - package_types: # AUTO-GENERATED - - binary - json_schema_types: # AUTO-GENERATED - - BinarySignature - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - name: dependency.edges - default: flat - - name: dependency.kinds - default: - - runtime - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - - ecosystem: php # MANUAL - name: php-pear-serialized-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/php/cataloger.go - function: NewPearCataloger - selectors: # AUTO-GENERATED - - declared - - directory - - image - - language - - package - - pear - - php - parsers: # AUTO-GENERATED structure - - function: parsePear # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/php/.registry/**/*.reg' - metadata_types: # AUTO-GENERATED - - pkg.PhpPearEntry - package_types: # AUTO-GENERATED - - php-pear - json_schema_types: # AUTO-GENERATED - - PhpPearEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: true - - name: dependency.depth - default: - - direct - - name: dependency.edges - default: "" - - name: dependency.kinds - default: - - runtime - - name: package_manager.files.listing - default: true - - name: package_manager.files.digests - default: true - - name: package_manager.package_integrity_hash - default: false - - ecosystem: php # MANUAL - name: php-pecl-serialized-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/php/cataloger.go - function: NewPeclCataloger - selectors: # AUTO-GENERATED - - deprecated - - package - parsers: # AUTO-GENERATED structure - - function: parsePecl # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/php/.registry/.channel.*/*.reg' - metadata_types: # AUTO-GENERATED - - pkg.PhpPeclEntry - package_types: # AUTO-GENERATED - - php-pecl - json_schema_types: # AUTO-GENERATED - - PhpPeclEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: true - - name: dependency.depth - default: - - direct - - name: dependency.edges - default: "" - - name: dependency.kinds - default: - - runtime - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - # Portage (gentoo) ######################################################################################################## - - ecosystem: portage # MANUAL - name: portage-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/gentoo/cataloger.go - function: NewPortageCataloger - selectors: # AUTO-GENERATED - - directory - - gentoo - - image - - installed - - linux - - os - - package - - portage - parsers: # AUTO-GENERATED structure - - function: parsePortageContents # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/var/db/pkg/*/*/CONTENTS' - metadata_types: # AUTO-GENERATED - - pkg.PortageEntry - package_types: # AUTO-GENERATED - - portage - json_schema_types: # AUTO-GENERATED - - PortageDbEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: true - - name: dependency.depth - default: - - direct - - name: dependency.edges - default: "" - - name: dependency.kinds - default: - - runtime - - name: package_manager.files.listing - default: true - evidence: - - PortageEntry.Files - - name: package_manager.files.digests - default: true - evidence: - - PortageEntry.Files[].Digest - - name: package_manager.package_integrity_hash - default: false - # Python ######################################################################################################### - - ecosystem: python # MANUAL - name: python-installed-package-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/python/cataloger.go - function: NewInstalledPackageCataloger - selectors: # AUTO-GENERATED - - directory - - image - - installed - - language - - package - - python - parsers: # AUTO-GENERATED structure - - function: parseWheelOrEgg # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/*.egg-info' - - '**/*dist-info/METADATA' - - '**/*egg-info/PKG-INFO' - - '**/*DIST-INFO/METADATA' - - '**/*EGG-INFO/PKG-INFO' - metadata_types: # AUTO-GENERATED - - pkg.PythonPackage - package_types: # AUTO-GENERATED - - python - json_schema_types: # AUTO-GENERATED - - PythonPackage - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: true - - name: dependency.depth - default: - - direct - - name: dependency.edges - default: complete - - name: dependency.kinds - default: - - runtime - - name: package_manager.files.listing - default: true - evidence: - - PythonPackage.Files - - name: package_manager.files.digests - default: true - evidence: - - PythonPackage.Files[].Digest - - name: package_manager.package_integrity_hash - default: false - - ecosystem: python # MANUAL - name: python-package-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/python/cataloger.go - function: NewPackageCataloger - config: python.CatalogerConfig # AUTO-GENERATED - selectors: # AUTO-GENERATED - - declared - - directory - - language - - package - - python - parsers: # AUTO-GENERATED structure - - function: parsePdmLock # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/pdm.lock' - metadata_types: # AUTO-GENERATED - - pkg.PythonPdmLockEntry - package_types: # AUTO-GENERATED - - python - json_schema_types: # AUTO-GENERATED - - PythonPdmLockEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - indirect - - name: dependency.edges - default: complete - - name: dependency.kinds - default: - - runtime - - dev - - optional - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - - function: parseUvLock # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/uv.lock' - metadata_types: # AUTO-GENERATED - - pkg.PythonUvLockEntry - package_types: # AUTO-GENERATED - - python - json_schema_types: # AUTO-GENERATED - - PythonUvLockEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - indirect - - name: dependency.edges - default: complete - - name: dependency.kinds - default: - - runtime - - dev - - optional - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - - function: parseSetupFile # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/setup.py' - package_types: # AUTO-GENERATED - - python - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - name: dependency.edges - default: "" - - name: dependency.kinds - default: [] - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - - function: parsePipfileLock # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/Pipfile.lock' - metadata_types: # AUTO-GENERATED - - pkg.PythonPipfileLockEntry - package_types: # AUTO-GENERATED - - python - json_schema_types: # AUTO-GENERATED - - PythonPipfileLockEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - indirect - - name: dependency.edges - default: "" - - name: dependency.kinds - default: - - runtime - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: true - evidence: - - PythonPipfileLockEntry.Hashes - - name: package_manager.package_integrity_hash - default: false - - function: parsePoetryLock # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/poetry.lock' - metadata_types: # AUTO-GENERATED - - pkg.PythonPoetryLockEntry - package_types: # AUTO-GENERATED - - python - json_schema_types: # AUTO-GENERATED - - PythonPoetryLockEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - indirect - - name: dependency.edges - default: complete - - name: dependency.kinds - default: - - runtime - - dev - - optional - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - # TODO: we can enhance this to track file hashes from the poetry.lock file - - name: package_manager.package_integrity_hash - default: false - - function: parseRequirementsTxt - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/*requirements*.txt' - metadata_types: # AUTO-GENERATED - - pkg.PythonRequirementsEntry - package_types: # AUTO-GENERATED - - python - json_schema_types: # AUTO-GENERATED - - PythonPipRequirementsEntry - capabilities: # MANUAL - preserved across regeneration - - name: license - default: false - - name: dependency.depth - default: - - direct - - name: dependency.edges - default: "" - - name: dependency.kinds - default: - - any - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - # R ############################################################################################################### - - ecosystem: r # MANUAL - name: r-package-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/r/cataloger.go - function: NewPackageCataloger - selectors: # AUTO-GENERATED - - directory - - image - - installed - - language - - package - - r - parsers: # AUTO-GENERATED structure - - function: parseDescriptionFile # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/DESCRIPTION' - metadata_types: # AUTO-GENERATED - - pkg.RDescription - package_types: # AUTO-GENERATED - - R-package - json_schema_types: # AUTO-GENERATED - - RDescription - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: true - - name: dependency.depth - default: [] - - name: dependency.edges - default: "" - - name: dependency.kinds - default: [] - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - # RPM (RedHat) ####################################################################################################### - - ecosystem: rpm # MANUAL - name: rpm-archive-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/redhat/cataloger.go - function: NewArchiveCataloger - selectors: # AUTO-GENERATED - - declared - - directory - - linux - - os - - package - - redhat - - rpm - parsers: # AUTO-GENERATED structure - - function: parseRpmArchive # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/*.rpm' - metadata_types: # AUTO-GENERATED - - pkg.RpmArchive - package_types: # AUTO-GENERATED - - rpm - json_schema_types: # AUTO-GENERATED - - RpmArchive - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: true - - name: dependency.depth - default: [] - - name: dependency.edges - default: "" - - name: dependency.kinds - default: [] - - name: package_manager.files.listing - default: true - evidence: - - RpmArchive.Files - - name: package_manager.files.digests - default: true - evidence: - - RpmArchive.Files[].Digest - - name: package_manager.package_integrity_hash - default: false - - ecosystem: rpm # MANUAL - name: rpm-db-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/redhat/cataloger.go - function: NewDBCataloger - selectors: # AUTO-GENERATED - - directory - - image - - installed - - linux - - os - - package - - redhat - - rpm - parsers: # AUTO-GENERATED structure - - function: parseRpmManifest # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/var/lib/rpmmanifest/container-manifest-2' - metadata_types: # AUTO-GENERATED - - pkg.RpmDBEntry - package_types: # AUTO-GENERATED - - rpm - json_schema_types: # AUTO-GENERATED - - RpmDbEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - indirect - - name: dependency.edges - default: "" - - name: dependency.kinds - default: - - runtime - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - - function: parseRpmDB # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/{var/lib,usr/share,usr/lib/sysimage}/rpm/{Packages,Packages.db,rpmdb.sqlite}' - metadata_types: # AUTO-GENERATED - - pkg.RpmDBEntry - package_types: # AUTO-GENERATED - - rpm - json_schema_types: # AUTO-GENERATED - - RpmDbEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: true - - name: dependency.depth - default: - - direct - - indirect - - name: dependency.edges - default: complete - - name: dependency.kinds - default: - - runtime - - name: package_manager.files.listing - default: true - evidence: - - RpmDBEntry.Files - - name: package_manager.files.digests - default: true - evidence: - - RpmDBEntry.Files[].Digest - - name: package_manager.package_integrity_hash - default: false - # Ruby ########################################################################################################### - - ecosystem: ruby # MANUAL - name: ruby-gemfile-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/ruby/cataloger.go - function: NewGemFileLockCataloger - selectors: # AUTO-GENERATED - - declared - - directory - - gem - - language - - package - - ruby - parsers: # AUTO-GENERATED structure - - function: parseGemFileLockEntries # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/Gemfile.lock' - package_types: # AUTO-GENERATED - - gem - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - indirect - - name: dependency.edges - default: "" - - name: dependency.kinds - default: - - runtime - - dev - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - - ecosystem: ruby # MANUAL - name: ruby-gemspec-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/ruby/cataloger.go - function: NewGemSpecCataloger - selectors: # AUTO-GENERATED - - declared - - directory - - gem - - gemspec - - language - - package - - ruby - parsers: # AUTO-GENERATED structure - - function: parseGemSpecEntries # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/*.gemspec' - metadata_types: # AUTO-GENERATED - - pkg.RubyGemspec - package_types: # AUTO-GENERATED - - gem - json_schema_types: # AUTO-GENERATED - - RubyGemspec - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: true - - name: dependency.depth - default: - - direct - - name: dependency.edges - default: "" - - name: dependency.kinds - default: - - runtime - - name: package_manager.files.listing - default: true - evidence: - - RubyGemspec.Files - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - - ecosystem: ruby # MANUAL - name: ruby-installed-gemspec-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/ruby/cataloger.go - function: NewInstalledGemSpecCataloger - selectors: # AUTO-GENERATED - - gem - - gemspec - - image - - installed - - language - - package - - ruby - parsers: # AUTO-GENERATED structure - - function: parseGemSpecEntries # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/specifications/**/*.gemspec' - metadata_types: # AUTO-GENERATED - - pkg.RubyGemspec - package_types: # AUTO-GENERATED - - gem - json_schema_types: # AUTO-GENERATED - - RubyGemspec - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: true - - name: dependency.depth - default: - - direct - - indirect - - name: dependency.edges - default: "" - - name: dependency.kinds - default: - - runtime - - name: package_manager.files.listing - default: true - evidence: - - RubyGemspec.Files - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - # SBOM ########################################################################################################## - - ecosystem: sbom # MANUAL - name: sbom-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/sbom/cataloger.go - function: NewCataloger - selectors: # AUTO-GENERATED - - package - - sbom - parsers: # AUTO-GENERATED structure - - function: parseSBOM # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/*.syft.json' - - '**/*.bom.