From e841b03219963c152882c4ca8c4a606a47ee9b9b Mon Sep 17 00:00:00 2001 From: Alex Goodman Date: Mon, 19 May 2025 11:50:45 -0400 Subject: [PATCH] [wip] remove sqlite import Signed-off-by: Alex Goodman --- .goreleaser.yaml | 489 +++++++++--------- .../test/integration/sqlite_rpmdb_test.go | 2 - cmd/syft/main.go | 2 - go.mod | 6 +- go.sum | 16 - syft/pkg/cataloger/nix/cataloger_test.go | 10 +- syft/pkg/cataloger/redhat/cataloger_test.go | 10 +- 7 files changed, 252 insertions(+), 283 deletions(-) diff --git a/.goreleaser.yaml b/.goreleaser.yaml index a8fc7711f..62a6e88d7 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -14,12 +14,9 @@ builds: dir: ./cmd/syft binary: syft goos: - - linux + - windows goarch: - amd64 - - arm64 - - ppc64le - - s390x # set the modified timestamp on the output binary to the git timestamp to ensure a reproducible build mod_timestamp: &build-timestamp '{{ .CommitTimestamp }}' ldflags: &build-ldflags | @@ -31,246 +28,246 @@ builds: -X main.buildDate={{.Date}} -X main.gitDescription={{.Summary}} - - id: darwin-build - dir: ./cmd/syft - binary: syft - goos: - - darwin - goarch: - - amd64 - - arm64 - mod_timestamp: *build-timestamp - ldflags: *build-ldflags - hooks: - post: - - cmd: .tool/quill sign-and-notarize "{{ .Path }}" --dry-run={{ .IsSnapshot }} --ad-hoc={{ .IsSnapshot }} -vv - env: - - QUILL_LOG_FILE=/tmp/quill-{{ .Target }}.log +# - id: darwin-build +# dir: ./cmd/syft +# binary: syft +# goos: +# - darwin +# goarch: +# - amd64 +# - arm64 +# mod_timestamp: *build-timestamp +# ldflags: *build-ldflags +# hooks: +# post: +# - cmd: .tool/quill sign-and-notarize "{{ .Path }}" --dry-run={{ .IsSnapshot }} --ad-hoc={{ .IsSnapshot }} -vv +# env: +# - QUILL_LOG_FILE=/tmp/quill-{{ .Target }}.log +# +# - id: windows-build +# dir: ./cmd/syft +# binary: syft +# goos: +# - windows +# goarch: +# - amd64 +# mod_timestamp: *build-timestamp +# ldflags: *build-ldflags - - id: windows-build - dir: ./cmd/syft - binary: syft - goos: - - windows - goarch: - - amd64 - mod_timestamp: *build-timestamp - ldflags: *build-ldflags - -archives: - - id: linux-archives - builds: - - linux-build - - # note: the signing process is depending on tar.gz archives. If this format changes then .github/scripts/apple-signing/*.sh will need to be adjusted - - id: darwin-archives - builds: - - darwin-build - - - id: windows-archives - format: zip - builds: - - windows-build - -nfpms: - - license: "Apache 2.0" - maintainer: "Anchore, Inc" - homepage: &website "https://github.com/anchore/syft" - description: &description "A tool that generates a Software Bill Of Materials (SBOM) from container images and filesystems" - formats: - - rpm - - deb - -brews: - - repository: - owner: anchore - name: homebrew-syft - token: "{{.Env.GITHUB_BREW_TOKEN}}" - ids: - - darwin-archives - - linux-archives - homepage: *website - description: *description - license: "Apache License 