oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-19 17:33:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

split packages.yaml to multiple files by go package

Browse Source 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
This commit is contained in:
Alex Goodman 2025-11-18 13:28:18 -05:00
parent bb5e221860
commit 6edb1162c8
44 changed files with 4787 additions and 4773 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

227
internal/capabilities/README.md Normal file
View File

@ -0,0 +1,227 @@
# Cataloger Capabilities Documentation
This documentation describes the format and structure of cataloger capabilities YAML files.
## File Organization
Capabilities are centralized in the `internal/capabilities/` directory:
- **Cataloger capabilities**: Located in `internal/capabilities/packages/*.yaml` (one file per ecosystem: `golang.yaml`, `python.yaml`, etc.)
- **Application configuration**: Located in `internal/capabilities/appconfig.yaml`
Each file in `packages/*.yaml` is partially auto-generated. Run `go generate ./internal/capabilities` to regenerate.
- Fields marked **AUTO-GENERATED** will be updated during regeneration
- All **capabilities** sections are **MANUAL** - edit these to describe cataloger behavior
## Capability Sections
There are two types of capability sections depending on cataloger type:
### 1. Generic Catalogers (`type: generic`)
- Have capabilities at the **PARSER level**
- Each parser function has its own capabilities section
- Allows different parsers within the same cataloger to have different capabilities
### 2. Custom Catalogers (`type: custom`)
- Have capabilities at the **CATALOGER level**
- Single capabilities section for the entire cataloger
## Capabilities Format
Capabilities use a field-based format with defaults and optional conditional overrides:
```yaml
capabilities:
- field: <field-name> # dot-notation path (e.g., "license", "dependency.depth")
default: <value> # value when no conditions match
conditions: # optional - conditional overrides evaluated in order
- when: {ConfigField: val} # when these config fields match (AND logic)
value: <override-value> # use this value instead
comment: "explanation" # optional - why this condition exists
evidence: # optional - source code references
- "StructName.FieldName"
comment: "explanation" # optional - general field explanation
```
## Detector Conditions
Detectors (used by custom catalogers) can have optional conditions that control when they are active. This allows a single cataloger to have different detection behavior based on configuration.
### Structure
```yaml
detectors:
- method: glob # AUTO-GENERATED - detection method
criteria: ["**/*.jar"] # AUTO-GENERATED - patterns to match
comment: "always active" # MANUAL - optional explanation
- method: glob
criteria: ["**/*.zip"]
conditions: # MANUAL - when this detector is active
- when: {IncludeZipFiles: true} # config fields that must match
comment: "optional explanation"
comment: "ZIP detection requires config"
```
### Notes
- Conditions reference fields from the cataloger's config struct
- Multiple conditions in the array use **OR logic** (any condition can activate)
- Multiple fields in a `when` clause use **AND logic** (all must match)
- Detectors without conditions are always active
- Only custom catalogers support detectors with conditions
## Condition Evaluation
- Conditions are evaluated in array order (first match wins)
- Multiple fields in a `when` clause use **AND logic** (all must match)
- Multiple conditions in the array use **OR logic** (first matching condition)
- If no conditions match, the default value is used
## Capability Fields
Standard capability field names and their value types:
### `license` (boolean)
Whether license information is available.
**Examples:**
```yaml
default: true # always available
default: false # never available
default: false # requires configuration
conditions:
- when: {SearchRemoteLicenses: true}
value: true
```
### `dependency.depth` (array of strings)
Which dependency depths can be discovered.
**Values:** `direct` (immediate deps), `indirect` (transitive deps)
**Examples:**
```yaml
default: [direct] # only immediate dependencies
default: [direct, indirect] # full transitive closure
default: [] # no dependency information
```
### `dependency.edges` (string)
Relationships between nodes and completeness of the dependency graph.
**Values:**
- `""` - dependencies found but no edges between them
- `"flat"` - single level of dependencies with edges to root package only
- `"reduced"` - transitive reduction (redundant edges removed)
- `"complete"` - all relationships with accurate direct and indirect edges
**Examples:**
```yaml
default: complete
default: ""
```
### `dependency.kinds` (array of strings)
Types of dependencies that can be discovered.
**Values:** `runtime`, `dev`, `build`, `test`, `optional`
**Examples:**
```yaml
default: [runtime] # production dependencies only
default: [runtime, dev] # production and development
default: [runtime, dev, build] # all dependency types
default: [runtime] # with conditional dev deps
conditions:
- when: {IncludeDevDeps: true}
value: [runtime, dev]
```
### `package_manager.files.listing` (boolean)
Whether file listings are available (which files belong to the package).
**Examples:**
```yaml
default: true
default: false
conditions:
- when: {CaptureOwnedFiles: true}
value: true
```
### `package_manager.files.digests` (boolean)
Whether file digests/checksums are included in listings.
**Examples:**
```yaml
default: true
default: false
```
### `package_manager.package_integrity_hash` (boolean)
Whether a hash for verifying package integrity is available.
**Examples:**
```yaml
default: true
default: false
```
## Examples
### Simple cataloger with no configuration
```yaml
capabilities:
- name: license
default: true
comment: "license field always present in package.json"
- name: dependency.depth
default: [direct]
- name: dependency.edges
default: ""
- name: dependency.kinds
default: [runtime]
comment: "devDependencies not parsed by this cataloger"
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
```
### Cataloger with configuration-dependent capabilities
```yaml
capabilities:
- name: license
default: false
conditions:
- when: {SearchLocalModCacheLicenses: true}
value: true
comment: "searches for licenses in GOPATH mod cache"
- when: {SearchRemoteLicenses: true}
value: true
comment: "fetches licenses from proxy.golang.org"
comment: "license scanning requires configuration"
- name: dependency.depth
default: [direct, indirect]
- name: dependency.edges
default: flat
- name: dependency.kinds
default: [runtime, dev]
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- "GolangBinaryBuildinfoEntry.H1Digest"
```

60
internal/capabilities/appconfig.yaml Normal file
View File

@ -0,0 +1,60 @@
# Application-level configuration. See README.md for documentation.
# This file is partially auto-generated. Run 'go generate ./internal/capabilities' to regenerate.
application: # AUTO-GENERATED - application-level config keys
- key: dotnet.dep-packages-must-claim-dll
description: only keep dep.json packages which have a runtime/resource DLL claimed in the deps.json targets section (but not necessarily found on disk). The package is also included if any child package claims a DLL, even if the package itself does not claim a DLL.
- key: dotnet.dep-packages-must-have-dll
description: only keep dep.json packages which an executable on disk is found. The package is also included if a DLL is found for any child package, even if the package itself does not have a DLL.
- key: dotnet.propagate-dll-claims-to-parents
description: treat DLL claims or on-disk evidence for child packages as DLL claims or on-disk evidence for any parent package
- key: dotnet.relax-dll-claims-when-bundling-detected
description: show all packages from the deps.json if bundling tooling is present as a dependency (e.g. ILRepack)
- key: golang.local-mod-cache-dir
description: specify an explicit go mod cache directory, if unset this defaults to $GOPATH/pkg/mod or $HOME/go/pkg/mod
- key: golang.local-vendor-dir
description: specify an explicit go vendor directory, if unset this defaults to ./vendor
- key: golang.main-module-version.from-build-settings
description: use the build settings (e.g. vcs.version & vcs.time) to craft a v0 pseudo version (e.g. v0.0.0-20220308212642-53e6d0aaf6fb) when a more accurate version cannot be found otherwise
- key: golang.main-module-version.from-contents
description: search for semver-like strings in the binary contents
- key: golang.main-module-version.from-ld-flags
description: look for LD flags that appear to be setting a version (e.g. -X main.version=1.0.0)
- key: golang.no-proxy
description: specifies packages which should not be fetched by proxy if unset this defaults to $GONOPROXY
- key: golang.proxy
description: remote proxy to use when retrieving go packages from the network, if unset this defaults to $GOPROXY followed by https://proxy.golang.org
- key: golang.search-local-mod-cache-licenses
description: search for go package licences in the GOPATH of the system running Syft, note that this is outside the container filesystem and potentially outside the root of a local directory scan
- key: golang.search-local-vendor-licenses
description: search for go package licences in the vendor folder on the system running Syft, note that this is outside the container filesystem and potentially outside the root of a local directory scan
- key: golang.search-remote-licenses
description: search for go package licences by retrieving the package from a network proxy
- key: java.maven-local-repository-dir
description: override the default location of the local Maven repository. the default is the subdirectory '.m2/repository' in your home directory
- key: java.maven-url
description: maven repository to use, defaults to Maven central
- key: java.max-parent-recursive-depth
description: depth to recursively resolve parent POMs, no limit if <= 0
- key: java.resolve-transitive-dependencies
description: resolve transient dependencies such as those defined in a dependency's POM on Maven central
- key: java.use-maven-local-repository
description: 'use the local Maven repository to retrieve pom files. When Maven is installed and was previously used for building the software that is being scanned, then most pom files will be available in this repository on the local file system. this greatly speeds up scans. when all pom files are available in the local repository, then ''use-network'' is not needed. TIP: If you want to download all required pom files to the local repository without running a full build, run ''mvn help:effective-pom'' before performing the scan with syft.'
- key: java.use-network
description: enables Syft to use the network to fetch version and license information for packages when a parent or imported pom file is not found in the local maven repository. the pom files are downloaded from the remote Maven repository at 'maven-url'
- key: javascript.include-dev-dependencies
description: include development-scoped dependencies
- key: javascript.npm-base-url
description: base NPM url to use
- key: javascript.search-remote-licenses
description: enables Syft to use the network to fill in more detailed license information
- key: linux-kernel.catalog-modules
description: whether to catalog linux kernel modules found within lib/modules/** directories
- key: nix.capture-owned-files
description: enumerate all files owned by packages found within Nix store paths
- key: python.guess-unpinned-requirements
description: when running across entries in requirements.txt that do not specify a specific version (e.g. "sqlalchemy >= 1.0.0, <= 2.0.0, != 3.0.0, <= 3.0.0"), attempt to guess what the version could be based on the version requirements specified (e.g. "1.0.0"). When enabled the lowest expressible version when given an arbitrary constraint will be used (even if that version may not be available/published).
- key: python.pypi-base-url
description: base Pypi url to use
- key: python.search-remote-licenses
description: enables Syft to use the network to fill in more detailed license information

73
internal/capabilities/capabilities.go
View File

@ -2,8 +2,10 @@
package capabilities
import (
_ "embed"
"embed"
"fmt"
"io/fs"
"path/filepath"
"sort"
"github.com/scylladb/go-set/strset"
@ -14,16 +16,73 @@ import (
//go:generate go run ./generate
//go:embed packages.yaml
var catalogersYAML []byte
//go:embed appconfig.yaml
var appconfigYAML []byte
//go:embed packages/*.yaml
var catalogerFiles embed.FS
// LoadDocument loads and returns the complete document including configs and app-configs
func LoadDocument() (*Document, error) {
var doc Document
if err := yaml.Unmarshal(catalogersYAML, &doc); err != nil {
return nil, fmt.Errorf("failed to parse embedded capabilities YAML: %w", err)
// parse application config
var appDoc struct {
Application []ApplicationConfigField `yaml:"application"`
}
return &doc, nil
if err := yaml.Unmarshal(appconfigYAML, &appDoc); err != nil {
return nil, fmt.Errorf("failed to parse appconfig.yaml: %w", err)
}
// walk the embedded filesystem to find all cataloger capabilities.yaml files
var catalogersDoc Document
catalogersDoc.ApplicationConfig = appDoc.Application
catalogersDoc.Configs = make(map[string]CatalogerConfigEntry)
err := fs.WalkDir(catalogerFiles, ".", func(path string, d fs.DirEntry, err error) error {
if err != nil {
return err
}
// skip non-yaml files and directories
if d.IsDir() || filepath.Ext(path) != ".yaml" || path == "." {
return nil
}
// read the file
data, err := catalogerFiles.ReadFile(path)
if err != nil {
return fmt.Errorf("failed to read %s: %w", path, err)
}
// parse the file
var capDoc struct {
Configs map[string]CatalogerConfigEntry `yaml:"configs"`
Catalogers []CatalogerEntry `yaml:"catalogers"`
}
if err := yaml.Unmarshal(data, &capDoc); err != nil {
return fmt.Errorf("failed to parse %s: %w", path, err)
}
// merge configs
for k, v := range capDoc.Configs {
catalogersDoc.Configs[k] = v
}
// merge catalogers
catalogersDoc.Catalogers = append(catalogersDoc.Catalogers, capDoc.Catalogers...)
return nil
})
if err != nil {
return nil, fmt.Errorf("failed to walk cataloger capabilities: %w", err)
}
// sort catalogers by name for consistency
sort.Slice(catalogersDoc.Catalogers, func(i, j int) bool {
return catalogersDoc.Catalogers[i].Name < catalogersDoc.Catalogers[j].Name
})
return &catalogersDoc, nil
}
// Packages loads and returns all cataloger capabilities from the embedded YAML file

38
internal/capabilities/capabilities_test.go Normal file
View File

@ -0,0 +1,38 @@
package capabilities
import (
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestLoadDocument(t *testing.T) {
doc, err := LoadDocument()
require.NoError(t, err)
require.NotNil(t, doc)
// validate application config is loaded
assert.NotEmpty(t, doc.ApplicationConfig, "should have application config")
// validate catalogers are loaded and merged from all packages/*.yaml files
assert.NotEmpty(t, doc.Catalogers, "should have catalogers")
assert.Greater(t, len(doc.Catalogers), 50, "should have at least 50 catalogers")
// validate configs are loaded
assert.NotEmpty(t, doc.Configs, "should have configs")
// check that catalogers are sorted by name
for i := 1; i < len(doc.Catalogers); i++ {
assert.LessOrEqual(t, doc.Catalogers[i-1].Name, doc.Catalogers[i].Name,
"catalogers should be sorted by name")
}
}
func TestPackages(t *testing.T) {
catalogers, err := Packages()
require.NoError(t, err)
require.NotNil(t, catalogers)
assert.Greater(t, len(catalogers), 50, "should have at least 50 catalogers")
}

