oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 00:13:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
syft/internal/capabilities/packages.yaml
Keith Zantow 725b0dfda2
chore: java binary data 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-11-14 15:44:38 -05:00

4237 lines
145 KiB
YAML
Raw Blame History

# This file is partially auto-generated. Run 'go generate ./internal/capabilities' to regenerate.
# Fields marked AUTO-GENERATED will be updated during regeneration.
# All 'capabilities' sections are MANUAL - edit these to describe cataloger behavior.
# CAPABILITY SECTIONS:
# There are two types of capability sections depending on cataloger type:
# 1. Generic catalogers (type=generic): Have capabilities at the PARSER level
# - Each parser function has its own capabilities section
# - Allows different parsers within the same cataloger to have different capabilities
# 2. Custom catalogers (type=custom): Have capabilities at the CATALOGER level
# - Single capabilities section for the entire cataloger
# CAPABILITIES FORMAT:
# Capabilities use a field-based format with defaults and optional conditional overrides:
# capabilities:
# - field: <field-name> # dot-notation path (e.g., "license", "dependency.depth")
# default: <value> # value when no conditions match
# conditions: # optional - conditional overrides evaluated in order
# - when: {ConfigField: val} # when these config fields match (AND logic)
# value: <override-value> # use this value instead
# comment: "explanation" # optional - why this condition exists
# evidence: # optional - source code references
# - "StructName.FieldName"
# comment: "explanation" # optional - general field explanation
# DETECTOR CONDITIONS:
# Detectors (used by custom catalogers) can have optional conditions that control when
# they are active. This allows a single cataloger to have different detection behavior
# based on configuration.
# Structure:
# detectors:
# - method: glob # AUTO-GENERATED - detection method
# criteria: ["**/*.jar"] # AUTO-GENERATED - patterns to match
# comment: "always active" # MANUAL - optional explanation
# - method: glob
# criteria: ["**/*.zip"]
# conditions: # MANUAL - when this detector is active
# - when: {IncludeZipFiles: true} # config fields that must match
# comment: "optional explanation"
# comment: "ZIP detection requires config"
# Notes:
# - Conditions reference fields from the cataloger's config struct
# - Multiple conditions in the array use OR logic (any condition can activate)
# - Multiple fields in a 'when' clause use AND logic (all must match)
# - Detectors without conditions are always active
# - Only custom catalogers support detectors with conditions
# CONDITION EVALUATION:
# - Conditions are evaluated in array order (first match wins)
# - Multiple fields in a 'when' clause use AND logic (all must match)
# - Multiple conditions in the array use OR logic (first matching condition)
# - If no conditions match, the default value is used
# CAPABILITY FIELDS:
# Standard capability field names and their value types:
# license: (boolean)
# Whether license information is available.
# Examples:
# default: true # always available
# default: false # never available
# default: false # requires configuration
# conditions:
# - when: {SearchRemoteLicenses: true}
# value: true
# dependency.depth: (array of strings)
# Which dependency depths can be discovered.
# Values: "direct" (immediate deps), "indirect" (transitive deps)
# Examples:
# default: [direct] # only immediate dependencies
# default: [direct, indirect] # full transitive closure
# default: [] # no dependency information
# dependency.edges: (string)
# Relationships between nodes and completeness of the dependency graph.
# Values:
# - "" # dependencies found but no edges between them
# - "flat" # single level of dependencies with edges to root package only
# - "reduced" # transitive reduction (redundant edges removed)
# - "complete" # all relationships with accurate direct and indirect edges
# Examples:
# default: complete
# default: ""
# dependency.kinds: (array of strings)
# Types of dependencies that can be discovered.
# Values: "runtime", "dev", "build", "test", "optional"
# Examples:
# default: [runtime] # production dependencies only
# default: [runtime, dev] # production and development
# default: [runtime, dev, build] # all dependency types
# default: [runtime] # with conditional dev deps
# conditions:
# - when: {IncludeDevDeps: true}
# value: [runtime, dev]
# package_manager.files.listing: (boolean)
# Whether file listings are available (which files belong to the package).
# Examples:
# default: true
# default: false
# conditions:
# - when: {CaptureOwnedFiles: true}
# value: true
# package_manager.files.digests: (boolean)
# Whether file digests/checksums are included in listings.
# Examples:
# default: true
# default: false
# package_manager.package_integrity_hash: (boolean)
# Whether a hash for verifying package integrity is available.
# Examples:
# default: true
# default: false
# EXAMPLES:
# # Simple cataloger with no configuration
# capabilities:
# - name: license
# default: true
# comment: "license field always present in package.json"
# - name: dependency.depth
# default: [direct]
# - name: dependency.edges
# default: ""
# - name: dependency.kinds
# default: [runtime]
# comment: "devDependencies not parsed by this cataloger"
# - name: package_manager.files.listing
# default: false
# - name: package_manager.files.digests
# default: false
# - name: package_manager.package_integrity_hash
# default: false
# # Cataloger with configuration-dependent capabilities
# capabilities:
# - name: license
# default: false
# conditions:
# - when: {SearchLocalModCacheLicenses: true}
# value: true
# comment: "searches for licenses in GOPATH mod cache"
# - when: {SearchRemoteLicenses: true}
# value: true
# comment: "fetches licenses from proxy.golang.org"
# comment: "license scanning requires configuration"
# - name: dependency.depth
# default: [direct, indirect]
# - name: dependency.edges
# default: flat
# - name: dependency.kinds
# default: [runtime, dev]
# - name: package_manager.files.listing
# default: false
# - name: package_manager.files.digests
# default: false
# - name: package_manager.package_integrity_hash
# default: true
# evidence:
# - "GolangBinaryBuildinfoEntry.H1Digest"
application: # AUTO-GENERATED - application-level config keys
