# This file is partially auto-generated. Run 'go generate ./internal/capabilities' to regenerate. # Fields marked AUTO-GENERATED will be updated during regeneration. # All 'capabilities' sections are MANUAL - edit these to describe cataloger behavior. # CAPABILITY SECTIONS: # There are two types of capability sections depending on cataloger type: # 1. Generic catalogers (type=generic): Have capabilities at the PARSER level # - Each parser function has its own capabilities section # - Allows different parsers within the same cataloger to have different capabilities # 2. Custom catalogers (type=custom): Have capabilities at the CATALOGER level # - Single capabilities section for the entire cataloger # CAPABILITIES FORMAT: # Capabilities use a field-based format with defaults and optional conditional overrides: # capabilities: # - field: # dot-notation path (e.g., "license", "dependency.depth") # default: # value when no conditions match # conditions: # optional - conditional overrides evaluated in order # - when: {ConfigField: val} # when these config fields match (AND logic) # value: # use this value instead # comment: "explanation" # optional - why this condition exists # evidence: # optional - source code references # - "StructName.FieldName" # comment: "explanation" # optional - general field explanation # DETECTOR CONDITIONS: # Detectors (used by custom catalogers) can have optional conditions that control when # they are active. This allows a single cataloger to have different detection behavior # based on configuration. # Structure: # detectors: # - method: glob # AUTO-GENERATED - detection method # criteria: ["**/*.jar"] # AUTO-GENERATED - patterns to match # comment: "always active" # MANUAL - optional explanation # - method: glob # criteria: ["**/*.zip"] # conditions: # MANUAL - when this detector is active # - when: {IncludeZipFiles: true} # config fields that must match # comment: "optional explanation" # comment: "ZIP detection requires config" # Notes: # - Conditions reference fields from the cataloger's config struct # - Multiple conditions in the array use OR logic (any condition can activate) # - Multiple fields in a 'when' clause use AND logic (all must match) # - Detectors without conditions are always active # - Only custom catalogers support detectors with conditions # CONDITION EVALUATION: # - Conditions are evaluated in array order (first match wins) # - Multiple fields in a 'when' clause use AND logic (all must match) # - Multiple conditions in the array use OR logic (first matching condition) # - If no conditions match, the default value is used # CAPABILITY FIELDS: # Standard capability field names and their value types: # license: (boolean) # Whether license information is available. # Examples: # default: true # always available # default: false # never available # default: false # requires configuration # conditions: # - when: {SearchRemoteLicenses: true} # value: true # dependency.depth: (array of strings) # Which dependency depths can be discovered. # Values: "direct" (immediate deps), "indirect" (transitive deps) # Examples: # default: [direct] # only immediate dependencies # default: [direct, indirect] # full transitive closure # default: [] # no dependency information # dependency.edges: (string) # Relationships between nodes and completeness of the dependency graph. # Values: # - "" # dependencies found but no edges between them # - "flat" # single level of dependencies with edges to root package only # - "reduced" # transitive reduction (redundant edges removed) # - "complete" # all relationships with accurate direct and indirect edges # Examples: # default: complete # default: "" # dependency.kinds: (array of strings) # Types of dependencies that can be discovered. # Values: "runtime", "dev", "build", "test", "optional" # Examples: # default: [runtime] # production dependencies only # default: [runtime, dev] # production and development # default: [runtime, dev, build] # all dependency types # default: [runtime] # with conditional dev deps # conditions: # - when: {IncludeDevDeps: true} # value: [runtime, dev] # package_manager.files.listing: (boolean) # Whether file listings are available (which files belong to the package). # Examples: # default: true # default: false # conditions: # - when: {CaptureOwnedFiles: true} # value: true # package_manager.files.digests: (boolean) # Whether file digests/checksums are included in listings. # Examples: # default: true # default: false # package_manager.package_integrity_hash: (boolean) # Whether a hash for verifying package integrity is available. # Examples: # default: true # default: false # EXAMPLES: # # Simple cataloger with no configuration # capabilities: # - name: license # default: true # comment: "license field always present in package.json" # - name: dependency.depth # default: [direct] # - name: dependency.edges # default: "" # - name: dependency.kinds # default: [runtime] # comment: "devDependencies not parsed by this cataloger" # - name: package_manager.files.listing # default: false # - name: package_manager.files.digests # default: false # - name: package_manager.package_integrity_hash # default: false # # Cataloger with configuration-dependent capabilities # capabilities: # - name: license # default: false # conditions: # - when: {SearchLocalModCacheLicenses: true} # value: true # comment: "searches for licenses in GOPATH mod cache" # - when: {SearchRemoteLicenses: true} # value: true # comment: "fetches licenses from proxy.golang.org" # comment: "license scanning requires configuration" # - name: dependency.depth # default: [direct, indirect] # - name: dependency.edges # default: flat # - name: dependency.kinds # default: [runtime, dev] # - name: package_manager.files.listing # default: false # - name: package_manager.files.digests # default: false # - name: package_manager.package_integrity_hash # default: true # evidence: # - "GolangBinaryBuildinfoEntry.H1Digest" application: # AUTO-GENERATED - application-level config keys - key: dotnet.dep-packages-must-claim-dll description: only keep dep.json packages which have a runtime/resource DLL claimed in the deps.json targets section (but not necessarily found on disk). The package is also included if any child package claims a DLL, even if the package itself does not claim a DLL. - key: dotnet.dep-packages-must-have-dll description: only keep dep.json packages which an executable on disk is found. The package is also included if a DLL is found for any child package, even if the package itself does not have a DLL. - key: dotnet.propagate-dll-claims-to-parents description: treat DLL claims or on-disk evidence for child packages as DLL claims or on-disk evidence for any parent package - key: dotnet.relax-dll-claims-when-bundling-detected description: show all packages from the deps.json if bundling tooling is present as a dependency (e.g. ILRepack) - key: golang.local-mod-cache-dir description: specify an explicit go mod cache directory, if unset this defaults to $GOPATH/pkg/mod or $HOME/go/pkg/mod - key: golang.local-vendor-dir description: specify an explicit go vendor directory, if unset this defaults to ./vendor - key: golang.main-module-version.from-build-settings description: use the build settings (e.g. vcs.version & vcs.time) to craft a v0 pseudo version (e.g. v0.0.0-20220308212642-53e6d0aaf6fb) when a more accurate version cannot be found otherwise - key: golang.main-module-version.from-contents description: search for semver-like strings in the binary contents - key: golang.main-module-version.from-ld-flags description: look for LD flags that appear to be setting a version (e.g. -X main.version=1.0.0) - key: golang.no-proxy description: specifies packages which should not be fetched by proxy if unset this defaults to $GONOPROXY - key: golang.proxy description: remote proxy to use when retrieving go packages from the network, if unset this defaults to $GOPROXY followed by https://proxy.golang.org - key: golang.search-local-mod-cache-licenses description: search for go package licences in the GOPATH of the system running Syft, note that this is outside the container filesystem and potentially outside the root of a local directory scan - key: golang.search-local-vendor-licenses description: search for go package licences in the vendor folder on the system running Syft, note that this is outside the container filesystem and potentially outside the root of a local directory scan - key: golang.search-remote-licenses description: search for go package licences by retrieving the package from a network proxy - key: java.maven-local-repository-dir description: override the default location of the local Maven repository. the default is the subdirectory '.m2/repository' in your home directory - key: java.maven-url description: maven repository to use, defaults to Maven central - key: java.max-parent-recursive-depth description: depth to recursively resolve parent POMs, no limit if <= 0 - key: java.resolve-transitive-dependencies description: resolve transient dependencies such as those defined in a dependency's POM on Maven central - key: java.use-maven-local-repository description: 'use the local Maven repository to retrieve pom files. When Maven is installed and was previously used for building the software that is being scanned, then most pom files will be available in this repository on the local file system. this greatly speeds up scans. when all pom files are available in the local repository, then ''use-network'' is not needed. TIP: If you want to download all required pom files to the local repository without running a full build, run ''mvn help:effective-pom'' before performing the scan with syft.' - key: java.use-network description: enables Syft to use the network to fetch version and license information for packages when a parent or imported pom file is not found in the local maven repository. the pom files are downloaded from the remote Maven repository at 'maven-url' - key: javascript.include-dev-dependencies description: include development-scoped dependencies - key: javascript.npm-base-url description: base NPM url to use - key: javascript.search-remote-licenses description: enables Syft to use the network to fill in more detailed license information - key: linux-kernel.catalog-modules description: whether to catalog linux kernel modules found within lib/modules/** directories default: true - key: nix.capture-owned-files description: enumerate all files owned by packages found within Nix store paths - key: python.guess-unpinned-requirements description: when running across entries in requirements.txt that do not specify a specific version (e.g. "sqlalchemy >= 1.0.0, <= 2.0.0, != 3.0.0, <= 3.0.0"), attempt to guess what the version could be based on the version requirements specified (e.g. "1.0.0"). When enabled the lowest expressible version when given an arbitrary constraint will be used (even if that version may not be available/published). configs: # AUTO-GENERATED - config structs and their fields dotnet.CatalogerConfig: fields: - key: DepPackagesMustHaveDLL description: DepPackagesMustHaveDLL allows for deps.json packages to be included only if there is a DLL on disk for that package. app_key: dotnet.dep-packages-must-have-dll - key: DepPackagesMustClaimDLL description: DepPackagesMustClaimDLL allows for deps.json packages to be