mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 08:23:15 +01:00
3454 lines
121 KiB
YAML
3454 lines
121 KiB
YAML
# This file is partially auto-generated. Run 'go generate ./internal/capabilities' to regenerate.
|
|
# Fields marked AUTO-GENERATED will be updated during regeneration.
|
|
# All 'capabilities' sections are MANUAL - edit these to describe cataloger behavior.
|
|
|
|
# CAPABILITY SECTIONS:
|
|
# There are two types of capability sections depending on cataloger type:
|
|
|
|
# 1. Generic catalogers (type=generic): Have capabilities at the PARSER level
|
|
# - Each parser function has its own capabilities section
|
|
# - Allows different parsers within the same cataloger to have different capabilities
|
|
|
|
# 2. Custom catalogers (type=custom): Have capabilities at the CATALOGER level
|
|
# - Single capabilities section for the entire cataloger
|
|
|
|
# CAPABILITIES FORMAT:
|
|
# Capabilities use a field-based format with defaults and optional conditional overrides:
|
|
|
|
# capabilities:
|
|
# - field: <field-name> # dot-notation path (e.g., "license", "dependency.depth")
|
|
# default: <value> # value when no conditions match
|
|
# conditions: # optional - conditional overrides evaluated in order
|
|
# - when: {ConfigField: val} # when these config fields match (AND logic)
|
|
# value: <override-value> # use this value instead
|
|
# comment: "explanation" # optional - why this condition exists
|
|
# evidence: # optional - source code references
|
|
# - "StructName.FieldName"
|
|
# comment: "explanation" # optional - general field explanation
|
|
|
|
# DETECTOR CONDITIONS:
|
|
# Detectors (used by custom catalogers) can have optional conditions that control when
|
|
# they are active. This allows a single cataloger to have different detection behavior
|
|
# based on configuration.
|
|
|
|
# Structure:
|
|
# detectors:
|
|
# - method: glob # AUTO-GENERATED - detection method
|
|
# criteria: ["**/*.jar"] # AUTO-GENERATED - patterns to match
|
|
# comment: "always active" # MANUAL - optional explanation
|
|
# - method: glob
|
|
# criteria: ["**/*.zip"]
|
|
# conditions: # MANUAL - when this detector is active
|
|
# - when: {IncludeZipFiles: true} # config fields that must match
|
|
# comment: "optional explanation"
|
|
# comment: "ZIP detection requires config"
|
|
|
|
# Notes:
|
|
# - Conditions reference fields from the cataloger's config struct
|
|
# - Multiple conditions in the array use OR logic (any condition can activate)
|
|
# - Multiple fields in a 'when' clause use AND logic (all must match)
|
|
# - Detectors without conditions are always active
|
|
# - Only custom catalogers support detectors with conditions
|
|
|
|
# CONDITION EVALUATION:
|
|
# - Conditions are evaluated in array order (first match wins)
|
|
# - Multiple fields in a 'when' clause use AND logic (all must match)
|
|
# - Multiple conditions in the array use OR logic (first matching condition)
|
|
# - If no conditions match, the default value is used
|
|
|
|
# CAPABILITY FIELDS:
|
|
# Standard capability field names and their value types:
|
|
|
|
# license: (boolean)
|
|
# Whether license information is available.
|
|
# Examples:
|
|
# default: true # always available
|
|
# default: false # never available
|
|
# default: false # requires configuration
|
|
# conditions:
|
|
# - when: {SearchRemoteLicenses: true}
|
|
# value: true
|
|
|
|
# dependency.depth: (array of strings)
|
|
# Which dependency depths can be discovered.
|
|
# Values: "direct" (immediate deps), "indirect" (transitive deps)
|
|
# Examples:
|
|
# default: [direct] # only immediate dependencies
|
|
# default: [direct, indirect] # full transitive closure
|
|
# default: [] # no dependency information
|
|
|
|
# dependency.edges: (string)
|
|
# Relationships between nodes and completeness of the dependency graph.
|
|
# Values:
|
|
# - "" # dependencies found but no edges between them
|
|
# - "flat" # single level of dependencies with edges to root package only
|
|
# - "reduced" # transitive reduction (redundant edges removed)
|
|
# - "complete" # all relationships with accurate direct and indirect edges
|
|
# Examples:
|
|
# default: complete
|
|
# default: ""
|
|
|
|
# dependency.kinds: (array of strings)
|
|
# Types of dependencies that can be discovered.
|
|
# Values: "runtime", "dev", "build", "test", "optional"
|
|
# Examples:
|
|
# default: [runtime] # production dependencies only
|
|
# default: [runtime, dev] # production and development
|
|
# default: [runtime, dev, build] # all dependency types
|
|
# default: [runtime] # with conditional dev deps
|
|
# conditions:
|
|
# - when: {IncludeDevDeps: true}
|
|
# value: [runtime, dev]
|
|
|
|
# package_manager.files.listing: (boolean)
|
|
# Whether file listings are available (which files belong to the package).
|
|
# Examples:
|
|
# default: true
|
|
# default: false
|
|
# conditions:
|
|
# - when: {CaptureOwnedFiles: true}
|
|
# value: true
|
|
|
|
# package_manager.files.digests: (boolean)
|
|
# Whether file digests/checksums are included in listings.
|
|
# Examples:
|
|
# default: true
|
|
# default: false
|
|
|
|
# package_manager.package_integrity_hash: (boolean)
|
|
# Whether a hash for verifying package integrity is available.
|
|
# Examples:
|
|
# default: true
|
|
# default: false
|
|
|
|
# EXAMPLES:
|
|
|
|
# # Simple cataloger with no configuration
|
|
# capabilities:
|
|
# - name: license
|
|
# default: true
|
|
# comment: "license field always present in package.json"
|
|
# - name: dependency.depth
|
|
# default: [direct]
|
|
# - name: dependency.edges
|
|
# default: ""
|
|
# - name: dependency.kinds
|
|
# default: [runtime]
|
|
# comment: "devDependencies not parsed by this cataloger"
|
|
# - name: package_manager.files.listing
|
|
# default: false
|
|
# - name: package_manager.files.digests
|
|
# default: false
|
|
# - name: package_manager.package_integrity_hash
|
|
# default: false
|
|
|
|
# # Cataloger with configuration-dependent capabilities
|
|
# capabilities:
|
|
# - name: license
|
|
# default: false
|
|
# conditions:
|
|
# - when: {SearchLocalModCacheLicenses: true}
|
|
# value: true
|
|
# comment: "searches for licenses in GOPATH mod cache"
|
|
# - when: {SearchRemoteLicenses: true}
|
|
# value: true
|
|
# comment: "fetches licenses from proxy.golang.org"
|
|
# comment: "license scanning requires configuration"
|
|
# - name: dependency.depth
|
|
# default: [direct, indirect]
|
|
# - name: dependency.edges
|
|
# default: flat
|
|
# - name: dependency.kinds
|
|
# default: [runtime, dev]
|
|
# - name: package_manager.files.listing
|
|
# default: false
|
|
# - name: package_manager.files.digests
|
|
# default: false
|
|
# - name: package_manager.package_integrity_hash
|
|
# default: true
|
|
# evidence:
|
|
# - "GolangBinaryBuildinfoEntry.H1Digest"
|
|
|
|
application: # AUTO-GENERATED - application-level config keys
|
|
- key: dotnet.dep-packages-must-claim-dll
|
|
description: only keep dep.json packages which have a runtime/resource DLL claimed in the deps.json targets section (but not necessarily found on disk). The package is also included if any child package claims a DLL, even if the package itself does not claim a DLL.
|
|
- key: dotnet.dep-packages-must-have-dll
|
|
description: only keep dep.json packages which an executable on disk is found. The package is also included if a DLL is found for any child package, even if the package itself does not have a DLL.
