oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-19 09:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
syft/internal/capabilities/packages/java.yaml
Alex Goodman 6edb1162c8 split packages.yaml to multiple files by go package 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-11-18 13:28:18 -05:00

294 lines
9.4 KiB
YAML
Raw Blame History

# Cataloger capabilities. See ../README.md for documentation.
configs: # AUTO-GENERATED - config structs and their fields
java.ArchiveCatalogerConfig:
fields:
- key: IncludeIndexedArchives
description: IncludeIndexedArchives indicates whether to search within indexed archive files (e.g., .zip).
- key: IncludeUnindexedArchives
description: IncludeUnindexedArchives indicates whether to search within unindexed archive files (e.g., .tar*).
- key: UseNetwork
description: UseNetwork enables network operations for java package metadata enrichment, such as fetching parent POMs and license information.
app_key: java.use-network
- key: UseMavenLocalRepository
description: UseMavenLocalRepository enables searching the local maven repository (~/.m2/repository by default) for parent POMs and other metadata.
app_key: java.use-maven-local-repository
- key: MavenLocalRepositoryDir
description: MavenLocalRepositoryDir specifies the location of the local maven repository. When not set, defaults to ~/.m2/repository.
app_key: java.maven-local-repository-dir
- key: MavenBaseURL
description: MavenBaseURL specifies the base URL(s) to use for fetching POMs and metadata from maven central or other repositories. When not set, defaults to https://repo1.maven.org/maven2.
app_key: java.maven-url
- key: MaxParentRecursiveDepth
description: MaxParentRecursiveDepth limits how many parent POMs will be fetched recursively before stopping. This prevents infinite loops or excessively deep parent chains.
app_key: java.max-parent-recursive-depth
- key: ResolveTransitiveDependencies
description: ResolveTransitiveDependencies enables resolving transitive dependencies for java packages found within archives.
app_key: java.resolve-transitive-dependencies
catalogers:
- ecosystem: java # MANUAL
name: java-archive-cataloger # AUTO-GENERATED
type: custom # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/java/cataloger.go
function: NewArchiveCataloger
config: java.ArchiveCatalogerConfig # AUTO-GENERATED
selectors: # AUTO-GENERATED
- directory
- image
- installed
- java
- language
- maven
- package
detectors: # MANUAL - edit detectors here
- method: glob
criteria:
- '**/*.jar'
- '**/*.war'
- '**/*.ear'
- '**/*.par'
- '**/*.sar'
- '**/*.nar'
- '**/*.jpi'
- '**/*.hpi'
- '**/*.kar'
- '**/*.lpkg'
comment: JAR-based archives - always active
- method: glob
criteria:
- '**/*.zip'
conditions:
- when:
IncludeIndexedArchives: true
comment: ZIP archives require indexed archive support
- method: glob
criteria:
- '**/*.tar'
- '**/*.tar.gz'
- '**/*.tgz'
- '**/*.tar.bz'
- '**/*.tar.bz2'
- '**/*.tbz'
- '**/*.tbz2'
- '**/*.tar.br'
- '**/*.tbr'
- '**/*.tar.lz4'
- '**/*.tlz4'
- '**/*.tar.sz'
- '**/*.tsz'
- '**/*.tar.xz'
- '**/*.txz'
- '**/*.tar.zst'
- '**/*.tzst'
- '**/*.tar.zstd'
- '**/*.tzstd'
conditions:
- when:
IncludeUnindexedArchives: true
comment: TAR archives require unindexed archive support
metadata_types: # AUTO-GENERATED
- pkg.JavaArchive
package_types: # AUTO-GENERATED
- java-archive
json_schema_types: # AUTO-GENERATED
- JavaArchive
capabilities: # MANUAL - edit capabilities here
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- JavaArchive.ArchiveDigests
- ecosystem: java # MANUAL
name: java-gradle-lockfile-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/java/cataloger.go
function: NewGradleLockfileCataloger
selectors: # AUTO-GENERATED
- declared
- directory
- gradle
- java
- language
- package
parsers: # AUTO-GENERATED structure
- function: parseGradleLockfile
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/gradle.lockfile*'
metadata_types: # AUTO-GENERATED
- pkg.JavaArchive
package_types: # AUTO-GENERATED
- java-archive
json_schema_types: # AUTO-GENERATED
- JavaArchive
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: java # MANUAL
name: java-pom-cataloger # AUTO-GENERATED
type: custom # AUTO-GENERATED
source: # AUTO-GENERATED
file: ""
function: ""
selectors: # AUTO-GENERATED
- declared
- directory
- java
- language
- maven
- package
detectors: # MANUAL - edit detectors here
- method: glob
criteria:
- '*pom.xml'
metadata_types: # AUTO-GENERATED
- pkg.JavaArchive
package_types: # AUTO-GENERATED
- java-archive
json_schema_types: # AUTO-GENERATED
- JavaArchive
capabilities: # MANUAL - edit capabilities here
- name: license
default: true
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: java # MANUAL
name: java-jvm-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/java/cataloger.go
function: NewJvmDistributionCataloger
selectors: # AUTO-GENERATED
- declared
- directory
- image
- installed
- java
- jdk
- jre
- jvm
- package
parsers: # AUTO-GENERATED structure
- function: parseJVMRelease
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/release'
metadata_types: # AUTO-GENERATED
- pkg.JavaVMInstallation
package_types: # AUTO-GENERATED
- binary
json_schema_types: # AUTO-GENERATED
- JavaJvmInstallation
capabilities: # MANUAL - preserved across regeneration
- name: license
default: true
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: true
evidence:
- JavaVMInstallation.Files
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: java # MANUAL
name: graalvm-native-image-cataloger # AUTO-GENERATED
type: custom # AUTO-GENERATED
source: # AUTO-GENERATED
file: ""
function: ""
selectors: # AUTO-GENERATED
- directory
- image
- installed
- java
- language
- package
detectors: # MANUAL - edit detectors here
- method: mimetype
criteria:
- application/x-executable
- application/x-mach-binary
- application/x-elf
- application/x-sharedlib
- application/vnd.microsoft.portable-executable
package_types: # AUTO-GENERATED
- graalvm-native-image
capabilities: # MANUAL - edit capabilities here
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
comment: the dependencies ultimately depends on the quality of the embedded SBOM
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
Reference in New Issue View Git Blame Copy Permalink