bump JSON schema to v16.0.6 + expand test fixtures

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-11-18 08:53:15 +01:00 · 2024-03-13 15:51:03 -04:00 · 2024-03-13 15:51:03 -04:00 · d8113b5f07
commit d8113b5f07
parent a35f64c971
14 changed files with 2394 additions and 148 deletions
--- a/internal/constants.go
+++ b/internal/constants.go
@ -3,5 +3,5 @@ package internal
 const (
 	// JSONSchemaVersion is the current schema version output by the JSON encoder
 	// This is roughly following the "SchemaVer" guidelines for versioning the JSON schema. Please see schema/json/README.md for details on how to increment.
-	JSONSchemaVersion = "16.0.5"
+	JSONSchemaVersion = "16.0.6"
 )
--- a/schema/json/schema-16.0.4.json
+++ b/schema/json/schema-16.0.4.json
@ -630,33 +630,6 @@
        "dso"
      ]
    },
-    "ElfBinaryPackageNotes": {
-      "properties": {
-        "type": {
-          "type": "string"
-        },
-        "vendor": {
-          "type": "string"
-        },
-        "system": {
-          "type": "string"
-        },
-        "sourceRepo": {
-          "type": "string"
-        },
-        "commit": {
-          "type": "string"
-        }
-      },
-      "type": "object",
-      "required": [
-        "type",
-        "vendor",
-        "system",
-        "sourceRepo",
-        "commit"
-      ]
-    },
    "ElixirMixLockEntry": {
      "properties": {
        "name": {
@ -1437,9 +1410,6 @@
            {
              "$ref": "#/$defs/DpkgDbEntry"
            },
-            {
-              "$ref": "#/$defs/ElfBinaryPackageNotes"
-            },
            {
              "$ref": "#/$defs/ElixirMixLockEntry"
            },
--- a/schema/json/schema-16.0.6.json
+++ b/schema/json/schema-16.0.6.json
--- a/schema/json/schema-latest.json
+++ b/schema/json/schema-latest.json
@ -1,6 +1,6 @@
 {
  "$schema": "https://json-schema.org/draft/2020-12/schema",
-  "$id": "anchore.io/schema/syft/json/16.0.5/document",
+  "$id": "anchore.io/schema/syft/json/16.0.6/document",
  "$ref": "#/$defs/Document",
  "$defs": {
    "AlpmDbEntry": {
@ -630,7 +630,7 @@
        "dso"
      ]
    },
-    "ElfBinaryPackageNotes": {
+    "ElfBinaryPackageNoteJsonPayload": {
      "properties": {
        "type": {
          "type": "string"
@ -648,14 +648,7 @@
          "type": "string"
        }
      },
-      "type": "object",
-      "required": [
-        "type",
-        "vendor",
-        "system",
-        "sourceRepo",
-        "commit"
-      ]
+      "type": "object"
    },
    "ElixirMixLockEntry": {
      "properties": {
@ -1453,7 +1446,7 @@
              "$ref": "#/$defs/DpkgDbEntry"
            },
            {
-              "$ref": "#/$defs/ElfBinaryPackageNotes"
+              "$ref": "#/$defs/ElfBinaryPackageNoteJsonPayload"
            },
            {
              "$ref": "#/$defs/ElixirMixLockEntry"
--- a/syft/internal/packagemetadata/generated.go
+++ b/syft/internal/packagemetadata/generated.go
@ -19,7 +19,7 @@ func AllTypes() []any {
 		pkg.DotnetDepsEntry{},
 		pkg.DotnetPortableExecutableEntry{},
 		pkg.DpkgDBEntry{},
-		pkg.ELFBinaryPackageNotes{},
+		pkg.ELFBinaryPackageNoteJSONPayload{},
 		pkg.ElixirMixLockEntry{},
 		pkg.ErlangRebarLockEntry{},
 		pkg.GolangBinaryBuildinfoEntry{},
--- a/syft/internal/packagemetadata/names.go
+++ b/syft/internal/packagemetadata/names.go
@ -74,7 +74,7 @@ var jsonTypes = makeJSONTypes(
 	jsonNames(pkg.DotnetDepsEntry{}, "dotnet-deps-entry", "DotnetDepsMetadata"),
 	jsonNames(pkg.DotnetPortableExecutableEntry{}, "dotnet-portable-executable-entry"),
 	jsonNames(pkg.DpkgDBEntry{}, "dpkg-db-entry", "DpkgMetadata"),
-	jsonNames(pkg.ELFBinaryPackageNotes{}, "elf-binary-package-notes"),
+	jsonNames(pkg.ELFBinaryPackageNoteJSONPayload{}, "elf-binary-package-note-json-payload"),
 	jsonNames(pkg.RubyGemspec{}, "ruby-gemspec", "GemMetadata"),
 	jsonNames(pkg.GolangBinaryBuildinfoEntry{}, "go-module-buildinfo-entry", "GolangBinMetadata", "GolangMetadata"),
 	jsonNames(pkg.GolangModuleEntry{}, "go-module-entry", "GolangModMetadata"),
--- a/syft/pkg/binary.go
+++ b/syft/pkg/binary.go
@ -13,11 +13,11 @@ type ClassifierMatch struct {
 	Location   file.Location `mapstructure:"Location" json:"location"`
 }