- key: dotnet.dep-packages-must-claim-dll
description: only keep dep.json packages which have a runtime/resource DLL claimed in the deps.json targets section (but not necessarily found on disk). The package is also included if any child package claims a DLL, even if the package itself does not claim a DLL.
- key: dotnet.dep-packages-must-have-dll
description: only keep dep.json packages which an executable on disk is found. The package is also included if a DLL is found for any child package, even if the package itself does not have a DLL.
- key: dotnet.propagate-dll-claims-to-parents
description: treat DLL claims or on-disk evidence for child packages as DLL claims or on-disk evidence for any parent package
- key: dotnet.relax-dll-claims-when-bundling-detected
description: show all packages from the deps.json if bundling tooling is present as a dependency (e.g. ILRepack)
- key: golang.local-mod-cache-dir
description: specify an explicit go mod cache directory, if unset this defaults to $GOPATH/pkg/mod or $HOME/go/pkg/mod
- key: golang.local-vendor-dir
description: specify an explicit go vendor directory, if unset this defaults to ./vendor
- key: golang.main-module-version.from-build-settings
description: use the build settings (e.g. vcs.version & vcs.time) to craft a v0 pseudo version (e.g. v0.0.0-20220308212642-53e6d0aaf6fb) when a more accurate version cannot be found otherwise
- key: golang.main-module-version.from-contents
description: search for semver-like strings in the binary contents
- key: golang.main-module-version.from-ld-flags
description: look for LD flags that appear to be setting a version (e.g. -X main.version=1.0.0)
- key: golang.no-proxy
description: specifies packages which should not be fetched by proxy if unset this defaults to $GONOPROXY
- key: golang.proxy
description: remote proxy to use when retrieving go packages from the network, if unset this defaults to $GOPROXY followed by https://proxy.golang.org
- key: golang.search-local-mod-cache-licenses
description: search for go package licences in the GOPATH of the system running Syft, note that this is outside the container filesystem and potentially outside the root of a local directory scan
- key: golang.search-local-vendor-licenses
description: search for go package licences in the vendor folder on the system running Syft, note that this is outside the container filesystem and potentially outside the root of a local directory scan
- key: golang.search-remote-licenses
description: search for go package licences by retrieving the package from a network proxy
- key: java.maven-local-repository-dir
description: override the default location of the local Maven repository. the default is the subdirectory '.m2/repository' in your home directory
- key: java.maven-url
description: maven repository to use, defaults to Maven central
- key: java.max-parent-recursive-depth
description: depth to recursively resolve parent POMs, no limit if <= 0
- key: java.resolve-transitive-dependencies
description: resolve transient dependencies such as those defined in a dependency's POM on Maven central
- key: java.use-maven-local-repository
description: 'use the local Maven repository to retrieve pom files. When Maven is installed and was previously used for building the software that is being scanned, then most pom files will be available in this repository on the local file system. this greatly speeds up scans. when all pom files are available in the local repository, then ''use-network'' is not needed. TIP: If you want to download all required pom files to the local repository without running a full build, run ''mvn help:effective-pom'' before performing the scan with syft.'
- key: java.use-network
description: enables Syft to use the network to fetch version and license information for packages when a parent or imported pom file is not found in the local maven repository. the pom files are downloaded from the remote Maven repository at 'maven-url'
- key: javascript.include-dev-dependencies
description: include development-scoped dependencies
- key: javascript.npm-base-url
description: base NPM url to use
- key: javascript.search-remote-licenses
description: enables Syft to use the network to fill in more detailed license information
- key: linux-kernel.catalog-modules
description: whether to catalog linux kernel modules found within lib/modules/** directories
- key: nix.capture-owned-files
description: enumerate all files owned by packages found within Nix store paths
- key: python.guess-unpinned-requirements
description: when running across entries in requirements.txt that do not specify a specific version (e.g. "sqlalchemy >= 1.0.0, <= 2.0.0, != 3.0.0, <= 3.0.0"), attempt to guess what the version could be based on the version requirements specified (e.g. "1.0.0"). When enabled the lowest expressible version when given an arbitrary constraint will be used (even if that version may not be available/published).