|
|
- key: dotnet.propagate-dll-claims-to-parents
|
|
description: treat DLL claims or on-disk evidence for child packages as DLL claims or on-disk evidence for any parent package
|
|
- key: dotnet.relax-dll-claims-when-bundling-detected
|
|
description: show all packages from the deps.json if bundling tooling is present as a dependency (e.g. ILRepack)
|
|
- key: golang.local-mod-cache-dir
|
|
description: specify an explicit go mod cache directory, if unset this defaults to $GOPATH/pkg/mod or $HOME/go/pkg/mod
|
|
- key: golang.local-vendor-dir
|
|
description: specify an explicit go vendor directory, if unset this defaults to ./vendor
|
|
- key: golang.main-module-version.from-build-settings
|
|
description: use the build settings (e.g. vcs.version & vcs.time) to craft a v0 pseudo version (e.g. v0.0.0-20220308212642-53e6d0aaf6fb) when a more accurate version cannot be found otherwise
|
|
- key: golang.main-module-version.from-contents
|
|
description: search for semver-like strings in the binary contents
|
|
- key: golang.main-module-version.from-ld-flags
|
|
description: look for LD flags that appear to be setting a version (e.g. -X main.version=1.0.0)
|
|
- key: golang.no-proxy
|
|
description: specifies packages which should not be fetched by proxy if unset this defaults to $GONOPROXY
|
|
- key: golang.proxy
|
|
description: remote proxy to use when retrieving go packages from the network, if unset this defaults to $GOPROXY followed by https://proxy.golang.org
|
|
- key: golang.search-local-mod-cache-licenses
|
|
description: search for go package licences in the GOPATH of the system running Syft, note that this is outside the container filesystem and potentially outside the root of a local directory scan
|
|
- key: golang.search-local-vendor-licenses
|
|
description: search for go package licences in the vendor folder on the system running Syft, note that this is outside the container filesystem and potentially outside the root of a local directory scan
|
|
- key: golang.search-remote-licenses
|
|
description: search for go package licences by retrieving the package from a network proxy
|
|
- key: java.maven-local-repository-dir
|
|
description: override the default location of the local Maven repository. the default is the subdirectory '.m2/repository' in your home directory
|
|
- key: java.maven-url
|
|
description: maven repository to use, defaults to Maven central
|
|
- key: java.max-parent-recursive-depth
|
|
description: depth to recursively resolve parent POMs, no limit if <= 0
|
|
- key: java.resolve-transitive-dependencies
|
|
description: resolve transient dependencies such as those defined in a dependency's POM on Maven central
|
|
- key: java.use-maven-local-repository
|
|
description: 'use the local Maven repository to retrieve pom files. When Maven is installed and was previously used for building the software that is being scanned, then most pom files will be available in this repository on the local file system. this greatly speeds up scans. when all pom files are available in the local repository, then ''use-network'' is not needed. TIP: If you want to download all required pom files to the local repository without running a full build, run ''mvn help:effective-pom'' before performing the scan with syft.'
|
|
- key: java.use-network
|
|
description: enables Syft to use the network to fetch version and license information for packages when a parent or imported pom file is not found in the local maven repository. the pom files are downloaded from the remote Maven repository at 'maven-url'
|
|
- key: javascript.include-dev-dependencies
|
|
description: include development-scoped dependencies
|
|
- key: javascript.npm-base-url
|
|
description: base NPM url to use
|
|
- key: javascript.search-remote-licenses
|
|
description: enables Syft to use the network to fill in more detailed license information
|
|
- key: linux-kernel.catalog-modules
|
|
description: whether to catalog linux kernel modules found within lib/modules/** directories
|
|
default: true
|
|
- key: nix.capture-owned-files
|
|
description: enumerate all files owned by packages found within Nix store paths
|
|
- key: python.guess-unpinned-requirements
|
|
description: when running across entries in requirements.txt that do not specify a specific version (e.g. "sqlalchemy >= 1.0.0, <= 2.0.0, != 3.0.0, <= 3.0.0"), attempt to guess what the version could be based on the version requirements specified (e.g. "1.0.0"). When enabled the lowest expressible version when given an arbitrary constraint will be used (even if that version may not be available/published).
|
|
configs: # AUTO-GENERATED - config structs and their fields
|
|
dotnet.CatalogerConfig:
|
|
fields:
|
|
- key: DepPackagesMustHaveDLL
|
|
description: DepPackagesMustHaveDLL allows for deps.json packages to be included only if there is a DLL on disk for that package.
|
|
app_key: dotnet.dep-packages-must-have-dll
|
|
- key: DepPackagesMustClaimDLL
|
|
description: DepPackagesMustClaimDLL allows for deps.json packages to be included only if there is a runtime/resource DLL claimed in the deps.json targets section. This does not require such claimed DLLs to exist on disk. The behavior of this
|
|
app_key: dotnet.dep-packages-must-claim-dll
|
|
- key: PropagateDLLClaimsToParents
|
|
description: PropagateDLLClaimsToParents allows for deps.json packages to be included if any child (transitive) package claims a DLL. This applies to both the claims configuration and evidence-on-disk configurations.
|
|
app_key: dotnet.propagate-dll-claims-to-parents
|
|
- key: RelaxDLLClaimsWhenBundlingDetected
|
|
description: RelaxDLLClaimsWhenBundlingDetected will look for indications of IL bundle tooling via deps.json package names and, if found (and this config option is enabled), will relax the DepPackagesMustClaimDLL value to `false` only in those cases.
|
|
app_key: dotnet.relax-dll-claims-when-bundling-detected
|
|
golang.CatalogerConfig:
|
|
fields:
|
|
- key: SearchLocalModCacheLicenses
|
|
description: SearchLocalModCacheLicenses enables searching for go package licenses in the local GOPATH mod cache.
|
|
app_key: golang.search-local-mod-cache-licenses
|
|
- key: LocalModCacheDir
|
|
description: LocalModCacheDir specifies the location of the local go module cache directory. When not set, syft will attempt to discover the GOPATH env or default to $HOME/go.
|
|
app_key: golang.local-mod-cache-dir
|
|
- key: SearchLocalVendorLicenses
|
|
description: SearchLocalVendorLicenses enables searching for go package licenses in the local vendor directory relative to the go.mod file.
|
|
app_key: golang.search-local-vendor-licenses
|
|
- key: LocalVendorDir
|
|
description: LocalVendorDir specifies the location of the local vendor directory. When not set, syft will search for a vendor directory relative to the go.mod file.
|
|
app_key: golang.local-vendor-dir
|
|
- key: SearchRemoteLicenses
|
|
description: SearchRemoteLicenses enables downloading go package licenses from the upstream go proxy (typically proxy.golang.org).
|
|
app_key: golang.search-remote-licenses
|
|
- key: Proxies
|
|
description: Proxies is a list of go module proxies to use when fetching go module metadata and licenses. When not set, syft will use the GOPROXY env or default to https://proxy.golang.org,direct.
|
|
app_key: golang.proxy
|
|
- key: NoProxy
|
|
description: NoProxy is a list of glob patterns that match go module names that should not be fetched from the go proxy. When not set, syft will use the GOPRIVATE and GONOPROXY env vars.
|
|
app_key: golang.no-proxy
|
|
java.ArchiveCatalogerConfig:
|
|
fields:
|
|
- key: IncludeIndexedArchives
|
|
description: IncludeIndexedArchives indicates whether to search within indexed archive files (e.g., .zip).
|
|
- key: IncludeUnindexedArchives
|
|
description: IncludeUnindexedArchives indicates whether to search within unindexed archive files (e.g., .tar*).
|
|
- key: UseNetwork
|
|
description: UseNetwork enables network operations for java package metadata enrichment, such as fetching parent POMs and license information.
|
|
app_key: java.use-network
|
|
- key: UseMavenLocalRepository
|
|
description: UseMavenLocalRepository enables searching the local maven repository (~/.m2/repository by default) for parent POMs and other metadata.
|
|
app_key: java.use-maven-local-repository
|
|
- key: MavenLocalRepositoryDir
|
|
description: MavenLocalRepositoryDir specifies the location of the local maven repository. When not set, defaults to ~/.m2/repository.
|
|
app_key: java.maven-local-repository-dir
|
|
- key: MavenBaseURL
|
|
description: MavenBaseURL specifies the base URL(s) to use for fetching POMs and metadata from maven central or other repositories. When not set, defaults to https://repo1.maven.org/maven2.
|
|
app_key: java.maven-url
|
|
- key: MaxParentRecursiveDepth
|
|
description: MaxParentRecursiveDepth limits how many parent POMs will be fetched recursively before stopping. This prevents infinite loops or excessively deep parent chains.
|
|
app_key: java.max-parent-recursive-depth
|
|
- key: ResolveTransitiveDependencies
|
|
description: ResolveTransitiveDependencies enables resolving transitive dependencies for java packages found within archives.