-// ELFBinaryPackageNotes Represents metadata captured from the .note.package section of the binary
-type ELFBinaryPackageNotes struct {
-	Type   string `json:"type"`
-	Vendor string `json:"vendor"`
-	System string `json:"system"`
-	Source string `json:"sourceRepo"`
-	Commit string `json:"commit"`
+// ELFBinaryPackageNoteJSONPayload Represents metadata captured from the .note.package section of the binary
+type ELFBinaryPackageNoteJSONPayload struct {
+	Type       string `json:"type,omitempty"`
+	Vendor     string `json:"vendor,omitempty"`
+	System     string `json:"system,omitempty"`
+	SourceRepo string `json:"sourceRepo,omitempty"`
+	Commit     string `json:"commit,omitempty"`
 }
--- a/syft/pkg/cataloger/binary/elf_package.go
+++ b/syft/pkg/cataloger/binary/elf_package.go
@ -14,7 +14,7 @@ func newELFPackage(metadata elfBinaryPackageNotes, locations file.LocationSet, l
 		PURL:      packageURL(metadata),
 		Type:      pkg.BinaryPkg,
 		Locations: locations,
-		Metadata:  metadata.ELFBinaryPackageNotes,
+		Metadata:  metadata.ELFBinaryPackageNoteJSONPayload,
 	}

 	p.SetID()
--- a/syft/pkg/cataloger/binary/elf_package_cataloger.go
+++ b/syft/pkg/cataloger/binary/elf_package_cataloger.go
@ -19,14 +19,18 @@ var _ pkg.Cataloger = (*elfPackageCataloger)(nil)
 type elfPackageCataloger struct {
 }

+// TODO: for now this accounts for a single data shape from the .note.package section of an ELF binary.
+// In the future, this should be generalized to support multiple data shapes, including non-json data.
+// For example, fedora includes an ELF section header as a prefix to the JSON payload: https://github.com/anchore/syft/issues/2713
+
 type elfBinaryPackageNotes struct {
-	Name                      string `json:"name"`
-	Version                   string `json:"version"`
-	PURL                      string `json:"purl"`
-	CPE                       string `json:"cpe"`
-	License                   string `json:"license"`
-	pkg.ELFBinaryPackageNotes `json:",inline"`
-	Location                  file.Location `json:"-"`
+	Name                                string `json:"name"`
+	Version                             string `json:"version"`
+	PURL                                string `json:"purl"`
+	CPE                                 string `json:"cpe"`
+	License                             string `json:"license"`
+	pkg.ELFBinaryPackageNoteJSONPayload `json:",inline"`
+	Location                            file.Location `json:"-"`
 }