654
internal/capabilities/generate/io.go
View File

@ -4,6 +4,9 @@ package main
import (
"fmt"
"os"
"path/filepath"
"regexp"
"strings"
"gopkg.in/yaml.v3"
@ -12,203 +15,85 @@ import (
const autoGeneratedComment = "AUTO-GENERATED"
const capabilitiesHeaderComment = `This file is partially auto-generated. Run 'go generate ./internal/capabilities' to regenerate.
Fields marked AUTO-GENERATED will be updated during regeneration.
All 'capabilities' sections are MANUAL - edit these to describe cataloger behavior.
CAPABILITY SECTIONS:
There are two types of capability sections depending on cataloger type:
1. Generic catalogers (type=generic): Have capabilities at the PARSER level
- Each parser function has its own capabilities section
- Allows different parsers within the same cataloger to have different capabilities
2. Custom catalogers (type=custom): Have capabilities at the CATALOGER level
- Single capabilities section for the entire cataloger
CAPABILITIES FORMAT:
Capabilities use a field-based format with defaults and optional conditional overrides:
capabilities:
- field: <field-name> # dot-notation path (e.g., "license", "dependency.depth")
default: <value> # value when no conditions match
conditions: # optional - conditional overrides evaluated in order
- when: {ConfigField: val} # when these config fields match (AND logic)
value: <override-value> # use this value instead
comment: "explanation" # optional - why this condition exists
evidence: # optional - source code references
- "StructName.FieldName"
comment: "explanation" # optional - general field explanation
DETECTOR CONDITIONS:
Detectors (used by custom catalogers) can have optional conditions that control when
they are active. This allows a single cataloger to have different detection behavior
based on configuration.
Structure:
detectors:
- method: glob # AUTO-GENERATED - detection method
criteria: ["**/*.jar"] # AUTO-GENERATED - patterns to match
comment: "always active" # MANUAL - optional explanation
- method: glob
criteria: ["**/*.zip"]
conditions: # MANUAL - when this detector is active
- when: {IncludeZipFiles: true} # config fields that must match
comment: "optional explanation"
comment: "ZIP detection requires config"
Notes:
- Conditions reference fields from the cataloger's config struct
- Multiple conditions in the array use OR logic (any condition can activate)
- Multiple fields in a 'when' clause use AND logic (all must match)
- Detectors without conditions are always active
- Only custom catalogers support detectors with conditions
CONDITION EVALUATION:
- Conditions are evaluated in array order (first match wins)
- Multiple fields in a 'when' clause use AND logic (all must match)
- Multiple conditions in the array use OR logic (first matching condition)
- If no conditions match, the default value is used
CAPABILITY FIELDS:
Standard capability field names and their value types:
license: (boolean)
Whether license information is available.
Examples:
default: true # always available
default: false # never available
default: false # requires configuration
conditions:
- when: {SearchRemoteLicenses: true}
value: true
dependency.depth: (array of strings)
Which dependency depths can be discovered.
Values: "direct" (immediate deps), "indirect" (transitive deps)
Examples:
default: [direct] # only immediate dependencies
default: [direct, indirect] # full transitive closure
default: [] # no dependency information
dependency.edges: (string)
Relationships between nodes and completeness of the dependency graph.
Values:
- "" # dependencies found but no edges between them
- "flat" # single level of dependencies with edges to root package only
- "reduced" # transitive reduction (redundant edges removed)
- "complete" # all relationships with accurate direct and indirect edges
Examples:
default: complete
default: ""
dependency.kinds: (array of strings)
Types of dependencies that can be discovered.
Values: "runtime", "dev", "build", "test", "optional"
Examples:
default: [runtime] # production dependencies only
default: [runtime, dev] # production and development
default: [runtime, dev, build] # all dependency types
default: [runtime] # with conditional dev deps
conditions:
- when: {IncludeDevDeps: true}
value: [runtime, dev]
package_manager.files.listing: (boolean)
Whether file listings are available (which files belong to the package).
Examples:
default: true
default: false
conditions:
- when: {CaptureOwnedFiles: true}
value: true
package_manager.files.digests: (boolean)
Whether file digests/checksums are included in listings.
Examples:
default: true
default: false
package_manager.package_integrity_hash: (boolean)
Whether a hash for verifying package integrity is available.
Examples:
default: true
default: false
EXAMPLES:
# Simple cataloger with no configuration
capabilities:
- name: license
default: true
comment: "license field always present in package.json"
- name: dependency.depth
default: [direct]
- name: dependency.edges
default: ""
- name: dependency.kinds
default: [runtime]
comment: "devDependencies not parsed by this cataloger"
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
# Cataloger with configuration-dependent capabilities
capabilities:
- name: license
default: false
conditions:
- when: {SearchLocalModCacheLicenses: true}
value: true
comment: "searches for licenses in GOPATH mod cache"
- when: {SearchRemoteLicenses: true}
value: true
comment: "fetches licenses from proxy.golang.org"
comment: "license scanning requires configuration"
- name: dependency.depth
default: [direct, indirect]
- name: dependency.edges
default: flat
- name: dependency.kinds
default: [runtime, dev]
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- "GolangBinaryBuildinfoEntry.H1Digest"`
// loadCapabilities loads the capabilities document from a YAML file.
// Returns both the parsed document and the original YAML node tree to preserve comments.
// Exported for use by the generator in generate/main.go
func loadCapabilities(path string) (*capabilities.Document, *yaml.Node, error) {
data, err := os.ReadFile(path)
func loadCapabilities(capabilitiesDir string) (*capabilities.Document, map[string]*yaml.Node, error) {
packagesDir := filepath.Join(capabilitiesDir, "packages")
// load all packages/*.yaml files
files, err := filepath.Glob(filepath.Join(packagesDir, "*.yaml"))
if err != nil {
if os.IsNotExist(err) {
// return empty document if file doesn't exist
return &capabilities.Document{}, nil, nil
return nil, nil, fmt.Errorf("failed to glob packages directory: %w", err)
}
mergedDoc := &capabilities.Document{
Configs: make(map[string]capabilities.CatalogerConfigEntry),
Catalogers: []capabilities.CatalogerEntry{},
}
nodeMap := make(map[string]*yaml.Node)
// load each package file
for _, file := range files {
data, err := os.ReadFile(file)
if err != nil {
return nil, nil, fmt.Errorf("failed to read %s: %w", file, err)
}
return nil, nil, fmt.Errorf("failed to read capabilities file: %w", err)
// parse into node tree to preserve comments
var rootNode yaml.Node
if err := yaml.Unmarshal(data, &rootNode); err != nil {
return nil, nil, fmt.Errorf("failed to parse %s into node tree: %w", file, err)
}
// parse into struct
var doc struct {
Configs map[string]capabilities.CatalogerConfigEntry `yaml:"configs"`
Catalogers []capabilities.CatalogerEntry `yaml:"catalogers"`
}
if err := yaml.Unmarshal(data, &doc); err != nil {
return nil, nil, fmt.Errorf("failed to parse %s into struct: %w", file, err)
}
// merge configs
for k, v := range doc.Configs {
mergedDoc.Configs[k] = v
}
// merge catalogers
mergedDoc.Catalogers = append(mergedDoc.Catalogers, doc.Catalogers...)
// store node tree by filename (basename without .yaml)
ecosystem := strings.TrimSuffix(filepath.Base(file), ".yaml")
nodeMap[ecosystem] = &rootNode
}
// parse into node tree to preserve comments
var rootNode yaml.Node
if err := yaml.Unmarshal(data, &rootNode); err != nil {
return nil, nil, fmt.Errorf("failed to parse capabilities YAML into node tree: %w", err)
// load appconfig.yaml separately
appconfigPath := filepath.Join(capabilitiesDir, "appconfig.yaml")
if _, err := os.Stat(appconfigPath); err == nil {
data, err := os.ReadFile(appconfigPath)
if err != nil {
return nil, nil, fmt.Errorf("failed to read appconfig.yaml: %w", err)
}
var appDoc struct {
Application []capabilities.ApplicationConfigField `yaml:"application"`
}
if err := yaml.Unmarshal(data, &appDoc); err != nil {
return nil, nil, fmt.Errorf("failed to parse appconfig.yaml: %w", err)
}
mergedDoc.ApplicationConfig = appDoc.Application
// load node tree for appconfig
var appNode yaml.Node
if err := yaml.Unmarshal(data, &appNode); err != nil {
return nil, nil, fmt.Errorf("failed to parse appconfig.yaml into node tree: %w", err)
}
nodeMap["appconfig"] = &appNode
}
// also parse into struct for easy manipulation
var doc capabilities.Document
if err := yaml.Unmarshal(data, &doc); err != nil {
return nil, nil, fmt.Errorf("failed to parse capabilities YAML into struct: %w", err)
}
return &doc, &rootNode, nil
return mergedDoc, nodeMap, nil
}
// writeYAMLToFile writes a YAML node to a file with proper encoding
@ -269,269 +154,173 @@ func addFieldComments(rootNode *yaml.Node) {
}
}
// SaveCapabilities saves the capabilities document to a YAML file with comments.
// If existingNode is provided, it updates the existing node tree in-place to preserve comments.
// If existingNode is nil, it creates a new node tree.
func saveCapabilities(path string, doc *capabilities.Document, existingNode *yaml.Node) error {
var rootNode yaml.Node
// SaveCapabilities saves the capabilities document to distributed YAML files with comments.
// Groups catalogers by ecosystem and writes each to packages/ECOSYSTEM.yaml.
// Also saves appconfig.yaml separately.
func saveCapabilities(capabilitiesDir string, doc *capabilities.Document, existingNodes map[string]*yaml.Node) error {
packagesDir := filepath.Join(capabilitiesDir, "packages")
if existingNode != nil {
// update existing node tree in-place to preserve all comments
rootNode = *existingNode
rootNode.HeadComment = capabilitiesHeaderComment // update header before processing
if err := updateNodeTree(&rootNode, doc); err != nil {
return fmt.Errorf("failed to update node tree: %w", err)
catalogersByEcosystem, configsByEcosystem := groupCatalogersByEcosystem(doc)
// write each ecosystem file
for ecosystem, catalogers := range catalogersByEcosystem {
if err := writeEcosystemFile(packagesDir, ecosystem, catalogers, configsByEcosystem[ecosystem], existingNodes); err != nil {
return err
}
} else {
// create a new yaml.Node for new files
if err := rootNode.Encode(doc); err != nil {
return fmt.Errorf("failed to encode document: %w", err)
}
rootNode.HeadComment = capabilitiesHeaderComment
}
// add/update comments to fields
addFieldComments(&rootNode)
// save appconfig.yaml
if len(doc.ApplicationConfig) > 0 {
if err := writeAppconfigFile(capabilitiesDir, doc.ApplicationConfig, existingNodes); err != nil {
return err
}
}
// write to file
return writeYAMLToFile(path, &rootNode)
return nil
}
// updateNodeTree updates an existing YAML node tree with new document data
// while preserving all existing comments (HeadComment, LineComment, FootComment).
func updateNodeTree(rootNode *yaml.Node, doc *capabilities.Document) error {
// encode the document into a new temporary node tree
var newNode yaml.Node
if err := newNode.Encode(doc); err != nil {
return fmt.Errorf("failed to encode document: %w", err)
// groupCatalogersByEcosystem groups catalogers and their configs by ecosystem
func groupCatalogersByEcosystem(doc *capabilities.Document) (map[string][]capabilities.CatalogerEntry, map[string]map[string]capabilities.CatalogerConfigEntry) {
catalogersByEcosystem := make(map[string][]capabilities.CatalogerEntry)
configsByEcosystem := make(map[string]map[string]capabilities.CatalogerConfigEntry)
for _, cat := range doc.Catalogers {
ecosystem := mapCatalogerToEcosystem(cat)
catalogersByEcosystem[ecosystem] = append(catalogersByEcosystem[ecosystem], cat)
// also group configs for this ecosystem
if cat.Config != "" {
if configEntry, exists := doc.Configs[cat.Config]; exists {
if configsByEcosystem[ecosystem] == nil {
configsByEcosystem[ecosystem] = make(map[string]capabilities.CatalogerConfigEntry)
}
configsByEcosystem[ecosystem][cat.Config] = configEntry
}
}
}
// get the mapping node from root
var existingMapping *yaml.Node
var newMapping *yaml.Node
return catalogersByEcosystem, configsByEcosystem
}
// writeEcosystemFile writes a single ecosystem's catalogers and configs to a YAML file
func writeEcosystemFile(packagesDir, ecosystem string, catalogers []capabilities.CatalogerEntry, configs map[string]capabilities.CatalogerConfigEntry, existingNodes map[string]*yaml.Node) error {
ecosystemDoc := struct {
Configs map[string]capabilities.CatalogerConfigEntry `yaml:"configs,omitempty"`
Catalogers []capabilities.CatalogerEntry `yaml:"catalogers"`
}{
Configs: configs,
Catalogers: catalogers,
}
var rootNode yaml.Node
existingNode, hasExisting := existingNodes[ecosystem]
if hasExisting && existingNode != nil {
// update existing node tree
rootNode = *existingNode
rootNode.HeadComment = "# Cataloger capabilities. See ../README.md for documentation.\n"
if err := updateNodeTreeEcosystem(&rootNode, &ecosystemDoc); err != nil {
return fmt.Errorf("failed to update node tree for %s: %w", ecosystem, err)
}
} else {
// create new node tree
if err := rootNode.Encode(&ecosystemDoc); err != nil {
return fmt.Errorf("failed to encode %s: %w", ecosystem, err)
}
rootNode.HeadComment = "# Cataloger capabilities. See ../README.md for documentation.\n"
}
// add field comments
addFieldComments(&rootNode)
// write file
ecosystemPath := filepath.Join(packagesDir, ecosystem+".yaml")
if err := writeYAMLToFile(ecosystemPath, &rootNode); err != nil {
return fmt.Errorf("failed to write %s: %w", ecosystem, err)
}
return nil
}
// writeAppconfigFile writes the application config to appconfig.yaml
func writeAppconfigFile(capabilitiesDir string, appConfig []capabilities.ApplicationConfigField, existingNodes map[string]*yaml.Node) error {
appconfigDoc := struct {
Application []capabilities.ApplicationConfigField `yaml:"application"`
}{
Application: appConfig,
}
var appNode yaml.Node
existingAppNode, hasExisting := existingNodes["appconfig"]
if hasExisting && existingAppNode != nil {
appNode = *existingAppNode
if err := updateNodeTreeAppConfig(&appNode, &appconfigDoc); err != nil {
return fmt.Errorf("failed to update appconfig node tree: %w", err)
}
} else {
if err := appNode.Encode(&appconfigDoc); err != nil {
return fmt.Errorf("failed to encode appconfig: %w", err)
}
appNode.HeadComment = "# Application-level configuration. See README.md for documentation.\n# This file is partially auto-generated. Run 'go generate ./internal/capabilities' to regenerate.\n"
}
addFieldComments(&appNode)
appconfigPath := filepath.Join(capabilitiesDir, "appconfig.yaml")
if err := writeYAMLToFile(appconfigPath, &appNode); err != nil {
return fmt.Errorf("failed to write appconfig: %w", err)
}
return nil
}
// mapCatalogerToEcosystem determines which ecosystem file a cataloger belongs to
func mapCatalogerToEcosystem(cat capabilities.CatalogerEntry) string {
// first try using the source file path
if cat.Source.File != "" {
// extract directory from path like "syft/pkg/cataloger/golang/cataloger.go"
re := regexp.MustCompile(`syft/pkg/cataloger/([^/]+)/`)
if matches := re.FindStringSubmatch(cat.Source.File); len(matches) >= 2 {
return matches[1]
}
}
// fallback to inferring from cataloger name (from merge.go)
return inferEcosystem(cat.Name)
}
// updateNodeTreeEcosystem updates an existing ecosystem YAML node tree
func updateNodeTreeEcosystem(rootNode *yaml.Node, doc interface{}) error {
var newNode yaml.Node
if err := newNode.Encode(doc); err != nil {
return err
}
var existingMapping *yaml.Node
if rootNode.Kind == yaml.DocumentNode && len(rootNode.Content) > 0 {
existingMapping = rootNode.Content[0]
} else {
existingMapping = rootNode
}
var newMapping *yaml.Node
if newNode.Kind == yaml.DocumentNode && len(newNode.Content) > 0 {
newMapping = newNode.Content[0]
} else {
newMapping = &newNode
}
if existingMapping == nil || newMapping == nil {
*rootNode = newNode
return nil
}
// update or add configs section (AUTO-GENERATED, no comment preservation needed)
updateOrAddSection(existingMapping, newMapping, "configs")
// update or add application section (AUTO-GENERATED, no comment preservation needed)
updateOrAddSection(existingMapping, newMapping, "application")
// update catalogers section (preserve comments)
updateCatalogersSection(existingMapping, newMapping)
return nil
}
// updateCatalogersSection updates the catalogers section while preserving comments
func updateCatalogersSection(existingMapping, newMapping *yaml.Node) {
existingCatalogersNode := findSectionNode(existingMapping, "catalogers")
newCatalogersNode := findSectionNode(newMapping, "catalogers")
if existingCatalogersNode == nil || newCatalogersNode == nil {
return
}
// create a map of existing cataloger nodes by name for quick lookup
existingByName := make(map[string]*yaml.Node)
if existingCatalogersNode.Kind == yaml.SequenceNode {
for _, catalogerNode := range existingCatalogersNode.Content {
if catalogerNode.Kind == yaml.MappingNode {
name := findFieldValue(catalogerNode, "name")
if name != "" {
existingByName[name] = catalogerNode
}
}
}
}
// update each cataloger in the new tree with preserved comments
if newCatalogersNode.Kind == yaml.SequenceNode {
for _, newCatalogerNode := range newCatalogersNode.Content {
if newCatalogerNode.Kind != yaml.MappingNode {
continue
}
name := findFieldValue(newCatalogerNode, "name")
if existingNode := existingByName[name]; existingNode != nil {
// preserve comments from existing cataloger entry
newCatalogerNode.HeadComment = existingNode.HeadComment
newCatalogerNode.LineComment = existingNode.LineComment
newCatalogerNode.FootComment = existingNode.FootComment
// preserve field-level and nested comments
preserveFieldComments(existingNode, newCatalogerNode)
}
}
}
// replace the catalogers content
existingCatalogersNode.Content = newCatalogersNode.Content
}
// updateOrAddSection updates or adds a section in the existing mapping from the new mapping
func updateOrAddSection(existingMapping, newMapping *yaml.Node, sectionName string) {
if existingMapping.Kind != yaml.MappingNode || newMapping.Kind != yaml.MappingNode {
return
}
newSection := findSectionNode(newMapping, sectionName)
if newSection == nil {
return
}
// find if section exists in existing mapping
existingSectionIdx := -1
for i := 0; i < len(existingMapping.Content); i += 2 {
if existingMapping.Content[i].Value == sectionName {
existingSectionIdx = i
break
}
}
if existingSectionIdx >= 0 {
// replace existing section value
existingMapping.Content[existingSectionIdx+1] = newSection
} else {
// add new section at the beginning (before catalogers)
keyNode := &yaml.Node{
Kind: yaml.ScalarNode,
Value: sectionName,
}
existingMapping.Content = append([]*yaml.Node{keyNode, newSection}, existingMapping.Content...)
}
}
// findSectionNode finds a section node by name in a mapping node
func findSectionNode(mappingNode *yaml.Node, sectionName string) *yaml.Node {
if mappingNode.Kind != yaml.MappingNode {
return nil
}
for i := 0; i < len(mappingNode.Content); i += 2 {
if mappingNode.Content[i].Value == sectionName && i+1 < len(mappingNode.Content) {
return mappingNode.Content[i+1]
}
if existingMapping.Kind == yaml.MappingNode && newMapping.Kind == yaml.MappingNode {
existingMapping.Content = newMapping.Content
}
return nil
}
// findFieldValue finds the value of a field in a mapping node
func findFieldValue(mappingNode *yaml.Node, fieldName string) string {
if mappingNode.Kind != yaml.MappingNode {
return ""
}
for i := 0; i < len(mappingNode.Content); i += 2 {
if mappingNode.Content[i].Value == fieldName && i+1 < len(mappingNode.Content) {
return mappingNode.Content[i+1].Value
}
}
return ""
}
// preserveMappingNodeComments preserves comments for mapping nodes
func preserveMappingNodeComments(existingNode, newNode *yaml.Node) {
// create maps of existing fields by key for both keys and values
existingKeys := make(map[string]*yaml.Node)
existingValues := make(map[string]*yaml.Node)
for i := 0; i < len(existingNode.Content); i += 2 {
keyNode := existingNode.Content[i]
valueNode := existingNode.Content[i+1]
existingKeys[keyNode.Value] = keyNode
existingValues[keyNode.Value] = valueNode
}
// preserve comments for matching fields in new node
for i := 0; i < len(newNode.Content); i += 2 {
keyNode := newNode.Content[i]
valueNode := newNode.Content[i+1]
// preserve comments on the key node (for line comments like "# AUTO-GENERATED")
if existingKey := existingKeys[keyNode.Value]; existingKey != nil {
keyNode.HeadComment = existingKey.HeadComment
keyNode.LineComment = existingKey.LineComment
keyNode.FootComment = existingKey.FootComment
}
// preserve comments on the value node
if existingValue := existingValues[keyNode.Value]; existingValue != nil {
valueNode.HeadComment = existingValue.HeadComment
valueNode.LineComment = existingValue.LineComment
valueNode.FootComment = existingValue.FootComment
// recursively preserve nested comments
preserveFieldComments(existingValue, valueNode)
}
}
}
// preserveSequenceNodeComments preserves comments for sequence nodes
func preserveSequenceNodeComments(existingNode, newNode *yaml.Node) {
// for sequences, preserve comments based on matching "parser_function" field (for parsers)
// or by array index as a fallback
existingByParser := make(map[string]*yaml.Node)
for _, existingItem := range existingNode.Content {
if existingItem.Kind == yaml.MappingNode {
parser := findFieldValue(existingItem, "parser_function")
if parser != "" {
existingByParser[parser] = existingItem
}
}
}
// match parsers by parser_function if available
for i, newItem := range newNode.Content {
if newItem.Kind == yaml.MappingNode {
parser := findFieldValue(newItem, "parser_function")
if parser != "" && existingByParser[parser] != nil {
existingItem := existingByParser[parser]
newItem.HeadComment = existingItem.HeadComment
newItem.LineComment = existingItem.LineComment
newItem.FootComment = existingItem.FootComment
preserveFieldComments(existingItem, newItem)
} else if i < len(existingNode.Content) {
// fallback to index-based matching
existingItem := existingNode.Content[i]
newItem.HeadComment = existingItem.HeadComment
newItem.LineComment = existingItem.LineComment
newItem.FootComment = existingItem.FootComment
preserveFieldComments(existingItem, newItem)
}
}
}
}
// preserveFieldComments recursively preserves comments from an existing node to a new node
func preserveFieldComments(existingNode, newNode *yaml.Node) {
if existingNode.Kind != newNode.Kind {
return
}
switch newNode.Kind {
case yaml.MappingNode:
preserveMappingNodeComments(existingNode, newNode)
case yaml.SequenceNode:
preserveSequenceNodeComments(existingNode, newNode)
}
// updateNodeTreeAppConfig updates appconfig YAML node tree
func updateNodeTreeAppConfig(rootNode *yaml.Node, doc interface{}) error {
return updateNodeTreeEcosystem(rootNode, doc)
}
// addCatalogerFieldComment adds appropriate comment to a single cataloger field
@ -598,6 +387,23 @@ func addCatalogerFieldComment(keyNode, valueNode *yaml.Node, catalogerName strin
}
}
// findFieldValue finds a field in a YAML mapping node and returns its value
func findFieldValue(node *yaml.Node, fieldName string) string {
if node.Kind != yaml.MappingNode {
return ""
}
for i := 0; i < len(node.Content); i += 2 {
keyNode := node.Content[i]
valueNode := node.Content[i+1]
if keyNode.Value == fieldName {
return valueNode.Value
}
}
return ""
}
func addCatalogerComments(catalogersNode *yaml.Node) {
// catalogersNode should be a sequence of cataloger entries
if catalogersNode.Kind != yaml.SequenceNode {

