mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 08:23:15 +01:00
38c4b17847
* add support for searching jars within archives Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add package cataloger config options Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * address review comments + factor out safeCopy helper Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update config docs regarding package archive search options Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * show that unindexed archive cataloging defaults to false Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove lies about -s Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * address review comments Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update search archive note about java Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
76 lines
2.2 KiB
Go
76 lines
2.2 KiB
Go
package integration
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/anchore/syft/syft/pkg/cataloger"
|
|
|
|
"github.com/anchore/syft/syft/sbom"
|
|
|
|
"github.com/anchore/stereoscope/pkg/imagetest"
|
|
"github.com/anchore/syft/syft"
|
|
"github.com/anchore/syft/syft/source"
|
|
)
|
|
|
|
func catalogFixtureImage(t *testing.T, fixtureImageName string) (sbom.SBOM, *source.Source) {
|
|
imagetest.GetFixtureImage(t, "docker-archive", fixtureImageName)
|
|
tarPath := imagetest.GetFixtureImageTarPath(t, fixtureImageName)
|
|
|
|
theSource, cleanupSource, err := source.New("docker-archive:"+tarPath, nil, nil)
|
|
t.Cleanup(cleanupSource)
|
|
if err != nil {
|
|
t.Fatalf("unable to get source: %+v", err)
|
|
}
|
|
|
|
// TODO: this would be better with functional options (after/during API refactor)
|
|
c := cataloger.DefaultConfig()
|
|
c.Search.Scope = source.SquashedScope
|
|
pkgCatalog, relationships, actualDistro, err := syft.CatalogPackages(theSource, c)
|
|
if err != nil {
|
|
t.Fatalf("failed to catalog image: %+v", err)
|
|
}
|
|
|
|
return sbom.SBOM{
|
|
Artifacts: sbom.Artifacts{
|
|
PackageCatalog: pkgCatalog,
|
|
Distro: actualDistro,
|
|
},
|
|
Relationships: relationships,
|
|
Source: theSource.Metadata,
|
|
Descriptor: sbom.Descriptor{
|
|
Name: "syft",
|
|
Version: "v0.42.0-bogus",
|
|
// the application configuration should be persisted here, however, we do not want to import
|
|
// the application configuration in this package (it's reserved only for ingestion by the cmd package)
|
|
Configuration: map[string]string{
|
|
"config-key": "config-value",
|
|
},
|
|
},
|
|
}, theSource
|
|
}
|
|
|
|
func catalogDirectory(t *testing.T, dir string) (sbom.SBOM, *source.Source) {
|
|
theSource, cleanupSource, err := source.New("dir:"+dir, nil, nil)
|
|
t.Cleanup(cleanupSource)
|
|
if err != nil {
|
|
t.Fatalf("unable to get source: %+v", err)
|
|
}
|
|
|
|
// TODO: this would be better with functional options (after/during API refactor)
|
|
c := cataloger.DefaultConfig()
|
|
c.Search.Scope = source.AllLayersScope
|
|
pkgCatalog, relationships, actualDistro, err := syft.CatalogPackages(theSource, c)
|
|
if err != nil {
|
|
t.Fatalf("failed to catalog image: %+v", err)
|
|
}
|
|
|
|
return sbom.SBOM{
|
|
Artifacts: sbom.Artifacts{
|
|
PackageCatalog: pkgCatalog,
|
|
Distro: actualDistro,
|
|
},
|
|
Relationships: relationships,
|
|
Source: theSource.Metadata,
|
|
}, theSource
|
|
}
|