 type elfPackageKey struct {
--- a/syft/pkg/cataloger/binary/elf_package_cataloger_test.go
+++ b/syft/pkg/cataloger/binary/elf_package_cataloger_test.go
@ -15,18 +15,19 @@ func Test_ELF_Package_Cataloger(t *testing.T) {
 			Version: "0.01",
 			PURL:    "pkg:generic/syftsys/libhello_world.so@0.01",
 			FoundBy: "",
-			Locations: file.NewLocationSet(file.NewVirtualLocation("/usr/local/bin/elftests/elfbinwithnestedlib/bin/lib/libhello_world.so", "/usr/local/bin/elftests/elfbinwithnestedlib/bin/lib/libhello_world.so"),
+			Locations: file.NewLocationSet(
+				file.NewVirtualLocation("/usr/local/bin/elftests/elfbinwithnestedlib/bin/lib/libhello_world.so", "/usr/local/bin/elftests/elfbinwithnestedlib/bin/lib/libhello_world.so"),
 				file.NewVirtualLocation("/usr/local/bin/elftests/elfbinwithsisterlib/lib/libhello_world.so", "/usr/local/bin/elftests/elfbinwithsisterlib/lib/libhello_world.so"),
 				file.NewVirtualLocation("/usr/local/bin/elftests/elfbinwithsisterlib/lib/libhello_world2.so", "/usr/local/bin/elftests/elfbinwithsisterlib/lib/libhello_world2.so"),
 			),
 			Language: "",
 			Type:     pkg.BinaryPkg,
-			Metadata: pkg.ELFBinaryPackageNotes{
-				Type:   "testfixture",
-				Vendor: "syft",
-				System: "syftsys",
-				Source: "",
-				Commit: "",
+			Metadata: pkg.ELFBinaryPackageNoteJSONPayload{
+				Type:       "testfixture",
+				Vendor:     "syft",
+				System:     "syftsys",
+				SourceRepo: "https://github.com/someone/somewhere.git",
+				Commit:     "5534c38d0ffef9a3f83154f0b7a7fb6ab0ab6dbb",
 			},
 		},
 		{
@ -34,18 +35,19 @@ func Test_ELF_Package_Cataloger(t *testing.T) {
 			Version: "0.01",
 			PURL:    "pkg:generic/syftsys/syfttestfixture@0.01",
 			FoundBy: "",
-			Locations: file.NewLocationSet(file.NewLocation("/usr/local/bin/elftests/elfbinwithnestedlib/bin/elfbinwithnestedlib").WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation),
+			Locations: file.NewLocationSet(
+				file.NewLocation("/usr/local/bin/elftests/elfbinwithnestedlib/bin/elfbinwithnestedlib").WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation),
 				file.NewLocation("/usr/local/bin/elftests/elfbinwithsisterlib/bin/elfwithparallellibbin1").WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation),
 				file.NewLocation("/usr/local/bin/elftests/elfbinwithsisterlib/bin/elfwithparallellibbin2").WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation),
 			),
 			Language: "",
 			Type:     pkg.BinaryPkg,
-			Metadata: pkg.ELFBinaryPackageNotes{
-				Type:   "testfixture",
-				Vendor: "syft",
-				System: "syftsys",
-				Source: "",
-				Commit: "",
+			Metadata: pkg.ELFBinaryPackageNoteJSONPayload{
+				Type:       "testfixture",
+				Vendor:     "syft",
+				System:     "syftsys",
+				SourceRepo: "https://github.com/someone/somewhere.git",
+				Commit:     "5534c38d0ffef9a3f83154f0b7a7fb6ab0ab6dbb",
 			},
 		},
 	}
@ -56,69 +58,4 @@ func Test_ELF_Package_Cataloger(t *testing.T) {
 		Expects(expectedPkgs, nil).
 		TestCataloger(t, NewELFPackageCataloger())