20
internal/capabilities/generate/main.go
View File

@ -26,19 +26,19 @@ func main() {
log.Fatalf("failed to find repo root: %v", err)
}
yamlPath := filepath.Join(repoRoot, "internal/capabilities/packages.yaml")
capabilitiesDir := filepath.Join(repoRoot, "internal/capabilities")
fmt.Println("Regenerating packages.yaml...")
fmt.Println("Regenerating capabilities files...")
fmt.Println()
stats, err := RegenerateCapabilities(yamlPath, repoRoot)
stats, err := RegenerateCapabilities(capabilitiesDir, repoRoot)
if err != nil {
log.Fatalf("failed to regenerate capabilities: %v", err)
}
printSummary(stats)
checkIncompleteCapabilities(yamlPath)
printMetadataTypeCoverageWarning(yamlPath, repoRoot)
printPackageTypeCoverageWarning(yamlPath, repoRoot)
checkIncompleteCapabilities(capabilitiesDir)
printMetadataTypeCoverageWarning(capabilitiesDir, repoRoot)
printPackageTypeCoverageWarning(capabilitiesDir, repoRoot)
}
func printSummary(stats *Statistics) {
@ -69,11 +69,11 @@ func printSummary(stats *Statistics) {
}
fmt.Println()
fmt.Println(successStyle.Render("✓ Updated packages.yaml successfully"))
fmt.Println(successStyle.Render("✓ Updated capabilities files successfully"))
}
func checkIncompleteCapabilities(yamlPath string) {
doc, _, err := loadCapabilities(yamlPath)
func checkIncompleteCapabilities(capabilitiesDir string) {
doc, _, err := loadCapabilities(capabilitiesDir)
if err != nil {
log.Fatalf("failed to load updated capabilities: %v", err)
}
@ -115,7 +115,7 @@ func checkIncompleteCapabilities(yamlPath string) {
}
fmt.Println()
fmt.Println(dimStyle.Render("Please update these entries in packages.yaml before running tests."))
fmt.Println(dimStyle.Render("Please update these entries in the capabilities files before running tests."))
fmt.Println()
fmt.Println(dimStyle.Render("Exit code: 1"))
os.Exit(1)

20
internal/capabilities/generate/merge.go
View File

@ -128,10 +128,10 @@ type Statistics struct {
UpdatedCatalogers []string
}
// RegenerateCapabilities updates the YAML file with discovered catalogers
// RegenerateCapabilities updates the distributed YAML files with discovered catalogers
// while preserving manually-edited capability information.
// This is exported for use by the generator in generate/main.go
func RegenerateCapabilities(yamlPath string, repoRoot string) (*Statistics, error) {
func RegenerateCapabilities(capabilitiesDir string, repoRoot string) (*Statistics, error) {
stats := &Statistics{}
// 1-2. Discover all cataloger data
@ -140,9 +140,9 @@ func RegenerateCapabilities(yamlPath string, repoRoot string) (*Statistics, erro
return nil, err
}
// 3. Load existing YAML (if exists) - now returns both document and node tree
fmt.Print(" → Loading existing packages.yaml...")
existing, existingNode, err := loadCapabilities(yamlPath)
// 3. Load existing YAML files - now returns both document and node trees
fmt.Print(" → Loading existing capabilities files...")
existing, existingNodes, err := loadCapabilities(capabilitiesDir)
if err != nil {
return nil, fmt.Errorf("failed to load existing capabilities: %w", err)
}
@ -187,13 +187,13 @@ func RegenerateCapabilities(yamlPath string, repoRoot string) (*Statistics, erro
// 5. Check for orphaned parsers (parser functions that were renamed/deleted)
if len(orphans) > 0 {
return nil, fmt.Errorf("orphaned parsers detected (parser functions renamed or deleted):\n%s\n\nPlease manually remove these from %s or restore the parser functions in the code",
formatOrphans(orphans), yamlPath)
return nil, fmt.Errorf("orphaned parsers detected (parser functions renamed or deleted):\n%s\n\nPlease manually remove these from the capabilities files or restore the parser functions in the code",
formatOrphans(orphans))
}
// 6. Write back to YAML with comments, preserving existing node tree
fmt.Print(" → Writing updated packages.yaml...")
if err := saveCapabilities(yamlPath, updated, existingNode); err != nil {
// 6. Write back to YAML files with comments, preserving existing node trees
fmt.Print(" → Writing updated capabilities files...")
if err := saveCapabilities(capabilitiesDir, updated, existingNodes); err != nil {
return nil, fmt.Errorf("failed to save capabilities: %w", err)
}
fmt.Println(" done")

