mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 16:33:21 +01:00
bd9007fc0e
* remove power-user document shape Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add power-user specific fields to syft-json format Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * port remaining spdx-json relationships to sbom model Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add coordinate set Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add SBOM file path helper Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * use internal mimetype helper in go binary cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add new package-of relationship Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update json schema to v2 Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * replace power-user presenter with syft-json format Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix tests and linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove "package-of" relationship (in favor of "contains") Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add tests for spdx22json format encoding enhancements Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update TODO and log entries Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * introduce sbom.Descriptor Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
68 lines
1.9 KiB
Go
68 lines
1.9 KiB
Go
package integration
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/anchore/syft/syft/sbom"
|
|
|
|
"github.com/anchore/stereoscope/pkg/imagetest"
|
|
"github.com/anchore/syft/syft"
|
|
"github.com/anchore/syft/syft/source"
|
|
)
|
|
|
|
func catalogFixtureImage(t *testing.T, fixtureImageName string) (sbom.SBOM, *source.Source) {
|
|
imagetest.GetFixtureImage(t, "docker-archive", fixtureImageName)
|
|
tarPath := imagetest.GetFixtureImageTarPath(t, fixtureImageName)
|
|
|
|
theSource, cleanupSource, err := source.New("docker-archive:"+tarPath, nil)
|
|
t.Cleanup(cleanupSource)
|
|
if err != nil {
|
|
t.Fatalf("unable to get source: %+v", err)
|
|
}
|
|
|
|
pkgCatalog, relationships, actualDistro, err := syft.CatalogPackages(theSource, source.SquashedScope)
|
|
if err != nil {
|
|
t.Fatalf("failed to catalog image: %+v", err)
|
|
}
|
|
|
|
return sbom.SBOM{
|
|
Artifacts: sbom.Artifacts{
|
|
PackageCatalog: pkgCatalog,
|
|
Distro: actualDistro,
|
|
},
|
|
Relationships: relationships,
|
|
Source: theSource.Metadata,
|
|
Descriptor: sbom.Descriptor{
|
|
Name: "syft",
|
|
Version: "v0.42.0-bogus",
|
|
// the application configuration should be persisted here, however, we do not want to import
|
|
// the application configuration in this package (it's reserved only for ingestion by the cmd package)
|
|
Configuration: map[string]string{
|
|
"config-key": "config-value",
|
|
},
|
|
},
|
|
}, theSource
|
|
}
|
|
|
|
func catalogDirectory(t *testing.T, dir string) (sbom.SBOM, *source.Source) {
|
|
theSource, cleanupSource, err := source.New("dir:"+dir, nil)
|
|
t.Cleanup(cleanupSource)
|
|
if err != nil {
|
|
t.Fatalf("unable to get source: %+v", err)
|
|
}
|
|
|
|
pkgCatalog, relationships, actualDistro, err := syft.CatalogPackages(theSource, source.AllLayersScope)
|
|
if err != nil {
|
|
t.Fatalf("failed to catalog image: %+v", err)
|
|
}
|
|
|
|
return sbom.SBOM{
|
|
Artifacts: sbom.Artifacts{
|
|
PackageCatalog: pkgCatalog,
|
|
Distro: actualDistro,
|
|
},
|
|
Relationships: relationships,
|
|
Source: theSource.Metadata,
|
|
}, theSource
|
|
}
|