configs: # AUTO-GENERATED - config structs and their fields
dotnet.CatalogerConfig:
fields:
- key: DepPackagesMustHaveDLL
description: DepPackagesMustHaveDLL allows for deps.json packages to be included only if there is a DLL on disk for that package.
app_key: dotnet.dep-packages-must-have-dll
- key: DepPackagesMustClaimDLL
description: DepPackagesMustClaimDLL allows for deps.json packages to be included only if there is a runtime/resource DLL claimed in the deps.json targets section. This does not require such claimed DLLs to exist on disk. The behavior of this
app_key: dotnet.dep-packages-must-claim-dll
- key: PropagateDLLClaimsToParents
description: PropagateDLLClaimsToParents allows for deps.json packages to be included if any child (transitive) package claims a DLL. This applies to both the claims configuration and evidence-on-disk configurations.
app_key: dotnet.propagate-dll-claims-to-parents
- key: RelaxDLLClaimsWhenBundlingDetected
description: RelaxDLLClaimsWhenBundlingDetected will look for indications of IL bundle tooling via deps.json package names and, if found (and this config option is enabled), will relax the DepPackagesMustClaimDLL value to `false` only in those cases.
app_key: dotnet.relax-dll-claims-when-bundling-detected
golang.CatalogerConfig:
fields:
- key: SearchLocalModCacheLicenses
description: SearchLocalModCacheLicenses enables searching for go package licenses in the local GOPATH mod cache.
app_key: golang.search-local-mod-cache-licenses
- key: LocalModCacheDir
description: LocalModCacheDir specifies the location of the local go module cache directory. When not set, syft will attempt to discover the GOPATH env or default to $HOME/go.
app_key: golang.local-mod-cache-dir
- key: SearchLocalVendorLicenses
description: SearchLocalVendorLicenses enables searching for go package licenses in the local vendor directory relative to the go.mod file.
app_key: golang.search-local-vendor-licenses
- key: LocalVendorDir
description: LocalVendorDir specifies the location of the local vendor directory. When not set, syft will search for a vendor directory relative to the go.mod file.
app_key: golang.local-vendor-dir
- key: SearchRemoteLicenses
description: SearchRemoteLicenses enables downloading go package licenses from the upstream go proxy (typically proxy.golang.org).
app_key: golang.search-remote-licenses
- key: Proxies
description: Proxies is a list of go module proxies to use when fetching go module metadata and licenses. When not set, syft will use the GOPROXY env or default to https://proxy.golang.org,direct.
app_key: golang.proxy
- key: NoProxy
description: NoProxy is a list of glob patterns that match go module names that should not be fetched from the go proxy. When not set, syft will use the GOPRIVATE and GONOPROXY env vars.
app_key: golang.no-proxy
java.ArchiveCatalogerConfig:
fields:
- key: IncludeIndexedArchives
description: IncludeIndexedArchives indicates whether to search within indexed archive files (e.g., .zip).
- key: IncludeUnindexedArchives
description: IncludeUnindexedArchives indicates whether to search within unindexed archive files (e.g., .tar*).
- key: UseNetwork
description: UseNetwork enables network operations for java package metadata enrichment, such as fetching parent POMs and license information.
app_key: java.use-network
- key: UseMavenLocalRepository
description: UseMavenLocalRepository enables searching the local maven repository (~/.m2/repository by default) for parent POMs and other metadata.
app_key: java.use-maven-local-repository
- key: MavenLocalRepositoryDir
description: MavenLocalRepositoryDir specifies the location of the local maven repository. When not set, defaults to ~/.m2/repository.
app_key: java.maven-local-repository-dir
- key: MavenBaseURL
description: MavenBaseURL specifies the base URL(s) to use for fetching POMs and metadata from maven central or other repositories. When not set, defaults to https://repo1.maven.org/maven2.
app_key: java.maven-url
- key: MaxParentRecursiveDepth
description: MaxParentRecursiveDepth limits how many parent POMs will be fetched recursively before stopping. This prevents infinite loops or excessively deep parent chains.
app_key: java.max-parent-recursive-depth
- key: ResolveTransitiveDependencies
description: ResolveTransitiveDependencies enables resolving transitive dependencies for java packages found within archives.
app_key: java.resolve-transitive-dependencies
javascript.CatalogerConfig:
fields:
- key: SearchRemoteLicenses
description: SearchRemoteLicenses enables querying the NPM registry API to retrieve license information for packages that are missing license data in their local metadata.
app_key: javascript.search-remote-licenses
- key: NPMBaseURL
description: NPMBaseURL specifies the base URL for the NPM registry API used when searching for remote license information.
app_key: javascript.npm-base-url
- key: IncludeDevDependencies
description: IncludeDevDependencies controls whether development dependencies should be included in the catalog results, in addition to production dependencies.
app_key: javascript.include-dev-dependencies
kernel.LinuxKernelCatalogerConfig:
fields:
- key: CatalogModules
description: CatalogModules enables cataloging linux kernel modules (*.ko files) in addition to the kernel itself.