|
|
app_key: java.resolve-transitive-dependencies
|
|
javascript.CatalogerConfig:
|
|
fields:
|
|
- key: SearchRemoteLicenses
|
|
description: SearchRemoteLicenses enables querying the NPM registry API to retrieve license information for packages that are missing license data in their local metadata.
|
|
app_key: javascript.search-remote-licenses
|
|
- key: NPMBaseURL
|
|
description: NPMBaseURL specifies the base URL for the NPM registry API used when searching for remote license information.
|
|
app_key: javascript.npm-base-url
|
|
- key: IncludeDevDependencies
|
|
description: IncludeDevDependencies controls whether development dependencies should be included in the catalog results, in addition to production dependencies.
|
|
app_key: javascript.include-dev-dependencies
|
|
kernel.LinuxKernelCatalogerConfig:
|
|
fields:
|
|
- key: CatalogModules
|
|
description: CatalogModules enables cataloging linux kernel modules (*.ko files) in addition to the kernel itself.
|
|
app_key: linux-kernel.catalog-modules
|
|
nix.Config:
|
|
fields:
|
|
- key: CaptureOwnedFiles
|
|
description: CaptureOwnedFiles determines whether to record the list of files owned by each Nix package discovered in the store. Recording owned files provides more detailed information but increases processing time and memory usage.
|
|
app_key: nix.capture-owned-files
|
|
python.CatalogerConfig:
|
|
fields:
|
|
- key: GuessUnpinnedRequirements
|
|
description: GuessUnpinnedRequirements attempts to infer package versions from version constraints when no explicit version is specified in requirements files.
|
|
app_key: python.guess-unpinned-requirements
|
|
catalogers:
|
|
# alpm (arch / pacman) #################################################################################################
|
|
- ecosystem: alpm # MANUAL
|
|
name: alpm-db-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/arch/cataloger.go
|
|
function: NewDBCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- alpm
|
|
- archlinux
|
|
- directory
|
|
- image
|
|
- installed
|
|
- linux
|
|
- os
|
|
- package
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseAlpmDB # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/var/lib/pacman/local/**/desc'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.AlpmDBEntry
|
|
package_types: # AUTO-GENERATED
|
|
- alpm
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: true
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
- name: dependency.edges
|
|
default: complete
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: true
|
|
evidence:
|
|
- AlpmDBEntry.Files
|
|
- name: package_manager.files.digests
|
|
default: true
|
|
evidence:
|
|
- AlpmDBEntry.Files[].Digests
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
# Alpine linux (apk) ################################################################################################
|
|
- ecosystem: alpine # MANUAL
|
|
name: apk-db-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/alpine/cataloger.go
|
|
function: NewDBCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- alpine
|
|
- apk
|
|
- directory
|
|
- image
|
|
- installed
|
|
- linux
|
|
- os
|
|
- package
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseApkDB # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/lib/apk/db/installed'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.ApkDBEntry
|
|
package_types: # AUTO-GENERATED
|
|
- apk
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: true
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- name: dependency.edges
|
|
default: complete
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: true
|
|
evidence:
|
|
- ApkDBEntry.Files
|
|
- name: package_manager.files.digests
|
|
default: true
|
|
evidence:
|
|
- ApkDBEntry.Files[].Digest
|
|
- name: package_manager.package_integrity_hash
|
|
default: true
|
|
evidence:
|
|
- ApkDBEntry.Checksum
|
|
# Binary ############################################################################################################
|
|
- ecosystem: binary # MANUAL
|
|
name: binary-classifier-cataloger # AUTO-GENERATED
|
|
type: custom # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/binary/classifier_cataloger.go
|
|
function: NewClassifierCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- binary
|
|
- declared
|
|
- directory
|
|
- image
|
|
- installed
|
|
- package
|
|
detectors: # AUTO-GENERATED
|
|
- method: glob
|
|
criteria:
|
|
- '**/VERSION*'
|
|
- '**/arangosh'
|
|
- '**/bash'
|
|
- '**/beam.smp'
|
|
- '**/busybox'
|
|
- '**/cabal'
|
|
- '**/chrome'
|
|
- '**/composer*'
|
|
- '**/consul'
|
|
- '**/curl'
|
|
- '**/dart'
|
|
- '**/erlexec'
|
|
- '**/ffmpeg'
|
|
- '**/fluent-bit'
|
|
- '**/gcc'
|
|
- '**/getopt'
|
|
- '**/ghc*'
|
|
- '**/go'
|
|
- '**/gzip'
|
|
- '**/haproxy'
|
|
- '**/helm'
|
|
- '**/httpd'
|
|
- '**/java'
|
|
- '**/jdb'
|
|
- '**/jq'
|
|
- '**/libav*'
|
|
- '**/liberts_internal.a'
|
|
- '**/libjulia-internal.so'
|
|
- '**/libpypy*.so*'
|
|
- '**/libpython*.so*'
|
|
- '**/libstd-????????????????.dylib'
|
|
- '**/libstd-????????????????.so'
|
|
- '**/libswresample*'
|
|
- '**/lighttpd'
|
|
- '**/memcached'
|
|
- '**/mysql'
|
|
- '**/nginx'
|
|
- '**/node'
|
|
- '**/openssl'
|
|
- '**/perl'
|
|
- '**/postgres'
|
|
- '**/proftpd'
|
|
- '**/python*'
|
|
- '**/redis-server'
|
|
- '**/ruby'
|
|
- '**/sqlcipher'
|
|
- '**/stack'
|
|
- '**/swipl'
|
|
- '**/traefik'
|
|
- '**/vault'
|
|
- '**/wp'
|
|
- '**/xtrabackup'
|
|
- '**/xz'
|
|
- '**/zstd'
|
|
- '**/{mariadb,mysql}'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.BinarySignature
|
|
package_types: # AUTO-GENERATED
|
|
- binary
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
# TODO: what about shared libs, other elf packages, and os packages? this should work outside of the cataloger
|
|
- name: dependency.depth
|
|
default: []
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default: []
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- ecosystem: binary # MANUAL
|
|
name: elf-binary-package-cataloger # AUTO-GENERATED
|
|
type: custom # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: ""
|
|
function: ""
|
|
selectors: # AUTO-GENERATED
|
|
- binary
|
|
- declared
|
|
- directory
|
|
- elf
|
|
- elf-package
|
|
- image
|
|
- installed
|
|
- package
|
|
detectors: # MANUAL - edit detectors here
|
|
- method: mimetype
|
|
criteria:
|
|
- application/x-executable
|
|
- application/x-mach-binary
|
|
- application/x-elf
|
|
- application/x-sharedlib
|
|
- application/vnd.microsoft.portable-executable
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.ELFBinaryPackageNoteJSONPayload
|
|
package_types: # AUTO-GENERATED
|
|
- binary
|
|
- rpm
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
# licenses can be detected in some elf packages (via the licenses note field)
|
|
- name: license
|
|
default: true
|
|
# TODO: what about shared libs, other elf packages, and os packages? this should work outside of the cataloger
|
|
- name: dependency.depth
|
|
default: []
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default: []
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- ecosystem: binary # MANUAL
|
|
name: pe-binary-package-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/binary/pe_package_cataloger.go
|
|
function: NewPEPackageCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- binary
|
|
- declared
|
|
- directory
|
|
- dll
|
|
- exe
|
|
- image
|
|
- installed
|
|
- package
|
|
- pe
|
|
- pe-package
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parsePE # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/*.dll'
|
|
- '**/*.exe'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.PEBinary
|
|
package_types: # AUTO-GENERATED
|
|
- binary
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
# TODO: what about shared libs, other elf packages, and os packages? this should work outside of the cataloger
|
|
- name: dependency.depth
|
|
default: []
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default: []
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
# Bitnami ###########################################################################################################
|
|
- ecosystem: bitnami # MANUAL
|
|
name: bitnami-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/bitnami/cataloger.go
|
|
function: NewCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- bitnami
|
|
- image
|
|
- installed
|
|
- package
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseSBOM # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- /opt/bitnami/**/.spdx-*.spdx
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.BitnamiSBOMEntry
|
|
package_types: # AUTO-GENERATED
|
|
- bitnami
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
# the reach will vary for each ecosystem
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
- name: dependency.edges
|
|
default: complete
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: true
|
|
evidence:
|
|
- BitnamiSBOMEntry.Files
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
# Rust (cargo) #####################################################################################################
|
|
- ecosystem: rust # MANUAL
|
|
name: cargo-auditable-binary-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/rust/cataloger.go
|
|
function: NewAuditBinaryCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- binary
|
|
- directory
|
|
- image
|
|
- installed
|
|
- language
|
|
- package
|
|
- rust
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseAuditBinary # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: mimetype # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- application/x-executable
|
|
- application/x-mach-binary
|
|
- application/x-elf
|
|
- application/x-sharedlib
|
|
- application/vnd.microsoft.portable-executable
|
|
- application/x-executable
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.RustBinaryAuditEntry
|
|
package_types: # AUTO-GENERATED
|
|
- rust-crate
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
- name: dependency.edges
|
|
default: complete
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- ecosystem: rust # MANUAL
|
|
name: rust-cargo-lock-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/rust/cataloger.go
|
|
function: NewCargoLockCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- cargo
|
|
- declared
|
|
- directory
|
|
- language
|
|
- package
|
|
- rust
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseCargoLock # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/Cargo.lock'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.RustCargoLockEntry
|
|
package_types: # AUTO-GENERATED
|
|
- rust-crate
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
- name: dependency.edges
|
|
default: complete
|
|