-	// expectedPkgs = []pkg.Package{
-	// 	{
-	// 		Name:      "libhello_world.so",
-	// 		Version:   "0.01",
-	// 		PURL:      "pkg:generic/syftsys/libhello_world.so@0.01",
-	// 		FoundBy:   "",
-	// 		Locations: file.NewLocationSet(file.NewVirtualLocation("/usr/local/bin/syftelftest/lib/libhello_world.so", "/usr/local/bin/syftelftest/lib/libhello_world.so")),
-	// 		Language:  "",
-	// 		Type:      pkg.BinaryPkg,
-	// 		Metadata: pkg.ELFBinaryPackageNotes{
-	// 			Type:   "testfixture",
-	// 			Vendor: "syft",
-	// 			System: "syftsys",
-	// 		},
-	// 	},
-	// 	{
-	// 		Name:      "syfttestfixture",
-	// 		Version:   "0.01",
-	// 		PURL:      "pkg:generic/syftsys/syfttestfixture@0.01",
-	// 		FoundBy:   "",
-	// 		Locations: file.NewLocationSet(file.NewVirtualLocation("/usr/local/bin/syftelftest/bin/elfwithparallellibbin1", "/usr/local/bin/syftelftest/bin/elfwithparallellibbin1")),
-	// 		Language:  "",
-	// 		Type:      pkg.BinaryPkg,
-	// 		Metadata: pkg.ELFBinaryPackageNotes{
-	// 			Type:   "testfixture",
-	// 			Vendor: "syft",
-	// 			System: "syftsys",
-	// 		},
-	// 	},
-	// 	{
-	// 		Name:      "libhello_world2.so",
-	// 		Version:   "0.01",
-	// 		PURL:      "pkg:generic/syftsys/libhello_world2.so@0.01",
-	// 		FoundBy:   "",
-	// 		Locations: file.NewLocationSet(file.NewVirtualLocation("/usr/local/bin/syftelftest/lib/libhello_world2.so", "/usr/local/bin/syftelftest/lib/libhello_world2.so")),
-	// 		Language:  "",
-	// 		Type:      pkg.BinaryPkg,
-	// 		Metadata: pkg.ELFBinaryPackageNotes{
-	// 			Type:   "testfixture",
-	// 			Vendor: "syft",
-	// 			System: "syftsys",
-	// 		},
-	// 	},
-
-	// 	{
-	// 		Name:      "syfttestfixture",
-	// 		Version:   "0.01",
-	// 		PURL:      "pkg:generic/syftsys/syfttestfixture@0.01",
-	// 		FoundBy:   "",
-	// 		Locations: file.NewLocationSet(file.NewVirtualLocation("/usr/local/bin/syftelftest/bin/elfwithparallellibbin2", "/usr/local/bin/syftelftest/bin/elfwithparallellibbin2")),
-	// 		Language:  "",
-	// 		Type:      pkg.BinaryPkg,
-	// 		Metadata: pkg.ELFBinaryPackageNotes{
-	// 			Type:   "testfixture",
-	// 			Vendor: "syft",
-	// 			System: "syftsys",
-	// 		},
-	// 	},
-	// }
-	// pkgtest.NewCatalogTester().
-	// 	WithImageResolver(t, "elf-test-fixture-sister-lib").
-	// 	IgnoreLocationLayer(). // this fixture can be rebuilt, thus the layer ID will change
-	// 	Expects(expectedPkgs, nil).
-	// 	TestCataloger(t, NewELFPackageCataloger())
-
 }
--- a/syft/pkg/cataloger/binary/elf_package_test.go
+++ b/syft/pkg/cataloger/binary/elf_package_test.go
@ -22,7 +22,7 @@ func Test_packageURL(t *testing.T) {
 			notes: elfBinaryPackageNotes{
 				Name:    "github.com/anchore/syft",
 				Version: "v0.1.0",
-				ELFBinaryPackageNotes: pkg.ELFBinaryPackageNotes{
+				ELFBinaryPackageNoteJSONPayload: pkg.ELFBinaryPackageNoteJSONPayload{
 					System: "syftsys",
 				},
 			},
@ -33,7 +33,7 @@ func Test_packageURL(t *testing.T) {
 			notes: elfBinaryPackageNotes{
 				Name:    "go.opencensus.io",
 				Version: "v0.23.0",
-				ELFBinaryPackageNotes: pkg.ELFBinaryPackageNotes{
+				ELFBinaryPackageNoteJSONPayload: pkg.ELFBinaryPackageNoteJSONPayload{
 					System: "syftsys",
 				},
 			},
@ -61,7 +61,7 @@ func Test_newELFPackage(t *testing.T) {
 				Version: "0.01",
 				PURL:    "pkg:generic/syftsys/syfttestfixture@0.01",
 				CPE:     "cpe:/o:syft:syftsys_testfixture_syfttestfixture:0.01",
-				ELFBinaryPackageNotes: pkg.ELFBinaryPackageNotes{
+				ELFBinaryPackageNoteJSONPayload: pkg.ELFBinaryPackageNoteJSONPayload{
 					Type:   "binary",
 					System: "syftsys",
 				},
@ -72,7 +72,7 @@ func Test_newELFPackage(t *testing.T) {
 				Version: "0.01",
 				Type:    "binary",
 				PURL:    "pkg:generic/syftsys/syfttestfixture@0.01",
-				Metadata: pkg.ELFBinaryPackageNotes{
+				Metadata: pkg.ELFBinaryPackageNoteJSONPayload{
 					Type:   "binary",
 					System: "syftsys",
 				},
--- a/syft/pkg/cataloger/binary/test-fixtures/elf-test-fixtures/elfbinwithnestedlib/elfsrc/makefile
+++ b/syft/pkg/cataloger/binary/test-fixtures/elf-test-fixtures/elfbinwithnestedlib/elfsrc/makefile
@ -20,7 +20,7 @@ all: testfixture