app_key: linux-kernel.catalog-modules
nix.Config:
fields:
- key: CaptureOwnedFiles
description: CaptureOwnedFiles determines whether to record the list of files owned by each Nix package discovered in the store. Recording owned files provides more detailed information but increases processing time and memory usage.
app_key: nix.capture-owned-files
python.CatalogerConfig:
fields:
- key: GuessUnpinnedRequirements
description: GuessUnpinnedRequirements attempts to infer package versions from version constraints when no explicit version is specified in requirements files.
app_key: python.guess-unpinned-requirements
catalogers:
# alpm (arch / pacman) #################################################################################################
- ecosystem: alpm # MANUAL
name: alpm-db-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/arch/cataloger.go
function: NewDBCataloger
selectors: # AUTO-GENERATED
- alpm
- archlinux
- directory
- image
- installed
- linux
- os
- package
- pacman
parsers: # AUTO-GENERATED structure
- function: parseAlpmDB # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/var/lib/pacman/local/**/desc'
metadata_types: # AUTO-GENERATED
- pkg.AlpmDBEntry
package_types: # AUTO-GENERATED
- alpm
json_schema_types: # AUTO-GENERATED
- AlpmDbEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: true
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: true
evidence:
- AlpmDBEntry.Files
- name: package_manager.files.digests
default: true
evidence:
- AlpmDBEntry.Files[].Digests
- name: package_manager.package_integrity_hash
default: false
# Alpine linux (apk) ################################################################################################
- ecosystem: alpine # MANUAL
name: apk-db-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/alpine/cataloger.go
function: NewDBCataloger
selectors: # AUTO-GENERATED
- alpine
- apk
- directory
- image
- installed
- linux
- os
- package
parsers: # AUTO-GENERATED structure
- function: parseApkDB # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/lib/apk/db/installed'
metadata_types: # AUTO-GENERATED
- pkg.ApkDBEntry
package_types: # AUTO-GENERATED
- apk
json_schema_types: # AUTO-GENERATED
- ApkDbEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: true
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: true
evidence:
- ApkDBEntry.Files
- name: package_manager.files.digests
default: true
evidence:
- ApkDBEntry.Files[].Digest
- name: package_manager.package_integrity_hash
default: true
evidence:
- ApkDBEntry.Checksum
# Binary ############################################################################################################
- ecosystem: binary # MANUAL
name: binary-classifier-cataloger # AUTO-GENERATED
type: custom # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/binary/classifier_cataloger.go
function: NewClassifierCataloger
selectors: # AUTO-GENERATED
- binary
- declared
- directory
- image
- installed
- package
detectors: # AUTO-GENERATED
- method: glob
criteria:
- '**/python*'
packages:
- class: python-binary
name: python
purl: pkg:generic/python
cpes:
- cpe:2.3:a:python_software_foundation:python:*:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/libpython*.so*'
packages:
- class: python-binary-lib
name: python
purl: pkg:generic/python
cpes:
- cpe:2.3:a:python_software_foundation:python:*:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/libpypy*.so*'
packages:
- class: pypy-binary-lib
name: pypy
purl: pkg:generic/pypy
cpes: []
type: BinaryPkg
- method: glob
criteria:
- '**/go'
packages:
- class: go-binary
name: go
purl: pkg:generic/go
cpes:
- cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/libjulia-internal.so'
packages:
- class: julia-binary
name: julia
purl: pkg:generic/julia
cpes:
- cpe:2.3:a:julialang:julia:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/helm'
packages:
- class: helm
name: helm
purl: pkg:golang/helm.sh/helm
cpes:
- cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/redis-server'
packages:
- class: redis-binary
name: redis
purl: pkg:generic/redis
cpes:
- cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*
- cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/node'
packages:
- class: nodejs-binary
name: node
purl: pkg:generic/node
cpes:
- cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/VERSION*'
packages:
- class: go-binary-hint
name: go
purl: pkg:generic/go
cpes:
- cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/busybox'
packages:
- class: busybox-binary
name: busybox
purl: pkg:generic/busybox
cpes:
- cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/getopt'
packages:
- class: util-linux-binary
name: util-linux
purl: pkg:generic/util-linux
cpes:
- cpe:2.3:a:kernel:util-linux:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/haproxy'
packages:
- class: haproxy-binary
name: haproxy
purl: pkg:generic/haproxy
cpes:
- cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/perl'
packages:
- class: perl-binary
name: perl
purl: pkg:generic/perl
cpes:
- cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/composer*'
packages:
- class: php-composer-binary
name: composer
purl: pkg:generic/composer
cpes:
- cpe:2.3:a:getcomposer:composer:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/httpd'
packages:
- class: httpd-binary
name: httpd
purl: pkg:generic/httpd
cpes:
- cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/memcached'
packages:
- class: memcached-binary
name: memcached
purl: pkg:generic/memcached
cpes:
- cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/traefik'
packages:
- class: traefik-binary
name: traefik
purl: pkg:generic/traefik
cpes:
- cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/arangosh'
packages:
- class: arangodb-binary
name: arangodb
purl: pkg:generic/arangodb
cpes:
- cpe:2.3:a:arangodb:arangodb:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/postgres'
packages:
- class: postgresql-binary
name: postgresql
purl: pkg:generic/postgresql
cpes:
- cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/mysql'
packages:
- class: mysql-binary
name: mysql
purl: pkg:generic/mysql
cpes:
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/mysql'
packages:
- class: mysql-binary
name: percona-server
purl: pkg:generic/percona-server
cpes:
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/mysql'
packages:
- class: mysql-binary
name: percona-xtradb-cluster
purl: pkg:generic/percona-xtradb-cluster
cpes:
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:percona:xtradb_cluster:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/xtrabackup'
packages:
- class: xtrabackup-binary
name: percona-xtrabackup
purl: pkg:generic/percona-xtrabackup
cpes:
- cpe:2.3:a:percona:xtrabackup:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/{mariadb,mysql}'
packages:
- class: mariadb-binary
name: mariadb
purl: pkg:generic/mariadb
cpes:
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/libstd-????????????????.so'
packages:
- class: rust-standard-library-linux
name: rust
purl: pkg:generic/rust
cpes:
- cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/libstd-????????????????.dylib'
packages:
- class: rust-standard-library-macos
name: rust
purl: pkg:generic/rust
cpes:
- cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/ruby'
packages:
- class: ruby-binary
name: ruby
purl: pkg:generic/ruby
cpes:
- cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/erlexec'
packages:
- class: erlang-binary
name: erlang
purl: pkg:generic/erlang
cpes:
- cpe:2.3:a:erlang:erlang/otp:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/beam.smp'
packages:
- class: erlang-alpine-binary
name: erlang
purl: pkg:generic/erlang
cpes:
- cpe:2.3:a:erlang:erlang/otp:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/liberts_internal.a'
packages:
- class: erlang-library
name: erlang
purl: pkg:generic/erlang
cpes:
- cpe:2.3:a:erlang:erlang/otp:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/swipl'
packages:
- class: swipl-binary
name: swipl
purl: pkg:generic/swipl
cpes:
- cpe:2.3:a:erlang:erlang/otp:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/dart'
packages:
- class: dart-binary
name: dart
purl: pkg:generic/dart
cpes:
- cpe:2.3:a:dart:dart_software_development_kit:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/ghc*'
packages:
- class: haskell-ghc-binary
name: haskell/ghc
purl: pkg:generic/haskell/ghc
cpes:
- cpe:2.3:a:haskell:ghc:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/cabal'
packages:
- class: haskell-cabal-binary
name: haskell/cabal
purl: pkg:generic/haskell/cabal
cpes:
- cpe:2.3:a:haskell:cabal:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/stack'
packages:
- class: haskell-stack-binary
name: haskell/stack
purl: pkg:generic/haskell/stack
cpes:
- cpe:2.3:a:haskell:stack:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/consul'
packages:
- class: consul-binary
name: consul
purl: pkg:golang/github.com/hashicorp/consul
cpes:
- cpe:2.3:a:hashicorp:consul:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/vault'
packages:
- class: hashicorp-vault-binary
name: github.com/hashicorp/vault
purl: pkg:golang/github.com/hashicorp/vault
cpes:
- cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/nginx'
packages:
- class: nginx-binary
name: nginx
purl: pkg:generic/nginx
cpes:
- cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*
- cpe:2.3:a:nginx:nginx:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/bash'
packages:
- class: bash-binary
name: bash
purl: pkg:generic/bash
cpes:
- cpe:2.3:a:gnu:bash:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/openssl'
packages:
- class: openssl-binary
name: openssl
purl: pkg:generic/openssl
cpes:
- cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/gcc'
packages:
- class: gcc-binary
name: gcc
purl: pkg:generic/gcc
cpes:
- cpe:2.3:a:gnu:gcc:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/fluent-bit'
packages:
- class: fluent-bit-binary
name: fluent-bit
purl: pkg:github/fluent/fluent-bit
cpes:
- cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/wp'
packages:
- class: wordpress-cli-binary
name: wp-cli
purl: pkg:generic/wp-cli
cpes:
- cpe:2.3:a:wp-cli:wp-cli:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/curl'
packages:
- class: curl-binary
name: curl
purl: pkg:generic/curl
cpes:
- cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/lighttpd'
packages:
- class: lighttpd-binary
name: lighttpd
purl: pkg:generic/lighttpd
cpes:
- cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/proftpd'
packages:
- class: proftpd-binary
name: proftpd
purl: pkg:generic/proftpd
cpes:
- cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/zstd'
packages:
- class: zstd-binary
name: zstd
purl: pkg:generic/zstd
cpes:
- cpe:2.3:a:facebook:zstandard:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/xz'
packages:
- class: xz-binary
name: xz
purl: pkg:generic/xz
cpes:
- cpe:2.3:a:tukaani:xz:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/gzip'
packages:
- class: gzip-binary
name: gzip
purl: pkg:generic/gzip
cpes:
- cpe:2.3:a:gnu:gzip:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/sqlcipher'
packages:
- class: sqlcipher-binary
name: sqlcipher
purl: pkg:generic/sqlcipher
cpes:
- cpe:2.3:a:zetetic:sqlcipher:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/jq'
packages:
- class: jq-binary
name: jq
purl: pkg:generic/jq
cpes:
- cpe:2.3:a:jqlang:jq:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/chrome'
packages:
- class: chrome-binary
name: chrome
purl: pkg:generic/chrome
cpes:
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/ffmpeg'
packages:
- class: ffmpeg-binary
name: ffmpeg
purl: pkg:generic/ffmpeg
cpes:
- cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/libav*'
packages:
- class: ffmpeg-library
name: ffmpeg
purl: pkg:generic/ffmpeg
cpes:
- cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/libswresample*'
packages:
- class: ffmpeg-library
name: ffmpeg
purl: pkg:generic/ffmpeg
cpes:
- cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/java'
packages:
- class: java-binary
name: ""
purl: pkg:/
cpes: []
type: BinaryPkg
- class: java-binary-graalvm
name: graalvm
purl: pkg:generic/oracle/graalvm@version
cpes:
- cpe:2.3:a:oracle:graalvm:*:*:*:*:*:*:*:*
type: BinaryPkg
- class: java-binary-openjdk-zulu
name: zulu
purl: pkg:generic/azul/zulu@version
cpes:
- cpe:2.3:a:azul:zulu:*:*:*:*:*:*:*:*
type: BinaryPkg
- class: java-binary-openjdk-with-update
name: openjdk
purl: pkg:generic/oracle/openjdk@version
cpes:
- cpe:2.3:a:oracle:openjdk:{{.primary}}:update{{.update}}:*:*:*:*:*:*
type: BinaryPkg
- class: java-binary-openjdk
name: openjdk
purl: pkg:generic/oracle/openjdk@version
cpes:
- cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*
type: BinaryPkg
- class: java-binary-ibm
name: java
purl: pkg:generic/ibm/java@version
cpes:
- cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*
type: BinaryPkg
- class: java-binary-openjdk-fallthrough
name: jre
purl: pkg:generic/oracle/jre@version
cpes:
- cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*
type: BinaryPkg
- class: java-binary-oracle
name: jre
purl: pkg:generic/oracle/jre@version
cpes:
- cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/jdb'
packages:
- class: java-jdb-binary
name: ""
purl: pkg:/
cpes: []
type: BinaryPkg
- class: java-binary-graalvm
name: graalvm
purl: pkg:generic/oracle/graalvm@version
cpes:
- cpe:2.3:a:oracle:graalvm_for_jdk:*:*:*:*:*:*:*:*
type: BinaryPkg
- class: jdb-binary-openjdk-zulu
name: zulu
purl: pkg:generic/azul/zulu@version
cpes:
- cpe:2.3:a:azul:zulu:*:*:*:*:*:*:*:*
type: BinaryPkg
- class: java-jdb-binary-openjdk
name: openjdk
purl: pkg:generic/oracle/openjdk@version
cpes:
- cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*
type: BinaryPkg
- class: java-sdk-binary-ibm
name: java_sdk
purl: pkg:generic/ibm/java_sdk@version
cpes:
- cpe:2.3:a:ibm:java_sdk:*:*:*:*:*:*:*:*
type: BinaryPkg
- class: java-binary-openjdk-fallthrough
name: openjdk
purl: pkg:generic/oracle/openjdk@version
cpes:
- cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*
type: BinaryPkg
- class: java-binary-jdk
name: jdk
purl: pkg:generic/oracle/jdk@version
cpes:
- cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*
type: BinaryPkg
metadata_types: # AUTO-GENERATED
- pkg.BinarySignature
package_types: # AUTO-GENERATED
- binary
json_schema_types: # AUTO-GENERATED
- BinarySignature
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
# TODO: what about shared libs, other elf packages, and os packages? this should work outside of the cataloger
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: binary # MANUAL
name: elf-binary-package-cataloger # AUTO-GENERATED
type: custom # AUTO-GENERATED
source: # AUTO-GENERATED
file: ""
function: ""
selectors: # AUTO-GENERATED
- binary
- declared
- directory
- elf
- elf-package
- image
- installed
- package
detectors: # MANUAL - edit detectors here
- method: mimetype
criteria:
- application/x-executable
- application/x-mach-binary
- application/x-elf
- application/x-sharedlib
- application/vnd.microsoft.portable-executable
metadata_types: # AUTO-GENERATED
- pkg.ELFBinaryPackageNoteJSONPayload
package_types: # AUTO-GENERATED
- binary
- rpm
json_schema_types: # AUTO-GENERATED
- ElfBinaryPackageNoteJsonPayload
capabilities: # MANUAL - config-driven capability definitions
# licenses can be detected in some elf packages (via the licenses note field)
- name: license
default: true
# TODO: what about shared libs, other elf packages, and os packages? this should work outside of the cataloger
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: binary # MANUAL
name: pe-binary-package-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/binary/pe_package_cataloger.go
function: NewPEPackageCataloger
selectors: # AUTO-GENERATED
- binary
- declared
- directory
- dll
- exe
- image
- installed
- package
- pe
- pe-package
parsers: # AUTO-GENERATED structure
- function: parsePE # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/*.dll'
- '**/*.exe'
metadata_types: # AUTO-GENERATED
- pkg.PEBinary
package_types: # AUTO-GENERATED
- binary
json_schema_types: # AUTO-GENERATED
