mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 16:33:21 +01:00
update TODO and log entries
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
This commit is contained in:
Alex Goodman
parent
8d0b128b83
commit
f699a6add8
@ -4,20 +4,17 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"os"
|
"os"
|
||||||
|
|
||||||
"github.com/anchore/syft/internal/formats/syftjson"
|
|
||||||
|
|
||||||
"github.com/anchore/syft/syft/artifact"
|
|
||||||
"github.com/gookit/color"
|
|
||||||
|
|
||||||
"github.com/anchore/syft/syft/sbom"
|
|
||||||
|
|
||||||
"github.com/anchore/stereoscope"
|
"github.com/anchore/stereoscope"
|
||||||
"github.com/anchore/syft/internal"
|
"github.com/anchore/syft/internal"
|
||||||
"github.com/anchore/syft/internal/bus"
|
"github.com/anchore/syft/internal/bus"
|
||||||
|
"github.com/anchore/syft/internal/formats/syftjson"
|
||||||
"github.com/anchore/syft/internal/log"
|
"github.com/anchore/syft/internal/log"
|
||||||
"github.com/anchore/syft/internal/ui"
|
"github.com/anchore/syft/internal/ui"
|
||||||
|
"github.com/anchore/syft/syft/artifact"
|
||||||
"github.com/anchore/syft/syft/event"
|
"github.com/anchore/syft/syft/event"
|
||||||
|
"github.com/anchore/syft/syft/sbom"
|
||||||
"github.com/anchore/syft/syft/source"
|
"github.com/anchore/syft/syft/source"
|
||||||
|
"github.com/gookit/color"
|
||||||
"github.com/pkg/profile"
|
"github.com/pkg/profile"
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
"github.com/wagoodman/go-partybus"
|
"github.com/wagoodman/go-partybus"
|
||||||
|
|||||||
@ -8,18 +8,16 @@ import (
|
|||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/anchore/syft/syft/file"
|
|
||||||
|
|
||||||
"github.com/anchore/syft/syft/artifact"
|
|
||||||
|
|
||||||
"github.com/anchore/syft/syft/sbom"
|
|
||||||
|
|
||||||
"github.com/anchore/syft/internal"
|
"github.com/anchore/syft/internal"
|
||||||
"github.com/anchore/syft/internal/formats/common/spdxhelpers"
|
"github.com/anchore/syft/internal/formats/common/spdxhelpers"
|
||||||
"github.com/anchore/syft/internal/formats/spdx22json/model"
|
"github.com/anchore/syft/internal/formats/spdx22json/model"
|
||||||
|
"github.com/anchore/syft/internal/log"
|
||||||
"github.com/anchore/syft/internal/spdxlicense"
|
"github.com/anchore/syft/internal/spdxlicense"
|
||||||
"github.com/anchore/syft/internal/version"
|
"github.com/anchore/syft/internal/version"
|
||||||
|
"github.com/anchore/syft/syft/artifact"
|
||||||
|
"github.com/anchore/syft/syft/file"
|
||||||
"github.com/anchore/syft/syft/pkg"
|
"github.com/anchore/syft/syft/pkg"
|
||||||
|
"github.com/anchore/syft/syft/sbom"
|
||||||
"github.com/anchore/syft/syft/source"
|
"github.com/anchore/syft/syft/source"
|
||||||
"github.com/google/uuid"
|
"github.com/google/uuid"
|
||||||
)
|
)
|
||||||
@ -174,7 +172,6 @@ func toFiles(s sbom.SBOM) []model.File {
|
|||||||
Item: model.Item{
|
Item: model.Item{
|
||||||
Element: model.Element{
|
Element: model.Element{
|
||||||
SPDXID: string(coordinates.ID()),
|
SPDXID: string(coordinates.ID()),
|
||||||
// TODO: this is encoding layer id... is there a better way?