# though the toml has a dev/build section for deps, the lock has no knowledge of that
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- dev
|
|
- build
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: true
|
|
evidence:
|
|
- RustCargoLockEntry.Checksum
|
|
# Swift #########################################################################################################
|
|
- ecosystem: swift # MANUAL
|
|
name: cocoapods-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/swift/cataloger.go
|
|
function: NewCocoapodsCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- cocoapods
|
|
- declared
|
|
- directory
|
|
- language
|
|
- package
|
|
- swift
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parsePodfileLock # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/Podfile.lock'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.CocoaPodfileLockEntry
|
|
package_types: # AUTO-GENERATED
|
|
- pod
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
# we raise up all nodes in the graph, but don't relate them together in any way
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: true
|
|
evidence:
|
|
- CocoapodsLockEntry.Checksum
|
|
- ecosystem: swift # MANUAL
|
|
name: swift-package-manager-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/swift/cataloger.go
|
|
function: NewSwiftPackageManagerCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- declared
|
|
- directory
|
|
- language
|
|
- package
|
|
- spm
|
|
- swift
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parsePackageResolved # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/Package.resolved'
|
|
- '**/.package.resolved'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.SwiftPackageManagerResolvedEntry
|
|
package_types: # AUTO-GENERATED
|
|
- swift
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
# C/C++ ############################################################################################################
|
|
- ecosystem: c++ # MANUAL
|
|
name: conan-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/cpp/cataloger.go
|
|
function: NewConanCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- conan
|
|
- cpp
|
|
- declared
|
|
- directory
|
|
- language
|
|
- package
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseConanLock # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/conan.lock'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.ConanV1LockEntry
|
|
- pkg.ConanV2LockEntry
|
|
package_types: # AUTO-GENERATED
|
|
- conan
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
# we can detect nodes, but not how they relate to each other
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- build
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- function: parseConanfile # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/conanfile.txt'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.ConanfileEntry
|
|
package_types: # AUTO-GENERATED
|
|
- conan
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
# we can detect nodes, but not how they relate to each other
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- ecosystem: c++ # MANUAL
|
|
name: conan-info-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/cpp/cataloger.go
|
|
function: NewConanInfoCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- conan
|
|
- cpp
|
|
- image
|
|
- installed
|
|
- language
|
|
- package
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseConaninfo # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/conaninfo.txt'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.ConaninfoEntry
|
|
package_types: # AUTO-GENERATED
|
|
- conan
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- name: dependency.edges
|
|
default: flat
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
# Conda ############################################################################################################
|
|
- ecosystem: conda # MANUAL
|
|
name: conda-meta-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/conda/cataloger.go
|
|
function: NewCondaMetaCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- conda
|
|
- directory
|
|
- installed
|
|
- package
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseCondaMetaJSON # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/conda-meta/*.json'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.CondaMetaPackage
|
|
package_types: # AUTO-GENERATED
|
|
- conda
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: true
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: true
|
|
evidence:
|
|
- CondaMetaPackage.Files
|
|
- CondaMetaPackage.PathsData.Paths
|
|
- name: package_manager.files.digests
|
|
default: true
|
|
evidence:
|
|
- CondaMetaPackage.PathsData.Paths.SHA256
|
|
- name: package_manager.package_integrity_hash
|
|
default: true
|
|
# Dart #############################################################################################################
|
|
- ecosystem: dart # MANUAL
|
|
name: dart-pubspec-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/dart/cataloger.go
|
|
function: NewPubspecCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- dart
|
|
- declared
|
|
- directory
|
|
- language
|
|
- package
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parsePubspec # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/pubspec.yml'
|
|
- '**/pubspec.yaml'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.DartPubspec
|
|
package_types: # AUTO-GENERATED
|
|
- dart-pub
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- ecosystem: dart # MANUAL
|
|
name: dart-pubspec-lock-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/dart/cataloger.go
|
|
function: NewPubspecLockCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- dart
|
|
- declared
|
|
- directory
|
|
- language
|
|
- package
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parsePubspecLock # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/pubspec.lock'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.DartPubspecLockEntry
|
|
package_types: # AUTO-GENERATED
|
|
- dart-pub
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- dev
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
# Dpkg (debian) ###################################################################################################
|
|
- ecosystem: dpkg # MANUAL
|
|
name: dpkg-db-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/debian/cataloger.go
|
|
function: NewDBCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- debian
|
|
- directory
|
|
- dpkg
|
|
- image
|
|
- installed
|
|
- linux
|
|
- os
|
|
- package
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseDpkgDB # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/lib/dpkg/status'
|
|
- '**/lib/dpkg/status.d/*'
|
|
- '**/lib/opkg/info/*.control'
|
|
- '**/lib/opkg/status'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.DpkgDBEntry
|
|
package_types: # AUTO-GENERATED
|
|
- deb
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: true
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
- name: dependency.edges
|
|
default: complete
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: true
|
|
evidence:
|
|
- DpkgDBEntry.Files
|
|
- name: package_manager.files.digests
|
|
default: true
|
|
evidence:
|
|
- DpkgDBEntry.Files[].Digest
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- ecosystem: dpkg # MANUAL
|
|
name: deb-archive-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/debian/cataloger.go
|
|
function: NewArchiveCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- deb
|
|
- debian
|
|
- declared
|
|
- directory
|
|
- linux
|
|
- os
|
|
- package
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseDebArchive # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/*.deb'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.DpkgArchiveEntry
|
|
package_types: # AUTO-GENERATED
|
|
- deb
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: true
|
|
# an archive only has dependency CLAIMS in the metadata, but not dependencies incorporated as nodes/edges in the SBOM
|
|
- name: dependency.depth
|
|
default: []
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default: []
|
|
- name: package_manager.files.listing
|
|
default: true
|
|
evidence:
|
|
- DpkgArchiveEntry.Files
|
|
- name: package_manager.files.digests
|
|
default: true
|
|
evidence:
|
|
- DpkgArchiveEntry.Files[].Digest
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
# .NET ###################################################################################################
|
|
- ecosystem: dotnet # MANUAL
|
|
name: dotnet-deps-binary-cataloger # AUTO-GENERATED
|
|
type: custom # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: ""
|
|
function: ""
|
|
selectors: # AUTO-GENERATED
|
|
- c#
|
|
- directory
|
|
- dotnet
|
|
- image
|
|
- installed
|
|
- language
|
|
- package
|
|
detectors: # MANUAL - edit detectors here
|
|
- method: glob
|
|
criteria:
|
|
- '**/*.deps.json'
|
|
- '**/*.dll'
|
|
- '**/*.exe'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.DotnetDepsEntry
|
|
- pkg.DotnetPortableExecutableEntry
|
|
package_types: # AUTO-GENERATED
|
|
- dotnet
|
|
- npm
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
- name: dependency.edges
|
|
default: complete
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- ecosystem: dotnet # MANUAL
|
|
name: dotnet-deps-cataloger # AUTO-GENERATED
|
|
type: custom # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: ""
|
|
function: ""
|
|
selectors: # AUTO-GENERATED
|
|
- deprecated
|
|
- package
|
|
detectors: # MANUAL - edit detectors here
|
|
- method: glob
|
|
criteria:
|
|
- '**/*.deps.json'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.DotnetDepsEntry
|
|
package_types: # AUTO-GENERATED
|
|
- dotnet
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
- name: dependency.edges
|
|
default: complete
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- ecosystem: dotnet # MANUAL
|
|
name: dotnet-packages-lock-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/dotnet/cataloger.go
|
|
function: NewDotnetPackagesLockCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- c#
|
|
- declared
|
|
- directory
|
|
- dotnet
|
|
- image
|
|
- language
|
|
- package
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseDotnetPackagesLock # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/packages.lock.json'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.DotnetPackagesLockEntry
|
|
package_types: # AUTO-GENERATED
|
|
- dotnet
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
- name: dependency.edges
|
|
default: complete
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- dev
|
|
- build
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: true
|
|
evidence:
|
|
- DotnetPackagesLockEntry.ContentHash
|
|
- ecosystem: dotnet # MANUAL
|
|
name: dotnet-portable-executable-cataloger # AUTO-GENERATED
