mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 16:33:21 +01:00
update TODO and log entries
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
This commit is contained in:
Alex Goodman
parent
8d0b128b83
commit
f699a6add8
@ -4,20 +4,17 @@ import (
|
||||
"fmt"
|
||||
"os"
|
||||
|
||||
"github.com/anchore/syft/internal/formats/syftjson"
|
||||
|
||||
"github.com/anchore/syft/syft/artifact"
|
||||
"github.com/gookit/color"
|
||||
|
||||
"github.com/anchore/syft/syft/sbom"
|
||||
|
||||
"github.com/anchore/stereoscope"
|
||||
"github.com/anchore/syft/internal"
|
||||
"github.com/anchore/syft/internal/bus"
|
||||
"github.com/anchore/syft/internal/formats/syftjson"
|
||||
"github.com/anchore/syft/internal/log"
|
||||
"github.com/anchore/syft/internal/ui"
|
||||
"github.com/anchore/syft/syft/artifact"
|
||||
"github.com/anchore/syft/syft/event"
|
||||
"github.com/anchore/syft/syft/sbom"
|
||||
"github.com/anchore/syft/syft/source"
|
||||
"github.com/gookit/color"
|
||||
"github.com/pkg/profile"
|
||||
"github.com/spf13/cobra"
|
||||
"github.com/wagoodman/go-partybus"
|
||||
|
||||
@ -8,18 +8,16 @@ import (
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/anchore/syft/syft/file"
|
||||
|
||||
"github.com/anchore/syft/syft/artifact"
|
||||
|
||||
"github.com/anchore/syft/syft/sbom"
|
||||
|
||||
"github.com/anchore/syft/internal"
|
||||
"github.com/anchore/syft/internal/formats/common/spdxhelpers"
|
||||
"github.com/anchore/syft/internal/formats/spdx22json/model"
|
||||
"github.com/anchore/syft/internal/log"
|
||||
"github.com/anchore/syft/internal/spdxlicense"
|
||||
"github.com/anchore/syft/internal/version"
|
||||
"github.com/anchore/syft/syft/artifact"
|
||||
"github.com/anchore/syft/syft/file"
|
||||
"github.com/anchore/syft/syft/pkg"
|
||||
"github.com/anchore/syft/syft/sbom"
|
||||
"github.com/anchore/syft/syft/source"
|
||||
"github.com/google/uuid"
|
||||
)
|
||||
@ -174,7 +172,6 @@ func toFiles(s sbom.SBOM) []model.File {
|
||||
Item: model.Item{
|
||||
Element: model.Element{
|
||||
SPDXID: string(coordinates.ID()),
|
||||
// TODO: this is encoding layer id... is there a better way?
|
||||
Name: filepath.Base(coordinates.RealPath),
|
||||
Comment: comment,
|
||||
},
|
||||
@ -231,7 +228,7 @@ func toFileTypes(metadata *source.FileMetadata) (ty []string) {
|
||||
ty = append(ty, string(model.ArchiveFileType))
|
||||
}
|
||||
|
||||
// TODO: source, spdx, and documentation
|
||||
// TODO: add support for source, spdx, and documentation file types
|
||||
if len(ty) == 0 {
|
||||
ty = append(ty, string(model.OtherFileType))
|
||||
}
|
||||
@ -244,7 +241,7 @@ func toRelationships(relationships []artifact.Relationship) (result []model.Rela
|
||||
exists, relationshipType, comment := lookupRelationship(r.Type)
|
||||
|
||||
if !exists {
|
||||
// TODO: should we warn about lossyness here?
|
||||
log.Warnf("unable to convert relationship from SPDX 2.2 JSON, dropping: %+v", r)
|
||||
continue
|
||||
}
|
||||
|
||||
|
||||
@ -8,7 +8,6 @@ import (
|
||||
)
|
||||
|
||||
func encoder(output io.Writer, s sbom.SBOM, appConfig interface{}) error {
|
||||
// TODO: application config not available yet
|
||||
doc := ToFormatModel(s, appConfig)
|
||||
|
||||
enc := json.NewEncoder(output)
|
||||
|
||||
@ -45,7 +45,6 @@ func Catalog(resolver source.FileResolver, theDistro *distro.Distro, catalogers
|
||||
catalog := pkg.NewCatalog()
|
||||
var allRelationships []artifact.Relationship
|
||||
|
||||
// TODO: update to show relationships
|
||||
filesProcessed, packagesDiscovered := newMonitor()
|
||||
|
||||
// perform analysis, accumulating errors for each failed analysis
|
||||
@ -60,7 +59,6 @@ func Catalog(resolver source.FileResolver, theDistro *distro.Distro, catalogers
|
||||
|
||||
catalogedPackages := len(packages)
|
||||
|
||||
// TODO: update to show relationships and files
|
||||
log.Debugf("package cataloger %q discovered %d packages", theCataloger.Name(), catalogedPackages)
|
||||
packagesDiscovered.N += int64(catalogedPackages)
|
||||
|
||||
@ -71,7 +69,6 @@ func Catalog(resolver source.FileResolver, theDistro *distro.Distro, catalogers
|
||||
// generate PURL
|
||||
p.PURL = generatePackageURL(p, theDistro)
|
||||
|
||||
// TODO: break out into another function (refactor this function)
|
||||
// create file-to-package relationships for files owned by the package
|
||||
owningRelationships, err := packageFileOwnershipRelationships(p, resolver)
|
||||
if err != nil {
|
||||
@ -113,9 +110,11 @@ func packageFileOwnershipRelationships(p pkg.Package, resolver source.FilePathRe
|
||||
return nil, fmt.Errorf("unable to find path for path=%q: %w", path, err)
|
||||
}
|
||||
|
||||
// if len(locations) == 0 {
|
||||
// // TODO: this is notable, we should at least log it(?)... however, ideally there is something in the SBOM about this
|
||||
// }
|
||||
if len(locations) == 0 {
|
||||
// TODO: this is a known-unknown that could later be persisted in the SBOM (or as a validation failure)
|
||||
log.Warnf("unable to find location which a package claims ownership of: %s", path)
|
||||
continue
|
||||
}
|
||||
|
||||
for _, l := range locations {
|
||||
relationships = append(relationships, artifact.Relationship{
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user