2.0" - -dockers: - - image_templates: - - anchore/syft:debug - - anchore/syft:{{.Tag}}-debug - - ghcr.io/anchore/syft:debug - - ghcr.io/anchore/syft:{{.Tag}}-debug - goarch: amd64 - dockerfile: Dockerfile.debug - use: buildx - build_flag_templates: - - "--platform=linux/amd64" - - "--build-arg=BUILD_DATE={{.Date}}" - - "--build-arg=BUILD_VERSION={{.Version}}" - - "--build-arg=VCS_REF={{.FullCommit}}" - - "--build-arg=VCS_URL={{.GitURL}}" - - - image_templates: - - anchore/syft:debug-arm64v8 - - anchore/syft:{{.Tag}}-debug-arm64v8 - - ghcr.io/anchore/syft:debug-arm64v8 - - ghcr.io/anchore/syft:{{.Tag}}-debug-arm64v8 - goarch: arm64 - dockerfile: Dockerfile.debug - use: buildx - build_flag_templates: - - "--platform=linux/arm64/v8" - - "--build-arg=BUILD_DATE={{.Date}}" - - "--build-arg=BUILD_VERSION={{.Version}}" - - "--build-arg=VCS_REF={{.FullCommit}}" - - "--build-arg=VCS_URL={{.GitURL}}" - - - image_templates: - - anchore/syft:debug-ppc64le - - anchore/syft:{{.Tag}}-debug-ppc64le - - ghcr.io/anchore/syft:debug-ppc64le - - ghcr.io/anchore/syft:{{.Tag}}-debug-ppc64le - goarch: ppc64le - dockerfile: Dockerfile.debug - use: buildx - build_flag_templates: - - "--platform=linux/ppc64le" - - "--build-arg=BUILD_DATE={{.Date}}" - - "--build-arg=BUILD_VERSION={{.Version}}" - - "--build-arg=VCS_REF={{.FullCommit}}" - - "--build-arg=VCS_URL={{.GitURL}}" - - - image_templates: - - anchore/syft:debug-s390x - - anchore/syft:{{.Tag}}-debug-s390x - - ghcr.io/anchore/syft:debug-s390x - - ghcr.io/anchore/syft:{{.Tag}}-debug-s390x - goarch: s390x - dockerfile: Dockerfile.debug - use: buildx - build_flag_templates: - - "--platform=linux/s390x" - - "--build-arg=BUILD_DATE={{.Date}}" - - "--build-arg=BUILD_VERSION={{.Version}}" - - "--build-arg=VCS_REF={{.FullCommit}}" - - "--build-arg=VCS_URL={{.GitURL}}" - - - image_templates: - - anchore/syft:latest - - anchore/syft:{{.Tag}} - - ghcr.io/anchore/syft:latest - - ghcr.io/anchore/syft:{{.Tag}} - goarch: amd64 - dockerfile: Dockerfile - use: buildx - build_flag_templates: - - "--platform=linux/amd64" - - "--build-arg=BUILD_DATE={{.Date}}" - - "--build-arg=BUILD_VERSION={{.Version}}" - - "--build-arg=VCS_REF={{.FullCommit}}" - - "--build-arg=VCS_URL={{.GitURL}}" - - - image_templates: - - anchore/syft:{{.Tag}}-arm64v8 - - ghcr.io/anchore/syft:{{.Tag}}-arm64v8 - goarch: arm64 - dockerfile: Dockerfile - use: buildx - build_flag_templates: - - "--platform=linux/arm64/v8" - - "--build-arg=BUILD_DATE={{.Date}}" - - "--build-arg=BUILD_VERSION={{.Version}}" - - "--build-arg=VCS_REF={{.FullCommit}}" - - "--build-arg=VCS_URL={{.GitURL}}" - - - image_templates: - - anchore/syft:{{.Tag}}-ppc64le - - ghcr.io/anchore/syft:{{.Tag}}-ppc64le - goarch: ppc64le - dockerfile: Dockerfile - use: buildx - build_flag_templates: - - "--platform=linux/ppc64le" - - "--build-arg=BUILD_DATE={{.Date}}" - - "--build-arg=BUILD_VERSION={{.Version}}" - - "--build-arg=VCS_REF={{.FullCommit}}" - - "--build-arg=VCS_URL={{.GitURL}}" - - - image_templates: - - anchore/syft:{{.Tag}}-s390x - - ghcr.io/anchore/syft:{{.Tag}}-s390x - goarch: s390x - dockerfile: Dockerfile - use: buildx - build_flag_templates: - - "--platform=linux/s390x" - - "--build-arg=BUILD_DATE={{.Date}}" - - "--build-arg=BUILD_VERSION={{.Version}}" - - "--build-arg=VCS_REF={{.FullCommit}}" - - "--build-arg=VCS_URL={{.GitURL}}" - -docker_manifests: - - name_template: anchore/syft:latest - image_templates: - - anchore/syft:{{.Tag}} - - anchore/syft:{{.Tag}}-arm64v8 - - anchore/syft:{{.Tag}}-ppc64le - - anchore/syft:{{.Tag}}-s390x - - - name_template: anchore/syft:debug - - anchore/syft:{{.Tag}}-debug - - anchore/syft:{{.Tag}}-debug-arm64v8 - - anchore/syft:{{.Tag}}-debug-ppc64le - - anchore/syft:{{.Tag}}-debug-s390x - - - name_template: anchore/syft:{{.Tag}} - image_templates: - - anchore/syft:{{.Tag}} - - anchore/syft:{{.Tag}}-arm64v8 - - anchore/syft:{{.Tag}}-ppc64le - - anchore/syft:{{.Tag}}-s390x - - - name_template: ghcr.io/anchore/syft:latest - image_templates: - - ghcr.io/anchore/syft:{{.Tag}} - - ghcr.io/anchore/syft:{{.Tag}}-arm64v8 - - ghcr.io/anchore/syft:{{.Tag}}-ppc64le - - ghcr.io/anchore/syft:{{.Tag}}-s390x - - - name_template: ghcr.io/anchore/syft:debug - image_templates: - - ghcr.io/anchore/syft:{{.Tag}}-debug - - ghcr.io/anchore/syft:{{.Tag}}-debug-arm64v8 - - ghcr.io/anchore/syft:{{.Tag}}-debug-ppc64le - - ghcr.io/anchore/syft:{{.Tag}}-debug-s390x - - - name_template: ghcr.io/anchore/syft:{{.Tag}} - image_templates: - - ghcr.io/anchore/syft:{{.Tag}} - - ghcr.io/anchore/syft:{{.Tag}}-arm64v8 - - ghcr.io/anchore/syft:{{.Tag}}-ppc64le - - ghcr.io/anchore/syft:{{.Tag}}-s390x - -sboms: - - artifacts: archive - # this is relative to the snapshot/dist directory, not the root of the repo - cmd: ../.tool/syft - documents: - - "{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}.sbom" - args: - - "scan" - - "$artifact" - - "--output" - - "json=$document" - -signs: - - cmd: .tool/cosign - signature: "${artifact}.sig" - certificate: "${artifact}.pem" - args: - - "sign-blob" - - "--oidc-issuer=https://token.actions.githubusercontent.com" - - "--output-certificate=${certificate}" - - "--output-signature=${signature}" - - "${artifact}" - - "--yes" - artifacts: checksum +#archives: +# - id: linux-archives +# builds: +# - linux-build +# +# # note: the signing process is depending on tar.gz archives. If this format changes then .github/scripts/apple-signing/*.sh will need to be adjusted +# - id: darwin-archives +# builds: +# - darwin-build +# +# - id: windows-archives +# format: zip +# builds: +# - windows-build +# +#nfpms: +# - license: "Apache 2.0" +# maintainer: "Anchore, Inc" +# homepage: &website "https://github.com/anchore/syft" +# description: &description "A tool that generates a Software Bill Of Materials (SBOM) from container images