|
|
type: custom # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: ""
|
|
function: ""
|
|
config: dotnet.CatalogerConfig # AUTO-GENERATED
|
|
selectors: # AUTO-GENERATED
|
|
- deprecated
|
|
- package
|
|
detectors: # MANUAL - edit detectors here
|
|
- method: glob
|
|
criteria:
|
|
- '**/*.dll'
|
|
- '**/*.exe'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.DotnetPortableExecutableEntry
|
|
package_types: # AUTO-GENERATED
|
|
- dotnet
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default: []
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default: []
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
# Elixir ##########################################################################################################
|
|
- ecosystem: elixir # MANUAL
|
|
name: elixir-mix-lock-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/elixir/cataloger.go
|
|
function: NewMixLockCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- declared
|
|
- directory
|
|
- elixir
|
|
- language
|
|
- package
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseMixLock # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/mix.lock'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.ElixirMixLockEntry
|
|
package_types: # AUTO-GENERATED
|
|
- hex
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
# we find nodes, but can't relate them together
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- dev
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: true
|
|
evidence:
|
|
- ElixirMixLockEntry.PkgHash
|
|
- ElixirMixLockEntry.PkgHashExt
|
|
# Erlang ##########################################################################################################
|
|
- ecosystem: erlang # MANUAL
|
|
name: erlang-otp-application-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/erlang/cataloger.go
|
|
function: NewOTPCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- declared
|
|
- directory
|
|
- erlang
|
|
- language
|
|
- otp
|
|
- package
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseOTPApp # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/*.app'
|
|
package_types: # AUTO-GENERATED
|
|
- erlang-otp
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- dev
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- ecosystem: erlang # MANUAL
|
|
name: erlang-rebar-lock-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/erlang/cataloger.go
|
|
function: NewRebarLockCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- declared
|
|
- directory
|
|
- erlang
|
|
- language
|
|
- package
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseRebarLock # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/rebar.lock'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.ErlangRebarLockEntry
|
|
package_types: # AUTO-GENERATED
|
|
- hex
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- dev
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: true
|
|
evidence:
|
|
- ErlangRebarLockEntry.PkgHash
|
|
- ErlangRebarLockEntry.PkgHashExt
|
|
# GitHub Actions ##################################################################################################
|
|
- ecosystem: github-actions # MANUAL
|
|
name: github-action-workflow-usage-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/githubactions/cataloger.go
|
|
function: NewWorkflowUsageCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- declared
|
|
- directory
|
|
- github
|
|
- github-actions
|
|
- package
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseWorkflowForWorkflowUsage # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/.github/workflows/*.yaml'
|
|
- '**/.github/workflows/*.yml'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.GitHubActionsUseStatement
|
|
package_types: # AUTO-GENERATED
|
|
- github-action-workflow
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
# no dependencies supported
|
|
- name: dependency.depth
|
|
default: []
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default: []
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- ecosystem: github-actions # MANUAL
|
|
name: github-actions-usage-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/githubactions/cataloger.go
|
|
function: NewActionUsageCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- declared
|
|
- directory
|
|
- github
|
|
- github-actions
|
|
- package
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseCompositeActionForActionUsage # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/.github/actions/*/action.yml'
|
|
- '**/.github/actions/*/action.yaml'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.GitHubActionsUseStatement
|
|
package_types: # AUTO-GENERATED
|
|
- github-action
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
# no dependencies supported
|
|
- name: dependency.depth
|
|
default: []
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default: []
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- function: parseWorkflowForActionUsage # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/.github/workflows/*.yaml'
|
|
- '**/.github/workflows/*.yml'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.GitHubActionsUseStatement
|
|
package_types: # AUTO-GENERATED
|
|
- github-action
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
# no dependencies supported
|
|
- name: dependency.depth
|
|
default: []
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default: []
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
# Go ##############################################################################################################
|
|
- ecosystem: go # MANUAL
|
|
name: go-module-binary-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/golang/cataloger.go
|
|
function: NewGoModuleBinaryCataloger
|
|
config: golang.CatalogerConfig # AUTO-GENERATED
|
|
selectors: # AUTO-GENERATED
|
|
- binary
|
|
- directory
|
|
- go
|
|
- golang
|
|
- gomod
|
|
- image
|
|
- installed
|
|
- language
|
|
- package
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseGoBinary # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: mimetype # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- application/x-executable
|
|
- application/x-mach-binary
|
|
- application/x-elf
|
|
- application/x-sharedlib
|
|
- application/vnd.microsoft.portable-executable
|
|
- application/x-executable
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.GolangBinaryBuildinfoEntry
|
|
package_types: # AUTO-GENERATED
|
|
- go-module
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
conditions:
|
|
- when:
|
|
SearchLocalModCacheLicenses: true
|
|
value: true
|
|
- when:
|
|
SearchRemoteLicenses: true
|
|
value: true
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
- name: dependency.edges
|
|
default: flat
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- dev
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: true
|
|
evidence:
|
|
- GolangBinaryBuildinfoEntry.H1Digest
|
|
- ecosystem: go # MANUAL
|
|
name: go-module-file-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/golang/cataloger.go
|
|
function: NewGoModuleFileCataloger
|
|
config: golang.CatalogerConfig # AUTO-GENERATED
|
|
selectors: # AUTO-GENERATED
|
|
- declared
|
|
- directory
|
|
- go
|
|
- golang
|
|
- gomod
|
|
- language
|
|
- package
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseGoModFile # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/go.mod'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.GolangModuleEntry
|
|
- pkg.GolangSourceEntry
|
|
package_types: # AUTO-GENERATED
|
|
- go-module
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
conditions:
|
|
- when:
|
|
SearchLocalModCacheLicenses: true
|
|
value: true
|
|
- when:
|
|
SearchRemoteLicenses: true
|
|
value: true
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
- name: dependency.edges
|
|
default: flat
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- dev
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: true
|
|
evidence:
|
|
- GolangModuleEntry.H1Digest
|
|
- GolangSourceEntry.H1Digest
|
|
# Java ############################################################################################################
|
|
- ecosystem: java # MANUAL
|
|
name: java-archive-cataloger # AUTO-GENERATED
|
|
type: custom # MANUAL OVERRIDE
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/java/cataloger.go
|
|
function: NewArchiveCataloger
|
|
config: java.ArchiveCatalogerConfig # AUTO-GENERATED
|
|
selectors: # AUTO-GENERATED
|
|
- directory
|
|
- image
|
|
- installed
|
|
- java
|
|
- language
|
|
- maven
|
|
- package
|
|
detectors: # MANUAL - edit detectors here
|
|
- method: glob
|
|
criteria:
|
|
- '**/*.jar'
|
|
- '**/*.war'
|
|
- '**/*.ear'
|
|
- '**/*.par'
|
|
- '**/*.sar'
|
|
- '**/*.nar'
|
|
- '**/*.jpi'
|
|
- '**/*.hpi'
|
|
- '**/*.kar'
|
|
- '**/*.lpkg'
|
|
comment: JAR-based archives - always active
|
|
- method: glob
|
|
criteria:
|
|
- '**/*.zip'
|
|
conditions:
|
|
- when:
|
|
IncludeIndexedArchives: true
|
|
comment: ZIP archives require indexed archive support
|
|
- method: glob
|
|
criteria:
|
|
- '**/*.tar'
|
|
- '**/*.tar.gz'
|
|
- '**/*.tgz'
|
|
- '**/*.tar.bz'
|
|
- '**/*.tar.bz2'
|
|
- '**/*.tbz'
|
|
- '**/*.tbz2'
|
|
- '**/*.tar.br'
|
|
- '**/*.tbr'
|
|
- '**/*.tar.lz4'
|
|
- '**/*.tlz4'
|
|
- '**/*.tar.sz'
|
|
- '**/*.tsz'
|
|
- '**/*.tar.xz'
|
|
- '**/*.txz'
|
|
- '**/*.tar.zst'
|
|
- '**/*.tzst'
|
|
- '**/*.tar.zstd'
|
|
- '**/*.tzstd'
|
|
conditions:
|
|
- when:
|
|
IncludeUnindexedArchives: true
|
|
comment: TAR archives require unindexed archive support
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.JavaArchive
|
|
package_types: # AUTO-GENERATED
|
|
- java-archive
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
# TODO: online capabilities
|
|
- name: license
|
|
default: false
|
|
# TODO: this does not account for the various sources (maven/gradle/other) that have different dependency qualities
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
- name: dependency.edges
|
|
default: complete
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- dev
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
# note: only applicable to archives, but not raw gradle/maven files
|
|
default: true
|
|
evidence:
|
|
- JavaArchive.ArchiveDigests
|
|
- ecosystem: java # MANUAL
|
|
name: java-gradle-lockfile-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/java/cataloger.go
|
|
function: NewGradleLockfileCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- declared
|
|
- directory
|
|
- gradle
|
|
- java
|
|
- language
|
|
- package
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseGradleLockfile
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/gradle.lockfile*'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.JavaArchive
|
|
package_types: # AUTO-GENERATED