|
|
||||||
Name: filepath.Base(coordinates.RealPath),
|
Name: filepath.Base(coordinates.RealPath),
|
||||||
Comment: comment,
|
Comment: comment,
|
||||||
},
|
},
|
||||||
@ -231,7 +228,7 @@ func toFileTypes(metadata *source.FileMetadata) (ty []string) {
|
|||||||
ty = append(ty, string(model.ArchiveFileType))
|
ty = append(ty, string(model.ArchiveFileType))
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: source, spdx, and documentation
|
// TODO: add support for source, spdx, and documentation file types
|
||||||
if len(ty) == 0 {
|
if len(ty) == 0 {
|
||||||
ty = append(ty, string(model.OtherFileType))
|
ty = append(ty, string(model.OtherFileType))
|
||||||
}
|
}
|
||||||
@ -244,7 +241,7 @@ func toRelationships(relationships []artifact.Relationship) (result []model.Rela
|
|||||||
exists, relationshipType, comment := lookupRelationship(r.Type)
|
exists, relationshipType, comment := lookupRelationship(r.Type)
|
||||||
|
|
||||||
if !exists {
|
if !exists {
|
||||||
// TODO: should we warn about lossyness here?
|
log.Warnf("unable to convert relationship from SPDX 2.2 JSON, dropping: %+v", r)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -8,7 +8,6 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
func encoder(output io.Writer, s sbom.SBOM, appConfig interface{}) error {
|
func encoder(output io.Writer, s sbom.SBOM, appConfig interface{}) error {
|
||||||
// TODO: application config not available yet
|
|
||||||
doc := ToFormatModel(s, appConfig)
|
doc := ToFormatModel(s, appConfig)
|
||||||
|
|
||||||
enc := json.NewEncoder(output)
|
enc := json.NewEncoder(output)
|
||||||
|
|||||||
@ -45,7 +45,6 @@ func Catalog(resolver source.FileResolver, theDistro *distro.Distro, catalogers
|
|||||||
catalog := pkg.NewCatalog()
|
catalog := pkg.NewCatalog()
|
||||||
var allRelationships []artifact.Relationship
|
var allRelationships []artifact.Relationship
|
||||||
|
|
||||||
// TODO: update to show relationships
|
|
||||||
filesProcessed, packagesDiscovered := newMonitor()
|
filesProcessed, packagesDiscovered := newMonitor()
|
||||||
|
|
||||||
// perform analysis, accumulating errors for each failed analysis
|
// perform analysis, accumulating errors for each failed analysis
|
||||||
@ -60,7 +59,6 @@ func Catalog(resolver source.FileResolver, theDistro *distro.Distro, catalogers
|
|||||||
|
|
||||||
catalogedPackages := len(packages)
|
catalogedPackages := len(packages)
|
||||||
|
|
||||||
// TODO: update to show relationships and files
|
|
||||||
log.Debugf("package cataloger %q discovered %d packages", theCataloger.Name(), catalogedPackages)
|
log.Debugf("package cataloger %q discovered %d packages", theCataloger.Name(), catalogedPackages)
|
||||||
packagesDiscovered.N += int64(catalogedPackages)
|
packagesDiscovered.N += int64(catalogedPackages)
|
||||||
|
|
||||||
@ -71,7 +69,6 @@ func Catalog(resolver source.FileResolver, theDistro *distro.Distro, catalogers
|
|||||||
// generate PURL
|
// generate PURL
|
||||||
p.PURL = generatePackageURL(p, theDistro)
|
p.PURL = generatePackageURL(p, theDistro)
|
||||||
|
|
||||||
// TODO: break out into another function (refactor this function)
|
|
||||||
// create file-to-package relationships for files owned by the package
|
// create file-to-package relationships for files owned by the package
|
||||||
owningRelationships, err := packageFileOwnershipRelationships(p, resolver)
|
owningRelationships, err := packageFileOwnershipRelationships(p, resolver)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -113,9 +110,11 @@ func packageFileOwnershipRelationships(p pkg.Package, resolver source.FilePathRe
|
|||||||
return nil, fmt.Errorf("unable to find path for path=%q: %w", path, err)
|
return nil, fmt.Errorf("unable to find path for path=%q: %w", path, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// if len(locations) == 0 {
|
if len(locations) == 0 {
|
||||||
// // TODO: this is notable, we should at least log it(?)... however, ideally there is something in the SBOM about this
|
// TODO: this is a known-unknown that could later be persisted in the SBOM (or as a validation failure)
|
||||||
// }
|
log.Warnf("unable to find location which a package claims ownership of: %s", path)
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
for _, l := range locations {
|
for _, l := range locations {
|
||||||
relationships = append(relationships, artifact.Relationship{
|
relationships = append(relationships, artifact.Relationship{
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user