 $(LIB_SO): $(LIB_OBJ) | $(LIB_DIR)
 	$(CC) -shared -o $@ $<
-	echo '{"type": "testfixture","vendor": "syft","system": "syftsys","name": "libhello_world.so","version": "0.01","purl": "pkg:generic/syftsys/syfttestfixture@0.01","cpe": "cpe:/o:syft:syftsys_testfixture_syfttestfixture:0.01"}' | objcopy --add-section .note.package=/dev/stdin --set-section-flags .note.package=noload,readonly $@
+	echo '{"type": "testfixture","license":"MIT","commit":"5534c38d0ffef9a3f83154f0b7a7fb6ab0ab6dbb","sourceRepo":"https://github.com/someone/somewhere.git","vendor": "syft","system": "syftsys","name": "libhello_world.so","version": "0.01","purl": "pkg:generic/syftsys/syfttestfixture@0.01","cpe": "cpe:/o:syft:syftsys_testfixture_syfttestfixture:0.01"}' | objcopy --add-section .note.package=/dev/stdin --set-section-flags .note.package=noload,readonly $@

 $(LIB_OBJ): $(LIB_SRC) | $(BUILD_DIR)
 	$(CC) $(CFLAGS) -fPIC -c $< -o $@
@ -37,7 +37,7 @@ $(LIB_DIR):

 $(BIN_DIR)/$(EXECUTABLE): $(EXEC_OBJ) $(LIB_SO) | $(BIN_DIR)
 	$(CC) $(CFLAGS) -o $@ $^ -L$(LIB_DIR) -l$(LIB_NAME) $(LDFLAGS)
-	echo '{"type": "testfixture","vendor": "syft","system": "syftsys","name": "syfttestfixture","version": "0.01","purl": "pkg:generic/syftsys/syfttestfixture@0.01","cpe": "cpe:/o:syft:syftsys_testfixture_syfttestfixture:0.01"}' | objcopy --add-section .note.package=/dev/stdin --set-section-flags .note.package=noload,readonly $@
+	echo '{"type": "testfixture","license":"MIT","commit":"5534c38d0ffef9a3f83154f0b7a7fb6ab0ab6dbb","sourceRepo":"https://github.com/someone/somewhere.git","vendor": "syft","system": "syftsys","name": "syfttestfixture","version": "0.01","purl": "pkg:generic/syftsys/syfttestfixture@0.01","cpe": "cpe:/o:syft:syftsys_testfixture_syfttestfixture:0.01"}' | objcopy --add-section .note.package=/dev/stdin --set-section-flags .note.package=noload,readonly $@

 testfixture: $(BIN_DIR)/$(EXECUTABLE)

--- a/syft/pkg/cataloger/binary/test-fixtures/elf-test-fixtures/elfbinwithsisterlib/elfsrc1/makefile
+++ b/syft/pkg/cataloger/binary/test-fixtures/elf-test-fixtures/elfbinwithsisterlib/elfsrc1/makefile
@ -20,7 +20,7 @@ all: testfixture

 $(LIB_SO): $(LIB_OBJ) | $(LIB_DIR)
 	$(CC) -shared -o $@ $<
-	echo '{"type": "testfixture","vendor": "syft","system": "syftsys","name": "libhello_world.so","version": "0.01","purl": "pkg:generic/syftsys/syfttestfixture@0.01","cpe": "cpe:/o:syft:syftsys_testfixture_syfttestfixture:0.01"}' | objcopy --add-section .note.package=/dev/stdin --set-section-flags .note.package=noload,readonly $@
+	echo '{"type": "testfixture","license":"MIT","commit":"5534c38d0ffef9a3f83154f0b7a7fb6ab0ab6dbb","sourceRepo":"https://github.com/someone/somewhere.git","vendor": "syft","system": "syftsys","name": "libhello_world.so","version": "0.01","purl": "pkg:generic/syftsys/syfttestfixture@0.01","cpe": "cpe:/o:syft:syftsys_testfixture_syfttestfixture:0.01"}' | objcopy --add-section .note.package=/dev/stdin --set-section-flags .note.package=noload,readonly $@

 $(LIB_OBJ): $(LIB_SRC) | $(BUILD_DIR)
 	$(CC) $(CFLAGS) -fPIC -c $< -o $@
@ -37,7 +37,7 @@ $(LIB_DIR):

