mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 16:33:21 +01:00
ef627d82ef
* migrate pkg.ID and pkg.Relationship to artifact package Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * return relationships from tasks Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix more tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add artifact.Identifiable by Identity() method Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove catalog ID assignment Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * adjust spdx helpers to use copy of packages Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * stabilize package ID relative to encode-decode format cycles Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rename Identity() to ID() Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * use zero value for nils in ID generation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * enable source.Location to be identifiable Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * hoist up package relationship discovery to analysis stage Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update ownership-by-file-overlap relationship description Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add test reminders to put new relationships under test Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * adjust PHP composer.lock parser function to return relationships Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
59 lines
1.5 KiB
Go
59 lines
1.5 KiB
Go
package integration
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/anchore/syft/syft/sbom"
|
|
|
|
"github.com/anchore/stereoscope/pkg/imagetest"
|
|
"github.com/anchore/syft/syft"
|
|
"github.com/anchore/syft/syft/source"
|
|
)
|
|
|
|
func catalogFixtureImage(t *testing.T, fixtureImageName string) (sbom.SBOM, *source.Source) {
|
|
imagetest.GetFixtureImage(t, "docker-archive", fixtureImageName)
|
|
tarPath := imagetest.GetFixtureImageTarPath(t, fixtureImageName)
|
|
|
|
theSource, cleanupSource, err := source.New("docker-archive:"+tarPath, nil)
|
|
t.Cleanup(cleanupSource)
|
|
if err != nil {
|
|
t.Fatalf("unable to get source: %+v", err)
|
|
}
|
|
|
|
pkgCatalog, relationships, actualDistro, err := syft.CatalogPackages(theSource, source.SquashedScope)
|
|
if err != nil {
|
|
t.Fatalf("failed to catalog image: %+v", err)
|
|
}
|
|
|
|
return sbom.SBOM{
|
|
Artifacts: sbom.Artifacts{
|
|
PackageCatalog: pkgCatalog,
|
|
Distro: actualDistro,
|
|
},
|
|
Relationships: relationships,
|
|
Source: theSource.Metadata,
|
|
}, theSource
|
|
}
|
|
|
|
func catalogDirectory(t *testing.T, dir string) (sbom.SBOM, *source.Source) {
|
|
theSource, cleanupSource, err := source.New("dir:"+dir, nil)
|
|
t.Cleanup(cleanupSource)
|
|
if err != nil {
|
|
t.Fatalf("unable to get source: %+v", err)
|
|
}
|
|
|
|
pkgCatalog, relationships, actualDistro, err := syft.CatalogPackages(theSource, source.AllLayersScope)
|
|
if err != nil {
|
|
t.Fatalf("failed to catalog image: %+v", err)
|
|
}
|
|
|
|
return sbom.SBOM{
|
|
Artifacts: sbom.Artifacts{
|
|
PackageCatalog: pkgCatalog,
|
|
Distro: actualDistro,
|
|
},
|
|
Relationships: relationships,
|
|
Source: theSource.Metadata,
|
|
}, theSource
|
|
}
|