- PeBinary
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
# TODO: what about shared libs, other elf packages, and os packages? this should work outside of the cataloger
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
# Bitnami ###########################################################################################################
- ecosystem: bitnami # MANUAL
name: bitnami-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/bitnami/cataloger.go
function: NewCataloger
selectors: # AUTO-GENERATED
- bitnami
- image
- installed
- package
parsers: # AUTO-GENERATED structure
- function: parseSBOM # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- /opt/bitnami/**/.spdx-*.spdx
metadata_types: # AUTO-GENERATED
- pkg.BitnamiSBOMEntry
package_types: # AUTO-GENERATED
- bitnami
json_schema_types: # AUTO-GENERATED
- BitnamiSbomEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: true
# the reach will vary for each ecosystem
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: true
evidence:
- BitnamiSBOMEntry.Files
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
# Rust (cargo) #####################################################################################################
- ecosystem: rust # MANUAL
name: cargo-auditable-binary-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/rust/cataloger.go
function: NewAuditBinaryCataloger
selectors: # AUTO-GENERATED
- binary
- directory
- image
- installed
- language
- package
- rust
parsers: # AUTO-GENERATED structure
- function: parseAuditBinary # AUTO-GENERATED
detector: # AUTO-GENERATED
method: mimetype # AUTO-GENERATED
criteria: # AUTO-GENERATED
- application/x-executable
- application/x-mach-binary
- application/x-elf
- application/x-sharedlib
- application/vnd.microsoft.portable-executable
- application/x-executable
metadata_types: # AUTO-GENERATED
- pkg.RustBinaryAuditEntry
package_types: # AUTO-GENERATED
- rust-crate
json_schema_types: # AUTO-GENERATED
- RustCargoAuditEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: rust # MANUAL
name: rust-cargo-lock-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/rust/cataloger.go
function: NewCargoLockCataloger
selectors: # AUTO-GENERATED
- cargo
- declared
- directory
- language
- package
- rust
parsers: # AUTO-GENERATED structure
- function: parseCargoLock # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/Cargo.lock'
metadata_types: # AUTO-GENERATED
- pkg.RustCargoLockEntry
package_types: # AUTO-GENERATED
- rust-crate
json_schema_types: # AUTO-GENERATED
- RustCargoLockEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
# though the toml has a dev/build section for deps, the lock has no knowledge of that
- name: dependency.kinds
default:
- runtime
- dev
- build
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- RustCargoLockEntry.Checksum
# Swift #########################################################################################################
- ecosystem: swift # MANUAL
name: cocoapods-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/swift/cataloger.go
function: NewCocoapodsCataloger
selectors: # AUTO-GENERATED
- cocoapods
- declared
- directory
- language
- package
- swift
parsers: # AUTO-GENERATED structure
- function: parsePodfileLock # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/Podfile.lock'
metadata_types: # AUTO-GENERATED
- pkg.CocoaPodfileLockEntry
package_types: # AUTO-GENERATED
- pod
json_schema_types: # AUTO-GENERATED
- CocoaPodfileLockEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
# we raise up all nodes in the graph, but don't relate them together in any way
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- CocoaPodfileLockEntry.Checksum
- ecosystem: swift # MANUAL
name: swift-package-manager-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/swift/cataloger.go
function: NewSwiftPackageManagerCataloger
selectors: # AUTO-GENERATED
- declared
- directory
- language
- package
- spm
- swift
parsers: # AUTO-GENERATED structure
- function: parsePackageResolved # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/Package.resolved'
- '**/.package.resolved'
metadata_types: # AUTO-GENERATED
- pkg.SwiftPackageManagerResolvedEntry
package_types: # AUTO-GENERATED
- swift
json_schema_types: # AUTO-GENERATED
- SwiftPackageManagerLockEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
# C/C++ ############################################################################################################
- ecosystem: c++ # MANUAL
name: conan-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/cpp/cataloger.go
function: NewConanCataloger
selectors: # AUTO-GENERATED
- conan
- cpp
- declared
- directory
- language
- package
parsers: # AUTO-GENERATED structure
- function: parseConanLock # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/conan.lock'
metadata_types: # AUTO-GENERATED
- pkg.ConanV1LockEntry
- pkg.ConanV2LockEntry
package_types: # AUTO-GENERATED
- conan
json_schema_types: # AUTO-GENERATED
- CConanLockEntry
- CConanLockV2Entry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
# we can detect nodes, but not how they relate to each other
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- build
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- ConanV1LockEntry.Ref
- ConanV2LockEntry.RecipeRevision
- function: parseConanfile # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/conanfile.txt'
