oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 08:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.2 to 0.8.0 (#2413)

Browse Source
This commit is contained in:
dependabot[bot] 2023-12-14 17:18:37 -05:00 committed by GitHub
parent 38a12bd91a
commit b83cc8485a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 70 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -121,7 +121,7 @@ syft <image> --scope all-layers
### Supported sources ### Supported sources
Syft can generate a SBOM from a variety of sources: Syft can generate an SBOM from a variety of sources:
``` ```
# catalog a container image archive (from the result of `docker image save ...`, `podman save ...`, or `skopeo copy` commands) # catalog a container image archive (from the result of `docker image save ...`, `podman save ...`, or `skopeo copy` commands)

2
go.mod
View File

@ -3,7 +3,7 @@ module github.com/anchore/syft
go 1.21.0 go 1.21.0
require ( require (
github.com/CycloneDX/cyclonedx-go v0.7.2 github.com/CycloneDX/cyclonedx-go v0.8.0
github.com/Masterminds/semver v1.5.0 github.com/Masterminds/semver v1.5.0
github.com/Masterminds/sprig/v3 v3.2.3 github.com/Masterminds/sprig/v3 v3.2.3
github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d

4
go.sum
View File

@ -58,8 +58,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03
github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
github.com/CycloneDX/cyclonedx-go v0.7.2 h1:kKQ0t1dPOlugSIYVOMiMtFqeXI2wp/f5DBIdfux8gnQ= github.com/CycloneDX/cyclonedx-go v0.8.0 h1:FyWVj6x6hoJrui5uRQdYZcSievw3Z32Z88uYzG/0D6M=
github.com/CycloneDX/cyclonedx-go v0.7.2/go.mod h1:K2bA+324+Og0X84fA8HhN2X066K7Bxz4rpMQ4ZhjtSk= github.com/CycloneDX/cyclonedx-go v0.8.0/go.mod h1:K2bA+324+Og0X84fA8HhN2X066K7Bxz4rpMQ4ZhjtSk=
github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
github.com/DataDog/zstd v1.4.5 h1:EndNeuB0l9syBZhut0wns3gV1hL8zX8LIu6ZiVHWLIQ= github.com/DataDog/zstd v1.4.5 h1:EndNeuB0l9syBZhut0wns3gV1hL8zX8LIu6ZiVHWLIQ=
github.com/DataDog/zstd v1.4.5/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo= github.com/DataDog/zstd v1.4.5/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo=

19
syft/format/common/cyclonedxhelpers/decoder.go
View File

@ -249,9 +249,22 @@ func extractDescriptor(meta *cyclonedx.Metadata) (desc sbom.Descriptor) {
return return
} }
for _, t := range *meta.Tools { // handle 1.5 component element
desc.Name = t.Name if meta.Tools.Components != nil {
desc.Version = t.Version for _, t := range *meta.Tools.Components {
desc.Name = t.Name
desc.Version = t.Version
return
}
}
// handle pre-1.5 tool element
if meta.Tools.Tools != nil {
for _, t := range *meta.Tools.Tools {
desc.Name = t.Name
desc.Version = t.Version
return
}
} }
return return

13
syft/format/common/cyclonedxhelpers/format.go
View File

@ -114,11 +114,14 @@ func formatCPE(cpeString string) string {
func toBomDescriptor(name, version string, srcMetadata source.Description) *cyclonedx.Metadata { func toBomDescriptor(name, version string, srcMetadata source.Description) *cyclonedx.Metadata {
return &cyclonedx.Metadata{ return &cyclonedx.Metadata{
Timestamp: time.Now().Format(time.RFC3339), Timestamp: time.Now().Format(time.RFC3339),
Tools: &[]cyclonedx.Tool{ Tools: &cyclonedx.ToolsChoice{
{ Components: &[]cyclonedx.Component{
Vendor: "anchore", {
Name: name, Type: cyclonedx.ComponentTypeApplication,
Version: version, Author: "anchore",
Name: name,
Version: version,
},
}, },
}, },
Properties: toBomProperties(srcMetadata), Properties: toBomProperties(srcMetadata),

15
syft/format/common/cyclonedxhelpers/format_test.go
View File

@ -168,13 +168,14 @@ func Test_toBomDescriptor(t *testing.T) {
want: &cyclonedx.Metadata{ want: &cyclonedx.Metadata{
Timestamp: "", Timestamp: "",
Lifecycles: nil, Lifecycles: nil,
Tools: &[]cyclonedx.Tool{ Tools: &cyclonedx.ToolsChoice{
{ Components: &[]cyclonedx.Component{
Vendor: "anchore", {
Name: "test-image", Type: cyclonedx.ComponentTypeApplication,
Version: "1.0.0", Author: "anchore",
Hashes: nil, Name: "test-image",
ExternalReferences: nil, Version: "1.0.0",
},
}, },
}, },
Authors: nil, Authors: nil,

17
syft/format/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden
View File

@ -6,13 +6,16 @@
"version": 1, "version": 1,
"metadata": { "metadata": {
"timestamp": "timestamp:redacted", "timestamp": "timestamp:redacted",
"tools": [ "tools": {
{ "components": [
"vendor": "anchore", {
"name": "syft", "type": "application",
"version": "v0.42.0-bogus" "author": "anchore",
} "name": "syft",
], "version": "v0.42.0-bogus"
}
]
},
"component": { "component": {
"bom-ref":"redacted", "bom-ref":"redacted",
"type": "file", "type": "file",

17
syft/format/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden
View File

@ -6,13 +6,16 @@
"version": 1, "version": 1,
"metadata": { "metadata": {
"timestamp": "timestamp:redacted", "timestamp": "timestamp:redacted",
"tools": [ "tools": {
{ "components": [
"vendor": "anchore", {
"name": "syft", "type": "application",
"version": "v0.42.0-bogus" "author": "anchore",
} "name": "syft",
], "version": "v0.42.0-bogus"
}
]
},
"component": { "component": {
"bom-ref":"redacted", "bom-ref":"redacted",
"type": "container", "type": "container",

12
syft/format/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden
View File

@ -3,11 +3,13 @@
<metadata> <metadata>
<timestamp>redacted</timestamp> <timestamp>redacted</timestamp>
<tools> <tools>
<tool> <components>
<vendor>anchore</vendor> <component type="application">
<name>syft</name> <author>anchore</author>
<version>v0.42.0-bogus</version> <name>syft</name>
</tool> <version>v0.42.0-bogus</version>
</component>
</components>
</tools> </tools>
<component bom-ref="redacted" type="file"> <component bom-ref="redacted" type="file">
<name>some/path</name> <name>some/path</name>

12
syft/format/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden
View File

@ -3,11 +3,13 @@
<metadata> <metadata>
<timestamp>redacted</timestamp> <timestamp>redacted</timestamp>
<tools> <tools>
<tool> <components>
<vendor>anchore</vendor> <component type="application">
<name>syft</name> <author>anchore</author>
<version>v0.42.0-bogus</version> <name>syft</name>
</tool> <version>v0.42.0-bogus</version>
</component>
</components>
</tools> </tools>
<component bom-ref="redacted" type="container"> <component bom-ref="redacted" type="container">
<name>user-image-input</name> <name>user-image-input</name>