|
|
- java-archive
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
# we detect nodes, but can't relate them together
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- dev
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- ecosystem: java # MANUAL
|
|
name: java-pom-cataloger # AUTO-GENERATED
|
|
type: custom # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: ""
|
|
function: ""
|
|
selectors: # AUTO-GENERATED
|
|
- declared
|
|
- directory
|
|
- java
|
|
- language
|
|
- maven
|
|
- package
|
|
detectors: # MANUAL - edit detectors here
|
|
- method: glob
|
|
criteria:
|
|
- '*pom.xml'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.JavaArchive
|
|
package_types: # AUTO-GENERATED
|
|
- java-archive
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: true
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- name: dependency.edges
|
|
default: complete
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- dev
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- ecosystem: java # MANUAL
|
|
name: java-jvm-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/java/cataloger.go
|
|
function: NewJvmDistributionCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- declared
|
|
- directory
|
|
- image
|
|
- installed
|
|
- java
|
|
- jdk
|
|
- jre
|
|
- jvm
|
|
- package
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseJVMRelease
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/release'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.JavaVMInstallation
|
|
package_types: # AUTO-GENERATED
|
|
- binary
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: true
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- dev
|
|
- name: package_manager.files.listing
|
|
default: true
|
|
evidence:
|
|
- JavaVMInstallation.Files
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- ecosystem: java # MANUAL
|
|
name: graalvm-native-image-cataloger # AUTO-GENERATED
|
|
type: custom # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: ""
|
|
function: ""
|
|
selectors: # AUTO-GENERATED
|
|
- directory
|
|
- image
|
|
- installed
|
|
- java
|
|
- language
|
|
- package
|
|
detectors: # MANUAL - edit detectors here
|
|
- method: mimetype
|
|
criteria:
|
|
- application/x-executable
|
|
- application/x-mach-binary
|
|
- application/x-elf
|
|
- application/x-sharedlib
|
|
- application/vnd.microsoft.portable-executable
|
|
package_types: # MANUAL - edit package types here
|
|
- graalvm-native-image
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
comment: the dependencies ultimately depends on the quality of the embedded SBOM
|
|
- name: dependency.edges
|
|
default: complete
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- dev
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
# Haskell #########################################################################################################
|
|
- ecosystem: haskell # MANUAL
|
|
name: haskell-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/haskell/cataloger.go
|
|
function: NewHackageCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- cabal
|
|
- declared
|
|
- directory
|
|
- hackage
|
|
- haskell
|
|
- language
|
|
- package
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseCabalFreeze # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/cabal.project.freeze'
|
|
package_types: # AUTO-GENERATED
|
|
- hackage
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- dev
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- function: parseStackLock # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/stack.yaml.lock'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.HackageStackYamlLockEntry
|
|
package_types: # AUTO-GENERATED
|
|
- hackage
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- dev
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: true
|
|
evidence:
|
|
- HackageStackYamlLockEntry.PkgHash
|
|
- function: parseStackYaml # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/stack.yaml'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.HackageStackYamlEntry
|
|
package_types: # AUTO-GENERATED
|
|
- hackage
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- dev
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: true
|
|
evidence:
|
|
- HackageStackYamlEntry.PkgHash
|
|
# Homebrew #######################################################################################################
|
|
- ecosystem: homebrew # MANUAL
|
|
name: homebrew-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/homebrew/cataloger.go
|
|
function: NewCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- directory
|
|
- homebrew
|
|
- image
|
|
- installed
|
|
- package
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseHomebrewFormula # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/Cellar/*/*/.brew/*.rb'
|
|
- '**/Library/Taps/*/*/Formula/*.rb'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.HomebrewFormula
|
|
package_types: # AUTO-GENERATED
|
|
- homebrew
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: true
|
|
- name: dependency.depth
|
|
default: []
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default: []
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
# JavaScript ######################################################################################################
|
|
- ecosystem: javascript # MANUAL
|
|
name: javascript-lock-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/javascript/cataloger.go
|
|
function: NewLockCataloger
|
|
config: javascript.CatalogerConfig # AUTO-GENERATED
|
|
selectors: # AUTO-GENERATED
|
|
- declared
|
|
- directory
|
|
- javascript
|
|
- language
|
|
- node
|
|
- npm
|
|
- package
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parsePnpmLock # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/pnpm-lock.yaml'
|
|
package_types: # AUTO-GENERATED
|
|
- npm
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
# note: though there are dev dependencies listed, they are in a different section in the document
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- function: parseYarnLock # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/yarn.lock'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.YarnLockEntry
|
|
package_types: # AUTO-GENERATED
|
|
- npm
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
# note: though there are dev dependencies listed, they are in a different section in the document
|
|
default:
|
|
- runtime
|
|
- dev
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: true
|
|
evidence:
|
|
- YarnLockEntry.Integrity
|
|
- function: parsePackageLock # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/package-lock.json'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.NpmPackageLockEntry
|
|
package_types: # AUTO-GENERATED
|
|
- npm
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: true
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
# note: though there are dev dependencies listed, they are in a different section in the document
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: true
|
|
evidence:
|
|
- NpmPackageLockEntry.Integrity
|
|
- ecosystem: javascript # MANUAL
|
|
name: javascript-package-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/javascript/cataloger.go
|
|
function: NewPackageCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- image
|
|
- installed
|
|
- javascript
|
|
- language
|
|
- node
|
|
- package
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parsePackageJSON # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/package.json'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.NpmPackage
|
|
package_types: # AUTO-GENERATED
|
|
- npm
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: true
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
# note: devDependencies not parsed by this cataloger
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
# Linux ##########################################################################################################
|
|
- ecosystem: linux # MANUAL
|
|
name: linux-kernel-cataloger # AUTO-GENERATED
|
|
type: custom # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: ""
|
|
function: ""
|
|
config: kernel.LinuxKernelCatalogerConfig # AUTO-GENERATED
|
|
selectors: # AUTO-GENERATED
|
|
- declared
|
|
- directory
|
|
- image
|
|
- installed
|
|
- kernel
|
|
- linux
|
|
- package
|
|
detectors: # MANUAL - edit detectors here
|
|
- method: glob
|
|
criteria:
|
|
- '**/kernel'
|
|
- '**/kernel-*'
|
|
- '**/vmlinux'
|
|
- '**/vmlinux-*'
|
|
- '**/vmlinuz'
|
|
- '**/vmlinuz-*'
|
|
- '**/lib/modules/**/*.ko'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.LinuxKernel
|
|
- pkg.LinuxKernelModule
|
|
package_types: # AUTO-GENERATED
|
|
- linux-kernel
|
|
- linux-kernel-module
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: true
|
|
- name: dependency.depth
|
|
default: []
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default: []
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
# Lua #############################################################################################################
|
|
- ecosystem: lua # MANUAL
|
|
name: lua-rock-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/lua/cataloger.go
|
|
function: NewPackageCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- directory
|
|
- image
|
|
- installed
|
|
- language
|
|
- lua
|
|
- package
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseRockspec # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/*.rockspec'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.LuaRocksPackage
|
|
package_types: # AUTO-GENERATED
|
|
- lua-rocks
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: true
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
# Nix #############################################################################################################
|
|
- ecosystem: nix # MANUAL
|
|
name: nix-cataloger # AUTO-GENERATED
|
|
type: custom # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: ""
|
|
function: ""
|
|
selectors: # AUTO-GENERATED
|
|
- directory
|
|
- image
|
|
- installed
|
|
- language
|
|
- nix
|
|
- package
|
|
detectors: # MANUAL - edit detectors here
|
|
- method: glob
|
|
criteria:
|
|
- '**/nix/var/nix/db/db.sqlite'
|
|
- '**/nix/store/*'
|
|
- '**/nix/store/*.drv'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.NixStoreEntry
|
|
package_types: # AUTO-GENERATED
|
|
- nix
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
- name: dependency.edges
|
|
default: complete
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: true
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: true
|
|
evidence:
|
|
- NixStoreEntry.OutputHash
|
|
- ecosystem: nix # MANUAL
|
|
name: nix-store-cataloger # AUTO-GENERATED
|
|
type: custom # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: ""