and filesystems" +# formats: +# - rpm +# - deb +# +#brews: +# - repository: +# owner: anchore +# name: homebrew-syft +# token: "{{.Env.GITHUB_BREW_TOKEN}}" +# ids: +# - darwin-archives +# - linux-archives +# homepage: *website +# description: *description +# license: "Apache License 2.0" +# +#dockers: +# - image_templates: +# - anchore/syft:debug +# - anchore/syft:{{.Tag}}-debug +# - ghcr.io/anchore/syft:debug +# - ghcr.io/anchore/syft:{{.Tag}}-debug +# goarch: amd64 +# dockerfile: Dockerfile.debug +# use: buildx +# build_flag_templates: +# - "--platform=linux/amd64" +# - "--build-arg=BUILD_DATE={{.Date}}" +# - "--build-arg=BUILD_VERSION={{.Version}}" +# - "--build-arg=VCS_REF={{.FullCommit}}" +# - "--build-arg=VCS_URL={{.GitURL}}" +# +# - image_templates: +# - anchore/syft:debug-arm64v8 +# - anchore/syft:{{.Tag}}-debug-arm64v8 +# - ghcr.io/anchore/syft:debug-arm64v8 +# - ghcr.io/anchore/syft:{{.Tag}}-debug-arm64v8 +# goarch: arm64 +# dockerfile: Dockerfile.debug +# use: buildx +# build_flag_templates: +# - "--platform=linux/arm64/v8" +# - "--build-arg=BUILD_DATE={{.Date}}" +# - "--build-arg=BUILD_VERSION={{.Version}}" +# - "--build-arg=VCS_REF={{.FullCommit}}" +# - "--build-arg=VCS_URL={{.GitURL}}" +# +# - image_templates: +# - anchore/syft:debug-ppc64le +# - anchore/syft:{{.Tag}}-debug-ppc64le +# - ghcr.io/anchore/syft:debug-ppc64le +# - ghcr.io/anchore/syft:{{.Tag}}-debug-ppc64le +# goarch: ppc64le +# dockerfile: Dockerfile.debug +# use: buildx +# build_flag_templates: +# - "--platform=linux/ppc64le" +# - "--build-arg=BUILD_DATE={{.Date}}" +# - "--build-arg=BUILD_VERSION={{.Version}}" +# - "--build-arg=VCS_REF={{.FullCommit}}" +# - "--build-arg=VCS_URL={{.GitURL}}" +# +# - image_templates: +# - anchore/syft:debug-s390x +# - anchore/syft:{{.Tag}}-debug-s390x +# - ghcr.io/anchore/syft:debug-s390x +# - ghcr.io/anchore/syft:{{.Tag}}-debug-s390x +# goarch: s390x +# dockerfile: Dockerfile.debug +# use: buildx +# build_flag_templates: +# - "--platform=linux/s390x" +# - "--build-arg=BUILD_DATE={{.Date}}" +# - "--build-arg=BUILD_VERSION={{.Version}}" +# - "--build-arg=VCS_REF={{.FullCommit}}" +# - "--build-arg=VCS_URL={{.GitURL}}" +# +# - image_templates: +# - anchore/syft:latest +# - anchore/syft:{{.Tag}} +# - ghcr.io/anchore/syft:latest +# - ghcr.io/anchore/syft:{{.Tag}} +# goarch: amd64 +# dockerfile: Dockerfile +# use: buildx +# build_flag_templates: +# - "--platform=linux/amd64" +# - "--build-arg=BUILD_DATE={{.Date}}" +# - "--build-arg=BUILD_VERSION={{.Version}}" +# - "--build-arg=VCS_REF={{.FullCommit}}" +# - "--build-arg=VCS_URL={{.GitURL}}" +# +# - image_templates: +# - anchore/syft:{{.Tag}}-arm64v8 +# - ghcr.io/anchore/syft:{{.Tag}}-arm64v8 +# goarch: arm64 +# dockerfile: Dockerfile +# use: buildx +# build_flag_templates: +# - "--platform=linux/arm64/v8" +# - "--build-arg=BUILD_DATE={{.Date}}" +# - "--build-arg=BUILD_VERSION={{.Version}}" +# - "--build-arg=VCS_REF={{.FullCommit}}" +# - "--build-arg=VCS_URL={{.GitURL}}" +# +# - image_templates: +# - anchore/syft:{{.Tag}}-ppc64le +# - ghcr.io/anchore/syft:{{.Tag}}-ppc64le +# goarch: ppc64le +# dockerfile: Dockerfile +# use: buildx +# build_flag_templates: +# - "--platform=linux/ppc64le" +# - "--build-arg=BUILD_DATE={{.Date}}" +# - "--build-arg=BUILD_VERSION={{.Version}}" +# - "--build-arg=VCS_REF={{.FullCommit}}" +# - "--build-arg=VCS_URL={{.GitURL}}" +# +# - image_templates: +# - anchore/syft:{{.Tag}}-s390x +# - ghcr.io/anchore/syft:{{.Tag}}-s390x +# goarch: s390x +# dockerfile: Dockerfile +# use: buildx +# build_flag_templates: +# - "--platform=linux/s390x" +# - "--build-arg=BUILD_DATE={{.Date}}" +# - "--build-arg=BUILD_VERSION={{.Version}}" +# - "--build-arg=VCS_REF={{.FullCommit}}" +# - "--build-arg=VCS_URL={{.GitURL}}" +# +#docker_manifests: +# - name_template: anchore/syft:latest +# image_templates: +# - anchore/syft:{{.Tag}} +# - anchore/syft:{{.Tag}}-arm64v8 +# - anchore/syft:{{.Tag}}-ppc64le +# - anchore/syft:{{.Tag}}-s390x +# +# - name_template: anchore/syft:debug +# - anchore/syft:{{.Tag}}-debug +# - anchore/syft:{{.Tag}}-debug-arm64v8 +# - anchore/syft:{{.Tag}}-debug-ppc64le +# - anchore/syft:{{.Tag}}-debug-s390x +# +# - name_template: anchore/syft:{{.Tag}} +# image_templates: +# - anchore/syft:{{.Tag}} +# - anchore/syft:{{.Tag}}-arm64v8 +# - anchore/syft:{{.Tag}}-ppc64le +# - anchore/syft:{{.Tag}}-s390x +# +# - name_template: ghcr.io/anchore/syft:latest +# image_templates: +# - ghcr.io/anchore/syft:{{.Tag}} +# - ghcr.io/anchore/syft:{{.Tag}}-arm64v8 +# - ghcr.io/anchore/syft:{{.Tag}}-ppc64le +# - ghcr.io/anchore/syft:{{.Tag}}-s390x +# +# - name_template: ghcr.io/anchore/syft:debug +# image_templates: +# - ghcr.io/anchore/syft:{{.Tag}}-debug +# - ghcr.io/anchore/syft:{{.Tag}}-debug-arm64v8 +# - ghcr.io/anchore/syft:{{.Tag}}-debug-ppc64le +# - ghcr.io/anchore/syft:{{.Tag}}-debug-s390x +# +# - name_template: ghcr.io/anchore/syft:{{.Tag}} +# image_templates: +# - ghcr.io/anchore/syft:{{.Tag}} +# - ghcr.io/anchore/syft:{{.Tag}}-arm64v8 +# - ghcr.io/anchore/syft:{{.Tag}}-ppc64le +# - ghcr.io/anchore/syft:{{.Tag}}-s390x +# +#sboms: +# - artifacts: archive +# # this is relative to the snapshot/dist directory, not the root of the repo +# cmd: ../.tool/syft +# documents: +# - "{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}.sbom" +# args: +# - "scan" +# - "$artifact" +# - "--output" +# - "json=$document" +# +#signs: +# - cmd: .tool/cosign +# signature: "${artifact}.sig" +# certificate: "${artifact}.pem" +# args: +# - "sign-blob" +# - "--oidc-issuer=https://token.actions.githubusercontent.com" +# - "--output-certificate=${certificate}" +# - "--output-signature=${signature}" +# - "${artifact}" +# - "--yes" +# artifacts: checksum diff --git a/cmd/syft/internal/test/integration/sqlite_rpmdb_test.go b/cmd/syft/internal/test/integration/sqlite_rpmdb_test.go