mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 08:23:15 +01:00
55 lines
2.2 KiB
Go
55 lines
2.2 KiB
Go
/*
|
|
Package java provides a concrete Cataloger implementation for packages relating to the Java language ecosystem.
|
|
*/
|
|
package java
|
|
|
|
import (
|
|
"github.com/anchore/syft/syft/pkg"
|
|
"github.com/anchore/syft/syft/pkg/cataloger/generic"
|
|
)
|
|
|
|
// NewArchiveCataloger returns a new Java archive cataloger object for detecting packages with archives (jar, war, ear, par, sar, jpi, hpi, and native-image formats)
|
|
func NewArchiveCataloger(cfg ArchiveCatalogerConfig) pkg.Cataloger {
|
|
gap := newGenericArchiveParserAdapter(cfg)
|
|
|
|
c := generic.NewCataloger("java-archive-cataloger").
|
|
WithParserByGlobs(gap.parseJavaArchive, archiveFormatGlobs...)
|
|
|
|
if cfg.IncludeIndexedArchives {
|
|
// java archives wrapped within zip files
|
|
gzp := newGenericZipWrappedJavaArchiveParser(cfg)
|
|
c.WithParserByGlobs(gzp.parseZipWrappedJavaArchive, genericZipGlobs...)
|
|
}
|
|
|
|
if cfg.IncludeUnindexedArchives {
|
|
// java archives wrapped within tar files
|
|
gtp := newGenericTarWrappedJavaArchiveParser(cfg)
|
|
c.WithParserByGlobs(gtp.parseTarWrappedJavaArchive, genericTarGlobs...)
|
|
}
|
|
return c
|
|
}
|
|
|
|
// NewPomCataloger returns a cataloger capable of parsing dependencies from a pom.xml file.
|
|
// Pom files list dependencies that maybe not be locally installed yet.
|
|
func NewPomCataloger(cfg ArchiveCatalogerConfig) pkg.Cataloger {
|
|
return pomXMLCataloger{
|
|
cfg: cfg,
|
|
}
|
|
}
|
|
|
|
// NewGradleLockfileCataloger returns a cataloger capable of parsing dependencies from a gradle.lockfile file.
|
|
// Note: Older versions of lockfiles aren't supported yet
|
|
func NewGradleLockfileCataloger() pkg.Cataloger {
|
|
return generic.NewCataloger("java-gradle-lockfile-cataloger").
|
|
WithParserByGlobs(parseGradleLockfile, "**/gradle.lockfile*")
|
|
}
|
|
|
|
// NewJvmDistributionCataloger returns packages representing JDK/JRE installations (of multiple distribution types).
|
|
func NewJvmDistributionCataloger() pkg.Cataloger {
|
|
return generic.NewCataloger("java-jvm-cataloger").
|
|
// this is a very permissive glob that will match more than just the JVM release file.
|
|
// we started with "**/{java,jvm}/*/release", but this prevents scanning JVM archive contents (e.g. jdk8u402.zip).
|
|
// this approach lets us check more files for JVM release info, but be rather silent about errors.
|
|
WithParserByGlobs(parseJVMRelease, "**/release")
|
|
}
|