mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 08:23:15 +01:00
4194a2cd34
This PR adds DependencyOf relationships when ELF packages have been discovered by the binary cataloger. The discovered file.Executable type has a []ImportedLibraries that's read from the file when discovered by syft. By mapping these imported libraries back to the package collection, syft is able to create relationships showing which packages are dependencies of other packages by just reading metadata from the ELF executable. --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Signed-off-by: Brian Ebarb <ebarb.brian@sers.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
37 lines
854 B
Go
37 lines
854 B
Go
package task
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/anchore/syft/internal/relationship"
|
|
"github.com/anchore/syft/internal/sbomsync"
|
|
"github.com/anchore/syft/syft/artifact"
|
|
"github.com/anchore/syft/syft/cataloging"
|
|
"github.com/anchore/syft/syft/file"
|
|
"github.com/anchore/syft/syft/source"
|
|
)
|
|
|
|
var _ artifact.Identifiable = (*sourceIdentifierAdapter)(nil)
|
|
|
|
type sourceIdentifierAdapter struct {
|
|
desc source.Description
|
|
}
|
|
|
|
func (s sourceIdentifierAdapter) ID() artifact.ID {
|
|
return artifact.ID(s.desc.ID)
|
|
}
|
|
|
|
func NewRelationshipsTask(cfg cataloging.RelationshipsConfig, src source.Description) Task {
|
|
fn := func(_ context.Context, resolver file.Resolver, builder sbomsync.Builder) error {
|
|
relationship.Finalize(
|
|
resolver,
|
|
builder,
|
|
cfg,
|
|
&sourceIdentifierAdapter{desc: src})
|
|
|
|
return nil
|
|
}
|
|
|
|
return NewTask("relationships-cataloger", fn)
|
|
}
|