index 37f21cbba..05760487a 100644 --- a/cmd/syft/internal/test/integration/sqlite_rpmdb_test.go +++ b/cmd/syft/internal/test/integration/sqlite_rpmdb_test.go @@ -3,8 +3,6 @@ package integration import ( "testing" - _ "modernc.org/sqlite" - "github.com/anchore/syft/syft/pkg" "github.com/anchore/syft/syft/source" ) diff --git a/cmd/syft/main.go b/cmd/syft/main.go index d1f303d0e..14cf18c47 100644 --- a/cmd/syft/main.go +++ b/cmd/syft/main.go @@ -1,8 +1,6 @@ package main import ( - _ "modernc.org/sqlite" - "github.com/anchore/clio" "github.com/anchore/syft/cmd/syft/cli" "github.com/anchore/syft/cmd/syft/internal" diff --git a/go.mod b/go.mod index 8eed2333d..1eef94097 100644 --- a/go.mod +++ b/go.mod @@ -89,7 +89,7 @@ require ( golang.org/x/mod v0.24.0 golang.org/x/net v0.40.0 gopkg.in/yaml.v3 v3.0.1 - modernc.org/sqlite v1.37.0 + modernc.org/sqlite v1.37.0 // indirect ) require ( @@ -191,7 +191,6 @@ require ( github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 // indirect github.com/muesli/cancelreader v0.2.2 // indirect github.com/muesli/termenv v0.16.0 // indirect - github.com/ncruces/go-strftime v0.1.9 // indirect github.com/nwaples/rardecode v1.1.3 // indirect github.com/nwaples/rardecode/v2 v2.1.0 // indirect github.com/opencontainers/image-spec v1.1.1 // indirect @@ -204,7 +203,6 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/pkg/profile v1.7.0 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect github.com/rivo/uniseg v0.4.7 // indirect github.com/rogpeppe/go-internal v1.14.1 // indirect github.com/sagikazarmark/locafero v0.7.0 // indirect @@ -255,8 +253,6 @@ require ( google.golang.org/protobuf v1.36.4 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect modernc.org/libc v1.62.1 // indirect - modernc.org/mathutil v1.7.1 // indirect - modernc.org/memory v1.9.1 // indirect ) retract ( diff --git a/go.sum b/go.sum index a33275041..424dde1fa 100644 --- a/go.sum +++ b/go.sum @@ -1390,30 +1390,14 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -modernc.org/cc/v4 v4.25.2 h1:T2oH7sZdGvTaie0BRNFbIYsabzCxUQg8nLqCdQ2i0ic= -modernc.org/cc/v4 v4.25.2/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0= -modernc.org/ccgo/v4 v4.25.1 h1:TFSzPrAGmDsdnhT9X2UrcPMI3N/mJ9/X9ykKXwLhDsU= -modernc.org/ccgo/v4 v4.25.1/go.mod h1:njjuAYiPflywOOrm3B7kCB444ONP5pAVr8PIEoE0uDw= -modernc.org/fileutil v1.3.0 h1:gQ5SIzK3H9kdfai/5x41oQiKValumqNTDXMvKo62HvE= -modernc.org/fileutil v1.3.0/go.mod h1:XatxS8fZi3pS8/hKG2GH/ArUogfxjpEKs3Ku3aK4JyQ= -modernc.org/gc/v2 v2.6.5 h1:nyqdV8q46KvTpZlsw66kWqwXRHdjIlJOhG6kxiV/9xI= -modernc.org/gc/v2 v2.6.5/go.mod h1:YgIahr1ypgfe7chRuJi2gD7DBQiKSLMPgBQe9oIiito= modernc.org/libc v1.62.1 h1:s0+fv5E3FymN8eJVmnk0llBe6rOxCu/DEU+XygRbS8s= modernc.org/libc v1.62.1/go.mod h1:iXhATfJQLjG3NWy56a6WVU73lWOcdYVxsvwCgoPljuo= modernc.org/mathutil v1.7.1 h1:GCZVGXdaN8gTqB1Mf/usp1Y/hSqgI2vAGGP4jZMCxOU= modernc.org/mathutil