|
|
function: ""
|
|
config: nix.Config # AUTO-GENERATED
|
|
selectors: # AUTO-GENERATED
|
|
- deprecated
|
|
- package
|
|
detectors: # MANUAL - edit detectors here
|
|
- method: glob
|
|
criteria:
|
|
- '**/nix/store/*'
|
|
- '**/nix/store/*.drv'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.NixStoreEntry
|
|
package_types: # AUTO-GENERATED
|
|
- nix
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
- name: dependency.edges
|
|
default: complete
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
conditions:
|
|
- when:
|
|
CaptureOwnedFiles: true
|
|
value: true
|
|
evidence:
|
|
- NixStoreEntry.Files
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: true
|
|
evidence:
|
|
- NixStoreEntry.OutputHash
|
|
# OCaml ##########################################################################################################
|
|
- ecosystem: ocaml # MANUAL
|
|
name: opam-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/ocaml/cataloger.go
|
|
function: NewOpamPackageManagerCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- declared
|
|
- directory
|
|
- language
|
|
- ocaml
|
|
- opam
|
|
- package
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseOpamPackage # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/*opam'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.OpamPackage
|
|
package_types: # AUTO-GENERATED
|
|
- opam
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: true
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
# PHP #############################################################################################################
|
|
- ecosystem: php # MANUAL
|
|
name: php-composer-installed-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/php/cataloger.go
|
|
function: NewComposerInstalledCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- composer
|
|
- image
|
|
- installed
|
|
- language
|
|
- package
|
|
- php
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseInstalledJSON # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/installed.json'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.PhpComposerInstalledEntry
|
|
package_types: # AUTO-GENERATED
|
|
- php-composer
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: true
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- dev
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- ecosystem: php # MANUAL
|
|
name: php-composer-lock-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/php/cataloger.go
|
|
function: NewComposerLockCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- composer
|
|
- declared
|
|
- directory
|
|
- language
|
|
- package
|
|
- php
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseComposerLock # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/composer.lock'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.PhpComposerLockEntry
|
|
package_types: # AUTO-GENERATED
|
|
- php-composer
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: true
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
# note: the dev dependencies are in a separate section in the lock file
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: true
|
|
- ecosystem: php # MANUAL
|
|
name: php-interpreter-cataloger # AUTO-GENERATED
|
|
type: custom # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: ""
|
|
function: ""
|
|
selectors: # AUTO-GENERATED
|
|
- binary
|
|
- declared
|
|
- directory
|
|
- image
|
|
- installed
|
|
- package
|
|
- php
|
|
detectors: # MANUAL - edit detectors here
|
|
- method: glob
|
|
criteria:
|
|
- '**/php*/**/*.so'
|
|
- '**/php-fpm*'
|
|
- '**/apache*/**/libphp*.so'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.BinarySignature
|
|
package_types: # AUTO-GENERATED
|
|
- binary
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- name: dependency.edges
|
|
default: flat
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- ecosystem: php # MANUAL
|
|
name: php-pear-serialized-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/php/cataloger.go
|
|
function: NewPearCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- declared
|
|
- directory
|
|
- image
|
|
- language
|
|
- package
|
|
- pear
|
|
- php
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parsePear # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/php/.registry/**/*.reg'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.PhpPearEntry
|
|
package_types: # AUTO-GENERATED
|
|
- php-pear
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: true
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: true
|
|
- name: package_manager.files.digests
|
|
default: true
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- ecosystem: php # MANUAL
|
|
name: php-pecl-serialized-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/php/cataloger.go
|
|
function: NewPeclCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- deprecated
|
|
- package
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parsePecl # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/php/.registry/.channel.*/*.reg'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.PhpPeclEntry
|
|
package_types: # AUTO-GENERATED
|
|
- php-pecl
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: true
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
# Portage (gentoo) ########################################################################################################
|
|
- ecosystem: portage # MANUAL
|
|
name: portage-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/gentoo/cataloger.go
|
|
function: NewPortageCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- directory
|
|
- gentoo
|
|
- image
|
|
- installed
|
|
- linux
|
|
- os
|
|
- package
|
|
- portage
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parsePortageContents # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/var/db/pkg/*/*/CONTENTS'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.PortageEntry
|
|
package_types: # AUTO-GENERATED
|
|
- portage
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: true
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: true
|
|
evidence:
|
|
- PortageEntry.Files
|
|
- name: package_manager.files.digests
|
|
default: true
|
|
evidence:
|
|
- PortageEntry.Files[].Digest
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
# Python #########################################################################################################
|
|
- ecosystem: python # MANUAL
|
|
name: python-installed-package-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/python/cataloger.go
|
|
function: NewInstalledPackageCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- directory
|
|
- image
|
|
- installed
|
|
- language
|
|
- package
|
|
- python
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseWheelOrEgg # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/*.egg-info'
|
|
- '**/*dist-info/METADATA'
|
|
- '**/*egg-info/PKG-INFO'
|
|
- '**/*DIST-INFO/METADATA'
|
|
- '**/*EGG-INFO/PKG-INFO'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.PythonPackage
|
|
package_types: # AUTO-GENERATED
|
|
- python
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: true
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- name: dependency.edges
|
|
default: complete
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: true
|
|
evidence:
|
|
- PythonPackage.Files
|
|
- name: package_manager.files.digests
|
|
default: true
|
|
evidence:
|
|
- PythonPackage.Files[].Digest
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- ecosystem: python # MANUAL
|
|
name: python-package-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/python/cataloger.go
|
|
function: NewPackageCataloger
|
|
config: python.CatalogerConfig # AUTO-GENERATED
|
|
selectors: # AUTO-GENERATED
|
|
- declared
|
|
- directory
|
|
- language
|
|
- package
|
|
- python
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseUvLock # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/uv.lock'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.PythonUvLockEntry
|
|
package_types: # AUTO-GENERATED
|
|
- python
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
- name: dependency.edges
|
|
default: complete
|
|
- name: dependency.kinds
|
|
default:
|
|
- dev
|
|
- optional
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- function: parseSetup # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/setup.py'
|
|
package_types: # AUTO-GENERATED
|
|
- python
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default: []
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- function: parsePipfileLock # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/Pipfile.lock'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.PythonPipfileLockEntry
|
|
package_types: # AUTO-GENERATED
|
|
- python
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: true
|
|
evidence:
|
|
- PythonPipfileLockEntry.Hashes
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- function: parsePoetryLock # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/poetry.lock'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.PythonPoetryLockEntry
|
|
package_types: # AUTO-GENERATED
|
|
- python
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
- name: dependency.edges
|
|
default: complete
|
|
- name: dependency.kinds
|
|
default:
|
|
- dev
|
|
- optional
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- function: parseRequirementsTxt # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/*requirements*.txt'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.PythonRequirementsEntry
|
|
package_types: # AUTO-GENERATED
|
|
- python
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default: []
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default: []
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
# R ###############################################################################################################
|
|
- ecosystem: r # MANUAL
|
|
name: r-package-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/r/cataloger.go
|
|
function: NewPackageCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- directory
|
|
- image
|
|
- installed
|
|
- language
|
|
- package
|
|
- r
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseDescriptionFile # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/DESCRIPTION'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.RDescription
|
|
package_types: # AUTO-GENERATED
|
|
- R-package
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: true
|
|
- name: dependency.depth
|
|
default: []
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default: []
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
# RPM (RedHat) #######################################################################################################
|
|
- ecosystem: rpm # MANUAL