24
internal/capabilities/generate/metadata_check.go
View File

@ -133,17 +133,17 @@ func collectReferencedMetadataTypes(doc *capabilities.Document) []string {
// checkMetadataTypeCoverage compares metadata types from packagemetadata/generated.go
// with types referenced in packages.yaml and returns unreferenced types
func checkMetadataTypeCoverage(yamlPath string, repoRoot string) ([]string, error) {
func checkMetadataTypeCoverage(capabilitiesDir string, repoRoot string) ([]string, error) {
// parse packagemetadata/generated.go to get all types
allTypes, err := parsePackageMetadataTypes(repoRoot)
if err != nil {
return nil, fmt.Errorf("failed to parse package metadata types: %w", err)
}
// load packages.yaml to get referenced types
doc, _, err := loadCapabilities(yamlPath)
// load capabilities files to get referenced types
doc, _, err := loadCapabilities(capabilitiesDir)
if err != nil {
return nil, fmt.Errorf("failed to load packages.yaml: %w", err)
return nil, fmt.Errorf("failed to load capabilities files: %w", err)
}
referencedTypes := collectReferencedMetadataTypes(doc)
@ -167,8 +167,8 @@ func checkMetadataTypeCoverage(yamlPath string, repoRoot string) ([]string, erro
// printMetadataTypeCoverageWarning prints a warning if there are metadata types
// from packagemetadata/generated.go that aren't referenced in packages.yaml
func printMetadataTypeCoverageWarning(yamlPath string, repoRoot string) {
unreferenced, err := checkMetadataTypeCoverage(yamlPath, repoRoot)
func printMetadataTypeCoverageWarning(capabilitiesDir string, repoRoot string) {
unreferenced, err := checkMetadataTypeCoverage(capabilitiesDir, repoRoot)
if err != nil {
// don't fail generation, just skip the check
fmt.Printf("%s Could not check metadata type coverage: %v\n", warningStyleMeta.Render("⚠"), err)
@ -315,17 +315,17 @@ func collectReferencedPackageTypes(doc *capabilities.Document) []string {
// checkPackageTypeCoverage compares package types from pkg.AllPkgs
// with types referenced in packages.yaml and returns unreferenced types
func checkPackageTypeCoverage(yamlPath string, repoRoot string) ([]string, error) {
func checkPackageTypeCoverage(capabilitiesDir string, repoRoot string) ([]string, error) {
// parse pkg/type.go to get all package types
allTypes, err := parseAllPackageTypes(repoRoot)
if err != nil {
return nil, fmt.Errorf("failed to parse package types: %w", err)
}
// load packages.yaml to get referenced types
doc, _, err := loadCapabilities(yamlPath)
// load capabilities files to get referenced types
doc, _, err := loadCapabilities(capabilitiesDir)
if err != nil {
return nil, fmt.Errorf("failed to load packages.yaml: %w", err)
return nil, fmt.Errorf("failed to load capabilities files: %w", err)
}
referencedTypes := collectReferencedPackageTypes(doc)
@ -349,8 +349,8 @@ func checkPackageTypeCoverage(yamlPath string, repoRoot string) ([]string, error
// printPackageTypeCoverageWarning prints a warning if there are package types
// from pkg.AllPkgs that aren't referenced in packages.yaml
func printPackageTypeCoverageWarning(yamlPath string, repoRoot string) {
unreferenced, err := checkPackageTypeCoverage(yamlPath, repoRoot)
func printPackageTypeCoverageWarning(capabilitiesDir string, repoRoot string) {
unreferenced, err := checkPackageTypeCoverage(capabilitiesDir, repoRoot)
if err != nil {
// don't fail generation, just skip the check
fmt.Printf("%s Could not check package type coverage: %v\n", warningStyleMeta.Render("⚠"), err)

4310
internal/capabilities/packages.yaml
View File

File diff suppressed because it is too large Load Diff

46
internal/capabilities/packages/ai.yaml Normal file
View File

@ -0,0 +1,46 @@
# Cataloger capabilities. See ../README.md for documentation.
catalogers:
- ecosystem: ai # MANUAL
name: gguf-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/ai/cataloger.go
function: NewGGUFCataloger
selectors: # AUTO-GENERATED
- ai
- directory
- gguf
- image
- ml
- model
- package
parsers: # AUTO-GENERATED structure
- function: parseGGUFModel
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/*.gguf'
metadata_types: # AUTO-GENERATED
- pkg.GGUFFileHeader
package_types: # AUTO-GENERATED
- model
json_schema_types: # AUTO-GENERATED
- GgufFileHeader
capabilities: # MANUAL - preserved across regeneration
- name: license
default: true
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- GGUFFileHeader.MetadataKeyValuesHash

54
internal/capabilities/packages/alpine.yaml Normal file
View File

@ -0,0 +1,54 @@
# Cataloger capabilities. See ../README.md for documentation.
catalogers:
- ecosystem: alpine # MANUAL
name: apk-db-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/alpine/cataloger.go
function: NewDBCataloger
selectors: # AUTO-GENERATED
- alpine
- apk
- directory
- image
- installed
- linux
- os
- package
parsers: # AUTO-GENERATED structure
- function: parseApkDB
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/lib/apk/db/installed'
metadata_types: # AUTO-GENERATED
- pkg.ApkDBEntry
package_types: # AUTO-GENERATED
- apk
json_schema_types: # AUTO-GENERATED
- ApkDbEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: true
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: true
evidence:
- ApkDBEntry.Files
- name: package_manager.files.digests
default: true
evidence:
- ApkDBEntry.Files[].Digest
- name: package_manager.package_integrity_hash
default: true
evidence:
- ApkDBEntry.Checksum

53
internal/capabilities/packages/arch.yaml Normal file
View File

@ -0,0 +1,53 @@
# Cataloger capabilities. See ../README.md for documentation.
catalogers:
- ecosystem: alpm # MANUAL
name: alpm-db-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/arch/cataloger.go
function: NewDBCataloger
selectors: # AUTO-GENERATED
- alpm
- archlinux
- directory
- image
- installed
- linux
- os
- package
- pacman
parsers: # AUTO-GENERATED structure
- function: parseAlpmDB
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/var/lib/pacman/local/**/desc'
metadata_types: # AUTO-GENERATED
- pkg.AlpmDBEntry
package_types: # AUTO-GENERATED
- alpm
json_schema_types: # AUTO-GENERATED
- AlpmDbEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: true
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: true
evidence:
- AlpmDBEntry.Files
- name: package_manager.files.digests
default: true
evidence:
- AlpmDBEntry.Files[].Digests
- name: package_manager.package_integrity_hash
default: false

800
internal/capabilities/packages/binary.yaml Normal file
View File

@ -0,0 +1,800 @@
# Cataloger capabilities. See ../README.md for documentation.
catalogers:
- ecosystem: binary # MANUAL
name: binary-classifier-cataloger # AUTO-GENERATED
type: custom # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/binary/classifier_cataloger.go
function: NewClassifierCataloger
selectors: # AUTO-GENERATED
- binary
- declared
- directory
- image
- installed
- package
detectors: # AUTO-GENERATED
- method: glob
criteria:
- '**/python*'
packages:
- class: python-binary
name: python
purl: pkg:generic/python
cpes:
- cpe:2.3:a:python_software_foundation:python:*:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/libpython*.so*'
packages:
- class: python-binary-lib
name: python
purl: pkg:generic/python
cpes:
- cpe:2.3:a:python_software_foundation:python:*:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/libpypy*.so*'
packages:
- class: pypy-binary-lib
name: pypy
purl: pkg:generic/pypy
cpes: []
type: BinaryPkg
- method: glob
criteria:
- '**/go'
packages:
- class: go-binary
name: go
purl: pkg:generic/go
cpes:
- cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/libjulia-internal.so'
packages:
- class: julia-binary
name: julia
purl: pkg:generic/julia
cpes:
- cpe:2.3:a:julialang:julia:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/helm'
packages:
- class: helm
name: helm
purl: pkg:golang/helm.sh/helm
cpes:
- cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/redis-server'
packages:
- class: redis-binary
name: redis
purl: pkg:generic/redis
cpes:
- cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*
- cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/node'
packages:
- class: nodejs-binary
name: node
purl: pkg:generic/node
cpes:
- cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/VERSION*'
packages:
- class: go-binary-hint
name: go
purl: pkg:generic/go
cpes:
- cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/busybox'
packages:
- class: busybox-binary
name: busybox
purl: pkg:generic/busybox
cpes:
- cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/getopt'
packages:
- class: util-linux-binary
name: util-linux
purl: pkg:generic/util-linux
cpes:
- cpe:2.3:a:kernel:util-linux:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/haproxy'
packages:
- class: haproxy-binary
name: haproxy
purl: pkg:generic/haproxy
cpes:
- cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/perl'
packages:
- class: perl-binary
name: perl
purl: pkg:generic/perl
cpes:
- cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/composer*'
packages:
- class: php-composer-binary
name: composer
purl: pkg:generic/composer
cpes:
- cpe:2.3:a:getcomposer:composer:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/httpd'
packages:
- class: httpd-binary
name: httpd
purl: pkg:generic/httpd
cpes:
- cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/memcached'
packages:
- class: memcached-binary
name: memcached
purl: pkg:generic/memcached
cpes:
- cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/traefik'
packages:
- class: traefik-binary
name: traefik
purl: pkg:generic/traefik
cpes:
- cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/arangosh'
packages:
- class: arangodb-binary
name: arangodb
purl: pkg:generic/arangodb
cpes:
- cpe:2.3:a:arangodb:arangodb:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/postgres'
packages:
- class: postgresql-binary
name: postgresql
purl: pkg:generic/postgresql
cpes:
- cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/mysql'
packages:
- class: mysql-binary
name: mysql
purl: pkg:generic/mysql
cpes:
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/mysql'
packages:
- class: mysql-binary
name: percona-server
purl: pkg:generic/percona-server
cpes:
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/mysql'
packages:
- class: mysql-binary
name: percona-xtradb-cluster
purl: pkg:generic/percona-xtradb-cluster
cpes:
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:percona:xtradb_cluster:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/xtrabackup'
packages:
- class: xtrabackup-binary
name: percona-xtrabackup
purl: pkg:generic/percona-xtrabackup
cpes:
- cpe:2.3:a:percona:xtrabackup:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/{mariadb,mysql}'
packages:
- class: mariadb-binary
name: mariadb
purl: pkg:generic/mariadb
cpes:
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/libstd-????????????????.so'
packages:
- class: rust-standard-library-linux
name: rust
purl: pkg:generic/rust
cpes:
- cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/libstd-????????????????.dylib'
packages:
- class: rust-standard-library-macos
name: rust
purl: pkg:generic/rust
cpes:
- cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/ruby'
packages:
- class: ruby-binary
name: ruby
purl: pkg:generic/ruby
cpes:
- cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/erlexec'
packages:
- class: erlang-binary
name: erlang
purl: pkg:generic/erlang
cpes:
- cpe:2.3:a:erlang:erlang/otp:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/beam.smp'
packages:
- class: erlang-alpine-binary
name: erlang
purl: pkg:generic/erlang
cpes:
- cpe:2.3:a:erlang:erlang/otp:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/liberts_internal.a'
packages:
- class: erlang-library
name: erlang
purl: pkg:generic/erlang
cpes:
- cpe:2.3:a:erlang:erlang/otp:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/swipl'
packages:
- class: swipl-binary
name: swipl
purl: pkg:generic/swipl
cpes:
- cpe:2.3:a:erlang:erlang/otp:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/dart'
packages:
- class: dart-binary
name: dart
purl: pkg:generic/dart
cpes:
- cpe:2.3:a:dart:dart_software_development_kit:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/ghc*'
packages:
- class: haskell-ghc-binary
name: haskell/ghc
purl: pkg:generic/haskell/ghc
cpes:
- cpe:2.3:a:haskell:ghc:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/cabal'
packages:
- class: haskell-cabal-binary
name: haskell/cabal
purl: pkg:generic/haskell/cabal
cpes:
- cpe:2.3:a:haskell:cabal:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/stack'
packages:
- class: haskell-stack-binary
name: haskell/stack
purl: pkg:generic/haskell/stack
cpes:
- cpe:2.3:a:haskell:stack:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/consul'
packages:
- class: consul-binary
name: consul
purl: pkg:golang/github.com/hashicorp/consul
cpes:
- cpe:2.3:a:hashicorp:consul:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/vault'
packages:
- class: hashicorp-vault-binary
name: github.com/hashicorp/vault
purl: pkg:golang/github.com/hashicorp/vault
cpes:
- cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/nginx'
packages:
- class: nginx-binary
name: nginx
purl: pkg:generic/nginx
cpes:
- cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*
- cpe:2.3:a:nginx:nginx:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/bash'
packages:
- class: bash-binary
name: bash
purl: pkg:generic/bash
cpes:
- cpe:2.3:a:gnu:bash:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/openssl'
packages:
- class: openssl-binary
name: openssl
purl: pkg:generic/openssl
cpes:
- cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/gcc'
packages:
- class: gcc-binary
name: gcc
purl: pkg:generic/gcc
cpes:
- cpe:2.3:a:gnu:gcc:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/fluent-bit'
packages:
- class: fluent-bit-binary
name: fluent-bit
purl: pkg:github/fluent/fluent-bit
cpes:
- cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/wp'
packages:
- class: wordpress-cli-binary
name: wp-cli
purl: pkg:generic/wp-cli
cpes:
- cpe:2.3:a:wp-cli:wp-cli:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/curl'
packages:
- class: curl-binary
name: curl
purl: pkg:generic/curl
cpes:
- cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/lighttpd'
packages:
- class: lighttpd-binary
name: lighttpd
purl: pkg:generic/lighttpd
cpes:
- cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/proftpd'
packages:
- class: proftpd-binary
name: proftpd
purl: pkg:generic/proftpd
cpes:
- cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/zstd'
packages:
- class: zstd-binary
name: zstd
purl: pkg:generic/zstd
cpes:
- cpe:2.3:a:facebook:zstandard:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/xz'
packages:
- class: xz-binary
name: xz
purl: pkg:generic/xz
cpes:
- cpe:2.3:a:tukaani:xz:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/gzip'
packages:
- class: gzip-binary
name: gzip
purl: pkg:generic/gzip
cpes:
- cpe:2.3:a:gnu:gzip:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/sqlcipher'
packages:
- class: sqlcipher-binary
name: sqlcipher
purl: pkg:generic/sqlcipher
cpes:
- cpe:2.3:a:zetetic:sqlcipher:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/jq'
packages:
- class: jq-binary
name: jq
purl: pkg:generic/jq
cpes:
- cpe:2.3:a:jqlang:jq:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/chrome'
packages:
- class: chrome-binary
name: chrome
purl: pkg:generic/chrome
cpes:
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/ffmpeg'
packages:
- class: ffmpeg-binary
name: ffmpeg
purl: pkg:generic/ffmpeg
cpes:
- cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/libav*'
packages:
- class: ffmpeg-library
name: ffmpeg
purl: pkg:generic/ffmpeg
cpes:
- cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/libswresample*'
packages:
- class: ffmpeg-library
name: ffmpeg
purl: pkg:generic/ffmpeg
cpes:
- cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/elixir'
packages:
- class: elixir-binary
name: elixir
purl: pkg:generic/elixir
cpes:
- cpe:2.3:a:elixir-lang:elixir:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/elixir/ebin/elixir.app'
packages:
- class: elixir-library
name: elixir
purl: pkg:generic/elixir
cpes:
- cpe:2.3:a:elixir-lang:elixir:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/java'
packages:
- class: java-binary
name: ""
purl: pkg:/
cpes: []
type: BinaryPkg
- class: java-binary-graalvm
name: graalvm
purl: pkg:generic/oracle/graalvm
cpes:
- cpe:2.3:a:oracle:graalvm:*:*:*:*:*:*:*:*
type: BinaryPkg
- class: java-binary-openjdk-zulu
name: zulu
purl: pkg:generic/azul/zulu
cpes:
- cpe:2.3:a:azul:zulu:*:*:*:*:*:*:*:*
type: BinaryPkg
- class: java-binary-openjdk-with-update
name: openjdk
purl: pkg:generic/oracle/openjdk
cpes:
- cpe:2.3:a:oracle:openjdk:{{.primary}}:update{{.update}}:*:*:*:*:*:*
type: BinaryPkg
- class: java-binary-openjdk
name: openjdk
purl: pkg:generic/oracle/openjdk
cpes:
- cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*
type: BinaryPkg
- class: java-binary-ibm
name: java
purl: pkg:generic/ibm/java
cpes:
- cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*
type: BinaryPkg
- class: java-binary-openjdk-fallthrough
name: jre
purl: pkg:generic/oracle/jre
cpes:
- cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*
type: BinaryPkg
- class: java-binary-oracle
name: jre
purl: pkg:generic/oracle/jre
cpes:
- cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/jdb'
packages:
- class: java-jdb-binary
name: ""
purl: pkg:/
cpes: []
type: BinaryPkg
- class: java-binary-graalvm
name: graalvm
purl: pkg:generic/oracle/graalvm
cpes:
- cpe:2.3:a:oracle:graalvm_for_jdk:*:*:*:*:*:*:*:*
type: BinaryPkg
- class: jdb-binary-openjdk-zulu
name: zulu
purl: pkg:generic/azul/zulu
cpes:
- cpe:2.3:a:azul:zulu:*:*:*:*:*:*:*:*
type: BinaryPkg
- class: java-jdb-binary-openjdk
name: openjdk
purl: pkg:generic/oracle/openjdk
cpes:
- cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*
type: BinaryPkg
- class: java-sdk-binary-ibm
name: java_sdk
purl: pkg:generic/ibm/java_sdk
cpes:
- cpe:2.3:a:ibm:java_sdk:*:*:*:*:*:*:*:*
type: BinaryPkg
- class: java-binary-openjdk-fallthrough
name: openjdk
purl: pkg:generic/oracle/openjdk
cpes:
- cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*
type: BinaryPkg
- class: java-binary-jdk
name: jdk
purl: pkg:generic/oracle/jdk
cpes:
- cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*
type: BinaryPkg
metadata_types: # AUTO-GENERATED
- pkg.BinarySignature
package_types: # AUTO-GENERATED
- binary
json_schema_types: # AUTO-GENERATED
- BinarySignature
capabilities: # MANUAL - edit capabilities here
- name: license
default: false
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: binary # MANUAL
name: elf-binary-package-cataloger # AUTO-GENERATED
type: custom # AUTO-GENERATED
source: # AUTO-GENERATED
file: ""
function: ""
selectors: # AUTO-GENERATED
- binary
- declared
- directory
- elf
- elf-package
- image
- installed
- package
detectors: # MANUAL - edit detectors here
- method: mimetype
criteria:
- application/x-executable
- application/x-mach-binary
- application/x-elf
- application/x-sharedlib
- application/vnd.microsoft.portable-executable
metadata_types: # AUTO-GENERATED
- pkg.ELFBinaryPackageNoteJSONPayload
package_types: # AUTO-GENERATED
- binary
- rpm
json_schema_types: # AUTO-GENERATED
- ElfBinaryPackageNoteJsonPayload
capabilities: # MANUAL - edit capabilities here
- name: license
default: true
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: binary # MANUAL
name: pe-binary-package-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/binary/pe_package_cataloger.go
function: NewPEPackageCataloger
selectors: # AUTO-GENERATED
- binary
- declared
- directory
- dll
- exe
- image
- installed
- package
- pe
- pe-package
parsers: # AUTO-GENERATED structure
- function: parsePE
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/*.dll'
- '**/*.exe'
metadata_types: # AUTO-GENERATED
- pkg.PEBinary
package_types: # AUTO-GENERATED
- binary
json_schema_types: # AUTO-GENERATED
- PeBinary
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false