 $(BIN_DIR)/$(EXECUTABLE): $(EXEC_OBJ) $(LIB_SO) | $(BIN_DIR)
 	$(CC) $(CFLAGS) -o $@ $^ -L$(LIB_DIR) -l$(LIB_NAME) $(LDFLAGS)
-	echo '{"type": "testfixture","vendor": "syft","system": "syftsys","name": "syfttestfixture","version": "0.01","purl": "pkg:generic/syftsys/syfttestfixture@0.01","cpe": "cpe:/o:syft:syftsys_testfixture_syfttestfixture:0.01"}' | objcopy --add-section .note.package=/dev/stdin --set-section-flags .note.package=noload,readonly $@
+	echo '{"type": "testfixture","license":"MIT","commit":"5534c38d0ffef9a3f83154f0b7a7fb6ab0ab6dbb","sourceRepo":"https://github.com/someone/somewhere.git","vendor": "syft","system": "syftsys","name": "syfttestfixture","version": "0.01","purl": "pkg:generic/syftsys/syfttestfixture@0.01","cpe": "cpe:/o:syft:syftsys_testfixture_syfttestfixture:0.01"}' | objcopy --add-section .note.package=/dev/stdin --set-section-flags .note.package=noload,readonly $@

 testfixture: $(BIN_DIR)/$(EXECUTABLE)

--- a/syft/pkg/cataloger/binary/test-fixtures/elf-test-fixtures/elfbinwithsisterlib/elfsrc2/makefile
+++ b/syft/pkg/cataloger/binary/test-fixtures/elf-test-fixtures/elfbinwithsisterlib/elfsrc2/makefile
@ -20,7 +20,7 @@ all: testfixture

 $(LIB_SO): $(LIB_OBJ) | $(LIB_DIR)
 	$(CC) -shared -o $@ $<
-	echo '{"type": "testfixture","vendor": "syft","system": "syftsys","name": "libhello_world.so","version": "0.01","purl": "pkg:generic/syftsys/syfttestfixture@0.01","cpe": "cpe:/o:syft:syftsys_testfixture_syfttestfixture:0.01"}' | objcopy --add-section .note.package=/dev/stdin --set-section-flags .note.package=noload,readonly $@
+	echo '{"type": "testfixture","license":"MIT","commit":"5534c38d0ffef9a3f83154f0b7a7fb6ab0ab6dbb","sourceRepo":"https://github.com/someone/somewhere.git","vendor": "syft","system": "syftsys","name": "libhello_world.so","version": "0.01","purl": "pkg:generic/syftsys/syfttestfixture@0.01","cpe": "cpe:/o:syft:syftsys_testfixture_syfttestfixture:0.01"}' | objcopy --add-section .note.package=/dev/stdin --set-section-flags .note.package=noload,readonly $@

 $(LIB_OBJ): $(LIB_SRC) | $(BUILD_DIR)
 	$(CC) $(CFLAGS) -fPIC -c $< -o $@
@ -37,7 +37,7 @@ $(LIB_DIR):

 $(BIN_DIR)/$(EXECUTABLE): $(EXEC_OBJ) $(LIB_SO) | $(BIN_DIR)
 	$(CC) $(CFLAGS) -o $@ $^ -L$(LIB_DIR) -l$(LIB_NAME) $(LDFLAGS)
-	echo '{"type": "testfixture","vendor": "syft","system": "syftsys","name": "syfttestfixture","version": "0.01","purl": "pkg:generic/syftsys/syfttestfixture@0.01","cpe": "cpe:/o:syft:syftsys_testfixture_syfttestfixture:0.01"}' | objcopy --add-section .note.package=/dev/stdin --set-section-flags .note.package=noload,readonly $@
+	echo '{"type": "testfixture","license":"MIT","commit":"5534c38d0ffef9a3f83154f0b7a7fb6ab0ab6dbb","sourceRepo":"https://github.com/someone/somewhere.git","vendor": "syft","system": "syftsys","name": "syfttestfixture","version": "0.01","purl": "pkg:generic/syftsys/syfttestfixture@0.01","cpe": "cpe:/o:syft:syftsys_testfixture_syfttestfixture:0.01"}' | objcopy --add-section .note.package=/dev/stdin --set-section-flags .note.package=noload,readonly $@

 testfixture: $(BIN_DIR)/$(EXECUTABLE)