|
|
name: rpm-archive-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/redhat/cataloger.go
|
|
function: NewArchiveCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- declared
|
|
- directory
|
|
- linux
|
|
- os
|
|
- package
|
|
- redhat
|
|
- rpm
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseRpmArchive # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/*.rpm'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.RpmArchive
|
|
package_types: # AUTO-GENERATED
|
|
- rpm
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: true
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- name: dependency.edges
|
|
default: complete
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: true
|
|
evidence:
|
|
- RpmArchive.Files
|
|
- name: package_manager.files.digests
|
|
default: true
|
|
evidence:
|
|
- RpmArchive.Files[].Digest
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- ecosystem: rpm # MANUAL
|
|
name: rpm-db-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/redhat/cataloger.go
|
|
function: NewDBCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- directory
|
|
- image
|
|
- installed
|
|
- linux
|
|
- os
|
|
- package
|
|
- redhat
|
|
- rpm
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseRpmManifest # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/var/lib/rpmmanifest/container-manifest-2'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.RpmDBEntry
|
|
package_types: # AUTO-GENERATED
|
|
- rpm
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- function: parseRpmDB # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/{var/lib,usr/share,usr/lib/sysimage}/rpm/{Packages,Packages.db,rpmdb.sqlite}'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.RpmDBEntry
|
|
package_types: # AUTO-GENERATED
|
|
- rpm
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: true
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
- name: dependency.edges
|
|
default: complete
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: true
|
|
evidence:
|
|
- RpmDBEntry.Files
|
|
- name: package_manager.files.digests
|
|
default: true
|
|
evidence:
|
|
- RpmDBEntry.Files[].Digest
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
# Ruby ###########################################################################################################
|
|
- ecosystem: ruby # MANUAL
|
|
name: ruby-gemfile-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/ruby/cataloger.go
|
|
function: NewGemFileLockCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- declared
|
|
- directory
|
|
- gem
|
|
- language
|
|
- package
|
|
- ruby
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseGemFileLockEntries # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/Gemfile.lock'
|
|
package_types: # AUTO-GENERATED
|
|
- gem
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- dev
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- ecosystem: ruby # MANUAL
|
|
name: ruby-gemspec-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/ruby/cataloger.go
|
|
function: NewGemSpecCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- declared
|
|
- directory
|
|
- gem
|
|
- gemspec
|
|
- language
|
|
- package
|
|
- ruby
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseGemSpecEntries # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/*.gemspec'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.RubyGemspec
|
|
package_types: # AUTO-GENERATED
|
|
- gem
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: true
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: true
|
|
evidence:
|
|
- RubyGemspec.Files
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- ecosystem: ruby # MANUAL
|
|
name: ruby-installed-gemspec-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/ruby/cataloger.go
|
|
function: NewInstalledGemSpecCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- gem
|
|
- gemspec
|
|
- image
|
|
- installed
|
|
- language
|
|
- package
|
|
- ruby
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseGemSpecEntries # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/specifications/**/*.gemspec'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.RubyGemspec
|
|
package_types: # AUTO-GENERATED
|
|
- gem
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: true
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- indirect
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: true
|
|
evidence:
|
|
- RubyGemspec.Files
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
# SBOM ##########################################################################################################
|
|
- ecosystem: sbom # MANUAL
|
|
name: sbom-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/sbom/cataloger.go
|
|
function: NewCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- package
|
|
- sbom
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseSBOM # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/*.syft.json'
|
|
- '**/*.bom.*'
|
|
- '**/*.bom'
|
|
- '**/bom'
|
|
- '**/*.sbom.*'
|
|
- '**/*.sbom'
|
|
- '**/sbom'
|
|
- '**/*.cdx.*'
|
|
- '**/*.cdx'
|
|
- '**/*.spdx.*'
|
|
- '**/*.spdx'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.ApkDBEntry
|
|
package_types: # AUTO-GENERATED
|
|
- apk
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: true
|
|
- name: dependency.depth
|
|
default: []
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default: []
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
# Snap ##########################################################################################################
|
|
- ecosystem: snap # MANUAL
|
|
name: snap-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/snap/cataloger.go
|
|
function: NewCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- directory
|
|
- image
|
|
- installed
|
|
- package
|
|
- snap
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseSnapdSnapcraft # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/snap/snapcraft.yaml'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.SnapEntry
|
|
package_types: # AUTO-GENERATED
|
|
- deb
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default: []
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default: []
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- function: parseSystemManifest # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/snap/manifest.yaml'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.SnapEntry
|
|
package_types: # AUTO-GENERATED
|
|
- deb
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default: []
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default: []
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- function: parseKernelChangelog # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/doc/linux-modules-*/changelog.Debian.gz'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.SnapEntry
|
|
package_types: # AUTO-GENERATED
|
|
- deb
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default: []
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default: []
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- function: parseBaseDpkgYaml # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/usr/share/snappy/dpkg.yaml'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.SnapEntry
|
|
package_types: # AUTO-GENERATED
|
|
- deb
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default: []
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default: []
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
- function: parseSnapYaml # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/meta/snap.yaml'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.SnapEntry
|
|
package_types: # AUTO-GENERATED
|
|
- deb
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default: []
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default: []
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
# Prolog ########################################################################################################
|
|
- ecosystem: prolog # MANUAL
|
|
name: swipl-pack-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/swipl/cataloger.go
|
|
function: NewSwiplPackCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- declared
|
|
- directory
|
|
- language
|
|
- pack
|
|
- package
|
|
- swipl
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parsePackPackage # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/pack.pl'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.SwiplPackEntry
|
|
package_types: # AUTO-GENERATED
|
|
- swiplpack
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- dev
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|
|
# Terraform ######################################################################################################
|
|
- ecosystem: terraform # MANUAL
|
|
name: terraform-lock-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/terraform/cataloger.go
|
|
function: NewLockCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- declared
|
|
- directory
|
|
- package
|
|
- terraform
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseTerraformLock # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/.terraform.lock.hcl'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.TerraformLockProviderEntry
|
|
package_types: # AUTO-GENERATED
|
|
- terraform
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: false
|
|
- name: dependency.depth
|
|
default:
|
|
- direct
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default:
|
|
- runtime
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: true
|
|
# WordPress ######################################################################################################
|
|
- ecosystem: wordpress # MANUAL
|
|
name: wordpress-plugins-cataloger # AUTO-GENERATED
|
|
type: generic # AUTO-GENERATED
|
|
source: # AUTO-GENERATED
|
|
file: syft/pkg/cataloger/wordpress/cataloger.go
|
|
function: NewWordpressPluginCataloger
|
|
selectors: # AUTO-GENERATED
|
|
- directory
|
|
- image
|
|
- package
|
|
- wordpress
|
|
parsers: # AUTO-GENERATED structure
|
|
- function: parseWordpressPluginFiles # AUTO-GENERATED
|
|
detector: # AUTO-GENERATED
|
|
method: glob # AUTO-GENERATED
|
|
criteria: # AUTO-GENERATED
|
|
- '**/wp-content/plugins/*/*.php'
|
|
metadata_types: # AUTO-GENERATED
|
|
- pkg.WordpressPluginEntry
|
|
package_types: # AUTO-GENERATED
|
|
- wordpress-plugin
|
|
capabilities: # MANUAL - config-driven capability definitions
|
|
- name: license
|
|
default: true
|
|
- name: dependency.depth
|
|
default: []
|
|
- name: dependency.edges
|
|
default: ""
|
|
- name: dependency.kinds
|
|
default: []
|
|
- name: package_manager.files.listing
|
|
default: false
|
|
- name: package_manager.files.digests
|
|
default: false
|
|
- name: package_manager.package_integrity_hash
|
|
default: false
|