46
internal/capabilities/packages/bitnami.yaml Normal file
View File

@ -0,0 +1,46 @@
# Cataloger capabilities. See ../README.md for documentation.
catalogers:
- ecosystem: bitnami # MANUAL
name: bitnami-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/bitnami/cataloger.go
function: NewCataloger
selectors: # AUTO-GENERATED
- bitnami
- image
- installed
- package
parsers: # AUTO-GENERATED structure
- function: parseSBOM
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- /opt/bitnami/**/.spdx-*.spdx
metadata_types: # AUTO-GENERATED
- pkg.BitnamiSBOMEntry
package_types: # AUTO-GENERATED
- bitnami
json_schema_types: # AUTO-GENERATED
- BitnamiSbomEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: true
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: true
evidence:
- BitnamiSBOMEntry.Files
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false

51
internal/capabilities/packages/conda.yaml Normal file
View File

@ -0,0 +1,51 @@
# Cataloger capabilities. See ../README.md for documentation.
catalogers:
- ecosystem: conda # MANUAL
name: conda-meta-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/conda/cataloger.go
function: NewCondaMetaCataloger
selectors: # AUTO-GENERATED
- conda
- directory
- installed
- package
parsers: # AUTO-GENERATED structure
- function: parseCondaMetaJSON
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/conda-meta/*.json'
metadata_types: # AUTO-GENERATED
- pkg.CondaMetaPackage
package_types: # AUTO-GENERATED
- conda
json_schema_types: # AUTO-GENERATED
- CondaMetadataEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: true
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: true
evidence:
- CondaMetaPackage.Files
- CondaMetaPackage.PathsData.Paths
- name: package_manager.files.digests
default: true
evidence:
- CondaMetaPackage.PathsData.Paths.SHA256
- name: package_manager.package_integrity_hash
default: true
evidence:
- CondaMetaPackage.MD5
- CondaMetaPackage.SHA256

122
internal/capabilities/packages/cpp.yaml Normal file
View File

@ -0,0 +1,122 @@
# Cataloger capabilities. See ../README.md for documentation.
catalogers:
- ecosystem: c++ # MANUAL
name: conan-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/cpp/cataloger.go
function: NewConanCataloger
selectors: # AUTO-GENERATED
- conan
- cpp
- declared
- directory
- language
- package
parsers: # AUTO-GENERATED structure
- function: parseConanLock
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/conan.lock'
metadata_types: # AUTO-GENERATED
- pkg.ConanV1LockEntry
- pkg.ConanV2LockEntry
package_types: # AUTO-GENERATED
- conan
json_schema_types: # AUTO-GENERATED
- CConanLockEntry
- CConanLockV2Entry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- build
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- ConanV1LockEntry.Ref
- ConanV2LockEntry.RecipeRevision
- function: parseConanfile
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/conanfile.txt'
metadata_types: # AUTO-GENERATED
- pkg.ConanfileEntry
package_types: # AUTO-GENERATED
- conan
json_schema_types: # AUTO-GENERATED
- CConanFileEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: c++ # MANUAL
name: conan-info-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/cpp/cataloger.go
function: NewConanInfoCataloger
selectors: # AUTO-GENERATED
- conan
- cpp
- image
- installed
- language
- package
parsers: # AUTO-GENERATED structure
- function: parseConaninfo
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/conaninfo.txt'
metadata_types: # AUTO-GENERATED
- pkg.ConaninfoEntry
package_types: # AUTO-GENERATED
- conan
json_schema_types: # AUTO-GENERATED
- CConanInfoEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: flat
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false

88
internal/capabilities/packages/dart.yaml Normal file
View File

@ -0,0 +1,88 @@
# Cataloger capabilities. See ../README.md for documentation.
catalogers:
- ecosystem: dart # MANUAL
name: dart-pubspec-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/dart/cataloger.go
function: NewPubspecCataloger
selectors: # AUTO-GENERATED
- dart
- declared
- directory
- language
- package
parsers: # AUTO-GENERATED structure
- function: parsePubspec
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/pubspec.yml'
- '**/pubspec.yaml'
metadata_types: # AUTO-GENERATED
- pkg.DartPubspec
package_types: # AUTO-GENERATED
- dart-pub
json_schema_types: # AUTO-GENERATED
- DartPubspec
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: dart # MANUAL
name: dart-pubspec-lock-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/dart/cataloger.go
function: NewPubspecLockCataloger
selectors: # AUTO-GENERATED
- dart
- declared
- directory
- language
- package
parsers: # AUTO-GENERATED structure
- function: parsePubspecLock
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/pubspec.lock'
metadata_types: # AUTO-GENERATED
- pkg.DartPubspecLockEntry
package_types: # AUTO-GENERATED
- dart-pub
json_schema_types: # AUTO-GENERATED
- DartPubspecLockEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false

100
internal/capabilities/packages/debian.yaml Normal file
View File

@ -0,0 +1,100 @@
# Cataloger capabilities. See ../README.md for documentation.
catalogers:
- ecosystem: dpkg # MANUAL
name: dpkg-db-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/debian/cataloger.go
function: NewDBCataloger
selectors: # AUTO-GENERATED
- debian
- directory
- dpkg
- image
- installed
- linux
- os
- package
parsers: # AUTO-GENERATED structure
- function: parseDpkgDB
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/lib/dpkg/status'
- '**/lib/dpkg/status.d/*'
- '**/lib/opkg/info/*.control'
- '**/lib/opkg/status'
metadata_types: # AUTO-GENERATED
- pkg.DpkgDBEntry
package_types: # AUTO-GENERATED
- deb
json_schema_types: # AUTO-GENERATED
- DpkgDbEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: true
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: true
evidence:
- DpkgDBEntry.Files
- name: package_manager.files.digests
default: true
evidence:
- DpkgDBEntry.Files[].Digest
- name: package_manager.package_integrity_hash
default: false
- ecosystem: dpkg # MANUAL
name: deb-archive-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/debian/cataloger.go
function: NewArchiveCataloger
selectors: # AUTO-GENERATED
- deb
- debian
- declared
- directory
- linux
- os
- package
parsers: # AUTO-GENERATED structure
- function: parseDebArchive
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/*.deb'
metadata_types: # AUTO-GENERATED
- pkg.DpkgArchiveEntry
package_types: # AUTO-GENERATED
- deb
json_schema_types: # AUTO-GENERATED
- DpkgArchiveEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: true
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: true
evidence:
- DpkgArchiveEntry.Files
- name: package_manager.files.digests
default: true
evidence:
- DpkgArchiveEntry.Files[].Digest
- name: package_manager.package_integrity_hash
default: false

186
internal/capabilities/packages/dotnet.yaml Normal file
View File

@ -0,0 +1,186 @@
# Cataloger capabilities. See ../README.md for documentation.
configs: # AUTO-GENERATED - config structs and their fields
dotnet.CatalogerConfig:
fields:
- key: DepPackagesMustHaveDLL
description: DepPackagesMustHaveDLL allows for deps.json packages to be included only if there is a DLL on disk for that package.
app_key: dotnet.dep-packages-must-have-dll
- key: DepPackagesMustClaimDLL
description: DepPackagesMustClaimDLL allows for deps.json packages to be included only if there is a runtime/resource DLL claimed in the deps.json targets section. This does not require such claimed DLLs to exist on disk. The behavior of this
app_key: dotnet.dep-packages-must-claim-dll
- key: PropagateDLLClaimsToParents
description: PropagateDLLClaimsToParents allows for deps.json packages to be included if any child (transitive) package claims a DLL. This applies to both the claims configuration and evidence-on-disk configurations.
app_key: dotnet.propagate-dll-claims-to-parents
- key: RelaxDLLClaimsWhenBundlingDetected
description: RelaxDLLClaimsWhenBundlingDetected will look for indications of IL bundle tooling via deps.json package names and, if found (and this config option is enabled), will relax the DepPackagesMustClaimDLL value to `false` only in those cases.
app_key: dotnet.relax-dll-claims-when-bundling-detected
catalogers:
- ecosystem: dotnet # MANUAL
name: dotnet-deps-binary-cataloger # AUTO-GENERATED
type: custom # AUTO-GENERATED
source: # AUTO-GENERATED
file: ""
function: ""
selectors: # AUTO-GENERATED
- c#
- directory
- dotnet
- image
- installed
- language
- package
detectors: # MANUAL - edit detectors here
- method: glob
criteria:
- '**/*.deps.json'
- '**/*.dll'
- '**/*.exe'
metadata_types: # AUTO-GENERATED
- pkg.DotnetDepsEntry
- pkg.DotnetPortableExecutableEntry
package_types: # AUTO-GENERATED
- dotnet
- npm
json_schema_types: # AUTO-GENERATED
- DotnetDepsEntry
- DotnetPortableExecutableEntry
capabilities: # MANUAL - edit capabilities here
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: dotnet # MANUAL
name: dotnet-deps-cataloger # AUTO-GENERATED
type: custom # AUTO-GENERATED
source: # AUTO-GENERATED
file: ""
function: ""
selectors: # AUTO-GENERATED
- deprecated
- package
detectors: # MANUAL - edit detectors here
- method: glob
criteria:
- '**/*.deps.json'
metadata_types: # AUTO-GENERATED
- pkg.DotnetDepsEntry
package_types: # AUTO-GENERATED
- dotnet
json_schema_types: # AUTO-GENERATED
- DotnetDepsEntry
capabilities: # MANUAL - edit capabilities here
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: dotnet # MANUAL
name: dotnet-packages-lock-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/dotnet/cataloger.go
function: NewDotnetPackagesLockCataloger
selectors: # AUTO-GENERATED
- c#
- declared
- directory
- dotnet
- image
- language
- package
parsers: # AUTO-GENERATED structure
- function: parseDotnetPackagesLock
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/packages.lock.json'
metadata_types: # AUTO-GENERATED
- pkg.DotnetPackagesLockEntry
package_types: # AUTO-GENERATED
- dotnet
json_schema_types: # AUTO-GENERATED
- DotnetPackagesLockEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- dev
- build
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- DotnetPackagesLockEntry.ContentHash
- ecosystem: dotnet # MANUAL
name: dotnet-portable-executable-cataloger # AUTO-GENERATED
type: custom # AUTO-GENERATED
source: # AUTO-GENERATED
file: ""
function: ""
config: dotnet.CatalogerConfig # AUTO-GENERATED
selectors: # AUTO-GENERATED
- deprecated
- package
detectors: # MANUAL - edit detectors here
- method: glob
criteria:
- '**/*.dll'
- '**/*.exe'
metadata_types: # AUTO-GENERATED
- pkg.DotnetPortableExecutableEntry
package_types: # AUTO-GENERATED
- dotnet
json_schema_types: # AUTO-GENERATED
- DotnetPortableExecutableEntry
capabilities: # MANUAL - edit capabilities here
- name: license
default: false
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false