*' - - '**/*.bom' - - '**/bom' - - '**/*.sbom.*' - - '**/*.sbom' - - '**/sbom' - - '**/*.cdx.*' - - '**/*.cdx' - - '**/*.spdx.*' - - '**/*.spdx' - metadata_types: # AUTO-GENERATED - - pkg.ApkDBEntry - package_types: # AUTO-GENERATED - - apk - json_schema_types: # AUTO-GENERATED - - ApkDbEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: true - - name: dependency.depth - default: [] - - name: dependency.edges - default: "" - - name: dependency.kinds - default: [] - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - # Snap ########################################################################################################## - - ecosystem: snap # MANUAL - name: snap-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/snap/cataloger.go - function: NewCataloger - selectors: # AUTO-GENERATED - - directory - - image - - installed - - package - - snap - parsers: # AUTO-GENERATED structure - - function: parseSnapdSnapcraft # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/snap/snapcraft.yaml' - metadata_types: # AUTO-GENERATED - - pkg.SnapEntry - package_types: # AUTO-GENERATED - - deb - json_schema_types: # AUTO-GENERATED - - SnapEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: [] - - name: dependency.edges - default: "" - - name: dependency.kinds - default: [] - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - - function: parseSystemManifest # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/snap/manifest.yaml' - metadata_types: # AUTO-GENERATED - - pkg.SnapEntry - package_types: # AUTO-GENERATED - - deb - json_schema_types: # AUTO-GENERATED - - SnapEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: [] - - name: dependency.edges - default: "" - - name: dependency.kinds - default: [] - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - - function: parseKernelChangelog # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/doc/linux-modules-*/changelog.Debian.gz' - metadata_types: # AUTO-GENERATED - - pkg.SnapEntry - package_types: # AUTO-GENERATED - - deb - json_schema_types: # AUTO-GENERATED - - SnapEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: [] - - name: dependency.edges - default: "" - - name: dependency.kinds - default: [] - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - - function: parseBaseDpkgYaml # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/usr/share/snappy/dpkg.yaml' - metadata_types: # AUTO-GENERATED - - pkg.SnapEntry - package_types: # AUTO-GENERATED - - deb - json_schema_types: # AUTO-GENERATED - - SnapEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: [] - - name: dependency.edges - default: "" - - name: dependency.kinds - default: [] - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - - function: parseSnapYaml # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/meta/snap.yaml' - metadata_types: # AUTO-GENERATED - - pkg.SnapEntry - package_types: # AUTO-GENERATED - - deb - json_schema_types: # AUTO-GENERATED - - SnapEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: [] - - name: dependency.edges - default: "" - - name: dependency.kinds - default: [] - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - # Prolog ######################################################################################################## - - ecosystem: prolog # MANUAL - name: swipl-pack-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/swipl/cataloger.go - function: NewSwiplPackCataloger - selectors: # AUTO-GENERATED - - declared - - directory - - language - - pack - - package - - swipl - parsers: # AUTO-GENERATED structure - - function: parsePackPackage # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/pack.pl' - metadata_types: # AUTO-GENERATED - - pkg.SwiplPackEntry - package_types: # AUTO-GENERATED - - swiplpack - json_schema_types: # AUTO-GENERATED - - SwiplpackPackage - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - name: dependency.edges - default: "" - - name: dependency.kinds - default: - - runtime - - dev - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - # Terraform ###################################################################################################### - - ecosystem: terraform # MANUAL - name: terraform-lock-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/terraform/cataloger.go - function: NewLockCataloger - selectors: # AUTO-GENERATED - - declared - - directory - - package - - terraform - parsers: # AUTO-GENERATED structure - - function: parseTerraformLock # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/.terraform.lock.hcl' - metadata_types: # AUTO-GENERATED - - pkg.TerraformLockProviderEntry - package_types: # AUTO-GENERATED - - terraform - json_schema_types: # AUTO-GENERATED - - TerraformLockProviderEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: false - - name: dependency.depth - default: - - direct - - name: dependency.edges - default: "" - - name: dependency.kinds - default: - - runtime - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: true - evidence: - - TerraformLockProviderEntry.Hashes - # WordPress ###################################################################################################### - - ecosystem: wordpress # MANUAL - name: wordpress-plugins-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/wordpress/cataloger.go - function: NewWordpressPluginCataloger - selectors: # AUTO-GENERATED - - directory - - image - - package - - wordpress - parsers: # AUTO-GENERATED structure - - function: parseWordpressPluginFiles # AUTO-GENERATED - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/wp-content/plugins/*/*.php' - metadata_types: # AUTO-GENERATED - - pkg.WordpressPluginEntry - package_types: # AUTO-GENERATED - - wordpress-plugin - json_schema_types: # AUTO-GENERATED - - WordpressPluginEntry - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: true - - name: dependency.depth - default: [] - - name: dependency.edges - default: "" - - name: dependency.kinds - default: [] - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: false - - ecosystem: ai # MANUAL - name: gguf-cataloger # AUTO-GENERATED - type: generic # AUTO-GENERATED - source: # AUTO-GENERATED - file: syft/pkg/cataloger/ai/cataloger.go - function: NewGGUFCataloger - selectors: # AUTO-GENERATED - - ai - - directory - - gguf - - image - - ml - - model - - package - parsers: # AUTO-GENERATED structure - - function: parseGGUFModel - detector: # AUTO-GENERATED - method: glob # AUTO-GENERATED - criteria: # AUTO-GENERATED - - '**/*.gguf' - metadata_types: # AUTO-GENERATED - - pkg.GGUFFileHeader - package_types: # AUTO-GENERATED - - model - json_schema_types: # AUTO-GENERATED - - GgufFileHeader - capabilities: # MANUAL - config-driven capability definitions - - name: license - default: true - - name: dependency.depth - default: [] - - name: dependency.edges - default: "" - - name: dependency.kinds - default: [] - - name: package_manager.files.listing - default: false - - name: package_manager.files.digests - default: false - - name: package_manager.package_integrity_hash - default: true - evidence: - - GGUFFileHeader.MetadataKeyValuesHash diff --git a/internal/capabilities/packages/ai.yaml b/internal/capabilities/packages/ai.yaml new file mode 100644 index 000000000..fff9fa3a7 --- /dev/null +++ b/internal/capabilities/packages/ai.yaml @@ -0,0 +1,46 @@ +# Cataloger capabilities. See ../README.md for documentation. + +catalogers: + - ecosystem: ai # MANUAL + name: gguf-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/ai/cataloger.go + function: NewGGUFCataloger + selectors: # AUTO-GENERATED + - ai + - directory + - gguf + - image + - ml + - model + - package + parsers: # AUTO-GENERATED structure + - function: parseGGUFModel + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/*.gguf' + metadata_types: # AUTO-GENERATED + - pkg.GGUFFileHeader + package_types: # AUTO-GENERATED + - model + json_schema_types: # AUTO-GENERATED + - GgufFileHeader + capabilities: # MANUAL - preserved across regeneration + - name: license + default: true + - name: dependency.depth + default: [] + - name: dependency.edges + default: "" + - name: dependency.kinds + default: [] + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: true + evidence: + - GGUFFileHeader.MetadataKeyValuesHash diff --git a/internal/capabilities/packages/alpine.yaml b/internal/capabilities/packages/alpine.yaml new file mode 100644 index 000000000..8f0efe66f --- /dev/null +++ b/internal/capabilities/packages/alpine.yaml @@ -0,0 +1,54 @@ +# Cataloger capabilities. See ../README.md for documentation. + +catalogers: + - ecosystem: alpine # MANUAL + name: apk-db-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/alpine/cataloger.go + function: NewDBCataloger + selectors: # AUTO-GENERATED + - alpine + - apk + - directory + - image + - installed + - linux + - os + - package + parsers: # AUTO-GENERATED structure + - function: parseApkDB + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/lib/apk/db/installed' + metadata_types: # AUTO-GENERATED + - pkg.ApkDBEntry + package_types: # AUTO-GENERATED + - apk + json_schema_types: # AUTO-GENERATED + - ApkDbEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: true + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: complete + - name: dependency.kinds + default: + - runtime + - name: package_manager.files.listing + default: true + evidence: + - ApkDBEntry.Files + - name: package_manager.files.digests + default: true + evidence: + - ApkDBEntry.Files[].Digest + - name: package_manager.package_integrity_hash + default: true + evidence: + - ApkDBEntry.Checksum diff --git a/internal/capabilities/packages/arch.yaml b/internal/capabilities/packages/arch.yaml new file mode 100644 index 000000000..1c8c7057b --- /dev/null +++ b/internal/capabilities/packages/arch.yaml @@ -0,0 +1,53 @@ +# Cataloger capabilities. See ../README.md for documentation. + +catalogers: + - ecosystem: alpm # MANUAL + name: alpm-db-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/arch/cataloger.go + function: NewDBCataloger + selectors: # AUTO-GENERATED + - alpm + - archlinux + - directory + - image + - installed + - linux + - os + - package + - pacman + parsers: # AUTO-GENERATED structure + - function: parseAlpmDB + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/var/lib/pacman/local/**/desc' + metadata_types: # AUTO-GENERATED + - pkg.AlpmDBEntry + package_types: # AUTO-GENERATED + - alpm + json_schema_types: # AUTO-GENERATED + - AlpmDbEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: true + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: complete + - name: dependency.kinds + default: + - runtime + - name: package_manager.files.listing + default: true + evidence: + - AlpmDBEntry.Files + - name: package_manager.files.digests + default: true + evidence: + - AlpmDBEntry.Files[].Digests + - name: package_manager.package_integrity_hash + default: false diff --git a/internal/capabilities/packages/binary.yaml b/internal/capabilities/packages/binary.yaml new file mode 100644 index 000000000..01a8e48f9 --- /dev/null +++ b/internal/capabilities/packages/binary.yaml @@ -0,0 +1,800 @@ +# Cataloger capabilities. See ../README.md for documentation. + +catalogers: + - ecosystem: binary # MANUAL + name: binary-classifier-cataloger # AUTO-GENERATED + type: custom # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/binary/classifier_cataloger.go + function: NewClassifierCataloger + selectors: # AUTO-GENERATED + - binary + - declared + - directory + - image + - installed + - package + detectors: # AUTO-GENERATED + - method: glob + criteria: + - '**/python*' + packages: + - class: python-binary + name: python + purl: pkg:generic/python + cpes: + - cpe:2.3:a:python_software_foundation:python:*:*:*:*:*:*:*:* + - cpe:2.3:a:python:python:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/libpython*.so*' + packages: + - class: python-binary-lib + name: python + purl: pkg:generic/python + cpes: + - cpe:2.3:a:python_software_foundation:python:*:*:*:*:*:*:*:* + - cpe:2.3:a:python:python:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/libpypy*.so*' + packages: + - class: pypy-binary-lib + name: pypy + purl: pkg:generic/pypy + cpes: [] + type: BinaryPkg + - method: glob + criteria: + - '**/go' + packages: + - class: go-binary + name: go + purl: pkg:generic/go + cpes: + - cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/libjulia-internal.so' + packages: + - class: julia-binary + name: julia + purl: pkg:generic/julia + cpes: + - cpe:2.3:a:julialang:julia:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/helm' + packages: + - class: helm + name: helm + purl: pkg:golang/helm.sh/helm + cpes: + - cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/redis-server' + packages: + - class: redis-binary + name: redis + purl: pkg:generic/redis + cpes: + - cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:* + - cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/node' + packages: + - class: nodejs-binary + name: node + purl: pkg:generic/node + cpes: + - cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/VERSION*' + packages: + - class: go-binary-hint + name: go + purl: pkg:generic/go + cpes: + - cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/busybox' + packages: + - class: busybox-binary + name: busybox + purl: pkg:generic/busybox + cpes: + - cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/getopt' + packages: + - class: util-linux-binary + name: util-linux + purl: pkg:generic/util-linux + cpes: + - cpe:2.3:a:kernel:util-linux:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/haproxy' + packages: + - class: haproxy-binary + name: haproxy + purl: pkg:generic/haproxy + cpes: + - cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/perl' + packages: + - class: perl-binary + name: perl + purl: pkg:generic/perl + cpes: + - cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/composer*' + packages: + - class: php-composer-binary + name: composer + purl: pkg:generic/composer + cpes: + - cpe:2.3:a:getcomposer:composer:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/httpd' + packages: + - class: httpd-binary + name: httpd + purl: pkg:generic/httpd + cpes: + - cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/memcached' + packages: + - class: memcached-binary + name: memcached + purl: pkg:generic/memcached + cpes: + - cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/traefik' + packages: + - class: traefik-binary + name: traefik + purl: pkg:generic/traefik + cpes: + - cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/arangosh' + packages: + - class: arangodb-binary + name: arangodb + purl: pkg:generic/arangodb + cpes: + - cpe:2.3:a:arangodb:arangodb:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/postgres' + packages: + - class: postgresql-binary + name: postgresql + purl: pkg:generic/postgresql + cpes: + - cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/mysql' + packages: + - class: mysql-binary + name: mysql + purl: pkg:generic/mysql + cpes: + - cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/mysql' + packages: + - class: mysql-binary + name: percona-server + purl: pkg:generic/percona-server + cpes: + - cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* + - cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/mysql' + packages: + - class: mysql-binary + name: percona-xtradb-cluster + purl: pkg:generic/percona-xtradb-cluster + cpes: + - cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* + - cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:* + - cpe:2.3:a:percona:xtradb_cluster:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/xtrabackup' + packages: + - class: xtrabackup-binary + name: percona-xtrabackup + purl: pkg:generic/percona-xtrabackup + cpes: + - cpe:2.3:a:percona:xtrabackup:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/{mariadb,mysql}' + packages: + - class: mariadb-binary + name: mariadb + purl: pkg:generic/mariadb + cpes: + - cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/libstd-????????????????.so' + packages: + - class: rust-standard-library-linux + name: rust + purl: pkg:generic/rust + cpes: + - cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/libstd-????????????????.dylib' + packages: + - class: rust-standard-library-macos + name: rust + purl: pkg:generic/rust + cpes: + - cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/ruby' + packages: + - class: ruby-binary + name: ruby + purl: pkg:generic/ruby + cpes: + - cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/erlexec' + packages: + - class: erlang-binary + name: erlang + purl: pkg:generic/erlang + cpes: + - cpe:2.3:a:erlang:erlang/otp:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/beam.smp' + packages: + - class: erlang-alpine-binary + name: erlang + purl: pkg:generic/erlang + cpes: + - cpe:2.3:a:erlang:erlang/otp:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/liberts_internal.a' + packages: + - class: erlang-library + name: erlang + purl: pkg:generic/erlang + cpes: + - cpe:2.3:a:erlang:erlang/otp:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/swipl' + packages: + - class: swipl-binary + name: swipl + purl: pkg:generic/swipl + cpes: + - cpe:2.3:a:erlang:erlang/otp:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/dart' + packages: + - class: dart-binary + name: dart + purl: pkg:generic/dart + cpes: + - cpe:2.3:a:dart:dart_software_development_kit:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/ghc*' + packages: + - class: haskell-ghc-binary + name: haskell/ghc + purl: pkg:generic/haskell/ghc + cpes: + - cpe:2.3:a:haskell:ghc:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/cabal' + packages: + - class: haskell-cabal-binary + name: haskell/cabal + purl: pkg:generic/haskell/cabal + cpes: + - cpe:2.3:a:haskell:cabal:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/stack' + packages: + - class: haskell-stack-binary + name: haskell/stack + purl: pkg:generic/haskell/stack + cpes: + - cpe:2.3:a:haskell:stack:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/consul' + packages: + - class: consul-binary + name: consul + purl: pkg:golang/github.com/hashicorp/consul + cpes: + - cpe:2.3:a:hashicorp:consul:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/vault' + packages: + - class: hashicorp-vault-binary + name: github.com/hashicorp/vault + purl: pkg:golang/github.com/hashicorp/vault + cpes: + - cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/nginx' + packages: + - class: nginx-binary + name: nginx + purl: pkg:generic/nginx + cpes: + - cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:* + - cpe:2.3:a:nginx:nginx:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/bash' + packages: + - class: bash-binary + name: bash + purl: pkg:generic/bash + cpes: + - cpe:2.3:a:gnu:bash:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/openssl' + packages: + - class: openssl-binary + name: openssl + purl: pkg:generic/openssl + cpes: + - cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/gcc' + packages: + - class: gcc-binary + name: gcc + purl: pkg:generic/gcc + cpes: + - cpe:2.3:a:gnu:gcc:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/fluent-bit' + packages: + - class: fluent-bit-binary + name: fluent-bit + purl: pkg:github/fluent/fluent-bit + cpes: + - cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/wp' + packages: + - class: wordpress-cli-binary + name: wp-cli + purl: pkg:generic/wp-cli + cpes: + - cpe:2.3:a:wp-cli:wp-cli:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/curl' + packages: + - class: curl-binary + name: curl + purl: pkg:generic/curl + cpes: + - cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/lighttpd' + packages: + - class: lighttpd-binary + name: lighttpd + purl: pkg:generic/lighttpd + cpes: + - cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/proftpd' + packages: + - class: proftpd-binary + name: proftpd + purl: pkg:generic/proftpd + cpes: + - cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/zstd' + packages: + - class: zstd-binary + name: zstd + purl: pkg:generic/zstd + cpes: + - cpe:2.3:a:facebook:zstandard:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/xz' + packages: + - class: xz-binary + name: xz + purl: pkg:generic/xz + cpes: + - cpe:2.3:a:tukaani:xz:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/gzip' + packages: + - class: gzip-binary + name: gzip + purl: pkg:generic/gzip + cpes: + - cpe:2.3:a:gnu:gzip:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/sqlcipher' + packages: + - class: sqlcipher-binary + name: sqlcipher + purl: pkg:generic/sqlcipher + cpes: + - cpe:2.3:a:zetetic:sqlcipher:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/jq' + packages: + - class: jq-binary + name: jq + purl: pkg:generic/jq + cpes: + - cpe:2.3:a:jqlang:jq:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/chrome' + packages: + - class: chrome-binary + name: chrome + purl: pkg:generic/chrome + cpes: + - cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/ffmpeg' + packages: + - class: ffmpeg-binary + name: ffmpeg + purl: pkg:generic/ffmpeg + cpes: + - cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/libav*' + packages: + - class: ffmpeg-library + name: ffmpeg + purl: pkg:generic/ffmpeg + cpes: + - cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/libswresample*' + packages: + - class: ffmpeg-library + name: ffmpeg + purl: pkg:generic/ffmpeg + cpes: + - cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/elixir' + packages: + - class: elixir-binary + name: elixir + purl: pkg:generic/elixir + cpes: + - cpe:2.3:a:elixir-lang:elixir:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/elixir/ebin/elixir.app' + packages: + - class: elixir-library + name: elixir + purl: pkg:generic/elixir + cpes: + - cpe:2.3:a:elixir-lang:elixir:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/java' + packages: + - class: java-binary + name: "" + purl: pkg:/ + cpes: [] + type: BinaryPkg + - class: java-binary-graalvm + name: graalvm + purl: pkg:generic/oracle/graalvm + cpes: + - cpe:2.3:a:oracle:graalvm:*:*:*:*:*:*:*:* + type: BinaryPkg + - class: java-binary-openjdk-zulu + name: zulu + purl: pkg:generic/azul/zulu + cpes: + - cpe:2.3:a:azul:zulu:*:*:*:*:*:*:*:* + type: BinaryPkg + - class: java-binary-openjdk-with-update + name: openjdk + purl: pkg:generic/oracle/openjdk + cpes: + - cpe:2.3:a:oracle:openjdk:{{.primary}}:update{{.update}}:*:*:*:*:*:* + type: BinaryPkg + - class: java-binary-openjdk + name: openjdk + purl: pkg:generic/oracle/openjdk + cpes: + - cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:* + type: BinaryPkg + - class: java-binary-ibm + name: java + purl: pkg:generic/ibm/java + cpes: + - cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:* + type: BinaryPkg + - class: java-binary-openjdk-fallthrough + name: jre + purl: pkg:generic/oracle/jre + cpes: + - cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:* + type: BinaryPkg + - class: java-binary-oracle + name: jre + purl: pkg:generic/oracle/jre + cpes: + - cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:* + type: BinaryPkg + - method: glob + criteria: + - '**/jdb' + packages: + - class: java-jdb-binary + name: "" + purl: pkg:/ + cpes: [] + type: BinaryPkg + - class: java-binary-graalvm + name: graalvm + purl: pkg:generic/oracle/graalvm + cpes: + - cpe:2.3:a:oracle:graalvm_for_jdk:*:*:*:*:*:*:*:* + type: BinaryPkg + - class: jdb-binary-openjdk-zulu + name: zulu + purl: pkg:generic/azul/zulu + cpes: + - cpe:2.3:a:azul:zulu:*:*:*:*:*:*:*:* + type: BinaryPkg + - class: java-jdb-binary-openjdk + name: openjdk + purl: pkg:generic/oracle/openjdk + cpes: + - cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:* + type: BinaryPkg + - class: java-sdk-binary-ibm + name: java_sdk + purl: pkg:generic/ibm/java_sdk + cpes: + - cpe:2.3:a:ibm:java_sdk:*:*:*:*:*:*:*:* + type: BinaryPkg + - class: java-binary-openjdk-fallthrough + name: openjdk + purl: pkg:generic/oracle/openjdk + cpes: + - cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:* + type: BinaryPkg + - class: java-binary-jdk + name: jdk + purl: pkg:generic/oracle/jdk + cpes: + - cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:* + type: BinaryPkg + metadata_types: # AUTO-GENERATED + - pkg.BinarySignature + package_types: # AUTO-GENERATED + - binary + json_schema_types: # AUTO-GENERATED + - BinarySignature + capabilities: # MANUAL - edit capabilities here + - name: license + default: false + - name: dependency.depth + default: [] + - name: dependency.edges + default: "" + - name: dependency.kinds + default: [] + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false + - ecosystem: binary # MANUAL + name: elf-binary-package-cataloger # AUTO-GENERATED + type: custom # AUTO-GENERATED + source: # AUTO-GENERATED + file: "" + function: "" + selectors: # AUTO-GENERATED + - binary + - declared + - directory + - elf + - elf-package + - image + - installed + - package + detectors: # MANUAL - edit detectors here + - method: mimetype + criteria: + - application/x-executable + - application/x-mach-binary + - application/x-elf + - application/x-sharedlib + - application/vnd.microsoft.portable-executable + metadata_types: # AUTO-GENERATED + - pkg.ELFBinaryPackageNoteJSONPayload + package_types: # AUTO-GENERATED + - binary + - rpm + json_schema_types: # AUTO-GENERATED + - ElfBinaryPackageNoteJsonPayload + capabilities: # MANUAL - edit capabilities here + - name: license + default: true + - name: dependency.depth + default: [] + - name: dependency.edges + default: "" + - name: dependency.kinds + default: [] + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false + - ecosystem: binary # MANUAL + name: pe-binary-package-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/binary/pe_package_cataloger.go + function: NewPEPackageCataloger + selectors: # AUTO-GENERATED + - binary + - declared + - directory + - dll + - exe + - image + - installed + - package + - pe + - pe-package + parsers: # AUTO-GENERATED structure + - function: parsePE + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/*.dll' + - '**/*.exe' + metadata_types: # AUTO-GENERATED + - pkg.PEBinary + package_types: # AUTO-GENERATED + - binary + json_schema_types: # AUTO-GENERATED + - PeBinary + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: [] + - name: dependency.edges + default: "" + - name: dependency.kinds + default: [] + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false diff --git a/internal/capabilities/packages/bitnami.yaml b/internal/capabilities/packages/bitnami.yaml new file mode 100644 index 000000000..69ff615fe --- /dev/null +++ b/internal/capabilities/packages/bitnami.yaml @@ -0,0 +1,46 @@ +# Cataloger capabilities. See ../README.md for documentation. + +catalogers: + - ecosystem: bitnami # MANUAL + name: bitnami-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/bitnami/cataloger.go + function: NewCataloger + selectors: # AUTO-GENERATED + - bitnami + - image + - installed + - package + parsers: # AUTO-GENERATED structure + - function: parseSBOM + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - /opt/bitnami/**/.spdx-*.spdx + metadata_types: # AUTO-GENERATED + - pkg.BitnamiSBOMEntry + package_types: # AUTO-GENERATED + - bitnami + json_schema_types: # AUTO-GENERATED + - BitnamiSbomEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: true + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: complete + - name: dependency.kinds + default: + - runtime + - name: package_manager.files.listing + default: true + evidence: + - BitnamiSBOMEntry.Files + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false diff --git a/internal/capabilities/packages/conda.yaml b/internal/capabilities/packages/conda.yaml new file mode 100644 index 000000000..7c306c660 --- /dev/null +++ b/internal/capabilities/packages/conda.yaml @@ -0,0 +1,51 @@ +# Cataloger capabilities. See ../README.md for documentation. + +catalogers: + - ecosystem: conda # MANUAL + name: conda-meta-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/conda/cataloger.go + function: NewCondaMetaCataloger + selectors: # AUTO-GENERATED + - conda + - directory + - installed + - package + parsers: # AUTO-GENERATED structure + - function: parseCondaMetaJSON + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/conda-meta/*.json' + metadata_types: # AUTO-GENERATED + - pkg.CondaMetaPackage + package_types: # AUTO-GENERATED + - conda + json_schema_types: # AUTO-GENERATED + - CondaMetadataEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: true + - name: dependency.depth + default: + - direct + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - runtime + - name: package_manager.files.listing + default: true + evidence: + - CondaMetaPackage.Files + - CondaMetaPackage.PathsData.Paths + - name: package_manager.files.digests + default: true + evidence: + - CondaMetaPackage.PathsData.Paths.SHA256 + - name: package_manager.package_integrity_hash + default: true + evidence: + - CondaMetaPackage.MD5 + - CondaMetaPackage.SHA256 diff --git a/internal/capabilities/packages/cpp.yaml b/internal/capabilities/packages/cpp.yaml new file mode 100644 index 000000000..e96431121 --- /dev/null +++ b/internal/capabilities/packages/cpp.yaml @@ -0,0 +1,122 @@ +# Cataloger capabilities. See ../README.md for documentation. + +catalogers: + - ecosystem: c++ # MANUAL + name: conan-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/cpp/cataloger.go + function: NewConanCataloger + selectors: # AUTO-GENERATED + - conan + - cpp + - declared + - directory + - language + - package + parsers: # AUTO-GENERATED structure + - function: parseConanLock + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/conan.lock' + metadata_types: # AUTO-GENERATED + - pkg.ConanV1LockEntry + - pkg.ConanV2LockEntry + package_types: # AUTO-GENERATED + - conan + json_schema_types: # AUTO-GENERATED + - CConanLockEntry + - CConanLockV2Entry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - runtime + - build + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: true + evidence: + - ConanV1LockEntry.Ref + - ConanV2LockEntry.RecipeRevision + - function: parseConanfile + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/conanfile.txt' + metadata_types: # AUTO-GENERATED + - pkg.ConanfileEntry + package_types: # AUTO-GENERATED + - conan + json_schema_types: # AUTO-GENERATED + - CConanFileEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: + - direct + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - runtime + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false + - ecosystem: c++ # MANUAL + name: conan-info-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/cpp/cataloger.go + function: NewConanInfoCataloger + selectors: # AUTO-GENERATED + - conan + - cpp + - image + - installed + - language + - package + parsers: # AUTO-GENERATED structure + - function: parseConaninfo + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/conaninfo.txt' + metadata_types: # AUTO-GENERATED + - pkg.ConaninfoEntry + package_types: # AUTO-GENERATED + - conan + json_schema_types: # AUTO-GENERATED + - CConanInfoEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: + - direct + - name: dependency.edges + default: flat + - name: dependency.kinds + default: + - runtime + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false diff --git a/internal/capabilities/packages/dart.yaml b/internal/capabilities/packages/dart.yaml new file mode 100644 index 000000000..cfcf8a0e8 --- /dev/null +++ b/internal/capabilities/packages/dart.yaml @@ -0,0 +1,88 @@ +# Cataloger capabilities. See ../README.md for documentation. + +catalogers: + - ecosystem: dart # MANUAL + name: dart-pubspec-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/dart/cataloger.go + function: NewPubspecCataloger + selectors: # AUTO-GENERATED + - dart + - declared + - directory + - language + - package + parsers: # AUTO-GENERATED structure + - function: parsePubspec + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/pubspec.yml' + - '**/pubspec.yaml' + metadata_types: # AUTO-GENERATED + - pkg.DartPubspec + package_types: # AUTO-GENERATED + - dart-pub + json_schema_types: # AUTO-GENERATED + - DartPubspec + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: + - direct + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - runtime + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false + - ecosystem: dart # MANUAL + name: dart-pubspec-lock-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/dart/cataloger.go + function: NewPubspecLockCataloger + selectors: # AUTO-GENERATED + - dart + - declared + - directory + - language + - package + parsers: # AUTO-GENERATED structure + - function: parsePubspecLock + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/pubspec.lock' + metadata_types: # AUTO-GENERATED + - pkg.DartPubspecLockEntry + package_types: # AUTO-GENERATED + - dart-pub + json_schema_types: # AUTO-GENERATED + - DartPubspecLockEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - runtime + - dev + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false diff --git a/internal/capabilities/packages/debian.yaml b/internal/capabilities/packages/debian.yaml new file mode 100644 index 000000000..248812217 --- /dev/null +++ b/internal/capabilities/packages/debian.yaml @@ -0,0 +1,100 @@ +# Cataloger capabilities. See ../README.md for documentation. + +catalogers: + - ecosystem: dpkg # MANUAL + name: dpkg-db-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/debian/cataloger.go + function: NewDBCataloger + selectors: # AUTO-GENERATED + - debian + - directory + - dpkg + - image + - installed + - linux + - os + - package + parsers: # AUTO-GENERATED structure + - function: parseDpkgDB + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/lib/dpkg/status' + - '**/lib/dpkg/status.d/*' + - '**/lib/opkg/info/*.control' + - '**/lib/opkg/status' + metadata_types: # AUTO-GENERATED + - pkg.DpkgDBEntry + package_types: # AUTO-GENERATED + - deb + json_schema_types: # AUTO-GENERATED + - DpkgDbEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: true + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: complete + - name: dependency.kinds + default: + - runtime + - name: package_manager.files.listing + default: true + evidence: + - DpkgDBEntry.Files + - name: package_manager.files.digests + default: true + evidence: + - DpkgDBEntry.Files[].Digest + - name: package_manager.package_integrity_hash + default: false + - ecosystem: dpkg # MANUAL + name: deb-archive-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/debian/cataloger.go + function: NewArchiveCataloger + selectors: # AUTO-GENERATED + - deb + - debian + - declared + - directory + - linux + - os + - package + parsers: # AUTO-GENERATED structure + - function: parseDebArchive + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/*.deb' + metadata_types: # AUTO-GENERATED + - pkg.DpkgArchiveEntry + package_types: # AUTO-GENERATED + - deb + json_schema_types: # AUTO-GENERATED + - DpkgArchiveEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: true + - name: dependency.depth + default: [] + - name: dependency.edges + default: "" + - name: dependency.kinds + default: [] + - name: package_manager.files.listing + default: true + evidence: + - DpkgArchiveEntry.Files + - name: package_manager.files.digests + default: true + evidence: + - DpkgArchiveEntry.Files[].Digest + - name: package_manager.package_integrity_hash + default: false diff --git a/internal/capabilities/packages/dotnet.yaml b/internal/capabilities/packages/dotnet.yaml new file mode 100644 index 000000000..6c0c64d62 --- /dev/null +++ b/internal/capabilities/packages/dotnet.yaml @@ -0,0 +1,186 @@ +# Cataloger capabilities. See ../README.md for documentation. + +configs: # AUTO-GENERATED - config structs and their fields + dotnet.CatalogerConfig: + fields: + - key: DepPackagesMustHaveDLL + description: DepPackagesMustHaveDLL allows for deps.json packages to be included only if there is a DLL on disk for that package. + app_key: dotnet.dep-packages-must-have-dll + - key: DepPackagesMustClaimDLL + description: DepPackagesMustClaimDLL allows for deps.json packages to be included only if there is a runtime/resource DLL claimed in the deps.json targets section. This does not require such claimed DLLs to exist on disk. The behavior of this + app_key: dotnet.dep-packages-must-claim-dll + - key: PropagateDLLClaimsToParents + description: PropagateDLLClaimsToParents allows for deps.json packages to be included if any child (transitive) package claims a DLL. This applies to both the claims configuration and evidence-on-disk configurations. + app_key: dotnet.propagate-dll-claims-to-parents + - key: RelaxDLLClaimsWhenBundlingDetected + description: RelaxDLLClaimsWhenBundlingDetected will look for indications of IL bundle tooling via deps.json package names and, if found (and this config option is enabled), will relax the DepPackagesMustClaimDLL value to `false` only in those cases. + app_key: dotnet.relax-dll-claims-when-bundling-detected +catalogers: + - ecosystem: dotnet # MANUAL + name: dotnet-deps-binary-cataloger # AUTO-GENERATED + type: custom # AUTO-GENERATED + source: # AUTO-GENERATED + file: "" + function: "" + selectors: # AUTO-GENERATED + - c# + - directory + - dotnet + - image + - installed + - language + - package + detectors: # MANUAL - edit detectors here + - method: glob + criteria: + - '**/*.deps.json' + - '**/*.dll' + - '**/*.exe' + metadata_types: # AUTO-GENERATED + - pkg.DotnetDepsEntry + - pkg.DotnetPortableExecutableEntry + package_types: # AUTO-GENERATED + - dotnet + - npm + json_schema_types: # AUTO-GENERATED + - DotnetDepsEntry + - DotnetPortableExecutableEntry + capabilities: # MANUAL - edit capabilities here + - name: license + default: false + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: complete + - name: dependency.kinds + default: + - runtime + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false + - ecosystem: dotnet # MANUAL + name: dotnet-deps-cataloger # AUTO-GENERATED + type: custom # AUTO-GENERATED + source: # AUTO-GENERATED + file: "" + function: "" + selectors: # AUTO-GENERATED + - deprecated + - package + detectors: # MANUAL - edit detectors here + - method: glob + criteria: + - '**/*.deps.json' + metadata_types: # AUTO-GENERATED + - pkg.DotnetDepsEntry + package_types: # AUTO-GENERATED + - dotnet + json_schema_types: # AUTO-GENERATED + - DotnetDepsEntry + capabilities: # MANUAL - edit capabilities here + - name: license + default: false + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: complete + - name: dependency.kinds + default: + - runtime + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false + - ecosystem: dotnet # MANUAL + name: dotnet-packages-lock-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/dotnet/cataloger.go + function: NewDotnetPackagesLockCataloger + selectors: # AUTO-GENERATED + - c# + - declared + - directory + - dotnet + - image + - language + - package + parsers: # AUTO-GENERATED structure + - function: parseDotnetPackagesLock + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/packages.lock.json' + metadata_types: # AUTO-GENERATED + - pkg.DotnetPackagesLockEntry + package_types: # AUTO-GENERATED + - dotnet + json_schema_types: # AUTO-GENERATED + - DotnetPackagesLockEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: complete + - name: dependency.kinds + default: + - runtime + - dev + - build + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: true + evidence: + - DotnetPackagesLockEntry.ContentHash + - ecosystem: dotnet # MANUAL + name: dotnet-portable-executable-cataloger # AUTO-GENERATED + type: custom # AUTO-GENERATED + source: # AUTO-GENERATED + file: "" + function: "" + config: dotnet.CatalogerConfig # AUTO-GENERATED + selectors: # AUTO-GENERATED + - deprecated + - package + detectors: # MANUAL - edit detectors here + - method: glob + criteria: + - '**/*.dll' + - '**/*.exe' + metadata_types: # AUTO-GENERATED + - pkg.DotnetPortableExecutableEntry + package_types: # AUTO-GENERATED + - dotnet + json_schema_types: # AUTO-GENERATED + - DotnetPortableExecutableEntry + capabilities: # MANUAL - edit capabilities here + - name: license + default: false + - name: dependency.depth + default: [] + - name: dependency.edges + default: "" + - name: dependency.kinds + default: [] + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false diff --git a/internal/capabilities/packages/elixir.yaml b/internal/capabilities/packages/elixir.yaml new file mode 100644 index 000000000..4ce07a862 --- /dev/null +++ b/internal/capabilities/packages/elixir.yaml @@ -0,0 +1,49 @@ +# Cataloger capabilities. See ../README.md for documentation. + +catalogers: + - ecosystem: elixir # MANUAL + name: elixir-mix-lock-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/elixir/cataloger.go + function: NewMixLockCataloger + selectors: # AUTO-GENERATED + - declared + - directory + - elixir + - language + - package + parsers: # AUTO-GENERATED structure + - function: parseMixLock + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/mix.lock' + metadata_types: # AUTO-GENERATED + - pkg.ElixirMixLockEntry + package_types: # AUTO-GENERATED + - hex + json_schema_types: # AUTO-GENERATED + - ElixirMixLockEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - runtime + - dev + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: true + evidence: + - ElixirMixLockEntry.PkgHash + - ElixirMixLockEntry.PkgHashExt diff --git a/internal/capabilities/packages/erlang.yaml b/internal/capabilities/packages/erlang.yaml new file mode 100644 index 000000000..ad84c9d4e --- /dev/null +++ b/internal/capabilities/packages/erlang.yaml @@ -0,0 +1,87 @@ +# Cataloger capabilities. See ../README.md for documentation. + +catalogers: + - ecosystem: erlang # MANUAL + name: erlang-otp-application-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/erlang/cataloger.go + function: NewOTPCataloger + selectors: # AUTO-GENERATED + - declared + - directory + - erlang + - language + - otp + - package + parsers: # AUTO-GENERATED structure + - function: parseOTPApp + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/*.app' + package_types: # AUTO-GENERATED + - erlang-otp + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: + - direct + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - runtime + - dev + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false + - ecosystem: erlang # MANUAL + name: erlang-rebar-lock-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/erlang/cataloger.go + function: NewRebarLockCataloger + selectors: # AUTO-GENERATED + - declared + - directory + - erlang + - language + - package + parsers: # AUTO-GENERATED structure + - function: parseRebarLock + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/rebar.lock' + metadata_types: # AUTO-GENERATED + - pkg.ErlangRebarLockEntry + package_types: # AUTO-GENERATED + - hex + json_schema_types: # AUTO-GENERATED + - ErlangRebarLockEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: + - direct + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - runtime + - dev + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: true + evidence: + - ErlangRebarLockEntry.PkgHash + - ErlangRebarLockEntry.PkgHashExt diff --git a/internal/capabilities/packages/gentoo.yaml b/internal/capabilities/packages/gentoo.yaml new file mode 100644 index 000000000..5c7301f0b --- /dev/null +++ b/internal/capabilities/packages/gentoo.yaml @@ -0,0 +1,51 @@ +# Cataloger capabilities. See ../README.md for documentation. + +catalogers: + - ecosystem: portage # MANUAL + name: portage-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/gentoo/cataloger.go + function: NewPortageCataloger + selectors: # AUTO-GENERATED + - directory + - gentoo + - image + - installed + - linux + - os + - package + - portage + parsers: # AUTO-GENERATED structure + - function: parsePortageContents + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/var/db/pkg/*/*/CONTENTS' + metadata_types: # AUTO-GENERATED + - pkg.PortageEntry + package_types: # AUTO-GENERATED + - portage + json_schema_types: # AUTO-GENERATED + - PortageDbEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: true + - name: dependency.depth + default: + - direct + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - runtime + - name: package_manager.files.listing + default: true + evidence: + - PortageEntry.Files + - name: package_manager.files.digests + default: true + evidence: + - PortageEntry.Files[].Digest + - name: package_manager.package_integrity_hash + default: false diff --git a/internal/capabilities/packages/githubactions.yaml b/internal/capabilities/packages/githubactions.yaml new file mode 100644 index 000000000..4ff9d032d --- /dev/null +++ b/internal/capabilities/packages/githubactions.yaml @@ -0,0 +1,110 @@ +# Cataloger capabilities. See ../README.md for documentation. + +catalogers: + - ecosystem: github-actions # MANUAL + name: github-action-workflow-usage-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/githubactions/cataloger.go + function: NewWorkflowUsageCataloger + selectors: # AUTO-GENERATED + - declared + - directory + - github + - github-actions + - package + parsers: # AUTO-GENERATED structure + - function: parseWorkflowForWorkflowUsage + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/.github/workflows/*.yaml' + - '**/.github/workflows/*.yml' + metadata_types: # AUTO-GENERATED + - pkg.GitHubActionsUseStatement + package_types: # AUTO-GENERATED + - github-action-workflow + json_schema_types: # AUTO-GENERATED + - GithubActionsUseStatement + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: [] + - name: dependency.edges + default: "" + - name: dependency.kinds + default: [] + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false + - ecosystem: github-actions # MANUAL + name: github-actions-usage-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/githubactions/cataloger.go + function: NewActionUsageCataloger + selectors: # AUTO-GENERATED + - declared + - directory + - github + - github-actions + - package + parsers: # AUTO-GENERATED structure + - function: parseCompositeActionForActionUsage + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/.github/actions/*/action.yml' + - '**/.github/actions/*/action.yaml' + metadata_types: # AUTO-GENERATED + - pkg.GitHubActionsUseStatement + package_types: # AUTO-GENERATED + - github-action + json_schema_types: # AUTO-GENERATED + - GithubActionsUseStatement + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: [] + - name: dependency.edges + default: "" + - name: dependency.kinds + default: [] + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false + - function: parseWorkflowForActionUsage + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/.github/workflows/*.yaml' + - '**/.github/workflows/*.yml' + metadata_types: # AUTO-GENERATED + - pkg.GitHubActionsUseStatement + package_types: # AUTO-GENERATED + - github-action + json_schema_types: # AUTO-GENERATED + - GithubActionsUseStatement + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: [] + - name: dependency.edges + default: "" + - name: dependency.kinds + default: [] + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false diff --git a/internal/capabilities/packages/golang.yaml b/internal/capabilities/packages/golang.yaml new file mode 100644 index 000000000..49e87f1a3 --- /dev/null +++ b/internal/capabilities/packages/golang.yaml @@ -0,0 +1,147 @@ +# Cataloger capabilities. See ../README.md for documentation. + +configs: # AUTO-GENERATED - config structs and their fields + golang.CatalogerConfig: + fields: + - key: SearchLocalModCacheLicenses + description: SearchLocalModCacheLicenses enables searching for go package licenses in the local GOPATH mod cache. + app_key: golang.search-local-mod-cache-licenses + - key: LocalModCacheDir + description: LocalModCacheDir specifies the location of the local go module cache directory. When not set, syft will attempt to discover the GOPATH env or default to $HOME/go. + app_key: golang.local-mod-cache-dir + - key: SearchLocalVendorLicenses + description: SearchLocalVendorLicenses enables searching for go package licenses in the local vendor directory relative to the go.mod file. + app_key: golang.search-local-vendor-licenses + - key: LocalVendorDir + description: LocalVendorDir specifies the location of the local vendor directory. When not set, syft will search for a vendor directory relative to the go.mod file. + app_key: golang.local-vendor-dir + - key: SearchRemoteLicenses + description: SearchRemoteLicenses enables downloading go package licenses from the upstream go proxy (typically proxy.golang.org). + app_key: golang.search-remote-licenses + - key: Proxies + description: Proxies is a list of go module proxies to use when fetching go module metadata and licenses. When not set, syft will use the GOPROXY env or default to https://proxy.golang.org,direct. + app_key: golang.proxy + - key: NoProxy + description: NoProxy is a list of glob patterns that match go module names that should not be fetched from the go proxy. When not set, syft will use the GOPRIVATE and GONOPROXY env vars. + app_key: golang.no-proxy +catalogers: + - ecosystem: go # MANUAL + name: go-module-binary-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/golang/cataloger.go + function: NewGoModuleBinaryCataloger + config: golang.CatalogerConfig # AUTO-GENERATED + selectors: # AUTO-GENERATED + - binary + - directory + - go + - golang + - gomod + - image + - installed + - language + - package + parsers: # AUTO-GENERATED structure + - function: parseGoBinary + detector: # AUTO-GENERATED + method: mimetype # AUTO-GENERATED + criteria: # AUTO-GENERATED + - application/x-executable + - application/x-mach-binary + - application/x-elf + - application/x-sharedlib + - application/vnd.microsoft.portable-executable + - application/x-executable + metadata_types: # AUTO-GENERATED + - pkg.GolangBinaryBuildinfoEntry + package_types: # AUTO-GENERATED + - go-module + json_schema_types: # AUTO-GENERATED + - GoModuleBuildinfoEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + conditions: + - when: + SearchLocalModCacheLicenses: true + value: true + - when: + SearchRemoteLicenses: true + value: true + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: flat + - name: dependency.kinds + default: + - runtime + - dev + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: true + evidence: + - GolangBinaryBuildinfoEntry.H1Digest + - ecosystem: go # MANUAL + name: go-module-file-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/golang/cataloger.go + function: NewGoModuleFileCataloger + config: golang.CatalogerConfig # AUTO-GENERATED + selectors: # AUTO-GENERATED + - declared + - directory + - go + - golang + - gomod + - language + - package + parsers: # AUTO-GENERATED structure + - function: parseGoModFile + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/go.mod' + metadata_types: # AUTO-GENERATED + - pkg.GolangModuleEntry + - pkg.GolangSourceEntry + package_types: # AUTO-GENERATED + - go-module + json_schema_types: # AUTO-GENERATED + - GoModuleEntry + - GoSourceEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + conditions: + - when: + SearchLocalModCacheLicenses: true + value: true + - when: + SearchRemoteLicenses: true + value: true + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: flat + - name: dependency.kinds + default: + - runtime + - dev + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: true + evidence: + - GolangModuleEntry.H1Digest + - GolangSourceEntry.H1Digest diff --git a/internal/capabilities/packages/haskell.yaml b/internal/capabilities/packages/haskell.yaml new file mode 100644 index 000000000..0c1de7b1b --- /dev/null +++ b/internal/capabilities/packages/haskell.yaml @@ -0,0 +1,107 @@ +# Cataloger capabilities. See ../README.md for documentation. + +catalogers: + - ecosystem: haskell # MANUAL + name: haskell-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/haskell/cataloger.go + function: NewHackageCataloger + selectors: # AUTO-GENERATED + - cabal + - declared + - directory + - hackage + - haskell + - language + - package + parsers: # AUTO-GENERATED structure + - function: parseCabalFreeze + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/cabal.project.freeze' + package_types: # AUTO-GENERATED + - hackage + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - runtime + - dev + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false + - function: parseStackLock + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/stack.yaml.lock' + metadata_types: # AUTO-GENERATED + - pkg.HackageStackYamlLockEntry + package_types: # AUTO-GENERATED + - hackage + json_schema_types: # AUTO-GENERATED + - HaskellHackageStackLockEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - runtime + - dev + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: true + evidence: + - HackageStackYamlLockEntry.PkgHash + - function: parseStackYaml + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/stack.yaml' + metadata_types: # AUTO-GENERATED + - pkg.HackageStackYamlEntry + package_types: # AUTO-GENERATED + - hackage + json_schema_types: # AUTO-GENERATED + - HaskellHackageStackEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: + - direct + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - runtime + - dev + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: true + evidence: + - HackageStackYamlEntry.PkgHash diff --git a/internal/capabilities/packages/homebrew.yaml b/internal/capabilities/packages/homebrew.yaml new file mode 100644 index 000000000..fb7ac85f8 --- /dev/null +++ b/internal/capabilities/packages/homebrew.yaml @@ -0,0 +1,43 @@ +# Cataloger capabilities. See ../README.md for documentation. + +catalogers: + - ecosystem: homebrew # MANUAL + name: homebrew-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/homebrew/cataloger.go + function: NewCataloger + selectors: # AUTO-GENERATED + - directory + - homebrew + - image + - installed + - package + parsers: # AUTO-GENERATED structure + - function: parseHomebrewFormula + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/Cellar/*/*/.brew/*.rb' + - '**/Library/Taps/*/*/Formula/*.rb' + metadata_types: # AUTO-GENERATED + - pkg.HomebrewFormula + package_types: # AUTO-GENERATED + - homebrew + json_schema_types: # AUTO-GENERATED + - HomebrewFormula + capabilities: # MANUAL - preserved across regeneration + - name: license + default: true + - name: dependency.depth + default: [] + - name: dependency.edges + default: "" + - name: dependency.kinds + default: [] + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false diff --git a/internal/capabilities/packages/java.yaml b/internal/capabilities/packages/java.yaml new file mode 100644 index 000000000..24e1ae89b --- /dev/null +++ b/internal/capabilities/packages/java.yaml @@ -0,0 +1,293 @@ +# Cataloger capabilities. See ../README.md for documentation. + +configs: # AUTO-GENERATED - config structs and their fields + java.ArchiveCatalogerConfig: + fields: + - key: IncludeIndexedArchives + description: IncludeIndexedArchives indicates whether to search within indexed archive files (e.g., .zip). + - key: IncludeUnindexedArchives + description: IncludeUnindexedArchives indicates whether to search within unindexed archive files (e.g., .tar*). + - key: UseNetwork + description: UseNetwork enables network operations for java package metadata enrichment, such as fetching parent POMs and license information. + app_key: java.use-network + - key: UseMavenLocalRepository + description: UseMavenLocalRepository enables searching the local maven repository (~/.m2/repository by default) for parent POMs and other metadata. + app_key: java.use-maven-local-repository + - key: MavenLocalRepositoryDir + description: MavenLocalRepositoryDir specifies the location of the local maven repository. When not set, defaults to ~/.m2/repository. + app_key: java.maven-local-repository-dir + - key: MavenBaseURL + description: MavenBaseURL specifies the base URL(s) to use for fetching POMs and metadata from maven central or other repositories. When not set, defaults to https://repo1.maven.org/maven2. + app_key: java.maven-url + - key: MaxParentRecursiveDepth + description: MaxParentRecursiveDepth limits how many parent POMs will be fetched recursively before stopping. This prevents infinite loops or excessively deep parent chains. + app_key: java.max-parent-recursive-depth + - key: ResolveTransitiveDependencies + description: ResolveTransitiveDependencies enables resolving transitive dependencies for java packages found within archives. + app_key: java.resolve-transitive-dependencies +catalogers: + - ecosystem: java # MANUAL + name: java-archive-cataloger # AUTO-GENERATED + type: custom # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/java/cataloger.go + function: NewArchiveCataloger + config: java.ArchiveCatalogerConfig # AUTO-GENERATED + selectors: # AUTO-GENERATED + - directory + - image + - installed + - java + - language + - maven + - package + detectors: # MANUAL - edit detectors here + - method: glob + criteria: + - '**/*.jar' + - '**/*.war' + - '**/*.ear' + - '**/*.par' + - '**/*.sar' + - '**/*.nar' + - '**/*.jpi' + - '**/*.hpi' + - '**/*.kar' + - '**/*.lpkg' + comment: JAR-based archives - always active + - method: glob + criteria: + - '**/*.zip' + conditions: + - when: + IncludeIndexedArchives: true + comment: ZIP archives require indexed archive support + - method: glob + criteria: + - '**/*.tar' + - '**/*.tar.gz' + - '**/*.tgz' + - '**/*.tar.bz' + - '**/*.tar.bz2' + - '**/*.tbz' + - '**/*.tbz2' + - '**/*.tar.br' + - '**/*.tbr' + - '**/*.tar.lz4' + - '**/*.tlz4' + - '**/*.tar.sz' + - '**/*.tsz' + - '**/*.tar.xz' + - '**/*.txz' + - '**/*.tar.zst' + - '**/*.tzst' + - '**/*.tar.zstd' + - '**/*.tzstd' + conditions: + - when: + IncludeUnindexedArchives: true + comment: TAR archives require unindexed archive support + metadata_types: # AUTO-GENERATED + - pkg.JavaArchive + package_types: # AUTO-GENERATED + - java-archive + json_schema_types: # AUTO-GENERATED + - JavaArchive + capabilities: # MANUAL - edit capabilities here + - name: license + default: false + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: complete + - name: dependency.kinds + default: + - runtime + - dev + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: true + evidence: + - JavaArchive.ArchiveDigests + - ecosystem: java # MANUAL + name: java-gradle-lockfile-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/java/cataloger.go + function: NewGradleLockfileCataloger + selectors: # AUTO-GENERATED + - declared + - directory + - gradle + - java + - language + - package + parsers: # AUTO-GENERATED structure + - function: parseGradleLockfile + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/gradle.lockfile*' + metadata_types: # AUTO-GENERATED + - pkg.JavaArchive + package_types: # AUTO-GENERATED + - java-archive + json_schema_types: # AUTO-GENERATED + - JavaArchive + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - runtime + - dev + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false + - ecosystem: java # MANUAL + name: java-pom-cataloger # AUTO-GENERATED + type: custom # AUTO-GENERATED + source: # AUTO-GENERATED + file: "" + function: "" + selectors: # AUTO-GENERATED + - declared + - directory + - java + - language + - maven + - package + detectors: # MANUAL - edit detectors here + - method: glob + criteria: + - '*pom.xml' + metadata_types: # AUTO-GENERATED + - pkg.JavaArchive + package_types: # AUTO-GENERATED + - java-archive + json_schema_types: # AUTO-GENERATED + - JavaArchive + capabilities: # MANUAL - edit capabilities here + - name: license + default: true + - name: dependency.depth + default: + - direct + - name: dependency.edges + default: complete + - name: dependency.kinds + default: + - runtime + - dev + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false + - ecosystem: java # MANUAL + name: java-jvm-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/java/cataloger.go + function: NewJvmDistributionCataloger + selectors: # AUTO-GENERATED + - declared + - directory + - image + - installed + - java + - jdk + - jre + - jvm + - package + parsers: # AUTO-GENERATED structure + - function: parseJVMRelease + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/release' + metadata_types: # AUTO-GENERATED + - pkg.JavaVMInstallation + package_types: # AUTO-GENERATED + - binary + json_schema_types: # AUTO-GENERATED + - JavaJvmInstallation + capabilities: # MANUAL - preserved across regeneration + - name: license + default: true + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - runtime + - dev + - name: package_manager.files.listing + default: true + evidence: + - JavaVMInstallation.Files + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false + - ecosystem: java # MANUAL + name: graalvm-native-image-cataloger # AUTO-GENERATED + type: custom # AUTO-GENERATED + source: # AUTO-GENERATED + file: "" + function: "" + selectors: # AUTO-GENERATED + - directory + - image + - installed + - java + - language + - package + detectors: # MANUAL - edit detectors here + - method: mimetype + criteria: + - application/x-executable + - application/x-mach-binary + - application/x-elf + - application/x-sharedlib + - application/vnd.microsoft.portable-executable + package_types: # AUTO-GENERATED + - graalvm-native-image + capabilities: # MANUAL - edit capabilities here + - name: license + default: false + - name: dependency.depth + default: + - direct + - indirect + comment: the dependencies ultimately depends on the quality of the embedded SBOM + - name: dependency.edges + default: complete + - name: dependency.kinds + default: + - runtime + - dev + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false diff --git a/internal/capabilities/packages/javascript.yaml b/internal/capabilities/packages/javascript.yaml new file mode 100644 index 000000000..c831f6095 --- /dev/null +++ b/internal/capabilities/packages/javascript.yaml @@ -0,0 +1,165 @@ +# Cataloger capabilities. See ../README.md for documentation. + +configs: # AUTO-GENERATED - config structs and their fields + javascript.CatalogerConfig: + fields: + - key: SearchRemoteLicenses + description: SearchRemoteLicenses enables querying the NPM registry API to retrieve license information for packages that are missing license data in their local metadata. + app_key: javascript.search-remote-licenses + - key: NPMBaseURL + description: NPMBaseURL specifies the base URL for the NPM registry API used when searching for remote license information. + app_key: javascript.npm-base-url + - key: IncludeDevDependencies + description: IncludeDevDependencies controls whether development dependencies should be included in the catalog results, in addition to production dependencies. + app_key: javascript.include-dev-dependencies +catalogers: + - ecosystem: javascript # MANUAL + name: javascript-lock-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/javascript/cataloger.go + function: NewLockCataloger + config: javascript.CatalogerConfig # AUTO-GENERATED + selectors: # AUTO-GENERATED + - declared + - directory + - javascript + - language + - node + - npm + - package + parsers: # AUTO-GENERATED structure + - function: parsePnpmLock + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/pnpm-lock.yaml' + metadata_types: # AUTO-GENERATED + - pkg.PnpmLockEntry + package_types: # AUTO-GENERATED + - npm + json_schema_types: # AUTO-GENERATED + - JavascriptPnpmLockEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - runtime + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false + - function: parseYarnLock + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/yarn.lock' + metadata_types: # AUTO-GENERATED + - pkg.YarnLockEntry + package_types: # AUTO-GENERATED + - npm + json_schema_types: # AUTO-GENERATED + - JavascriptYarnLockEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - runtime + - dev + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: true + evidence: + - YarnLockEntry.Integrity + - function: parsePackageLock + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/package-lock.json' + metadata_types: # AUTO-GENERATED + - pkg.NpmPackageLockEntry + package_types: # AUTO-GENERATED + - npm + json_schema_types: # AUTO-GENERATED + - JavascriptNpmPackageLockEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: true + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - runtime + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: true + evidence: + - NpmPackageLockEntry.Integrity + - ecosystem: javascript # MANUAL + name: javascript-package-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/javascript/cataloger.go + function: NewPackageCataloger + selectors: # AUTO-GENERATED + - image + - installed + - javascript + - language + - node + - package + parsers: # AUTO-GENERATED structure + - function: parsePackageJSON + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/package.json' + metadata_types: # AUTO-GENERATED + - pkg.NpmPackage + package_types: # AUTO-GENERATED + - npm + json_schema_types: # AUTO-GENERATED + - JavascriptNpmPackage + capabilities: # MANUAL - preserved across regeneration + - name: license + default: true + - name: dependency.depth + default: + - direct + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - runtime + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false diff --git a/internal/capabilities/packages/linux.yaml b/internal/capabilities/packages/linux.yaml new file mode 100644 index 000000000..546ec3574 --- /dev/null +++ b/internal/capabilities/packages/linux.yaml @@ -0,0 +1,58 @@ +# Cataloger capabilities. See ../README.md for documentation. + +configs: # AUTO-GENERATED - config structs and their fields + kernel.LinuxKernelCatalogerConfig: + fields: + - key: CatalogModules + description: CatalogModules enables cataloging linux kernel modules (*.ko files) in addition to the kernel itself. + app_key: linux-kernel.catalog-modules +catalogers: + - ecosystem: linux # MANUAL + name: linux-kernel-cataloger # AUTO-GENERATED + type: custom # AUTO-GENERATED + source: # AUTO-GENERATED + file: "" + function: "" + config: kernel.LinuxKernelCatalogerConfig # AUTO-GENERATED + selectors: # AUTO-GENERATED + - declared + - directory + - image + - installed + - kernel + - linux + - package + detectors: # MANUAL - edit detectors here + - method: glob + criteria: + - '**/kernel' + - '**/kernel-*' + - '**/vmlinux' + - '**/vmlinux-*' + - '**/vmlinuz' + - '**/vmlinuz-*' + - '**/lib/modules/**/*.ko' + metadata_types: # AUTO-GENERATED + - pkg.LinuxKernel + - pkg.LinuxKernelModule + package_types: # AUTO-GENERATED + - linux-kernel + - linux-kernel-module + json_schema_types: # AUTO-GENERATED + - LinuxKernelArchive + - LinuxKernelModule + capabilities: # MANUAL - edit capabilities here + - name: license + default: true + - name: dependency.depth + default: [] + - name: dependency.edges + default: "" + - name: dependency.kinds + default: [] + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false diff --git a/internal/capabilities/packages/lua.yaml b/internal/capabilities/packages/lua.yaml new file mode 100644 index 000000000..edbdcf894 --- /dev/null +++ b/internal/capabilities/packages/lua.yaml @@ -0,0 +1,43 @@ +# Cataloger capabilities. See ../README.md for documentation. + +catalogers: + - ecosystem: lua # MANUAL + name: lua-rock-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/lua/cataloger.go + function: NewPackageCataloger + selectors: # AUTO-GENERATED + - directory + - image + - installed + - language + - lua + - package + parsers: # AUTO-GENERATED structure + - function: parseRockspec + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/*.rockspec' + metadata_types: # AUTO-GENERATED + - pkg.LuaRocksPackage + package_types: # AUTO-GENERATED + - lua-rocks + json_schema_types: # AUTO-GENERATED + - LuarocksPackage + capabilities: # MANUAL - preserved across regeneration + - name: license + default: true + - name: dependency.depth + default: [] + - name: dependency.edges + default: "" + - name: dependency.kinds + default: [] + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false diff --git a/internal/capabilities/packages/nix.yaml b/internal/capabilities/packages/nix.yaml new file mode 100644 index 000000000..6df5d58f4 --- /dev/null +++ b/internal/capabilities/packages/nix.yaml @@ -0,0 +1,101 @@ +# Cataloger capabilities. See ../README.md for documentation. + +configs: # AUTO-GENERATED - config structs and their fields + nix.Config: + fields: + - key: CaptureOwnedFiles + description: CaptureOwnedFiles determines whether to record the list of files owned by each Nix package discovered in the store. Recording owned files provides more detailed information but increases processing time and memory usage. + app_key: nix.capture-owned-files +catalogers: + - ecosystem: nix # MANUAL + name: nix-cataloger # AUTO-GENERATED + type: custom # AUTO-GENERATED + source: # AUTO-GENERATED + file: "" + function: "" + selectors: # AUTO-GENERATED + - directory + - image + - installed + - language + - nix + - package + detectors: # MANUAL - edit detectors here + - method: glob + criteria: + - '**/nix/var/nix/db/db.sqlite' + - '**/nix/store/*' + - '**/nix/store/*.drv' + metadata_types: # AUTO-GENERATED + - pkg.NixStoreEntry + package_types: # AUTO-GENERATED + - nix + json_schema_types: # AUTO-GENERATED + - NixStoreEntry + capabilities: # MANUAL - edit capabilities here + - name: license + default: false + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: complete + - name: dependency.kinds + default: + - runtime + - name: package_manager.files.listing + default: true + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: true + evidence: + - NixStoreEntry.OutputHash + - ecosystem: nix # MANUAL + name: nix-store-cataloger # AUTO-GENERATED + type: custom # AUTO-GENERATED + source: # AUTO-GENERATED + file: "" + function: "" + config: nix.Config # AUTO-GENERATED + selectors: # AUTO-GENERATED + - deprecated + - package + detectors: # MANUAL - edit detectors here + - method: glob + criteria: + - '**/nix/store/*' + - '**/nix/store/*.drv' + metadata_types: # AUTO-GENERATED + - pkg.NixStoreEntry + package_types: # AUTO-GENERATED + - nix + json_schema_types: # AUTO-GENERATED + - NixStoreEntry + capabilities: # MANUAL - edit capabilities here + - name: license + default: false + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: complete + - name: dependency.kinds + default: + - runtime + - name: package_manager.files.listing + default: false + conditions: + - when: + CaptureOwnedFiles: true + value: true + evidence: + - NixStoreEntry.Files + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: true + evidence: + - NixStoreEntry.OutputHash diff --git a/internal/capabilities/packages/ocaml.yaml b/internal/capabilities/packages/ocaml.yaml new file mode 100644 index 000000000..6f136f50d --- /dev/null +++ b/internal/capabilities/packages/ocaml.yaml @@ -0,0 +1,45 @@ +# Cataloger capabilities. See ../README.md for documentation. + +catalogers: + - ecosystem: ocaml # MANUAL + name: opam-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/ocaml/cataloger.go + function: NewOpamPackageManagerCataloger + selectors: # AUTO-GENERATED + - declared + - directory + - language + - ocaml + - opam + - package + parsers: # AUTO-GENERATED structure + - function: parseOpamPackage + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/*opam' + metadata_types: # AUTO-GENERATED + - pkg.OpamPackage + package_types: # AUTO-GENERATED + - opam + json_schema_types: # AUTO-GENERATED + - OpamPackage + capabilities: # MANUAL - preserved across regeneration + - name: license + default: true + - name: dependency.depth + default: + - direct + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - runtime + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false diff --git a/internal/capabilities/packages/php.yaml b/internal/capabilities/packages/php.yaml new file mode 100644 index 000000000..c5294f2b8 --- /dev/null +++ b/internal/capabilities/packages/php.yaml @@ -0,0 +1,214 @@ +# Cataloger capabilities. See ../README.md for documentation. + +catalogers: + - ecosystem: php # MANUAL + name: php-composer-installed-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/php/cataloger.go + function: NewComposerInstalledCataloger + selectors: # AUTO-GENERATED + - composer + - image + - installed + - language + - package + - php + parsers: # AUTO-GENERATED structure + - function: parseInstalledJSON + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/installed.json' + metadata_types: # AUTO-GENERATED + - pkg.PhpComposerInstalledEntry + package_types: # AUTO-GENERATED + - php-composer + json_schema_types: # AUTO-GENERATED + - PhpComposerInstalledEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: true + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - runtime + - dev + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false + - ecosystem: php # MANUAL + name: php-composer-lock-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/php/cataloger.go + function: NewComposerLockCataloger + selectors: # AUTO-GENERATED + - composer + - declared + - directory + - language + - package + - php + parsers: # AUTO-GENERATED structure + - function: parseComposerLock + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/composer.lock' + metadata_types: # AUTO-GENERATED + - pkg.PhpComposerLockEntry + package_types: # AUTO-GENERATED + - php-composer + json_schema_types: # AUTO-GENERATED + - PhpComposerLockEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: true + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - runtime + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: true + - ecosystem: php # MANUAL + name: php-interpreter-cataloger # AUTO-GENERATED + type: custom # AUTO-GENERATED + source: # AUTO-GENERATED + file: "" + function: "" + selectors: # AUTO-GENERATED + - binary + - declared + - directory + - image + - installed + - package + - php + detectors: # MANUAL - edit detectors here + - method: glob + criteria: + - '**/php*/**/*.so' + - '**/php-fpm*' + - '**/apache*/**/libphp*.so' + metadata_types: # AUTO-GENERATED + - pkg.BinarySignature + package_types: # AUTO-GENERATED + - binary + json_schema_types: # AUTO-GENERATED + - BinarySignature + capabilities: # MANUAL - edit capabilities here + - name: license + default: false + - name: dependency.depth + default: + - direct + - name: dependency.edges + default: flat + - name: dependency.kinds + default: + - runtime + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false + - ecosystem: php # MANUAL + name: php-pear-serialized-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/php/cataloger.go + function: NewPearCataloger + selectors: # AUTO-GENERATED + - declared + - directory + - image + - language + - package + - pear + - php + parsers: # AUTO-GENERATED structure + - function: parsePear + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/php/.registry/**/*.reg' + metadata_types: # AUTO-GENERATED + - pkg.PhpPearEntry + package_types: # AUTO-GENERATED + - php-pear + json_schema_types: # AUTO-GENERATED + - PhpPearEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: true + - name: dependency.depth + default: + - direct + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - runtime + - name: package_manager.files.listing + default: true + - name: package_manager.files.digests + default: true + - name: package_manager.package_integrity_hash + default: false + - ecosystem: php # MANUAL + name: php-pecl-serialized-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/php/cataloger.go + function: NewPeclCataloger + selectors: # AUTO-GENERATED + - deprecated + - package + parsers: # AUTO-GENERATED structure + - function: parsePecl + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/php/.registry/.channel.*/*.reg' + metadata_types: # AUTO-GENERATED + - pkg.PhpPeclEntry + package_types: # AUTO-GENERATED + - php-pecl + json_schema_types: # AUTO-GENERATED + - PhpPeclEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: true + - name: dependency.depth + default: + - direct + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - runtime + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false diff --git a/internal/capabilities/packages/python.yaml b/internal/capabilities/packages/python.yaml new file mode 100644 index 000000000..489e255f4 --- /dev/null +++ b/internal/capabilities/packages/python.yaml @@ -0,0 +1,254 @@ +# Cataloger capabilities. See ../README.md for documentation. + +configs: # AUTO-GENERATED - config structs and their fields + python.CatalogerConfig: + fields: + - key: GuessUnpinnedRequirements + description: GuessUnpinnedRequirements attempts to infer package versions from version constraints when no explicit version is specified in requirements files. + app_key: python.guess-unpinned-requirements + - key: SearchRemoteLicenses + description: SearchRemoteLicenses enables querying the NPM registry API to retrieve license information for packages that are missing license data in their local metadata. + app_key: python.search-remote-licenses + - key: PypiBaseURL + description: PypiBaseURL specifies the base URL for the Pypi registry API used when searching for remote license information. + app_key: python.pypi-base-url +catalogers: + - ecosystem: python # MANUAL + name: python-installed-package-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/python/cataloger.go + function: NewInstalledPackageCataloger + selectors: # AUTO-GENERATED + - directory + - image + - installed + - language + - package + - python + parsers: # AUTO-GENERATED structure + - function: parseWheelOrEgg + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/*.egg-info' + - '**/*dist-info/METADATA' + - '**/*egg-info/PKG-INFO' + - '**/*DIST-INFO/METADATA' + - '**/*EGG-INFO/PKG-INFO' + metadata_types: # AUTO-GENERATED + - pkg.PythonPackage + package_types: # AUTO-GENERATED + - python + json_schema_types: # AUTO-GENERATED + - PythonPackage + capabilities: # MANUAL - preserved across regeneration + - name: license + default: true + - name: dependency.depth + default: + - direct + - name: dependency.edges + default: complete + - name: dependency.kinds + default: + - runtime + - name: package_manager.files.listing + default: true + evidence: + - PythonPackage.Files + - name: package_manager.files.digests + default: true + evidence: + - PythonPackage.Files[].Digest + - name: package_manager.package_integrity_hash + default: false + - ecosystem: python # MANUAL + name: python-package-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/python/cataloger.go + function: NewPackageCataloger + config: python.CatalogerConfig # AUTO-GENERATED + selectors: # AUTO-GENERATED + - declared + - directory + - language + - package + - python + parsers: # AUTO-GENERATED structure + - function: parsePdmLock + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/pdm.lock' + metadata_types: # AUTO-GENERATED + - pkg.PythonPdmLockEntry + package_types: # AUTO-GENERATED + - python + json_schema_types: # AUTO-GENERATED + - PythonPdmLockEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: complete + - name: dependency.kinds + default: + - runtime + - dev + - optional + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false + - function: parseUvLock + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/uv.lock' + metadata_types: # AUTO-GENERATED + - pkg.PythonUvLockEntry + package_types: # AUTO-GENERATED + - python + json_schema_types: # AUTO-GENERATED + - PythonUvLockEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: complete + - name: dependency.kinds + default: + - runtime + - dev + - optional + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false + - function: parseSetupFile + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/setup.py' + package_types: # AUTO-GENERATED + - python + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: + - direct + - name: dependency.edges + default: "" + - name: dependency.kinds + default: [] + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false + - function: parsePipfileLock + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/Pipfile.lock' + metadata_types: # AUTO-GENERATED + - pkg.PythonPipfileLockEntry + package_types: # AUTO-GENERATED + - python + json_schema_types: # AUTO-GENERATED + - PythonPipfileLockEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - runtime + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: true + evidence: + - PythonPipfileLockEntry.Hashes + - name: package_manager.package_integrity_hash + default: false + - function: parsePoetryLock + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/poetry.lock' + metadata_types: # AUTO-GENERATED + - pkg.PythonPoetryLockEntry + package_types: # AUTO-GENERATED + - python + json_schema_types: # AUTO-GENERATED + - PythonPoetryLockEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: complete + - name: dependency.kinds + default: + - runtime + - dev + - optional + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false + - function: parseRequirementsTxt + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/*requirements*.txt' + metadata_types: # AUTO-GENERATED + - pkg.PythonRequirementsEntry + package_types: # AUTO-GENERATED + - python + json_schema_types: # AUTO-GENERATED + - PythonPipRequirementsEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: + - direct + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - any + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false diff --git a/internal/capabilities/packages/r.yaml b/internal/capabilities/packages/r.yaml new file mode 100644 index 000000000..b890f082c --- /dev/null +++ b/internal/capabilities/packages/r.yaml @@ -0,0 +1,43 @@ +# Cataloger capabilities. See ../README.md for documentation. + +catalogers: + - ecosystem: r # MANUAL + name: r-package-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/r/cataloger.go + function: NewPackageCataloger + selectors: # AUTO-GENERATED + - directory + - image + - installed + - language + - package + - r + parsers: # AUTO-GENERATED structure + - function: parseDescriptionFile + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/DESCRIPTION' + metadata_types: # AUTO-GENERATED + - pkg.RDescription + package_types: # AUTO-GENERATED + - R-package + json_schema_types: # AUTO-GENERATED + - RDescription + capabilities: # MANUAL - preserved across regeneration + - name: license + default: true + - name: dependency.depth + default: [] + - name: dependency.edges + default: "" + - name: dependency.kinds + default: [] + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false diff --git a/internal/capabilities/packages/redhat.yaml b/internal/capabilities/packages/redhat.yaml new file mode 100644 index 000000000..2480296a0 --- /dev/null +++ b/internal/capabilities/packages/redhat.yaml @@ -0,0 +1,126 @@ +# Cataloger capabilities. See ../README.md for documentation. + +catalogers: + - ecosystem: rpm # MANUAL + name: rpm-archive-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/redhat/cataloger.go + function: NewArchiveCataloger + selectors: # AUTO-GENERATED + - declared + - directory + - linux + - os + - package + - redhat + - rpm + parsers: # AUTO-GENERATED structure + - function: parseRpmArchive + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/*.rpm' + metadata_types: # AUTO-GENERATED + - pkg.RpmArchive + package_types: # AUTO-GENERATED + - rpm + json_schema_types: # AUTO-GENERATED + - RpmArchive + capabilities: # MANUAL - preserved across regeneration + - name: license + default: true + - name: dependency.depth + default: [] + - name: dependency.edges + default: "" + - name: dependency.kinds + default: [] + - name: package_manager.files.listing + default: true + evidence: + - RpmArchive.Files + - name: package_manager.files.digests + default: true + evidence: + - RpmArchive.Files[].Digest + - name: package_manager.package_integrity_hash + default: false + - ecosystem: rpm # MANUAL + name: rpm-db-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/redhat/cataloger.go + function: NewDBCataloger + selectors: # AUTO-GENERATED + - directory + - image + - installed + - linux + - os + - package + - redhat + - rpm + parsers: # AUTO-GENERATED structure + - function: parseRpmManifest + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/var/lib/rpmmanifest/container-manifest-2' + metadata_types: # AUTO-GENERATED + - pkg.RpmDBEntry + package_types: # AUTO-GENERATED + - rpm + json_schema_types: # AUTO-GENERATED + - RpmDbEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - runtime + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false + - function: parseRpmDB + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/{var/lib,usr/share,usr/lib/sysimage}/rpm/{Packages,Packages.db,rpmdb.sqlite}' + metadata_types: # AUTO-GENERATED + - pkg.RpmDBEntry + package_types: # AUTO-GENERATED + - rpm + json_schema_types: # AUTO-GENERATED + - RpmDbEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: true + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: complete + - name: dependency.kinds + default: + - runtime + - name: package_manager.files.listing + default: true + evidence: + - RpmDBEntry.Files + - name: package_manager.files.digests + default: true + evidence: + - RpmDBEntry.Files[].Digest + - name: package_manager.package_integrity_hash + default: false diff --git a/internal/capabilities/packages/ruby.yaml