included only if there is a runtime/resource DLL claimed in the deps.json targets section. This does not require such claimed DLLs to exist on disk. The behavior of this app_key: dotnet.dep-packages-must-claim-dll - key: PropagateDLLClaimsToParents description: PropagateDLLClaimsToParents allows for deps.json packages to be included if any child (transitive) package claims a DLL. This applies to both the claims configuration and evidence-on-disk configurations. app_key: dotnet.propagate-dll-claims-to-parents - key: RelaxDLLClaimsWhenBundlingDetected description: RelaxDLLClaimsWhenBundlingDetected will look for indications of IL bundle tooling via deps.json package names and, if found (and this config option is enabled), will relax the DepPackagesMustClaimDLL value to `false` only in those cases. app_key: dotnet.relax-dll-claims-when-bundling-detected golang.CatalogerConfig: fields: - key: SearchLocalModCacheLicenses description: SearchLocalModCacheLicenses enables searching for go package licenses in the local GOPATH mod cache. app_key: golang.search-local-mod-cache-licenses - key: LocalModCacheDir description: LocalModCacheDir specifies the location of the local go module cache directory. When not set, syft will attempt to discover the GOPATH env or default to $HOME/go. app_key: golang.local-mod-cache-dir - key: SearchLocalVendorLicenses description: SearchLocalVendorLicenses enables searching for go package licenses in the local vendor directory relative to the go.mod file. app_key: golang.search-local-vendor-licenses - key: LocalVendorDir description: LocalVendorDir specifies the location of the local vendor directory. When not set, syft will search for a vendor directory relative to the go.mod file. app_key: golang.local-vendor-dir - key: SearchRemoteLicenses description: SearchRemoteLicenses enables downloading go package licenses from the upstream go proxy (typically proxy.golang.org). app_key: golang.search-remote-licenses - key: Proxies description: Proxies is a list of go module proxies to use when fetching go module metadata and licenses. When not set, syft will use the GOPROXY env or default to https://proxy.golang.org,direct. app_key: golang.proxy - key: NoProxy description: NoProxy is a list of glob patterns that match go module names that should not be fetched from the go proxy. When not set, syft will use the GOPRIVATE and GONOPROXY env vars. app_key: golang.no-proxy java.ArchiveCatalogerConfig: fields: - key: IncludeIndexedArchives description: IncludeIndexedArchives indicates whether to search within indexed archive files (e.g., .zip). - key: IncludeUnindexedArchives description: IncludeUnindexedArchives indicates whether to search within unindexed archive files (e.g., .tar*). - key: UseNetwork description: UseNetwork enables network operations for java package metadata enrichment, such as fetching parent POMs and license information. app_key: java.use-network - key: UseMavenLocalRepository description: UseMavenLocalRepository enables searching the local maven repository (~/.m2/repository by default) for parent POMs and other metadata. app_key: java.use-maven-local-repository - key: MavenLocalRepositoryDir description: MavenLocalRepositoryDir specifies the location of the local maven repository. When not set, defaults to ~/.m2/repository. app_key: java.maven-local-repository-dir - key: MavenBaseURL description: MavenBaseURL specifies the base URL(s) to use for fetching POMs and metadata from maven central or other repositories. When not set, defaults to https://repo1.maven.org/maven2. app_key: java.maven-url - key: MaxParentRecursiveDepth description: MaxParentRecursiveDepth limits how many parent POMs will be fetched recursively before stopping. This prevents infinite loops or excessively deep parent chains. app_key: java.max-parent-recursive-depth - key: ResolveTransitiveDependencies description: ResolveTransitiveDependencies enables resolving transitive dependencies for java packages found within archives. app_key: java.resolve-transitive-dependencies javascript.CatalogerConfig: fields: - key: SearchRemoteLicenses description: SearchRemoteLicenses enables querying the NPM registry API to retrieve license information for packages that are missing license data in their local metadata. app_key: javascript.search-remote-licenses - key: NPMBaseURL description: NPMBaseURL specifies the base URL for the NPM registry API used when searching for remote license information. app_key: javascript.npm-base-url - key: IncludeDevDependencies description: IncludeDevDependencies controls whether development dependencies should be included in the catalog results, in addition to production dependencies. app_key: javascript.include-dev-dependencies kernel.LinuxKernelCatalogerConfig: fields: - key: CatalogModules description: CatalogModules enables cataloging linux kernel modules (*.ko files) in addition to the kernel itself. app_key: linux-kernel.catalog-modules nix.Config: fields: - key: CaptureOwnedFiles description: CaptureOwnedFiles determines whether to record the list of files owned by each Nix package discovered in the store. Recording owned files provides more detailed information but increases processing time and memory usage. app_key: nix.capture-owned-files python.CatalogerConfig: fields: - key: GuessUnpinnedRequirements description: GuessUnpinnedRequirements attempts to infer package versions from version constraints when no explicit version is specified in requirements files. app_key: python.guess-unpinned-requirements catalogers: # alpm (arch / pacman) ################################################################################################# - ecosystem: alpm # MANUAL name: alpm-db-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/arch/cataloger.go function: NewDBCataloger selectors: # AUTO-GENERATED - alpm - archlinux - directory - image - installed - linux - os - package - pacman parsers: # AUTO-GENERATED structure - function: parseAlpmDB # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/var/lib/pacman/local/**/desc' metadata_types: # AUTO-GENERATED - pkg.AlpmDBEntry package_types: # AUTO-GENERATED - alpm json_schema_types: # AUTO-GENERATED - AlpmDbEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: true - name: dependency.depth default: - direct - indirect - name: dependency.edges default: complete - name: dependency.kinds default: - runtime - name: package_manager.files.listing default: true evidence: - AlpmDBEntry.Files - name: package_manager.files.digests default: true evidence: - AlpmDBEntry.Files[].Digests - name: package_manager.package_integrity_hash default: false # Alpine linux (apk) ################################################################################################ - ecosystem: alpine # MANUAL name: apk-db-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/alpine/cataloger.go function: NewDBCataloger selectors: # AUTO-GENERATED - alpine - apk - directory - image - installed - linux - os - package parsers: # AUTO-GENERATED structure - function: parseApkDB # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/lib/apk/db/installed' metadata_types: # AUTO-GENERATED - pkg.ApkDBEntry package_types: # AUTO-GENERATED - apk json_schema_types: # AUTO-GENERATED - ApkDbEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: true - name: dependency.depth default: - direct - indirect - name: dependency.edges default: complete - name: dependency.kinds default: - runtime - name: package_manager.files.listing default: true evidence: - ApkDBEntry.Files - name: package_manager.files.digests default: true evidence: - ApkDBEntry.Files[].Digest - name: package_manager.package_integrity_hash default: true evidence: - ApkDBEntry.Checksum # Binary ############################################################################################################ - ecosystem: binary # MANUAL name: binary-classifier-cataloger # AUTO-GENERATED type: custom # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/binary/classifier_cataloger.go function: NewClassifierCataloger selectors: # AUTO-GENERATED - binary - declared - directory - image - installed - package detectors: # AUTO-GENERATED - method: glob criteria: - '**/python*' packages: - class: python-binary name: python purl: pkg:generic/python cpes: - cpe:2.3:a:python_software_foundation:python:*:*:*:*:*:*:*:* - cpe:2.3:a:python:python:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/libpython*.so*' packages: - class: python-binary-lib name: python purl: pkg:generic/python cpes: - cpe:2.3:a:python_software_foundation:python:*:*:*:*:*:*:*:* - cpe:2.3:a:python:python:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/libpypy*.so*' packages: - class: pypy-binary-lib name: pypy purl: pkg:generic/pypy cpes: [] type: BinaryPkg - method: glob criteria: - '**/go' packages: - class: go-binary name: go purl: pkg:generic/go cpes: - cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/libjulia-internal.so' packages: - class: julia-binary name: julia purl: pkg:generic/julia cpes: - cpe:2.3:a:julialang:julia:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/helm' packages: - class: helm name: helm purl: pkg:golang/helm.sh/helm cpes: - cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/redis-server' packages: - class: redis-binary name: redis purl: pkg:generic/redis cpes: - cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:* - cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/node' packages: - class: nodejs-binary name: node purl: pkg:generic/node cpes: - cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/VERSION*' packages: - class: go-binary-hint name: go purl: pkg:generic/go cpes: - cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/busybox' packages: - class: busybox-binary name: busybox purl: pkg:generic/busybox cpes: - cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/getopt' packages: - class: util-linux-binary name: util-linux purl: pkg:generic/util-linux cpes: - cpe:2.3:a:kernel:util-linux:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/haproxy' packages: - class: haproxy-binary name: haproxy purl: pkg:generic/haproxy cpes: - cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/perl' packages: - class: perl-binary name: perl purl: pkg:generic/perl cpes: - cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/composer*' packages: - class: php-composer-binary name: composer purl: pkg:generic/composer cpes: - cpe:2.3:a:getcomposer:composer:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/httpd' packages: - class: httpd-binary name: httpd purl: pkg:generic/httpd cpes: - cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/memcached' packages: - class: memcached-binary name: memcached purl: pkg:generic/memcached cpes: - cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/traefik' packages: - class: traefik-binary name: traefik purl: pkg:generic/traefik cpes: - cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/arangosh' packages: - class: arangodb-binary name: arangodb purl: pkg:generic/arangodb cpes: - cpe:2.3:a:arangodb:arangodb:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/postgres' packages: - class: postgresql-binary name: postgresql purl: pkg:generic/postgresql cpes: - cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/mysql' packages: - class: mysql-binary name: mysql purl: pkg:generic/mysql cpes: - cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/mysql' packages: - class: mysql-binary name: percona-server purl: pkg:generic/percona-server cpes: - cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* - cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/mysql' packages: - class: mysql-binary name: percona-xtradb-cluster purl: pkg:generic/percona-xtradb-cluster cpes: - cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* - cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:* - cpe:2.3:a:percona:xtradb_cluster:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/xtrabackup' packages: - class: xtrabackup-binary name: percona-xtrabackup purl: pkg:generic/percona-xtrabackup cpes: - cpe:2.3:a:percona:xtrabackup:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/{mariadb,mysql}' packages: - class: mariadb-binary name: mariadb purl: pkg:generic/mariadb cpes: - cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/libstd-????????????????.so' packages: - class: rust-standard-library-linux name: rust purl: pkg:generic/rust cpes: - cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/libstd-????????????????.dylib' packages: - class: rust-standard-library-macos name: rust purl: pkg:generic/rust cpes: - cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/ruby' packages: - class: ruby-binary name: ruby purl: pkg:generic/ruby cpes: - cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/erlexec' packages: - class: erlang-binary name: erlang purl: pkg:generic/erlang cpes: - cpe:2.3:a:erlang:erlang/otp:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/beam.smp' packages: - class: erlang-alpine-binary name: erlang purl: pkg:generic/erlang cpes: - cpe:2.3:a:erlang:erlang/otp:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/liberts_internal.a' packages: - class: erlang-library name: erlang purl: pkg:generic/erlang cpes: - cpe:2.3:a:erlang:erlang/otp:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/swipl' packages: - class: swipl-binary name: swipl purl: pkg:generic/swipl cpes: - cpe:2.3:a:erlang:erlang/otp:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/dart' packages: - class: dart-binary name: dart purl: pkg:generic/dart cpes: - cpe:2.3:a:dart:dart_software_development_kit:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/ghc*' packages: - class: haskell-ghc-binary name: haskell/ghc purl: pkg:generic/haskell/ghc cpes: - cpe:2.3:a:haskell:ghc:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/cabal' packages: - class: haskell-cabal-binary name: haskell/cabal purl: pkg:generic/haskell/cabal cpes: - cpe:2.3:a:haskell:cabal:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/stack' packages: - class: haskell-stack-binary name: haskell/stack purl: pkg:generic/haskell/stack cpes: - cpe:2.3:a:haskell:stack:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/consul' packages: - class: consul-binary name: consul purl: pkg:golang/github.com/hashicorp/consul cpes: - cpe:2.3:a:hashicorp:consul:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/vault' packages: - class: hashicorp-vault-binary name: github.com/hashicorp/vault purl: pkg:golang/github.com/hashicorp/vault cpes: - cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/nginx' packages: - class: nginx-binary name: nginx purl: pkg:generic/nginx cpes: - cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:* - cpe:2.3:a:nginx:nginx:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/bash' packages: - class: bash-binary name: bash purl: pkg:generic/bash cpes: - cpe:2.3:a:gnu:bash:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/openssl' packages: - class: openssl-binary name: openssl purl: pkg:generic/openssl cpes: - cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/gcc' packages: - class: gcc-binary name: gcc purl: pkg:generic/gcc cpes: - cpe:2.3:a:gnu:gcc:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/fluent-bit' packages: - class: fluent-bit-binary name: fluent-bit purl: pkg:github/fluent/fluent-bit cpes: - cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/wp' packages: - class: wordpress-cli-binary name: wp-cli purl: pkg:generic/wp-cli cpes: - cpe:2.3:a:wp-cli:wp-cli:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/curl' packages: - class: curl-binary name: curl purl: pkg:generic/curl cpes: - cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/lighttpd' packages: - class: lighttpd-binary name: lighttpd purl: pkg:generic/lighttpd cpes: - cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/proftpd' packages: - class: proftpd-binary name: proftpd purl: pkg:generic/proftpd cpes: - cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/zstd' packages: - class: zstd-binary name: zstd purl: pkg:generic/zstd cpes: - cpe:2.3:a:facebook:zstandard:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/xz' packages: - class: xz-binary name: xz purl: pkg:generic/xz cpes: - cpe:2.3:a:tukaani:xz:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/gzip' packages: - class: gzip-binary name: gzip purl: pkg:generic/gzip cpes: - cpe:2.3:a:gnu:gzip:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/sqlcipher' packages: - class: sqlcipher-binary name: sqlcipher purl: pkg:generic/sqlcipher cpes: - cpe:2.3:a:zetetic:sqlcipher:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/jq' packages: - class: jq-binary name: jq purl: pkg:generic/jq cpes: - cpe:2.3:a:jqlang:jq:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/chrome' packages: - class: chrome-binary name: chrome purl: pkg:generic/chrome cpes: - cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/ffmpeg' packages: - class: ffmpeg-binary name: ffmpeg purl: pkg:generic/ffmpeg cpes: - cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/libav*' packages: - class: ffmpeg-library name: ffmpeg purl: pkg:generic/ffmpeg cpes: - cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/libswresample*' packages: - class: ffmpeg-library name: ffmpeg purl: pkg:generic/ffmpeg cpes: - cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* type: BinaryPkg - method: glob criteria: - '**/java' packages: - class: java-binary name: "" purl: pkg:/ cpes: [] type: BinaryPkg - method: glob criteria: - '**/jdb' packages: - class: java-jdb-binary name: "" purl: pkg:/ cpes: [] type: BinaryPkg metadata_types: # AUTO-GENERATED - pkg.BinarySignature package_types: # AUTO-GENERATED - binary json_schema_types: # AUTO-GENERATED - BinarySignature capabilities: # MANUAL - config-driven capability definitions - name: license default: false # TODO: what about shared libs, other elf packages, and os packages? this should work outside of the cataloger - name: dependency.depth default: [] - name: dependency.edges default: "" - name: dependency.kinds default: [] - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false - ecosystem: binary # MANUAL name: elf-binary-package-cataloger # AUTO-GENERATED type: custom # AUTO-GENERATED source: # AUTO-GENERATED file: "" function: "" selectors: # AUTO-GENERATED - binary - declared - directory - elf - elf-package - image - installed - package detectors: # MANUAL - edit detectors here - method: mimetype criteria: - application/x-executable - application/x-mach-binary - application/x-elf - application/x-sharedlib - application/vnd.microsoft.portable-executable metadata_types: # AUTO-GENERATED - pkg.ELFBinaryPackageNoteJSONPayload package_types: # AUTO-GENERATED - binary - rpm json_schema_types: # AUTO-GENERATED - ElfBinaryPackageNoteJsonPayload capabilities: # MANUAL - config-driven capability definitions # licenses can be detected in some elf packages (via the licenses note field) - name: license default: true # TODO: what about shared libs, other elf packages, and os packages? this should work outside of the cataloger - name: dependency.depth default: [] - name: dependency.edges default: "" - name: dependency.kinds default: [] - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false - ecosystem: binary # MANUAL name: pe-binary-package-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/binary/pe_package_cataloger.go function: NewPEPackageCataloger selectors: # AUTO-GENERATED - binary - declared - directory - dll - exe - image - installed - package - pe - pe-package parsers: # AUTO-GENERATED structure - function: parsePE # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/*.dll' - '**/*.exe' metadata_types: # AUTO-GENERATED - pkg.PEBinary package_types: # AUTO-GENERATED - binary json_schema_types: # AUTO-GENERATED - PeBinary capabilities: # MANUAL - config-driven capability definitions - name: license default: false # TODO: what about shared libs, other elf packages, and os packages? this should work outside of the cataloger - name: dependency.depth default: [] - name: dependency.edges default: "" - name: dependency.kinds default: [] - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false # Bitnami ########################################################################################################### - ecosystem: bitnami # MANUAL name: bitnami-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/bitnami/cataloger.go function: NewCataloger selectors: # AUTO-GENERATED - bitnami - image - installed - package parsers: # AUTO-GENERATED structure - function: parseSBOM # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - /opt/bitnami/**/.spdx-*.spdx metadata_types: # AUTO-GENERATED - pkg.BitnamiSBOMEntry package_types: # AUTO-GENERATED - bitnami json_schema_types: # AUTO-GENERATED - BitnamiSbomEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: true # the reach will vary for each ecosystem - name: dependency.depth default: - direct - indirect - name: dependency.edges default: complete - name: dependency.kinds default: - runtime - name: package_manager.files.listing default: true evidence: - BitnamiSBOMEntry.Files - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false # Rust (cargo) ##################################################################################################### - ecosystem: rust # MANUAL name: cargo-auditable-binary-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/rust/cataloger.go function: NewAuditBinaryCataloger selectors: # AUTO-GENERATED - binary - directory - image - installed - language - package - rust parsers: # AUTO-GENERATED structure - function: parseAuditBinary # AUTO-GENERATED detector: # AUTO-GENERATED method: mimetype # AUTO-GENERATED criteria: # AUTO-GENERATED - application/x-executable - application/x-mach-binary - application/x-elf - application/x-sharedlib - application/vnd.microsoft.portable-executable - application/x-executable metadata_types: # AUTO-GENERATED - pkg.RustBinaryAuditEntry package_types: # AUTO-GENERATED - rust-crate json_schema_types: # AUTO-GENERATED - RustCargoAuditEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - indirect - name: dependency.edges default: complete - name: dependency.kinds default: - runtime - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false - ecosystem: rust # MANUAL name: rust-cargo-lock-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/rust/cataloger.go function: NewCargoLockCataloger selectors: # AUTO-GENERATED - cargo - declared - directory - language - package - rust parsers: # AUTO-GENERATED structure - function: parseCargoLock # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/Cargo.lock' metadata_types: # AUTO-GENERATED - pkg.RustCargoLockEntry package_types: # AUTO-GENERATED - rust-crate json_schema_types: # AUTO-GENERATED - RustCargoLockEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - indirect - name: dependency.edges default: complete # though the toml has a dev/build section for deps, the lock has no knowledge of that - name: dependency.kinds default: - runtime - dev - build - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: true evidence: - RustCargoLockEntry.Checksum # Swift ######################################################################################################### - ecosystem: swift # MANUAL name: cocoapods-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/swift/cataloger.go function: NewCocoapodsCataloger selectors: # AUTO-GENERATED - cocoapods - declared - directory - language - package - swift parsers: # AUTO-GENERATED structure - function: parsePodfileLock # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/Podfile.lock' metadata_types: # AUTO-GENERATED - pkg.CocoaPodfileLockEntry package_types: # AUTO-GENERATED - pod json_schema_types: # AUTO-GENERATED - CocoaPodfileLockEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - indirect # we raise up all nodes in the graph, but don't relate them together in any way - name: dependency.edges default: "" - name: dependency.kinds default: - runtime - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: true evidence: - CocoaPodfileLockEntry.Checksum - ecosystem: swift # MANUAL name: swift-package-manager-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/swift/cataloger.go function: NewSwiftPackageManagerCataloger selectors: # AUTO-GENERATED - declared - directory - language - package - spm - swift parsers: # AUTO-GENERATED structure - function: parsePackageResolved # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/Package.resolved' - '**/.package.resolved' metadata_types: # AUTO-GENERATED - pkg.SwiftPackageManagerResolvedEntry package_types: # AUTO-GENERATED - swift json_schema_types: # AUTO-GENERATED - SwiftPackageManagerLockEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - indirect - name: dependency.edges default: "" - name: dependency.kinds default: - runtime - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false # C/C++ ############################################################################################################ - ecosystem: c++ # MANUAL name: conan-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/cpp/cataloger.go function: NewConanCataloger selectors: # AUTO-GENERATED - conan - cpp - declared - directory - language - package parsers: # AUTO-GENERATED structure - function: parseConanLock # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/conan.lock' metadata_types: # AUTO-GENERATED - pkg.ConanV1LockEntry - pkg.ConanV2LockEntry package_types: # AUTO-GENERATED - conan json_schema_types: # AUTO-GENERATED - CConanLockEntry - CConanLockV2Entry capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - indirect # we can detect nodes, but not how they relate to each other - name: dependency.edges default: "" - name: dependency.kinds default: - runtime - build - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: true evidence: - ConanV1LockEntry.Ref - ConanV2LockEntry.RecipeRevision - function: parseConanfile # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/conanfile.txt' metadata_types: # AUTO-GENERATED - pkg.ConanfileEntry package_types: # AUTO-GENERATED - conan json_schema_types: # AUTO-GENERATED - CConanFileEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct # we can detect nodes, but not how they relate to each other - name: dependency.edges default: "" - name: dependency.kinds default: - runtime - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false - ecosystem: c++ # MANUAL name: conan-info-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/cpp/cataloger.go function: NewConanInfoCataloger selectors: # AUTO-GENERATED - conan - cpp - image - installed - language - package parsers: # AUTO-GENERATED structure - function: parseConaninfo # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/conaninfo.txt' metadata_types: # AUTO-GENERATED - pkg.ConaninfoEntry package_types: # AUTO-GENERATED - conan json_schema_types: # AUTO-GENERATED - CConanInfoEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - name: dependency.edges default: flat - name: dependency.kinds default: - runtime - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false # Conda ############################################################################################################ - ecosystem: conda # MANUAL name: conda-meta-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/conda/cataloger.go function: NewCondaMetaCataloger selectors: # AUTO-GENERATED - conda - directory - installed - package parsers: # AUTO-GENERATED structure - function: parseCondaMetaJSON # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/conda-meta/*.json' metadata_types: # AUTO-GENERATED - pkg.CondaMetaPackage package_types: # AUTO-GENERATED - conda json_schema_types: # AUTO-GENERATED - CondaMetadataEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: true - name: dependency.depth default: - direct - name: dependency.edges default: "" - name: dependency.kinds default: - runtime - name: package_manager.files.listing default: true evidence: - CondaMetaPackage.Files - CondaMetaPackage.PathsData.Paths - name: package_manager.files.digests default: true evidence: - CondaMetaPackage.PathsData.Paths.SHA256 - name: package_manager.package_integrity_hash default: true evidence: - CondaMetaPackage.MD5 - CondaMetaPackage.SHA256 # Dart ############################################################################################################# - ecosystem: dart # MANUAL name: dart-pubspec-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/dart/cataloger.go function: NewPubspecCataloger selectors: # AUTO-GENERATED - dart - declared - directory - language - package parsers: # AUTO-GENERATED structure - function: parsePubspec # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/pubspec.yml' - '**/pubspec.yaml' metadata_types: # AUTO-GENERATED - pkg.DartPubspec package_types: # AUTO-GENERATED - dart-pub json_schema_types: # AUTO-GENERATED - DartPubspec capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - name: dependency.edges default: "" - name: dependency.kinds default: - runtime - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false - ecosystem: dart # MANUAL name: dart-pubspec-lock-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/dart/cataloger.go function: NewPubspecLockCataloger selectors: # AUTO-GENERATED - dart - declared - directory - language - package parsers: # AUTO-GENERATED structure - function: parsePubspecLock # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/pubspec.lock' metadata_types: # AUTO-GENERATED - pkg.DartPubspecLockEntry package_types: # AUTO-GENERATED - dart-pub json_schema_types: # AUTO-GENERATED - DartPubspecLockEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - indirect - name: dependency.edges default: "" - name: dependency.kinds default: - runtime - dev - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false # Dpkg (debian) ################################################################################################### - ecosystem: dpkg # MANUAL name: dpkg-db-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/debian/cataloger.go function: NewDBCataloger selectors: # AUTO-GENERATED - debian - directory - dpkg - image - installed - linux - os - package parsers: # AUTO-GENERATED structure - function: parseDpkgDB # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/lib/dpkg/status' - '**/lib/dpkg/status.d/*' - '**/lib/opkg/info/*.control' - '**/lib/opkg/status' metadata_types: # AUTO-GENERATED - pkg.DpkgDBEntry package_types: # AUTO-GENERATED - deb json_schema_types: # AUTO-GENERATED - DpkgDbEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: true - name: dependency.depth default: - direct - indirect - name: dependency.edges default: complete - name: dependency.kinds default: - runtime - name: package_manager.files.listing default: true evidence: - DpkgDBEntry.Files - name: package_manager.files.digests default: true evidence: - DpkgDBEntry.Files[].Digest - name: package_manager.package_integrity_hash default: false - ecosystem: dpkg # MANUAL name: deb-archive-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/debian/cataloger.go function: NewArchiveCataloger selectors: # AUTO-GENERATED - deb - debian - declared - directory - linux - os - package parsers: # AUTO-GENERATED structure - function: parseDebArchive # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/*.deb' metadata_types: # AUTO-GENERATED - pkg.DpkgArchiveEntry package_types: # AUTO-GENERATED - deb json_schema_types: # AUTO-GENERATED - DpkgArchiveEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: true # an archive only has dependency CLAIMS in the metadata, but not dependencies incorporated as nodes/edges in the SBOM - name: dependency.depth default: [] - name: dependency.edges default: "" - name: dependency.kinds default: [] - name: package_manager.files.listing default: true evidence: - DpkgArchiveEntry.Files - name: package_manager.files.digests default: true evidence: - DpkgArchiveEntry.Files[].Digest - name: package_manager.package_integrity_hash default: false # .NET ################################################################################################### - ecosystem: dotnet # MANUAL name: dotnet-deps-binary-cataloger # AUTO-GENERATED type: custom # AUTO-GENERATED source: # AUTO-GENERATED file: "" function: "" selectors: # AUTO-GENERATED - c# - directory - dotnet - image - installed - language - package detectors: # MANUAL - edit detectors here - method: glob criteria: - '**/*.deps.json' - '**/*.dll' - '**/*.exe' metadata_types: # AUTO-GENERATED - pkg.DotnetDepsEntry - pkg.DotnetPortableExecutableEntry package_types: # AUTO-GENERATED - dotnet - npm json_schema_types: # AUTO-GENERATED - DotnetDepsEntry - DotnetPortableExecutableEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - indirect - name: dependency.edges default: complete - name: dependency.kinds default: - runtime - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false - ecosystem: dotnet # MANUAL name: dotnet-deps-cataloger # AUTO-GENERATED type: custom # AUTO-GENERATED source: # AUTO-GENERATED file: "" function: "" selectors: # AUTO-GENERATED - deprecated - package detectors: # MANUAL - edit detectors here - method: glob criteria: - '**/*.deps.json' metadata_types: # AUTO-GENERATED - pkg.DotnetDepsEntry package_types: # AUTO-GENERATED - dotnet json_schema_types: # AUTO-GENERATED - DotnetDepsEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - indirect - name: dependency.edges default: complete - name: dependency.kinds default: - runtime - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false - ecosystem: dotnet # MANUAL name: dotnet-packages-lock-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/dotnet/cataloger.go function: NewDotnetPackagesLockCataloger selectors: # AUTO-GENERATED - c# - declared - directory - dotnet - image - language - package parsers: # AUTO-GENERATED structure - function: parseDotnetPackagesLock # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/packages.lock.json' metadata_types: # AUTO-GENERATED - pkg.DotnetPackagesLockEntry package_types: # AUTO-GENERATED - dotnet json_schema_types: # AUTO-GENERATED - DotnetPackagesLockEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - indirect - name: dependency.edges default: complete - name: dependency.kinds default: - runtime - dev - build - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: true evidence: - DotnetPackagesLockEntry.ContentHash - ecosystem: dotnet # MANUAL name: dotnet-portable-executable-cataloger # AUTO-GENERATED type: custom # AUTO-GENERATED source: # AUTO-GENERATED file: "" function: "" config: dotnet.CatalogerConfig # AUTO-GENERATED selectors: # AUTO-GENERATED - deprecated - package detectors: # MANUAL - edit detectors here - method: glob criteria: - '**/*.dll' - '**/*.exe' metadata_types: # AUTO-GENERATED - pkg.DotnetPortableExecutableEntry package_types: # AUTO-GENERATED - dotnet json_schema_types: # AUTO-GENERATED - DotnetPortableExecutableEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: [] - name: dependency.edges default: "" - name: dependency.kinds default: [] - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false # Elixir ########################################################################################################## - ecosystem: elixir # MANUAL name: elixir-mix-lock-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/elixir/cataloger.go function: NewMixLockCataloger selectors: # AUTO-GENERATED - declared - directory - elixir - language - package parsers: # AUTO-GENERATED structure - function: parseMixLock # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/mix.lock' metadata_types: # AUTO-GENERATED - pkg.ElixirMixLockEntry package_types: # AUTO-GENERATED - hex json_schema_types: # AUTO-GENERATED - ElixirMixLockEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - indirect # we find nodes, but can't relate them together - name: dependency.edges default: "" - name: dependency.kinds default: - runtime - dev - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: true evidence: - ElixirMixLockEntry.PkgHash - ElixirMixLockEntry.PkgHashExt # Erlang ########################################################################################################## - ecosystem: erlang # MANUAL name: erlang-otp-application-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/erlang/cataloger.go function: NewOTPCataloger selectors: # AUTO-GENERATED - declared - directory - erlang - language - otp - package parsers: # AUTO-GENERATED structure - function: parseOTPApp # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/*.app' package_types: # AUTO-GENERATED - erlang-otp capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - name: dependency.edges default: "" - name: dependency.kinds default: - runtime - dev - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false - ecosystem: erlang # MANUAL name: erlang-rebar-lock-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/erlang/cataloger.go function: NewRebarLockCataloger selectors: # AUTO-GENERATED - declared - directory - erlang - language - package parsers: # AUTO-GENERATED structure - function: parseRebarLock # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/rebar.lock' metadata_types: # AUTO-GENERATED - pkg.ErlangRebarLockEntry package_types: # AUTO-GENERATED - hex json_schema_types: # AUTO-GENERATED - ErlangRebarLockEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - name: dependency.edges default: "" - name: dependency.kinds default: - runtime - dev - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: true evidence: - ErlangRebarLockEntry.PkgHash - ErlangRebarLockEntry.PkgHashExt # GitHub Actions ################################################################################################## - ecosystem: github-actions # MANUAL name: github-action-workflow-usage-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/githubactions/cataloger.go function: NewWorkflowUsageCataloger selectors: # AUTO-GENERATED - declared - directory - github - github-actions - package parsers: # AUTO-GENERATED structure - function: parseWorkflowForWorkflowUsage # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/.github/workflows/*.yaml' - '**/.github/workflows/*.yml' metadata_types: # AUTO-GENERATED - pkg.GitHubActionsUseStatement package_types: # AUTO-GENERATED - github-action-workflow json_schema_types: # AUTO-GENERATED - GithubActionsUseStatement capabilities: # MANUAL - config-driven capability definitions - name: license default: false # no dependencies supported - name: dependency.depth default: [] - name: dependency.edges default: "" - name: dependency.kinds default: [] - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false - ecosystem: github-actions # MANUAL name: github-actions-usage-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/githubactions/cataloger.go function: NewActionUsageCataloger selectors: # AUTO-GENERATED - declared - directory - github - github-actions - package parsers: # AUTO-GENERATED structure - function: parseCompositeActionForActionUsage # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/.github/actions/*/action.yml' - '**/.github/actions/*/action.yaml' metadata_types: # AUTO-GENERATED - pkg.GitHubActionsUseStatement package_types: # AUTO-GENERATED - github-action json_schema_types: # AUTO-GENERATED - GithubActionsUseStatement capabilities: # MANUAL - config-driven capability definitions - name: license default: false # no dependencies supported - name: dependency.depth default: [] - name: dependency.edges default: "" - name: dependency.kinds default: [] - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false - function: parseWorkflowForActionUsage # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/.github/workflows/*.yaml' - '**/.github/workflows/*.yml' metadata_types: # AUTO-GENERATED - pkg.GitHubActionsUseStatement package_types: # AUTO-GENERATED - github-action json_schema_types: # AUTO-GENERATED - GithubActionsUseStatement capabilities: # MANUAL - config-driven capability definitions - name: license default: false # no dependencies supported - name: dependency.depth default: [] - name: dependency.edges default: "" - name: dependency.kinds default: [] - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false # Go ############################################################################################################## - ecosystem: go # MANUAL name: go-module-binary-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/golang/cataloger.go function: NewGoModuleBinaryCataloger config: golang.CatalogerConfig # AUTO-GENERATED selectors: # AUTO-GENERATED - binary - directory - go - golang - gomod - image - installed - language - package parsers: # AUTO-GENERATED structure - function: parseGoBinary # AUTO-GENERATED detector: # AUTO-GENERATED method: mimetype # AUTO-GENERATED criteria: # AUTO-GENERATED - application/x-executable - application/x-mach-binary - application/x-elf - application/x-sharedlib - application/vnd.microsoft.portable-executable - application/x-executable metadata_types: # AUTO-GENERATED - pkg.GolangBinaryBuildinfoEntry package_types: # AUTO-GENERATED - go-module json_schema_types: # AUTO-GENERATED - GoModuleBuildinfoEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: false conditions: - when: SearchLocalModCacheLicenses: true value: true - when: SearchRemoteLicenses: true value: true - name: dependency.depth default: - direct - indirect - name: dependency.edges default: flat - name: dependency.kinds default: - runtime - dev - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: true evidence: - GolangBinaryBuildinfoEntry.H1Digest - ecosystem: go # MANUAL name: go-module-file-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/golang/cataloger.go function: NewGoModuleFileCataloger config: golang.CatalogerConfig # AUTO-GENERATED selectors: # AUTO-GENERATED - declared - directory - go - golang - gomod - language - package parsers: # AUTO-GENERATED structure - function: parseGoModFile # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/go.mod' metadata_types: # AUTO-GENERATED - pkg.GolangModuleEntry - pkg.GolangSourceEntry package_types: # AUTO-GENERATED - go-module json_schema_types: # AUTO-GENERATED - GoModuleEntry - GoSourceEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: false conditions: - when: SearchLocalModCacheLicenses: true value: true - when: SearchRemoteLicenses: true value: true - name: dependency.depth default: - direct - indirect - name: dependency.edges default: flat - name: dependency.kinds default: - runtime - dev - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: true evidence: - GolangModuleEntry.H1Digest - GolangSourceEntry.H1Digest # Java ############################################################################################################ - ecosystem: java # MANUAL name: java-archive-cataloger # AUTO-GENERATED type: custom # MANUAL OVERRIDE source: # AUTO-GENERATED file: syft/pkg/cataloger/java/cataloger.go function: NewArchiveCataloger config: java.ArchiveCatalogerConfig # AUTO-GENERATED selectors: # AUTO-GENERATED - directory - image - installed - java - language - maven - package detectors: # MANUAL - edit detectors here - method: glob criteria: - '**/*.jar' - '**/*.war' - '**/*.ear' - '**/*.par' - '**/*.sar' - '**/*.nar' - '**/*.jpi' - '**/*.hpi' - '**/*.kar' - '**/*.lpkg' comment: JAR-based archives - always active - method: glob criteria: - '**/*.zip' conditions: - when: IncludeIndexedArchives: true comment: ZIP archives require indexed archive support - method: glob criteria: - '**/*.tar' - '**/*.tar.gz' - '**/*.tgz' - '**/*.tar.bz' - '**/*.tar.bz2' - '**/*.tbz' - '**/*.tbz2' - '**/*.tar.br' - '**/*.tbr' - '**/*.tar.lz4' - '**/*.tlz4' - '**/*.tar.sz' - '**/*.tsz' - '**/*.tar.xz' - '**/*.txz' - '**/*.tar.zst' - '**/*.tzst' - '**/*.tar.zstd' - '**/*.tzstd' conditions: - when: IncludeUnindexedArchives: true comment: TAR archives require unindexed archive support metadata_types: # AUTO-GENERATED - pkg.JavaArchive package_types: # AUTO-GENERATED - java-archive json_schema_types: # AUTO-GENERATED - JavaArchive capabilities: # MANUAL - config-driven capability definitions # TODO: online capabilities - name: license default: false # TODO: this does not account for the various sources (maven/gradle/other) that have different dependency qualities - name: dependency.depth default: - direct - indirect - name: dependency.edges default: complete - name: dependency.kinds default: - runtime - dev - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash # note: only applicable to archives, but not raw gradle/maven files default: true evidence: - JavaArchive.ArchiveDigests - ecosystem: java # MANUAL name: java-gradle-lockfile-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/java/cataloger.go function: NewGradleLockfileCataloger selectors: # AUTO-GENERATED - declared - directory - gradle - java - language - package parsers: # AUTO-GENERATED structure - function: parseGradleLockfile detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/gradle.lockfile*' metadata_types: # AUTO-GENERATED - pkg.JavaArchive package_types: # AUTO-GENERATED - java-archive json_schema_types: # AUTO-GENERATED - JavaArchive capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - indirect # we detect nodes, but can't relate them together - name: dependency.edges default: "" - name: dependency.kinds default: - runtime - dev - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false - ecosystem: java # MANUAL name: java-pom-cataloger # AUTO-GENERATED type: custom # AUTO-GENERATED source: # AUTO-GENERATED file: "" function: "" selectors: # AUTO-GENERATED - declared - directory - java - language - maven - package detectors: # MANUAL - edit detectors here - method: glob criteria: - '*pom.xml' metadata_types: # AUTO-GENERATED - pkg.JavaArchive package_types: # AUTO-GENERATED - java-archive json_schema_types: # AUTO-GENERATED - JavaArchive capabilities: # MANUAL - config-driven capability definitions - name: license default: true - name: dependency.depth default: - direct - name: dependency.edges default: complete - name: dependency.kinds default: - runtime - dev - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false - ecosystem: java # MANUAL name: java-jvm-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/java/cataloger.go function: NewJvmDistributionCataloger selectors: # AUTO-GENERATED - declared - directory - image - installed - java - jdk - jre - jvm - package parsers: # AUTO-GENERATED structure - function: parseJVMRelease detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/release' metadata_types: # AUTO-GENERATED - pkg.JavaVMInstallation package_types: # AUTO-GENERATED - binary json_schema_types: # AUTO-GENERATED - JavaJvmInstallation capabilities: # MANUAL - config-driven capability definitions - name: license default: true - name: dependency.depth default: - direct - indirect - name: dependency.edges default: "" - name: dependency.kinds default: - runtime - dev - name: package_manager.files.listing default: true evidence: - JavaVMInstallation.Files - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false - ecosystem: java # MANUAL name: graalvm-native-image-cataloger # AUTO-GENERATED type: custom # AUTO-GENERATED source: # AUTO-GENERATED file: "" function: "" selectors: # AUTO-GENERATED - directory - image - installed - java - language - package detectors: # MANUAL - edit detectors here - method: mimetype criteria: - application/x-executable - application/x-mach-binary - application/x-elf - application/x-sharedlib - application/vnd.microsoft.portable-executable package_types: # MANUAL - edit package types here - graalvm-native-image capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - indirect comment: the dependencies ultimately depends on the quality of the embedded SBOM - name: dependency.edges default: complete - name: dependency.kinds default: - runtime - dev - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false # Haskell ######################################################################################################### - ecosystem: haskell # MANUAL name: haskell-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/haskell/cataloger.go function: NewHackageCataloger selectors: # AUTO-GENERATED - cabal - declared - directory - hackage - haskell - language - package parsers: # AUTO-GENERATED structure - function: parseCabalFreeze # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/cabal.project.freeze' package_types: # AUTO-GENERATED - hackage capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - indirect - name: dependency.edges default: "" - name: dependency.kinds default: - runtime - dev - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false - function: parseStackLock # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/stack.yaml.lock' metadata_types: # AUTO-GENERATED - pkg.HackageStackYamlLockEntry package_types: # AUTO-GENERATED - hackage json_schema_types: # AUTO-GENERATED - HaskellHackageStackLockEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - indirect - name: dependency.edges default: "" - name: dependency.kinds default: - runtime - dev - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: true evidence: - HackageStackYamlLockEntry.PkgHash - function: parseStackYaml # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/stack.yaml' metadata_types: # AUTO-GENERATED - pkg.HackageStackYamlEntry package_types: # AUTO-GENERATED - hackage json_schema_types: # AUTO-GENERATED - HaskellHackageStackEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - name: dependency.edges default: "" - name: dependency.kinds default: - runtime - dev - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: true evidence: - HackageStackYamlEntry.PkgHash # Homebrew ####################################################################################################### - ecosystem: homebrew # MANUAL name: homebrew-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/homebrew/cataloger.go function: NewCataloger selectors: # AUTO-GENERATED - directory - homebrew - image - installed - package parsers: # AUTO-GENERATED structure - function: parseHomebrewFormula # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/Cellar/*/*/.brew/*.rb' - '**/Library/Taps/*/*/Formula/*.rb' metadata_types: # AUTO-GENERATED - pkg.HomebrewFormula package_types: # AUTO-GENERATED - homebrew json_schema_types: # AUTO-GENERATED - HomebrewFormula capabilities: # MANUAL - config-driven capability definitions - name: license default: true - name: dependency.depth default: [] - name: dependency.edges default: "" - name: dependency.kinds default: [] - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false # JavaScript ###################################################################################################### - ecosystem: javascript # MANUAL name: javascript-lock-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/javascript/cataloger.go function: NewLockCataloger config: javascript.CatalogerConfig # AUTO-GENERATED selectors: # AUTO-GENERATED - declared - directory - javascript - language - node - npm - package parsers: # AUTO-GENERATED structure - function: parsePnpmLock # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/pnpm-lock.yaml' package_types: # AUTO-GENERATED - npm capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - indirect - name: dependency.edges default: "" - name: dependency.kinds # note: though there are dev dependencies listed, they are in a different section in the document default: - runtime - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false - function: parseYarnLock # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/yarn.lock' metadata_types: # AUTO-GENERATED - pkg.YarnLockEntry package_types: # AUTO-GENERATED - npm json_schema_types: # AUTO-GENERATED - JavascriptYarnLockEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - indirect - name: dependency.edges default: "" - name: dependency.kinds # note: though there are dev dependencies listed, they are in a different section in the document default: - runtime - dev - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: true evidence: - YarnLockEntry.Integrity - function: parsePackageLock # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/package-lock.json' metadata_types: # AUTO-GENERATED - pkg.NpmPackageLockEntry package_types: # AUTO-GENERATED - npm json_schema_types: # AUTO-GENERATED - JavascriptNpmPackageLockEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: true - name: dependency.depth default: - direct - indirect - name: dependency.edges default: "" - name: dependency.kinds # note: though there are dev dependencies listed, they are in a different section in the document default: - runtime - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: true evidence: - NpmPackageLockEntry.Integrity - ecosystem: javascript # MANUAL name: javascript-package-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/javascript/cataloger.go function: NewPackageCataloger selectors: # AUTO-GENERATED - image - installed - javascript - language - node - package parsers: # AUTO-GENERATED structure - function: parsePackageJSON # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/package.json' metadata_types: # AUTO-GENERATED - pkg.NpmPackage package_types: # AUTO-GENERATED - npm json_schema_types: # AUTO-GENERATED - JavascriptNpmPackage capabilities: # MANUAL - config-driven capability definitions - name: license default: true - name: dependency.depth default: - direct - name: dependency.edges default: "" - name: dependency.kinds # note: devDependencies not parsed by this cataloger default: - runtime - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false # Linux ########################################################################################################## - ecosystem: linux # MANUAL name: linux-kernel-cataloger # AUTO-GENERATED type: custom # AUTO-GENERATED source: # AUTO-GENERATED file: "" function: "" config: kernel.LinuxKernelCatalogerConfig # AUTO-GENERATED selectors: # AUTO-GENERATED - declared - directory - image - installed - kernel - linux - package detectors: # MANUAL - edit detectors here - method: glob criteria: - '**/kernel' - '**/kernel-*' - '**/vmlinux' - '**/vmlinux-*' - '**/vmlinuz' - '**/vmlinuz-*' - '**/lib/modules/**/*.ko' metadata_types: # AUTO-GENERATED - pkg.LinuxKernel - pkg.LinuxKernelModule package_types: # AUTO-GENERATED - linux-kernel - linux-kernel-module json_schema_types: # AUTO-GENERATED - LinuxKernelArchive - LinuxKernelModule capabilities: # MANUAL - config-driven capability definitions - name: license default: true - name: dependency.depth default: [] - name: dependency.edges default: "" - name: dependency.kinds default: [] - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false # Lua ############################################################################################################# - ecosystem: lua # MANUAL name: lua-rock-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/lua/cataloger.go function: NewPackageCataloger selectors: # AUTO-GENERATED - directory - image - installed - language - lua - package parsers: # AUTO-GENERATED structure - function: parseRockspec # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/*.rockspec' metadata_types: # AUTO-GENERATED - pkg.LuaRocksPackage package_types: # AUTO-GENERATED - lua-rocks json_schema_types: # AUTO-GENERATED - LuarocksPackage capabilities: # MANUAL - config-driven capability definitions - name: license default: true - name: dependency.depth default: - direct - name: dependency.edges default: "" - name: dependency.kinds default: - runtime - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false # Nix ############################################################################################################# - ecosystem: nix # MANUAL name: nix-cataloger # AUTO-GENERATED type: custom # AUTO-GENERATED source: # AUTO-GENERATED file: "" function: "" selectors: # AUTO-GENERATED - directory - image - installed - language - nix - package detectors: # MANUAL - edit detectors here - method: glob criteria: - '**/nix/var/nix/db/db.sqlite' - '**/nix/store/*' - '**/nix/store/*.drv' metadata_types: # AUTO-GENERATED - pkg.NixStoreEntry package_types: # AUTO-GENERATED - nix json_schema_types: # AUTO-GENERATED - NixStoreEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - indirect - name: dependency.edges default: complete - name: dependency.kinds default: - runtime - name: package_manager.files.listing default: true - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: true evidence: - NixStoreEntry.OutputHash - ecosystem: nix # MANUAL name: nix-store-cataloger # AUTO-GENERATED type: custom # AUTO-GENERATED source: # AUTO-GENERATED file: "" function: "" config: nix.Config # AUTO-GENERATED selectors: # AUTO-GENERATED - deprecated - package detectors: # MANUAL - edit detectors here - method: glob criteria: - '**/nix/store/*' - '**/nix/store/*.drv' metadata_types: # AUTO-GENERATED - pkg.NixStoreEntry package_types: # AUTO-GENERATED - nix json_schema_types: # AUTO-GENERATED - NixStoreEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - indirect - name: dependency.edges default: complete - name: dependency.kinds default: - runtime - name: package_manager.files.listing default: false conditions: - when: CaptureOwnedFiles: true value: true evidence: - NixStoreEntry.Files - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: true evidence: - NixStoreEntry.OutputHash # OCaml ########################################################################################################## - ecosystem: ocaml # MANUAL name: opam-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/ocaml/cataloger.go function: NewOpamPackageManagerCataloger selectors: # AUTO-GENERATED - declared - directory - language - ocaml - opam - package parsers: # AUTO-GENERATED structure - function: parseOpamPackage # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/*opam' metadata_types: # AUTO-GENERATED - pkg.OpamPackage package_types: # AUTO-GENERATED - opam json_schema_types: # AUTO-GENERATED - OpamPackage capabilities: # MANUAL - config-driven capability definitions - name: license default: true - name: dependency.depth default: - direct - name: dependency.edges default: "" - name: dependency.kinds default: - runtime - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false # PHP ############################################################################################################# - ecosystem: php # MANUAL name: php-composer-installed-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/php/cataloger.go function: NewComposerInstalledCataloger selectors: # AUTO-GENERATED - composer - image - installed - language - package - php parsers: # AUTO-GENERATED structure - function: parseInstalledJSON # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/installed.json' metadata_types: # AUTO-GENERATED - pkg.PhpComposerInstalledEntry package_types: # AUTO-GENERATED - php-composer json_schema_types: # AUTO-GENERATED - PhpComposerInstalledEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: true - name: dependency.depth default: - direct - indirect - name: dependency.edges default: "" - name: dependency.kinds default: - runtime - dev - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false - ecosystem: php # MANUAL name: php-composer-lock-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/php/cataloger.go function: NewComposerLockCataloger selectors: # AUTO-GENERATED - composer - declared - directory - language - package - php parsers: # AUTO-GENERATED structure - function: parseComposerLock # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/composer.lock' metadata_types: # AUTO-GENERATED - pkg.PhpComposerLockEntry package_types: # AUTO-GENERATED - php-composer json_schema_types: # AUTO-GENERATED - PhpComposerLockEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: true - name: dependency.depth default: - direct - indirect - name: dependency.edges default: "" - name: dependency.kinds # note: the dev dependencies are in a separate section in the lock file default: - runtime - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: true - ecosystem: php # MANUAL name: php-interpreter-cataloger # AUTO-GENERATED type: custom # AUTO-GENERATED source: # AUTO-GENERATED file: "" function: "" selectors: # AUTO-GENERATED - binary - declared - directory - image - installed - package - php detectors: # MANUAL - edit detectors here - method: glob criteria: - '**/php*/**/*.so' - '**/php-fpm*' - '**/apache*/**/libphp*.so' metadata_types: # AUTO-GENERATED - pkg.BinarySignature package_types: # AUTO-GENERATED - binary json_schema_types: # AUTO-GENERATED - BinarySignature capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - name: dependency.edges default: flat - name: dependency.kinds default: - runtime - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false - ecosystem: php # MANUAL name: php-pear-serialized-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/php/cataloger.go function: NewPearCataloger selectors: # AUTO-GENERATED - declared - directory - image - language - package - pear - php parsers: # AUTO-GENERATED structure - function: parsePear # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/php/.registry/**/*.reg' metadata_types: # AUTO-GENERATED - pkg.PhpPearEntry package_types: # AUTO-GENERATED - php-pear json_schema_types: # AUTO-GENERATED - PhpPearEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: true - name: dependency.depth default: - direct - name: dependency.edges default: "" - name: dependency.kinds default: - runtime - name: package_manager.files.listing default: true - name: package_manager.files.digests default: true - name: package_manager.package_integrity_hash default: false - ecosystem: php # MANUAL name: php-pecl-serialized-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/php/cataloger.go function: NewPeclCataloger selectors: # AUTO-GENERATED - deprecated - package parsers: # AUTO-GENERATED structure - function: parsePecl # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/php/.registry/.channel.*/*.reg' metadata_types: # AUTO-GENERATED - pkg.PhpPeclEntry package_types: # AUTO-GENERATED - php-pecl json_schema_types: # AUTO-GENERATED - PhpPeclEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: true - name: dependency.depth default: - direct - name: dependency.edges default: "" - name: dependency.kinds default: - runtime - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false # Portage (gentoo) ######################################################################################################## - ecosystem: portage # MANUAL name: portage-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/gentoo/cataloger.go function: NewPortageCataloger selectors: # AUTO-GENERATED - directory - gentoo - image - installed - linux - os - package - portage parsers: # AUTO-GENERATED structure - function: parsePortageContents # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/var/db/pkg/*/*/CONTENTS' metadata_types: # AUTO-GENERATED - pkg.PortageEntry package_types: # AUTO-GENERATED - portage json_schema_types: # AUTO-GENERATED - PortageDbEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: true - name: dependency.depth default: - direct - name: dependency.edges default: "" - name: dependency.kinds default: - runtime - name: package_manager.files.listing default: true evidence: - PortageEntry.Files - name: package_manager.files.digests default: true evidence: - PortageEntry.Files[].Digest - name: package_manager.package_integrity_hash default: false # Python ######################################################################################################### - ecosystem: python # MANUAL name: python-installed-package-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/python/cataloger.go function: NewInstalledPackageCataloger selectors: # AUTO-GENERATED - directory - image - installed - language - package - python parsers: # AUTO-GENERATED structure - function: parseWheelOrEgg # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/*.egg-info' - '**/*dist-info/METADATA' - '**/*egg-info/PKG-INFO' - '**/*DIST-INFO/METADATA' - '**/*EGG-INFO/PKG-INFO' metadata_types: # AUTO-GENERATED - pkg.PythonPackage package_types: # AUTO-GENERATED - python json_schema_types: # AUTO-GENERATED - PythonPackage capabilities: # MANUAL - config-driven capability definitions - name: license default: true - name: dependency.depth default: - direct - name: dependency.edges default: complete - name: dependency.kinds default: - runtime - name: package_manager.files.listing default: true evidence: - PythonPackage.Files - name: package_manager.files.digests default: true evidence: - PythonPackage.Files[].Digest - name: package_manager.package_integrity_hash default: false - ecosystem: python # MANUAL name: python-package-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/python/cataloger.go function: NewPackageCataloger config: python.CatalogerConfig # AUTO-GENERATED selectors: # AUTO-GENERATED - declared - directory - language - package - python parsers: # AUTO-GENERATED structure - function: parseUvLock # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/uv.lock' metadata_types: # AUTO-GENERATED - pkg.PythonUvLockEntry package_types: # AUTO-GENERATED - python json_schema_types: # AUTO-GENERATED - PythonUvLockEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - indirect - name: dependency.edges default: complete - name: dependency.kinds default: - dev - optional - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false - function: parseSetup # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/setup.py' package_types: # AUTO-GENERATED - python capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - name: dependency.edges default: "" - name: dependency.kinds default: [] - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false - function: parsePipfileLock # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/Pipfile.lock' metadata_types: # AUTO-GENERATED - pkg.PythonPipfileLockEntry package_types: # AUTO-GENERATED - python json_schema_types: # AUTO-GENERATED - PythonPipfileLockEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - indirect - name: dependency.edges default: "" - name: dependency.kinds default: - runtime - name: package_manager.files.listing default: false - name: package_manager.files.digests default: true evidence: - PythonPipfileLockEntry.Hashes - name: package_manager.package_integrity_hash default: false - function: parsePoetryLock # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/poetry.lock' metadata_types: # AUTO-GENERATED - pkg.PythonPoetryLockEntry package_types: # AUTO-GENERATED - python json_schema_types: # AUTO-GENERATED - PythonPoetryLockEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - indirect - name: dependency.edges default: complete - name: dependency.kinds default: - dev - optional - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false - function: parseRequirementsTxt # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/*requirements*.txt' metadata_types: # AUTO-GENERATED - pkg.PythonRequirementsEntry package_types: # AUTO-GENERATED - python json_schema_types: # AUTO-GENERATED - PythonPipRequirementsEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - name: dependency.edges default: "" - name: dependency.kinds default: - any - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false # R ############################################################################################################### - ecosystem: r # MANUAL name: r-package-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/r/cataloger.go function: NewPackageCataloger selectors: # AUTO-GENERATED - directory - image - installed - language - package - r parsers: # AUTO-GENERATED structure - function: parseDescriptionFile # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/DESCRIPTION' metadata_types: # AUTO-GENERATED - pkg.RDescription package_types: # AUTO-GENERATED - R-package json_schema_types: # AUTO-GENERATED - RDescription capabilities: # MANUAL - config-driven capability definitions - name: license default: true - name: dependency.depth default: [] - name: dependency.edges default: "" - name: dependency.kinds default: [] - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false # RPM (RedHat) ####################################################################################################### - ecosystem: rpm # MANUAL name: rpm-archive-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/redhat/cataloger.go function: NewArchiveCataloger selectors: # AUTO-GENERATED - declared - directory - linux - os - package - redhat - rpm parsers: # AUTO-GENERATED structure - function: parseRpmArchive # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/*.rpm' metadata_types: # AUTO-GENERATED - pkg.RpmArchive package_types: # AUTO-GENERATED - rpm json_schema_types: # AUTO-GENERATED - RpmArchive capabilities: # MANUAL - config-driven capability definitions - name: license default: true - name: dependency.depth default: [] - name: dependency.edges default: "" - name: dependency.kinds default: [] - name: package_manager.files.listing default: true evidence: - RpmArchive.Files - name: package_manager.files.digests default: true evidence: - RpmArchive.Files[].Digest - name: package_manager.package_integrity_hash default: false - ecosystem: rpm # MANUAL name: rpm-db-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/redhat/cataloger.go function: NewDBCataloger selectors: # AUTO-GENERATED - directory - image - installed - linux - os - package - redhat - rpm parsers: # AUTO-GENERATED structure - function: parseRpmManifest # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/var/lib/rpmmanifest/container-manifest-2' metadata_types: # AUTO-GENERATED - pkg.RpmDBEntry package_types: # AUTO-GENERATED - rpm json_schema_types: # AUTO-GENERATED - RpmDbEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - indirect - name: dependency.edges default: "" - name: dependency.kinds default: - runtime - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false - function: parseRpmDB # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/{var/lib,usr/share,usr/lib/sysimage}/rpm/{Packages,Packages.db,rpmdb.sqlite}' metadata_types: # AUTO-GENERATED - pkg.RpmDBEntry package_types: # AUTO-GENERATED - rpm json_schema_types: # AUTO-GENERATED - RpmDbEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: true - name: dependency.depth default: - direct - indirect - name: dependency.edges default: complete - name: dependency.kinds default: - runtime - name: package_manager.files.listing default: true evidence: - RpmDBEntry.Files - name: package_manager.files.digests default: true evidence: - RpmDBEntry.Files[].Digest - name: package_manager.package_integrity_hash default: false # Ruby ########################################################################################################### - ecosystem: ruby # MANUAL name: ruby-gemfile-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/ruby/cataloger.go function: NewGemFileLockCataloger selectors: # AUTO-GENERATED - declared - directory - gem - language - package - ruby parsers: # AUTO-GENERATED structure - function: parseGemFileLockEntries # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/Gemfile.lock' package_types: # AUTO-GENERATED - gem capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - indirect - name: dependency.edges default: "" - name: dependency.kinds default: - runtime - dev - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false - ecosystem: ruby # MANUAL name: ruby-gemspec-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/ruby/cataloger.go function: NewGemSpecCataloger selectors: # AUTO-GENERATED - declared - directory - gem - gemspec - language - package - ruby parsers: # AUTO-GENERATED structure - function: parseGemSpecEntries # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/*.gemspec' metadata_types: # AUTO-GENERATED - pkg.RubyGemspec package_types: # AUTO-GENERATED - gem json_schema_types: # AUTO-GENERATED - RubyGemspec capabilities: # MANUAL - config-driven capability definitions - name: license default: true - name: dependency.depth default: - direct - name: dependency.edges default: "" - name: dependency.kinds default: - runtime - name: package_manager.files.listing default: true evidence: - RubyGemspec.Files - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false - ecosystem: ruby # MANUAL name: ruby-installed-gemspec-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/ruby/cataloger.go function: NewInstalledGemSpecCataloger selectors: # AUTO-GENERATED - gem - gemspec - image - installed - language - package - ruby parsers: # AUTO-GENERATED structure - function: parseGemSpecEntries # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/specifications/**/*.gemspec' metadata_types: # AUTO-GENERATED - pkg.RubyGemspec package_types: # AUTO-GENERATED - gem json_schema_types: # AUTO-GENERATED - RubyGemspec capabilities: # MANUAL - config-driven capability definitions - name: license default: true - name: dependency.depth default: - direct - indirect - name: dependency.edges default: "" - name: dependency.kinds default: - runtime - name: package_manager.files.listing default: true evidence: - RubyGemspec.Files - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false # SBOM ########################################################################################################## - ecosystem: sbom # MANUAL name: sbom-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/sbom/cataloger.go function: NewCataloger selectors: # AUTO-GENERATED - package - sbom parsers: # AUTO-GENERATED structure - function: parseSBOM # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/*.syft.json' - '**/*.bom.*' - '**/*.bom' - '**/bom' - '**/*.sbom.*' - '**/*.sbom' - '**/sbom' - '**/*.cdx.*' - '**/*.cdx' - '**/*.spdx.*' - '**/*.spdx' metadata_types: # AUTO-GENERATED - pkg.ApkDBEntry package_types: # AUTO-GENERATED - apk json_schema_types: # AUTO-GENERATED - ApkDbEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: true - name: dependency.depth default: [] - name: dependency.edges default: "" - name: dependency.kinds default: [] - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false # Snap ########################################################################################################## - ecosystem: snap # MANUAL name: snap-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/snap/cataloger.go function: NewCataloger selectors: # AUTO-GENERATED - directory - image - installed - package - snap parsers: # AUTO-GENERATED structure - function: parseSnapdSnapcraft # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/snap/snapcraft.yaml' metadata_types: # AUTO-GENERATED - pkg.SnapEntry package_types: # AUTO-GENERATED - deb json_schema_types: # AUTO-GENERATED - SnapEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: [] - name: dependency.edges default: "" - name: dependency.kinds default: [] - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false - function: parseSystemManifest # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/snap/manifest.yaml' metadata_types: # AUTO-GENERATED - pkg.SnapEntry package_types: # AUTO-GENERATED - deb json_schema_types: # AUTO-GENERATED - SnapEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: [] - name: dependency.edges default: "" - name: dependency.kinds default: [] - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false - function: parseKernelChangelog # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/doc/linux-modules-*/changelog.Debian.gz' metadata_types: # AUTO-GENERATED - pkg.SnapEntry package_types: # AUTO-GENERATED - deb json_schema_types: # AUTO-GENERATED - SnapEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: [] - name: dependency.edges default: "" - name: dependency.kinds default: [] - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false - function: parseBaseDpkgYaml # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/usr/share/snappy/dpkg.yaml' metadata_types: # AUTO-GENERATED - pkg.SnapEntry package_types: # AUTO-GENERATED - deb json_schema_types: # AUTO-GENERATED - SnapEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: [] - name: dependency.edges default: "" - name: dependency.kinds default: [] - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false - function: parseSnapYaml # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/meta/snap.yaml' metadata_types: # AUTO-GENERATED - pkg.SnapEntry package_types: # AUTO-GENERATED - deb json_schema_types: # AUTO-GENERATED - SnapEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: [] - name: dependency.edges default: "" - name: dependency.kinds default: [] - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false # Prolog ######################################################################################################## - ecosystem: prolog # MANUAL name: swipl-pack-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/swipl/cataloger.go function: NewSwiplPackCataloger selectors: # AUTO-GENERATED - declared - directory - language - pack - package - swipl parsers: # AUTO-GENERATED structure - function: parsePackPackage # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/pack.pl' metadata_types: # AUTO-GENERATED - pkg.SwiplPackEntry package_types: # AUTO-GENERATED - swiplpack json_schema_types: # AUTO-GENERATED - SwiplpackPackage capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - name: dependency.edges default: "" - name: dependency.kinds default: - runtime - dev - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false # Terraform ###################################################################################################### - ecosystem: terraform # MANUAL name: terraform-lock-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/terraform/cataloger.go function: NewLockCataloger selectors: # AUTO-GENERATED - declared - directory - package - terraform parsers: # AUTO-GENERATED structure - function: parseTerraformLock # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/.terraform.lock.hcl' metadata_types: # AUTO-GENERATED - pkg.TerraformLockProviderEntry package_types: # AUTO-GENERATED - terraform json_schema_types: # AUTO-GENERATED - TerraformLockProviderEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: false - name: dependency.depth default: - direct - name: dependency.edges default: "" - name: dependency.kinds default: - runtime - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: true evidence: - TerraformLockProviderEntry.Hashes # WordPress ###################################################################################################### - ecosystem: wordpress # MANUAL name: wordpress-plugins-cataloger # AUTO-GENERATED type: generic # AUTO-GENERATED source: # AUTO-GENERATED file: syft/pkg/cataloger/wordpress/cataloger.go function: NewWordpressPluginCataloger selectors: # AUTO-GENERATED - directory - image - package - wordpress parsers: # AUTO-GENERATED structure - function: parseWordpressPluginFiles # AUTO-GENERATED detector: # AUTO-GENERATED method: glob # AUTO-GENERATED criteria: # AUTO-GENERATED - '**/wp-content/plugins/*/*.php' metadata_types: # AUTO-GENERATED - pkg.WordpressPluginEntry package_types: # AUTO-GENERATED - wordpress-plugin json_schema_types: # AUTO-GENERATED - WordpressPluginEntry capabilities: # MANUAL - config-driven capability definitions - name: license default: true - name: dependency.depth default: [] - name: dependency.edges default: "" - name: dependency.kinds default: [] - name: package_manager.files.listing default: false - name: package_manager.files.digests default: false - name: package_manager.package_integrity_hash default: false