49
internal/capabilities/packages/elixir.yaml Normal file
View File

@ -0,0 +1,49 @@
# Cataloger capabilities. See ../README.md for documentation.
catalogers:
- ecosystem: elixir # MANUAL
name: elixir-mix-lock-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/elixir/cataloger.go
function: NewMixLockCataloger
selectors: # AUTO-GENERATED
- declared
- directory
- elixir
- language
- package
parsers: # AUTO-GENERATED structure
- function: parseMixLock
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/mix.lock'
metadata_types: # AUTO-GENERATED
- pkg.ElixirMixLockEntry
package_types: # AUTO-GENERATED
- hex
json_schema_types: # AUTO-GENERATED
- ElixirMixLockEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- ElixirMixLockEntry.PkgHash
- ElixirMixLockEntry.PkgHashExt

87
internal/capabilities/packages/erlang.yaml Normal file
View File

@ -0,0 +1,87 @@
# Cataloger capabilities. See ../README.md for documentation.
catalogers:
- ecosystem: erlang # MANUAL
name: erlang-otp-application-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/erlang/cataloger.go
function: NewOTPCataloger
selectors: # AUTO-GENERATED
- declared
- directory
- erlang
- language
- otp
- package
parsers: # AUTO-GENERATED structure
- function: parseOTPApp
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/*.app'
package_types: # AUTO-GENERATED
- erlang-otp
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: erlang # MANUAL
name: erlang-rebar-lock-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/erlang/cataloger.go
function: NewRebarLockCataloger
selectors: # AUTO-GENERATED
- declared
- directory
- erlang
- language
- package
parsers: # AUTO-GENERATED structure
- function: parseRebarLock
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/rebar.lock'
metadata_types: # AUTO-GENERATED
- pkg.ErlangRebarLockEntry
package_types: # AUTO-GENERATED
- hex
json_schema_types: # AUTO-GENERATED
- ErlangRebarLockEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- ErlangRebarLockEntry.PkgHash
- ErlangRebarLockEntry.PkgHashExt

51
internal/capabilities/packages/gentoo.yaml Normal file
View File

@ -0,0 +1,51 @@
# Cataloger capabilities. See ../README.md for documentation.
catalogers:
- ecosystem: portage # MANUAL
name: portage-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/gentoo/cataloger.go
function: NewPortageCataloger
selectors: # AUTO-GENERATED
- directory
- gentoo
- image
- installed
- linux
- os
- package
- portage
parsers: # AUTO-GENERATED structure
- function: parsePortageContents
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/var/db/pkg/*/*/CONTENTS'
metadata_types: # AUTO-GENERATED
- pkg.PortageEntry
package_types: # AUTO-GENERATED
- portage
json_schema_types: # AUTO-GENERATED
- PortageDbEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: true
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: true
evidence:
- PortageEntry.Files
- name: package_manager.files.digests
default: true
evidence:
- PortageEntry.Files[].Digest
- name: package_manager.package_integrity_hash
default: false

110
internal/capabilities/packages/githubactions.yaml Normal file
View File

@ -0,0 +1,110 @@
# Cataloger capabilities. See ../README.md for documentation.
catalogers:
- ecosystem: github-actions # MANUAL
name: github-action-workflow-usage-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/githubactions/cataloger.go
function: NewWorkflowUsageCataloger
selectors: # AUTO-GENERATED
- declared
- directory
- github
- github-actions
- package
parsers: # AUTO-GENERATED structure
- function: parseWorkflowForWorkflowUsage
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/.github/workflows/*.yaml'
- '**/.github/workflows/*.yml'
metadata_types: # AUTO-GENERATED
- pkg.GitHubActionsUseStatement
package_types: # AUTO-GENERATED
- github-action-workflow
json_schema_types: # AUTO-GENERATED
- GithubActionsUseStatement
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: github-actions # MANUAL
name: github-actions-usage-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/githubactions/cataloger.go
function: NewActionUsageCataloger
selectors: # AUTO-GENERATED
- declared
- directory
- github
- github-actions
- package
parsers: # AUTO-GENERATED structure
- function: parseCompositeActionForActionUsage
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/.github/actions/*/action.yml'
- '**/.github/actions/*/action.yaml'
metadata_types: # AUTO-GENERATED
- pkg.GitHubActionsUseStatement
package_types: # AUTO-GENERATED
- github-action
json_schema_types: # AUTO-GENERATED
- GithubActionsUseStatement
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- function: parseWorkflowForActionUsage
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/.github/workflows/*.yaml'
- '**/.github/workflows/*.yml'
metadata_types: # AUTO-GENERATED
- pkg.GitHubActionsUseStatement
package_types: # AUTO-GENERATED
- github-action
json_schema_types: # AUTO-GENERATED
- GithubActionsUseStatement
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false

147
internal/capabilities/packages/golang.yaml Normal file
View File

@ -0,0 +1,147 @@
# Cataloger capabilities. See ../README.md for documentation.
configs: # AUTO-GENERATED - config structs and their fields
golang.CatalogerConfig:
fields:
- key: SearchLocalModCacheLicenses
description: SearchLocalModCacheLicenses enables searching for go package licenses in the local GOPATH mod cache.
app_key: golang.search-local-mod-cache-licenses
- key: LocalModCacheDir
description: LocalModCacheDir specifies the location of the local go module cache directory. When not set, syft will attempt to discover the GOPATH env or default to $HOME/go.
app_key: golang.local-mod-cache-dir
- key: SearchLocalVendorLicenses
description: SearchLocalVendorLicenses enables searching for go package licenses in the local vendor directory relative to the go.mod file.
app_key: golang.search-local-vendor-licenses
- key: LocalVendorDir
description: LocalVendorDir specifies the location of the local vendor directory. When not set, syft will search for a vendor directory relative to the go.mod file.
app_key: golang.local-vendor-dir
- key: SearchRemoteLicenses
description: SearchRemoteLicenses enables downloading go package licenses from the upstream go proxy (typically proxy.golang.org).
app_key: golang.search-remote-licenses
- key: Proxies
description: Proxies is a list of go module proxies to use when fetching go module metadata and licenses. When not set, syft will use the GOPROXY env or default to https://proxy.golang.org,direct.
app_key: golang.proxy
- key: NoProxy
description: NoProxy is a list of glob patterns that match go module names that should not be fetched from the go proxy. When not set, syft will use the GOPRIVATE and GONOPROXY env vars.
app_key: golang.no-proxy
catalogers:
- ecosystem: go # MANUAL
name: go-module-binary-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/golang/cataloger.go
function: NewGoModuleBinaryCataloger
config: golang.CatalogerConfig # AUTO-GENERATED
selectors: # AUTO-GENERATED
- binary
- directory
- go
- golang
- gomod
- image
- installed
- language
- package
parsers: # AUTO-GENERATED structure
- function: parseGoBinary
detector: # AUTO-GENERATED
method: mimetype # AUTO-GENERATED
criteria: # AUTO-GENERATED
- application/x-executable
- application/x-mach-binary
- application/x-elf
- application/x-sharedlib
- application/vnd.microsoft.portable-executable
- application/x-executable
metadata_types: # AUTO-GENERATED
- pkg.GolangBinaryBuildinfoEntry
package_types: # AUTO-GENERATED
- go-module
json_schema_types: # AUTO-GENERATED
- GoModuleBuildinfoEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
conditions:
- when:
SearchLocalModCacheLicenses: true
value: true
- when:
SearchRemoteLicenses: true
value: true
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: flat
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- GolangBinaryBuildinfoEntry.H1Digest
- ecosystem: go # MANUAL
name: go-module-file-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/golang/cataloger.go
function: NewGoModuleFileCataloger
config: golang.CatalogerConfig # AUTO-GENERATED
selectors: # AUTO-GENERATED
- declared
- directory
- go
- golang
- gomod
- language
- package
parsers: # AUTO-GENERATED structure
- function: parseGoModFile
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/go.mod'
metadata_types: # AUTO-GENERATED
- pkg.GolangModuleEntry
- pkg.GolangSourceEntry
package_types: # AUTO-GENERATED
- go-module
json_schema_types: # AUTO-GENERATED
- GoModuleEntry
- GoSourceEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
conditions:
- when:
SearchLocalModCacheLicenses: true
value: true
- when:
SearchRemoteLicenses: true
value: true
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: flat
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- GolangModuleEntry.H1Digest
- GolangSourceEntry.H1Digest

107
internal/capabilities/packages/haskell.yaml Normal file
View File

@ -0,0 +1,107 @@
# Cataloger capabilities. See ../README.md for documentation.
catalogers:
- ecosystem: haskell # MANUAL
name: haskell-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/haskell/cataloger.go
function: NewHackageCataloger
selectors: # AUTO-GENERATED
- cabal
- declared
- directory
- hackage
- haskell
- language
- package
parsers: # AUTO-GENERATED structure
- function: parseCabalFreeze
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/cabal.project.freeze'
package_types: # AUTO-GENERATED
- hackage
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- function: parseStackLock
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/stack.yaml.lock'
metadata_types: # AUTO-GENERATED
- pkg.HackageStackYamlLockEntry
package_types: # AUTO-GENERATED
- hackage
json_schema_types: # AUTO-GENERATED
- HaskellHackageStackLockEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- HackageStackYamlLockEntry.PkgHash
- function: parseStackYaml
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/stack.yaml'
metadata_types: # AUTO-GENERATED
- pkg.HackageStackYamlEntry
package_types: # AUTO-GENERATED
- hackage
json_schema_types: # AUTO-GENERATED
- HaskellHackageStackEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- HackageStackYamlEntry.PkgHash

43
internal/capabilities/packages/homebrew.yaml Normal file
View File

@ -0,0 +1,43 @@
# Cataloger capabilities. See ../README.md for documentation.
catalogers:
- ecosystem: homebrew # MANUAL
name: homebrew-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/homebrew/cataloger.go
function: NewCataloger
selectors: # AUTO-GENERATED
- directory
- homebrew
- image
- installed
- package
parsers: # AUTO-GENERATED structure
- function: parseHomebrewFormula
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/Cellar/*/*/.brew/*.rb'
- '**/Library/Taps/*/*/Formula/*.rb'
metadata_types: # AUTO-GENERATED
- pkg.HomebrewFormula
package_types: # AUTO-GENERATED
- homebrew
json_schema_types: # AUTO-GENERATED
- HomebrewFormula
capabilities: # MANUAL - preserved across regeneration
- name: license
default: true
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false

293
internal/capabilities/packages/java.yaml Normal file
View File

@ -0,0 +1,293 @@
# Cataloger capabilities. See ../README.md for documentation.
configs: # AUTO-GENERATED - config structs and their fields
java.ArchiveCatalogerConfig:
fields:
- key: IncludeIndexedArchives
description: IncludeIndexedArchives indicates whether to search within indexed archive files (e.g., .zip).
- key: IncludeUnindexedArchives
description: IncludeUnindexedArchives indicates whether to search within unindexed archive files (e.g., .tar*).
- key: UseNetwork
description: UseNetwork enables network operations for java package metadata enrichment, such as fetching parent POMs and license information.
app_key: java.use-network
- key: UseMavenLocalRepository
description: UseMavenLocalRepository enables searching the local maven repository (~/.m2/repository by default) for parent POMs and other metadata.
app_key: java.use-maven-local-repository
- key: MavenLocalRepositoryDir
description: MavenLocalRepositoryDir specifies the location of the local maven repository. When not set, defaults to ~/.m2/repository.
app_key: java.maven-local-repository-dir
- key: MavenBaseURL
description: MavenBaseURL specifies the base URL(s) to use for fetching POMs and metadata from maven central or other repositories. When not set, defaults to https://repo1.maven.org/maven2.
app_key: java.maven-url
- key: MaxParentRecursiveDepth
description: MaxParentRecursiveDepth limits how many parent POMs will be fetched recursively before stopping. This prevents infinite loops or excessively deep parent chains.
app_key: java.max-parent-recursive-depth
- key: ResolveTransitiveDependencies
description: ResolveTransitiveDependencies enables resolving transitive dependencies for java packages found within archives.
app_key: java.resolve-transitive-dependencies
catalogers:
- ecosystem: java # MANUAL
name: java-archive-cataloger # AUTO-GENERATED
type: custom # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/java/cataloger.go
function: NewArchiveCataloger
config: java.ArchiveCatalogerConfig # AUTO-GENERATED
selectors: # AUTO-GENERATED
- directory
- image
- installed
- java
- language
- maven
- package
detectors: # MANUAL - edit detectors here
- method: glob
criteria:
- '**/*.jar'
- '**/*.war'
- '**/*.ear'
- '**/*.par'
- '**/*.sar'
- '**/*.nar'
- '**/*.jpi'
- '**/*.hpi'
- '**/*.kar'
- '**/*.lpkg'
comment: JAR-based archives - always active
- method: glob
criteria:
- '**/*.zip'
conditions:
- when:
IncludeIndexedArchives: true
comment: ZIP archives require indexed archive support
- method: glob
criteria:
- '**/*.tar'
- '**/*.tar.gz'
- '**/*.tgz'
- '**/*.tar.bz'
- '**/*.tar.bz2'
- '**/*.tbz'
- '**/*.tbz2'
- '**/*.tar.br'
- '**/*.tbr'
- '**/*.tar.lz4'
- '**/*.tlz4'
- '**/*.tar.sz'
- '**/*.tsz'
- '**/*.tar.xz'
- '**/*.txz'
- '**/*.tar.zst'
- '**/*.tzst'
- '**/*.tar.zstd'
- '**/*.tzstd'
conditions:
- when:
IncludeUnindexedArchives: true
comment: TAR archives require unindexed archive support
metadata_types: # AUTO-GENERATED
- pkg.JavaArchive
package_types: # AUTO-GENERATED
- java-archive
json_schema_types: # AUTO-GENERATED
- JavaArchive
capabilities: # MANUAL - edit capabilities here
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- JavaArchive.ArchiveDigests
- ecosystem: java # MANUAL
name: java-gradle-lockfile-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/java/cataloger.go
function: NewGradleLockfileCataloger
selectors: # AUTO-GENERATED
- declared
- directory
- gradle
- java
- language
- package
parsers: # AUTO-GENERATED structure
- function: parseGradleLockfile
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/gradle.lockfile*'
metadata_types: # AUTO-GENERATED
- pkg.JavaArchive
package_types: # AUTO-GENERATED
- java-archive
json_schema_types: # AUTO-GENERATED
- JavaArchive
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: java # MANUAL
name: java-pom-cataloger # AUTO-GENERATED
type: custom # AUTO-GENERATED
source: # AUTO-GENERATED
file: ""
function: ""
selectors: # AUTO-GENERATED
- declared
- directory
- java
- language
- maven
- package
detectors: # MANUAL - edit detectors here
- method: glob
criteria:
- '*pom.xml'
metadata_types: # AUTO-GENERATED
- pkg.JavaArchive
package_types: # AUTO-GENERATED
- java-archive
json_schema_types: # AUTO-GENERATED
- JavaArchive
capabilities: # MANUAL - edit capabilities here
- name: license
default: true
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: java # MANUAL
name: java-jvm-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/java/cataloger.go
function: NewJvmDistributionCataloger
selectors: # AUTO-GENERATED
- declared
- directory
- image
- installed
- java
- jdk
- jre
- jvm
- package
parsers: # AUTO-GENERATED structure
- function: parseJVMRelease
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/release'
metadata_types: # AUTO-GENERATED
- pkg.JavaVMInstallation
package_types: # AUTO-GENERATED
- binary
json_schema_types: # AUTO-GENERATED
- JavaJvmInstallation
capabilities: # MANUAL - preserved across regeneration
- name: license
default: true
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: true
evidence:
- JavaVMInstallation.Files
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: java # MANUAL
name: graalvm-native-image-cataloger # AUTO-GENERATED
type: custom # AUTO-GENERATED
source: # AUTO-GENERATED
file: ""
function: ""
selectors: # AUTO-GENERATED
- directory
- image
- installed
- java
- language
- package
detectors: # MANUAL - edit detectors here
- method: mimetype
criteria:
- application/x-executable
- application/x-mach-binary
- application/x-elf
- application/x-sharedlib
- application/vnd.microsoft.portable-executable
package_types: # AUTO-GENERATED
- graalvm-native-image
capabilities: # MANUAL - edit capabilities here
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
comment: the dependencies ultimately depends on the quality of the embedded SBOM
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false