b/internal/capabilities/packages/ruby.yaml new file mode 100644 index 000000000..d4db89c3b --- /dev/null +++ b/internal/capabilities/packages/ruby.yaml @@ -0,0 +1,134 @@ +# Cataloger capabilities. See ../README.md for documentation. + +catalogers: + - ecosystem: ruby # MANUAL + name: ruby-gemfile-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/ruby/cataloger.go + function: NewGemFileLockCataloger + selectors: # AUTO-GENERATED + - declared + - directory + - gem + - language + - package + - ruby + parsers: # AUTO-GENERATED structure + - function: parseGemFileLockEntries + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/Gemfile.lock' + package_types: # AUTO-GENERATED + - gem + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - runtime + - dev + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false + - ecosystem: ruby # MANUAL + name: ruby-gemspec-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/ruby/cataloger.go + function: NewGemSpecCataloger + selectors: # AUTO-GENERATED + - declared + - directory + - gem + - gemspec + - language + - package + - ruby + parsers: # AUTO-GENERATED structure + - function: parseGemSpecEntries + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/*.gemspec' + metadata_types: # AUTO-GENERATED + - pkg.RubyGemspec + package_types: # AUTO-GENERATED + - gem + json_schema_types: # AUTO-GENERATED + - RubyGemspec + capabilities: # MANUAL - preserved across regeneration + - name: license + default: true + - name: dependency.depth + default: + - direct + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - runtime + - name: package_manager.files.listing + default: true + evidence: + - RubyGemspec.Files + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false + - ecosystem: ruby # MANUAL + name: ruby-installed-gemspec-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/ruby/cataloger.go + function: NewInstalledGemSpecCataloger + selectors: # AUTO-GENERATED + - gem + - gemspec + - image + - installed + - language + - package + - ruby + parsers: # AUTO-GENERATED structure + - function: parseGemSpecEntries + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/specifications/**/*.gemspec' + metadata_types: # AUTO-GENERATED + - pkg.RubyGemspec + package_types: # AUTO-GENERATED + - gem + json_schema_types: # AUTO-GENERATED + - RubyGemspec + capabilities: # MANUAL - preserved across regeneration + - name: license + default: true + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - runtime + - name: package_manager.files.listing + default: true + evidence: + - RubyGemspec.Files + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false diff --git a/internal/capabilities/packages/rust.yaml b/internal/capabilities/packages/rust.yaml new file mode 100644 index 000000000..82d211be6 --- /dev/null +++ b/internal/capabilities/packages/rust.yaml @@ -0,0 +1,99 @@ +# Cataloger capabilities. See ../README.md for documentation. + +catalogers: + - ecosystem: rust # MANUAL + name: cargo-auditable-binary-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/rust/cataloger.go + function: NewAuditBinaryCataloger + selectors: # AUTO-GENERATED + - binary + - directory + - image + - installed + - language + - package + - rust + parsers: # AUTO-GENERATED structure + - function: parseAuditBinary + detector: # AUTO-GENERATED + method: mimetype # AUTO-GENERATED + criteria: # AUTO-GENERATED + - application/x-executable + - application/x-mach-binary + - application/x-elf + - application/x-sharedlib + - application/vnd.microsoft.portable-executable + - application/x-executable + metadata_types: # AUTO-GENERATED + - pkg.RustBinaryAuditEntry + package_types: # AUTO-GENERATED + - rust-crate + json_schema_types: # AUTO-GENERATED + - RustCargoAuditEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: complete + - name: dependency.kinds + default: + - runtime + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false + - ecosystem: rust # MANUAL + name: rust-cargo-lock-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/rust/cataloger.go + function: NewCargoLockCataloger + selectors: # AUTO-GENERATED + - cargo + - declared + - directory + - language + - package + - rust + parsers: # AUTO-GENERATED structure + - function: parseCargoLock + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/Cargo.lock' + metadata_types: # AUTO-GENERATED + - pkg.RustCargoLockEntry + package_types: # AUTO-GENERATED + - rust-crate + json_schema_types: # AUTO-GENERATED + - RustCargoLockEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: complete + - name: dependency.kinds + default: + - runtime + - dev + - build + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: true + evidence: + - RustCargoLockEntry.Checksum diff --git a/internal/capabilities/packages/sbom.yaml b/internal/capabilities/packages/sbom.yaml new file mode 100644 index 000000000..5fe58eb18 --- /dev/null +++ b/internal/capabilities/packages/sbom.yaml @@ -0,0 +1,49 @@ +# Cataloger capabilities. See ../README.md for documentation. + +catalogers: + - ecosystem: sbom # MANUAL + name: sbom-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/sbom/cataloger.go + function: NewCataloger + selectors: # AUTO-GENERATED + - package + - sbom + parsers: # AUTO-GENERATED structure + - function: parseSBOM + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/*.syft.json' + - '**/*.bom.*' + - '**/*.bom' + - '**/bom' + - '**/*.sbom.*' + - '**/*.sbom' + - '**/sbom' + - '**/*.cdx.*' + - '**/*.cdx' + - '**/*.spdx.*' + - '**/*.spdx' + metadata_types: # AUTO-GENERATED + - pkg.ApkDBEntry + package_types: # AUTO-GENERATED + - apk + json_schema_types: # AUTO-GENERATED + - ApkDbEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: true + - name: dependency.depth + default: [] + - name: dependency.edges + default: "" + - name: dependency.kinds + default: [] + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false diff --git a/internal/capabilities/packages/snap.yaml b/internal/capabilities/packages/snap.yaml new file mode 100644 index 000000000..e0258b86e --- /dev/null +++ b/internal/capabilities/packages/snap.yaml @@ -0,0 +1,146 @@ +# Cataloger capabilities. See ../README.md for documentation. + +catalogers: + - ecosystem: snap # MANUAL + name: snap-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/snap/cataloger.go + function: NewCataloger + selectors: # AUTO-GENERATED + - directory + - image + - installed + - package + - snap + parsers: # AUTO-GENERATED structure + - function: parseSnapdSnapcraft + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/snap/snapcraft.yaml' + metadata_types: # AUTO-GENERATED + - pkg.SnapEntry + package_types: # AUTO-GENERATED + - deb + json_schema_types: # AUTO-GENERATED + - SnapEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: [] + - name: dependency.edges + default: "" + - name: dependency.kinds + default: [] + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false + - function: parseSystemManifest + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/snap/manifest.yaml' + metadata_types: # AUTO-GENERATED + - pkg.SnapEntry + package_types: # AUTO-GENERATED + - deb + json_schema_types: # AUTO-GENERATED + - SnapEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: [] + - name: dependency.edges + default: "" + - name: dependency.kinds + default: [] + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false + - function: parseKernelChangelog + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/doc/linux-modules-*/changelog.Debian.gz' + metadata_types: # AUTO-GENERATED + - pkg.SnapEntry + package_types: # AUTO-GENERATED + - deb + json_schema_types: # AUTO-GENERATED + - SnapEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: [] + - name: dependency.edges + default: "" + - name: dependency.kinds + default: [] + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false + - function: parseBaseDpkgYaml + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/usr/share/snappy/dpkg.yaml' + metadata_types: # AUTO-GENERATED + - pkg.SnapEntry + package_types: # AUTO-GENERATED + - deb + json_schema_types: # AUTO-GENERATED + - SnapEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: [] + - name: dependency.edges + default: "" + - name: dependency.kinds + default: [] + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false + - function: parseSnapYaml + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/meta/snap.yaml' + metadata_types: # AUTO-GENERATED + - pkg.SnapEntry + package_types: # AUTO-GENERATED + - deb + json_schema_types: # AUTO-GENERATED + - SnapEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: [] + - name: dependency.edges + default: "" + - name: dependency.kinds + default: [] + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false diff --git a/internal/capabilities/packages/swift.yaml b/internal/capabilities/packages/swift.yaml new file mode 100644 index 000000000..b03352c59 --- /dev/null +++ b/internal/capabilities/packages/swift.yaml @@ -0,0 +1,92 @@ +# Cataloger capabilities. See ../README.md for documentation. + +catalogers: + - ecosystem: swift # MANUAL + name: cocoapods-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/swift/cataloger.go + function: NewCocoapodsCataloger + selectors: # AUTO-GENERATED + - cocoapods + - declared + - directory + - language + - package + - swift + parsers: # AUTO-GENERATED structure + - function: parsePodfileLock + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/Podfile.lock' + metadata_types: # AUTO-GENERATED + - pkg.CocoaPodfileLockEntry + package_types: # AUTO-GENERATED + - pod + json_schema_types: # AUTO-GENERATED + - CocoaPodfileLockEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - runtime + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: true + evidence: + - CocoaPodfileLockEntry.Checksum + - ecosystem: swift # MANUAL + name: swift-package-manager-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/swift/cataloger.go + function: NewSwiftPackageManagerCataloger + selectors: # AUTO-GENERATED + - declared + - directory + - language + - package + - spm + - swift + parsers: # AUTO-GENERATED structure + - function: parsePackageResolved + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/Package.resolved' + - '**/.package.resolved' + metadata_types: # AUTO-GENERATED + - pkg.SwiftPackageManagerResolvedEntry + package_types: # AUTO-GENERATED + - swift + json_schema_types: # AUTO-GENERATED + - SwiftPackageManagerLockEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: + - direct + - indirect + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - runtime + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false diff --git a/internal/capabilities/packages/swipl.yaml b/internal/capabilities/packages/swipl.yaml new file mode 100644 index 000000000..b67845795 --- /dev/null +++ b/internal/capabilities/packages/swipl.yaml @@ -0,0 +1,46 @@ +# Cataloger capabilities. See ../README.md for documentation. + +catalogers: + - ecosystem: prolog # MANUAL + name: swipl-pack-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/swipl/cataloger.go + function: NewSwiplPackCataloger + selectors: # AUTO-GENERATED + - declared + - directory + - language + - pack + - package + - swipl + parsers: # AUTO-GENERATED structure + - function: parsePackPackage + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/pack.pl' + metadata_types: # AUTO-GENERATED + - pkg.SwiplPackEntry + package_types: # AUTO-GENERATED + - swiplpack + json_schema_types: # AUTO-GENERATED + - SwiplpackPackage + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: + - direct + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - runtime + - dev + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false diff --git a/internal/capabilities/packages/terraform.yaml b/internal/capabilities/packages/terraform.yaml new file mode 100644 index 000000000..427cb5f5d --- /dev/null +++ b/internal/capabilities/packages/terraform.yaml @@ -0,0 +1,45 @@ +# Cataloger capabilities. See ../README.md for documentation. + +catalogers: + - ecosystem: terraform # MANUAL + name: terraform-lock-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/terraform/cataloger.go + function: NewLockCataloger + selectors: # AUTO-GENERATED + - declared + - directory + - package + - terraform + parsers: # AUTO-GENERATED structure + - function: parseTerraformLock + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/.terraform.lock.hcl' + metadata_types: # AUTO-GENERATED + - pkg.TerraformLockProviderEntry + package_types: # AUTO-GENERATED + - terraform + json_schema_types: # AUTO-GENERATED + - TerraformLockProviderEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: false + - name: dependency.depth + default: + - direct + - name: dependency.edges + default: "" + - name: dependency.kinds + default: + - runtime + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: true + evidence: + - TerraformLockProviderEntry.Hashes diff --git a/internal/capabilities/packages/wordpress.yaml b/internal/capabilities/packages/wordpress.yaml new file mode 100644 index 000000000..9da6257a3 --- /dev/null +++ b/internal/capabilities/packages/wordpress.yaml @@ -0,0 +1,41 @@ +# Cataloger capabilities. See ../README.md for documentation. + +catalogers: + - ecosystem: wordpress # MANUAL + name: wordpress-plugins-cataloger # AUTO-GENERATED + type: generic # AUTO-GENERATED + source: # AUTO-GENERATED + file: syft/pkg/cataloger/wordpress/cataloger.go + function: NewWordpressPluginCataloger + selectors: # AUTO-GENERATED + - directory + - image + - package + - wordpress + parsers: # AUTO-GENERATED structure + - function: parseWordpressPluginFiles + detector: # AUTO-GENERATED + method: glob # AUTO-GENERATED + criteria: # AUTO-GENERATED + - '**/wp-content/plugins/*/*.php' + metadata_types: # AUTO-GENERATED + - pkg.WordpressPluginEntry + package_types: # AUTO-GENERATED + - wordpress-plugin + json_schema_types: # AUTO-GENERATED + - WordpressPluginEntry + capabilities: # MANUAL - preserved across regeneration + - name: license + default: true + - name: dependency.depth + default: [] + - name: dependency.edges + default: "" + - name: dependency.kinds + default: [] + - name: package_manager.files.listing + default: false + - name: package_manager.files.digests + default: false + - name: package_manager.package_integrity_hash + default: false