v1.7.1/go.mod h1:4p5IwJITfppl0G4sUEDtCr4DthTaT47/N3aT6MhfgJg= modernc.org/memory v1.9.1 h1:V/Z1solwAVmMW1yttq3nDdZPJqV1rM05Ccq6KMSZ34g= modernc.org/memory v1.9.1/go.mod h1:/JP4VbVC+K5sU2wZi9bHoq2MAkCnrt2r98UGeSK7Mjw= -modernc.org/opt v0.1.4 h1:2kNGMRiUjrp4LcaPuLY2PzUfqM/w9N23quVwhKt5Qm8= -modernc.org/opt v0.1.4/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns= -modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w= -modernc.org/sortutil v1.2.1/go.mod h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE= modernc.org/sqlite v1.37.0 h1:s1TMe7T3Q3ovQiK2Ouz4Jwh7dw4ZDqbebSDTlSJdfjI= modernc.org/sqlite v1.37.0/go.mod h1:5YiWv+YviqGMuGw4V+PNplcyaJ5v+vQd7TQOgkACoJM= -modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0= -modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A= -modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y= -modernc.org/token v1.1.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/syft/pkg/cataloger/nix/cataloger_test.go b/syft/pkg/cataloger/nix/cataloger_test.go index 59f028094..4c2bfcdff 100644 --- a/syft/pkg/cataloger/nix/cataloger_test.go +++ b/syft/pkg/cataloger/nix/cataloger_test.go @@ -3,16 +3,14 @@ package nix import ( "testing" - "github.com/google/go-cmp/cmp" - "github.com/scylladb/go-set/strset" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - _ "modernc.org/sqlite" - "github.com/anchore/syft/syft/artifact" "github.com/anchore/syft/syft/file" "github.com/anchore/syft/syft/pkg" "github.com/anchore/syft/syft/pkg/cataloger/internal/pkgtest" + "github.com/google/go-cmp/cmp" + "github.com/scylladb/go-set/strset" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func TestCataloger_Image(t *testing.T) { diff --git a/syft/pkg/cataloger/redhat/cataloger_test.go b/syft/pkg/cataloger/redhat/cataloger_test.go index b7088346b..e3a83bdd1 100644 --- a/syft/pkg/cataloger/redhat/cataloger_test.go +++ b/syft/pkg/cataloger/redhat/cataloger_test.go @@ -5,15 +5,13 @@ import ( "errors" "testing" - "github.com/google/go-cmp/cmp/cmpopts" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - _ "modernc.org/sqlite" - "github.com/anchore/syft/syft/artifact" "github.com/anchore/syft/syft/file" "github.com/anchore/syft/syft/pkg" "github.com/anchore/syft/syft/pkg/cataloger/internal/pkgtest" + "github.com/google/go-cmp/cmp/cmpopts" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func Test_DBCataloger(t *testing.T) { @@ -184,7 +182,7 @@ func Test_DBCataloger(t *testing.T) { pkgtest.NewCatalogTester(). WithImageResolver(t, "image-minimal"). - IgnoreLocationLayer(). // this fixture can be rebuilt, thus the layer ID will change + IgnoreLocationLayer(). // this fixture can be rebuilt, thus the layer ID will change WithCompareOptions(cmpopts.IgnoreFields(pkg.RpmDBEntry{}, "Files")). // this is rather long... ano not the point of the test Expects(expectedPackages, expectedRelationships). TestCataloger(t, NewDBCataloger())