165
internal/capabilities/packages/javascript.yaml Normal file
View File

@ -0,0 +1,165 @@
# Cataloger capabilities. See ../README.md for documentation.
configs: # AUTO-GENERATED - config structs and their fields
javascript.CatalogerConfig:
fields:
- key: SearchRemoteLicenses
description: SearchRemoteLicenses enables querying the NPM registry API to retrieve license information for packages that are missing license data in their local metadata.
app_key: javascript.search-remote-licenses
- key: NPMBaseURL
description: NPMBaseURL specifies the base URL for the NPM registry API used when searching for remote license information.
app_key: javascript.npm-base-url
- key: IncludeDevDependencies
description: IncludeDevDependencies controls whether development dependencies should be included in the catalog results, in addition to production dependencies.
app_key: javascript.include-dev-dependencies
catalogers:
- ecosystem: javascript # MANUAL
name: javascript-lock-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/javascript/cataloger.go
function: NewLockCataloger
config: javascript.CatalogerConfig # AUTO-GENERATED
selectors: # AUTO-GENERATED
- declared
- directory
- javascript
- language
- node
- npm
- package
parsers: # AUTO-GENERATED structure
- function: parsePnpmLock
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/pnpm-lock.yaml'
metadata_types: # AUTO-GENERATED
- pkg.PnpmLockEntry
package_types: # AUTO-GENERATED
- npm
json_schema_types: # AUTO-GENERATED
- JavascriptPnpmLockEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- function: parseYarnLock
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/yarn.lock'
metadata_types: # AUTO-GENERATED
- pkg.YarnLockEntry
package_types: # AUTO-GENERATED
- npm
json_schema_types: # AUTO-GENERATED
- JavascriptYarnLockEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- YarnLockEntry.Integrity
- function: parsePackageLock
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/package-lock.json'
metadata_types: # AUTO-GENERATED
- pkg.NpmPackageLockEntry
package_types: # AUTO-GENERATED
- npm
json_schema_types: # AUTO-GENERATED
- JavascriptNpmPackageLockEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: true
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- NpmPackageLockEntry.Integrity
- ecosystem: javascript # MANUAL
name: javascript-package-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/javascript/cataloger.go
function: NewPackageCataloger
selectors: # AUTO-GENERATED
- image
- installed
- javascript
- language
- node
- package
parsers: # AUTO-GENERATED structure
- function: parsePackageJSON
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/package.json'
metadata_types: # AUTO-GENERATED
- pkg.NpmPackage
package_types: # AUTO-GENERATED
- npm
json_schema_types: # AUTO-GENERATED
- JavascriptNpmPackage
capabilities: # MANUAL - preserved across regeneration
- name: license
default: true
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false

58
internal/capabilities/packages/linux.yaml Normal file
View File

@ -0,0 +1,58 @@
# Cataloger capabilities. See ../README.md for documentation.
configs: # AUTO-GENERATED - config structs and their fields
kernel.LinuxKernelCatalogerConfig:
fields:
- key: CatalogModules
description: CatalogModules enables cataloging linux kernel modules (*.ko files) in addition to the kernel itself.
app_key: linux-kernel.catalog-modules
catalogers:
- ecosystem: linux # MANUAL
name: linux-kernel-cataloger # AUTO-GENERATED
type: custom # AUTO-GENERATED
source: # AUTO-GENERATED
file: ""
function: ""
config: kernel.LinuxKernelCatalogerConfig # AUTO-GENERATED
selectors: # AUTO-GENERATED
- declared
- directory
- image
- installed
- kernel
- linux
- package
detectors: # MANUAL - edit detectors here
- method: glob
criteria:
- '**/kernel'
- '**/kernel-*'
- '**/vmlinux'
- '**/vmlinux-*'
- '**/vmlinuz'
- '**/vmlinuz-*'
- '**/lib/modules/**/*.ko'
metadata_types: # AUTO-GENERATED
- pkg.LinuxKernel
- pkg.LinuxKernelModule
package_types: # AUTO-GENERATED
- linux-kernel
- linux-kernel-module
json_schema_types: # AUTO-GENERATED
- LinuxKernelArchive
- LinuxKernelModule
capabilities: # MANUAL - edit capabilities here
- name: license
default: true
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false

43
internal/capabilities/packages/lua.yaml Normal file
View File

@ -0,0 +1,43 @@
# Cataloger capabilities. See ../README.md for documentation.
catalogers:
- ecosystem: lua # MANUAL
name: lua-rock-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/lua/cataloger.go
function: NewPackageCataloger
selectors: # AUTO-GENERATED
- directory
- image
- installed
- language
- lua
- package
parsers: # AUTO-GENERATED structure
- function: parseRockspec
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/*.rockspec'
metadata_types: # AUTO-GENERATED
- pkg.LuaRocksPackage
package_types: # AUTO-GENERATED
- lua-rocks
json_schema_types: # AUTO-GENERATED
- LuarocksPackage
capabilities: # MANUAL - preserved across regeneration
- name: license
default: true
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false

101
internal/capabilities/packages/nix.yaml Normal file
View File

@ -0,0 +1,101 @@
# Cataloger capabilities. See ../README.md for documentation.
configs: # AUTO-GENERATED - config structs and their fields
nix.Config:
fields:
- key: CaptureOwnedFiles
description: CaptureOwnedFiles determines whether to record the list of files owned by each Nix package discovered in the store. Recording owned files provides more detailed information but increases processing time and memory usage.
app_key: nix.capture-owned-files
catalogers:
- ecosystem: nix # MANUAL
name: nix-cataloger # AUTO-GENERATED
type: custom # AUTO-GENERATED
source: # AUTO-GENERATED
file: ""
function: ""
selectors: # AUTO-GENERATED
- directory
- image
- installed
- language
- nix
- package
detectors: # MANUAL - edit detectors here
- method: glob
criteria:
- '**/nix/var/nix/db/db.sqlite'
- '**/nix/store/*'
- '**/nix/store/*.drv'
metadata_types: # AUTO-GENERATED
- pkg.NixStoreEntry
package_types: # AUTO-GENERATED
- nix
json_schema_types: # AUTO-GENERATED
- NixStoreEntry
capabilities: # MANUAL - edit capabilities here
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: true
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- NixStoreEntry.OutputHash
- ecosystem: nix # MANUAL
name: nix-store-cataloger # AUTO-GENERATED
type: custom # AUTO-GENERATED
source: # AUTO-GENERATED
file: ""
function: ""
config: nix.Config # AUTO-GENERATED
selectors: # AUTO-GENERATED
- deprecated
- package
detectors: # MANUAL - edit detectors here
- method: glob
criteria:
- '**/nix/store/*'
- '**/nix/store/*.drv'
metadata_types: # AUTO-GENERATED
- pkg.NixStoreEntry
package_types: # AUTO-GENERATED
- nix
json_schema_types: # AUTO-GENERATED
- NixStoreEntry
capabilities: # MANUAL - edit capabilities here
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
conditions:
- when:
CaptureOwnedFiles: true
value: true
evidence:
- NixStoreEntry.Files
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- NixStoreEntry.OutputHash

45
internal/capabilities/packages/ocaml.yaml Normal file
View File

@ -0,0 +1,45 @@
# Cataloger capabilities. See ../README.md for documentation.
catalogers:
- ecosystem: ocaml # MANUAL
name: opam-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/ocaml/cataloger.go
function: NewOpamPackageManagerCataloger
selectors: # AUTO-GENERATED
- declared
- directory
- language
- ocaml
- opam
- package
parsers: # AUTO-GENERATED structure
- function: parseOpamPackage
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/*opam'
metadata_types: # AUTO-GENERATED
- pkg.OpamPackage
package_types: # AUTO-GENERATED
- opam
json_schema_types: # AUTO-GENERATED
- OpamPackage
capabilities: # MANUAL - preserved across regeneration
- name: license
default: true
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false

214
internal/capabilities/packages/php.yaml Normal file
View File

@ -0,0 +1,214 @@
# Cataloger capabilities. See ../README.md for documentation.
catalogers:
- ecosystem: php # MANUAL
name: php-composer-installed-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/php/cataloger.go
function: NewComposerInstalledCataloger
selectors: # AUTO-GENERATED
- composer
- image
- installed
- language
- package
- php
parsers: # AUTO-GENERATED structure
- function: parseInstalledJSON
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/installed.json'
metadata_types: # AUTO-GENERATED
- pkg.PhpComposerInstalledEntry
package_types: # AUTO-GENERATED
- php-composer
json_schema_types: # AUTO-GENERATED
- PhpComposerInstalledEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: true
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: php # MANUAL
name: php-composer-lock-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/php/cataloger.go
function: NewComposerLockCataloger
selectors: # AUTO-GENERATED
- composer
- declared
- directory
- language
- package
- php
parsers: # AUTO-GENERATED structure
- function: parseComposerLock
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/composer.lock'
metadata_types: # AUTO-GENERATED
- pkg.PhpComposerLockEntry
package_types: # AUTO-GENERATED
- php-composer
json_schema_types: # AUTO-GENERATED
- PhpComposerLockEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: true
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
- ecosystem: php # MANUAL
name: php-interpreter-cataloger # AUTO-GENERATED
type: custom # AUTO-GENERATED
source: # AUTO-GENERATED
file: ""
function: ""
selectors: # AUTO-GENERATED
- binary
- declared
- directory
- image
- installed
- package
- php
detectors: # MANUAL - edit detectors here
- method: glob
criteria:
- '**/php*/**/*.so'
- '**/php-fpm*'
- '**/apache*/**/libphp*.so'
metadata_types: # AUTO-GENERATED
- pkg.BinarySignature
package_types: # AUTO-GENERATED
- binary
json_schema_types: # AUTO-GENERATED
- BinarySignature
capabilities: # MANUAL - edit capabilities here
- name: license
default: false
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: flat
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: php # MANUAL
name: php-pear-serialized-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/php/cataloger.go
function: NewPearCataloger
selectors: # AUTO-GENERATED
- declared
- directory
- image
- language
- package
- pear
- php
parsers: # AUTO-GENERATED structure
- function: parsePear
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/php/.registry/**/*.reg'
metadata_types: # AUTO-GENERATED
- pkg.PhpPearEntry
package_types: # AUTO-GENERATED
- php-pear
json_schema_types: # AUTO-GENERATED
- PhpPearEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: true
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: true
- name: package_manager.files.digests
default: true
- name: package_manager.package_integrity_hash
default: false
- ecosystem: php # MANUAL
name: php-pecl-serialized-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/php/cataloger.go
function: NewPeclCataloger
selectors: # AUTO-GENERATED
- deprecated
- package
parsers: # AUTO-GENERATED structure
- function: parsePecl
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/php/.registry/.channel.*/*.reg'
metadata_types: # AUTO-GENERATED
- pkg.PhpPeclEntry
package_types: # AUTO-GENERATED
- php-pecl
json_schema_types: # AUTO-GENERATED
- PhpPeclEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: true
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false

254
internal/capabilities/packages/python.yaml Normal file
View File

@ -0,0 +1,254 @@
# Cataloger capabilities. See ../README.md for documentation.
configs: # AUTO-GENERATED - config structs and their fields
python.CatalogerConfig:
fields:
- key: GuessUnpinnedRequirements
description: GuessUnpinnedRequirements attempts to infer package versions from version constraints when no explicit version is specified in requirements files.
app_key: python.guess-unpinned-requirements
- key: SearchRemoteLicenses
description: SearchRemoteLicenses enables querying the NPM registry API to retrieve license information for packages that are missing license data in their local metadata.
app_key: python.search-remote-licenses
- key: PypiBaseURL
description: PypiBaseURL specifies the base URL for the Pypi registry API used when searching for remote license information.
app_key: python.pypi-base-url
catalogers:
- ecosystem: python # MANUAL
name: python-installed-package-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/python/cataloger.go
function: NewInstalledPackageCataloger
selectors: # AUTO-GENERATED
- directory
- image
- installed
- language
- package
- python
parsers: # AUTO-GENERATED structure
- function: parseWheelOrEgg
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/*.egg-info'
- '**/*dist-info/METADATA'
- '**/*egg-info/PKG-INFO'
- '**/*DIST-INFO/METADATA'
- '**/*EGG-INFO/PKG-INFO'
metadata_types: # AUTO-GENERATED
- pkg.PythonPackage
package_types: # AUTO-GENERATED
- python
json_schema_types: # AUTO-GENERATED
- PythonPackage
capabilities: # MANUAL - preserved across regeneration
- name: license
default: true
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: true
evidence:
- PythonPackage.Files
- name: package_manager.files.digests
default: true
evidence:
- PythonPackage.Files[].Digest
- name: package_manager.package_integrity_hash
default: false
- ecosystem: python # MANUAL
name: python-package-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/python/cataloger.go
function: NewPackageCataloger
config: python.CatalogerConfig # AUTO-GENERATED
selectors: # AUTO-GENERATED
- declared
- directory
- language
- package
- python
parsers: # AUTO-GENERATED structure
- function: parsePdmLock
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/pdm.lock'
metadata_types: # AUTO-GENERATED
- pkg.PythonPdmLockEntry
package_types: # AUTO-GENERATED
- python
json_schema_types: # AUTO-GENERATED
- PythonPdmLockEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- dev
- optional
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- function: parseUvLock
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/uv.lock'
metadata_types: # AUTO-GENERATED
- pkg.PythonUvLockEntry
package_types: # AUTO-GENERATED
- python
json_schema_types: # AUTO-GENERATED
- PythonUvLockEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- dev
- optional
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- function: parseSetupFile
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/setup.py'
package_types: # AUTO-GENERATED
- python
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- function: parsePipfileLock
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/Pipfile.lock'
metadata_types: # AUTO-GENERATED
- pkg.PythonPipfileLockEntry
package_types: # AUTO-GENERATED
- python
json_schema_types: # AUTO-GENERATED
- PythonPipfileLockEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: true
evidence:
- PythonPipfileLockEntry.Hashes
- name: package_manager.package_integrity_hash
default: false
- function: parsePoetryLock
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/poetry.lock'
metadata_types: # AUTO-GENERATED
- pkg.PythonPoetryLockEntry
package_types: # AUTO-GENERATED
- python
json_schema_types: # AUTO-GENERATED
- PythonPoetryLockEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- dev
- optional
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- function: parseRequirementsTxt
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/*requirements*.txt'
metadata_types: # AUTO-GENERATED
- pkg.PythonRequirementsEntry
package_types: # AUTO-GENERATED
- python
json_schema_types: # AUTO-GENERATED
- PythonPipRequirementsEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- any
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false

43
internal/capabilities/packages/r.yaml Normal file
View File

@ -0,0 +1,43 @@
# Cataloger capabilities. See ../README.md for documentation.
catalogers:
- ecosystem: r # MANUAL
name: r-package-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/r/cataloger.go
function: NewPackageCataloger
selectors: # AUTO-GENERATED
- directory
- image
- installed
- language
- package
- r
parsers: # AUTO-GENERATED structure
- function: parseDescriptionFile
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/DESCRIPTION'
metadata_types: # AUTO-GENERATED
- pkg.RDescription
package_types: # AUTO-GENERATED
- R-package
json_schema_types: # AUTO-GENERATED
- RDescription
capabilities: # MANUAL - preserved across regeneration
- name: license
default: true
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false

126
internal/capabilities/packages/redhat.yaml Normal file
View File

@ -0,0 +1,126 @@
# Cataloger capabilities. See ../README.md for documentation.
catalogers:
- ecosystem: rpm # MANUAL
name: rpm-archive-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/redhat/cataloger.go
function: NewArchiveCataloger
selectors: # AUTO-GENERATED
- declared
- directory
- linux
- os
- package
- redhat
- rpm
parsers: # AUTO-GENERATED structure
- function: parseRpmArchive
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/*.rpm'
metadata_types: # AUTO-GENERATED
- pkg.RpmArchive
package_types: # AUTO-GENERATED
- rpm
json_schema_types: # AUTO-GENERATED
- RpmArchive
capabilities: # MANUAL - preserved across regeneration
- name: license
default: true
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: true
evidence:
- RpmArchive.Files
- name: package_manager.files.digests
default: true
evidence:
- RpmArchive.Files[].Digest
- name: package_manager.package_integrity_hash
default: false
- ecosystem: rpm # MANUAL
name: rpm-db-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/redhat/cataloger.go
function: NewDBCataloger
selectors: # AUTO-GENERATED
- directory
- image
- installed
- linux
- os
- package
- redhat
- rpm
parsers: # AUTO-GENERATED structure
- function: parseRpmManifest
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/var/lib/rpmmanifest/container-manifest-2'
metadata_types: # AUTO-GENERATED
- pkg.RpmDBEntry
package_types: # AUTO-GENERATED
- rpm
json_schema_types: # AUTO-GENERATED
- RpmDbEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- function: parseRpmDB
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/{var/lib,usr/share,usr/lib/sysimage}/rpm/{Packages,Packages.db,rpmdb.sqlite}'
metadata_types: # AUTO-GENERATED
- pkg.RpmDBEntry
package_types: # AUTO-GENERATED
- rpm
json_schema_types: # AUTO-GENERATED
- RpmDbEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: true
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: true
evidence:
- RpmDBEntry.Files
- name: package_manager.files.digests
default: true
evidence:
- RpmDBEntry.Files[].Digest
- name: package_manager.package_integrity_hash
default: false

134
internal/capabilities/packages/ruby.yaml Normal file
View File

@ -0,0 +1,134 @@
# Cataloger capabilities. See ../README.md for documentation.
catalogers:
- ecosystem: ruby # MANUAL
name: ruby-gemfile-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/ruby/cataloger.go
function: NewGemFileLockCataloger
selectors: # AUTO-GENERATED
- declared
- directory
- gem
- language
- package
- ruby
parsers: # AUTO-GENERATED structure
- function: parseGemFileLockEntries
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/Gemfile.lock'
package_types: # AUTO-GENERATED
- gem
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: ruby # MANUAL
name: ruby-gemspec-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/ruby/cataloger.go
function: NewGemSpecCataloger
selectors: # AUTO-GENERATED
- declared
- directory
- gem
- gemspec
- language
- package
- ruby
parsers: # AUTO-GENERATED structure
- function: parseGemSpecEntries
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/*.gemspec'
metadata_types: # AUTO-GENERATED
- pkg.RubyGemspec
package_types: # AUTO-GENERATED
- gem
json_schema_types: # AUTO-GENERATED
- RubyGemspec
capabilities: # MANUAL - preserved across regeneration
- name: license
default: true
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: true
evidence:
- RubyGemspec.Files
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: ruby # MANUAL
name: ruby-installed-gemspec-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/ruby/cataloger.go
function: NewInstalledGemSpecCataloger
selectors: # AUTO-GENERATED
- gem
- gemspec
- image
- installed
- language
- package
- ruby
parsers: # AUTO-GENERATED structure
- function: parseGemSpecEntries
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/specifications/**/*.gemspec'
metadata_types: # AUTO-GENERATED
- pkg.RubyGemspec
package_types: # AUTO-GENERATED
- gem
json_schema_types: # AUTO-GENERATED
- RubyGemspec
capabilities: # MANUAL - preserved across regeneration
- name: license
default: true
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: true
evidence:
- RubyGemspec.Files
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false

99
internal/capabilities/packages/rust.yaml Normal file
View File

@ -0,0 +1,99 @@
# Cataloger capabilities. See ../README.md for documentation.
catalogers:
- ecosystem: rust # MANUAL
name: cargo-auditable-binary-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/rust/cataloger.go
function: NewAuditBinaryCataloger
selectors: # AUTO-GENERATED
- binary
- directory
- image
- installed
- language
- package
- rust
parsers: # AUTO-GENERATED structure
- function: parseAuditBinary
detector: # AUTO-GENERATED
method: mimetype # AUTO-GENERATED
criteria: # AUTO-GENERATED
- application/x-executable
- application/x-mach-binary
- application/x-elf
- application/x-sharedlib
- application/vnd.microsoft.portable-executable
- application/x-executable
metadata_types: # AUTO-GENERATED
- pkg.RustBinaryAuditEntry
package_types: # AUTO-GENERATED
- rust-crate
json_schema_types: # AUTO-GENERATED
- RustCargoAuditEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: rust # MANUAL
name: rust-cargo-lock-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/rust/cataloger.go
function: NewCargoLockCataloger
selectors: # AUTO-GENERATED
- cargo
- declared
- directory
- language
- package
- rust
parsers: # AUTO-GENERATED structure
- function: parseCargoLock
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/Cargo.lock'
metadata_types: # AUTO-GENERATED
- pkg.RustCargoLockEntry
package_types: # AUTO-GENERATED
- rust-crate
json_schema_types: # AUTO-GENERATED
- RustCargoLockEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- dev
- build
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- RustCargoLockEntry.Checksum

49
internal/capabilities/packages/sbom.yaml Normal file
View File

@ -0,0 +1,49 @@
# Cataloger capabilities. See ../README.md for documentation.
catalogers:
- ecosystem: sbom # MANUAL
name: sbom-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/sbom/cataloger.go
function: NewCataloger
selectors: # AUTO-GENERATED
- package
- sbom
parsers: # AUTO-GENERATED structure
- function: parseSBOM
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/*.syft.json'
- '**/*.bom.*'
- '**/*.bom'
- '**/bom'
- '**/*.sbom.*'
- '**/*.sbom'
- '**/sbom'
- '**/*.cdx.*'
- '**/*.cdx'
- '**/*.spdx.*'
- '**/*.spdx'
metadata_types: # AUTO-GENERATED
- pkg.ApkDBEntry
package_types: # AUTO-GENERATED
- apk
json_schema_types: # AUTO-GENERATED
- ApkDbEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: true
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false

146
internal/capabilities/packages/snap.yaml Normal file
View File

@ -0,0 +1,146 @@
# Cataloger capabilities. See ../README.md for documentation.
catalogers:
- ecosystem: snap # MANUAL
name: snap-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/snap/cataloger.go
function: NewCataloger
selectors: # AUTO-GENERATED
- directory
- image
- installed
- package
- snap
parsers: # AUTO-GENERATED structure
- function: parseSnapdSnapcraft
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/snap/snapcraft.yaml'
metadata_types: # AUTO-GENERATED
- pkg.SnapEntry
package_types: # AUTO-GENERATED
- deb
json_schema_types: # AUTO-GENERATED
- SnapEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- function: parseSystemManifest
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/snap/manifest.yaml'
metadata_types: # AUTO-GENERATED
- pkg.SnapEntry
package_types: # AUTO-GENERATED
- deb
json_schema_types: # AUTO-GENERATED
- SnapEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- function: parseKernelChangelog
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/doc/linux-modules-*/changelog.Debian.gz'
metadata_types: # AUTO-GENERATED
- pkg.SnapEntry
package_types: # AUTO-GENERATED
- deb
json_schema_types: # AUTO-GENERATED
- SnapEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- function: parseBaseDpkgYaml
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/usr/share/snappy/dpkg.yaml'
metadata_types: # AUTO-GENERATED
- pkg.SnapEntry
package_types: # AUTO-GENERATED
- deb
json_schema_types: # AUTO-GENERATED
- SnapEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- function: parseSnapYaml
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/meta/snap.yaml'
metadata_types: # AUTO-GENERATED
- pkg.SnapEntry
package_types: # AUTO-GENERATED
- deb
json_schema_types: # AUTO-GENERATED
- SnapEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false

92
internal/capabilities/packages/swift.yaml Normal file
View File

@ -0,0 +1,92 @@
# Cataloger capabilities. See ../README.md for documentation.
catalogers:
- ecosystem: swift # MANUAL
name: cocoapods-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/swift/cataloger.go
function: NewCocoapodsCataloger
selectors: # AUTO-GENERATED
- cocoapods
- declared
- directory
- language
- package
- swift
parsers: # AUTO-GENERATED structure
- function: parsePodfileLock
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/Podfile.lock'
metadata_types: # AUTO-GENERATED
- pkg.CocoaPodfileLockEntry
package_types: # AUTO-GENERATED
- pod
json_schema_types: # AUTO-GENERATED
- CocoaPodfileLockEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- CocoaPodfileLockEntry.Checksum
- ecosystem: swift # MANUAL
name: swift-package-manager-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/swift/cataloger.go
function: NewSwiftPackageManagerCataloger
selectors: # AUTO-GENERATED
- declared
- directory
- language
- package
- spm
- swift
parsers: # AUTO-GENERATED structure
- function: parsePackageResolved
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/Package.resolved'
- '**/.package.resolved'
metadata_types: # AUTO-GENERATED
- pkg.SwiftPackageManagerResolvedEntry
package_types: # AUTO-GENERATED
- swift
json_schema_types: # AUTO-GENERATED
- SwiftPackageManagerLockEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false

46
internal/capabilities/packages/swipl.yaml Normal file
View File

@ -0,0 +1,46 @@
# Cataloger capabilities. See ../README.md for documentation.
catalogers:
- ecosystem: prolog # MANUAL
name: swipl-pack-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/swipl/cataloger.go
function: NewSwiplPackCataloger
selectors: # AUTO-GENERATED
- declared
- directory
- language
- pack
- package
- swipl
parsers: # AUTO-GENERATED structure
- function: parsePackPackage
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/pack.pl'
metadata_types: # AUTO-GENERATED
- pkg.SwiplPackEntry
package_types: # AUTO-GENERATED
- swiplpack
json_schema_types: # AUTO-GENERATED
- SwiplpackPackage
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false

45
internal/capabilities/packages/terraform.yaml Normal file
View File

@ -0,0 +1,45 @@
# Cataloger capabilities. See ../README.md for documentation.
catalogers:
- ecosystem: terraform # MANUAL
name: terraform-lock-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/terraform/cataloger.go
function: NewLockCataloger
selectors: # AUTO-GENERATED
- declared
- directory
- package
- terraform
parsers: # AUTO-GENERATED structure
- function: parseTerraformLock
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/.terraform.lock.hcl'
metadata_types: # AUTO-GENERATED
- pkg.TerraformLockProviderEntry
package_types: # AUTO-GENERATED
- terraform
json_schema_types: # AUTO-GENERATED
- TerraformLockProviderEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- TerraformLockProviderEntry.Hashes

41
internal/capabilities/packages/wordpress.yaml Normal file
View File

@ -0,0 +1,41 @@
# Cataloger capabilities. See ../README.md for documentation.
catalogers:
- ecosystem: wordpress # MANUAL
name: wordpress-plugins-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/wordpress/cataloger.go
function: NewWordpressPluginCataloger
selectors: # AUTO-GENERATED
- directory
- image
- package
- wordpress
parsers: # AUTO-GENERATED structure
- function: parseWordpressPluginFiles
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/wp-content/plugins/*/*.php'
metadata_types: # AUTO-GENERATED
- pkg.WordpressPluginEntry
package_types: # AUTO-GENERATED
- wordpress-plugin
json_schema_types: # AUTO-GENERATED
- WordpressPluginEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: true
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false