metadata_types: # AUTO-GENERATED
- pkg.ConanfileEntry
package_types: # AUTO-GENERATED
- conan
json_schema_types: # AUTO-GENERATED
- CConanFileEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
# we can detect nodes, but not how they relate to each other
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: c++ # MANUAL
name: conan-info-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/cpp/cataloger.go
function: NewConanInfoCataloger
selectors: # AUTO-GENERATED
- conan
- cpp
- image
- installed
- language
- package
parsers: # AUTO-GENERATED structure
- function: parseConaninfo # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/conaninfo.txt'
metadata_types: # AUTO-GENERATED
- pkg.ConaninfoEntry
package_types: # AUTO-GENERATED
- conan
json_schema_types: # AUTO-GENERATED
- CConanInfoEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: flat
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
# Conda ############################################################################################################
- ecosystem: conda # MANUAL
name: conda-meta-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/conda/cataloger.go
function: NewCondaMetaCataloger
selectors: # AUTO-GENERATED
- conda
- directory
- installed
- package
parsers: # AUTO-GENERATED structure
- function: parseCondaMetaJSON # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/conda-meta/*.json'
metadata_types: # AUTO-GENERATED
- pkg.CondaMetaPackage
package_types: # AUTO-GENERATED
- conda
json_schema_types: # AUTO-GENERATED
- CondaMetadataEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: true
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: true
evidence:
- CondaMetaPackage.Files
- CondaMetaPackage.PathsData.Paths
- name: package_manager.files.digests
default: true
evidence:
- CondaMetaPackage.PathsData.Paths.SHA256
- name: package_manager.package_integrity_hash
default: true
evidence:
- CondaMetaPackage.MD5
- CondaMetaPackage.SHA256
# Dart #############################################################################################################
- ecosystem: dart # MANUAL
name: dart-pubspec-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/dart/cataloger.go
function: NewPubspecCataloger
selectors: # AUTO-GENERATED
- dart
- declared
- directory
- language
- package
parsers: # AUTO-GENERATED structure
- function: parsePubspec # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/pubspec.yml'
- '**/pubspec.yaml'
metadata_types: # AUTO-GENERATED
- pkg.DartPubspec
package_types: # AUTO-GENERATED
- dart-pub
json_schema_types: # AUTO-GENERATED
- DartPubspec
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: dart # MANUAL
name: dart-pubspec-lock-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/dart/cataloger.go
function: NewPubspecLockCataloger
selectors: # AUTO-GENERATED
- dart
- declared
- directory
- language
- package
parsers: # AUTO-GENERATED structure
- function: parsePubspecLock # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/pubspec.lock'
metadata_types: # AUTO-GENERATED
- pkg.DartPubspecLockEntry
package_types: # AUTO-GENERATED
- dart-pub
json_schema_types: # AUTO-GENERATED
- DartPubspecLockEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
# Dpkg (debian) ###################################################################################################
- ecosystem: dpkg # MANUAL
name: dpkg-db-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/debian/cataloger.go
function: NewDBCataloger
selectors: # AUTO-GENERATED
- debian
- directory
- dpkg
- image
- installed
- linux
- os
- package
parsers: # AUTO-GENERATED structure
- function: parseDpkgDB # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/lib/dpkg/status'
- '**/lib/dpkg/status.d/*'
- '**/lib/opkg/info/*.control'
- '**/lib/opkg/status'
metadata_types: # AUTO-GENERATED
- pkg.DpkgDBEntry
package_types: # AUTO-GENERATED
- deb
json_schema_types: # AUTO-GENERATED
- DpkgDbEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: true
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: true
evidence:
- DpkgDBEntry.Files
- name: package_manager.files.digests
default: true
evidence:
- DpkgDBEntry.Files[].Digest
- name: package_manager.package_integrity_hash
default: false
- ecosystem: dpkg # MANUAL
name: deb-archive-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/debian/cataloger.go
function: NewArchiveCataloger
selectors: # AUTO-GENERATED
- deb
- debian
- declared
- directory
- linux
- os
- package
parsers: # AUTO-GENERATED structure
- function: parseDebArchive # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/*.deb'
metadata_types: # AUTO-GENERATED
- pkg.DpkgArchiveEntry
package_types: # AUTO-GENERATED
- deb
json_schema_types: # AUTO-GENERATED
- DpkgArchiveEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: true
# an archive only has dependency CLAIMS in the metadata, but not dependencies incorporated as nodes/edges in the SBOM
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: true
evidence:
- DpkgArchiveEntry.Files
- name: package_manager.files.digests
default: true
evidence:
- DpkgArchiveEntry.Files[].Digest
- name: package_manager.package_integrity_hash
default: false
# .NET ###################################################################################################
- ecosystem: dotnet # MANUAL
name: dotnet-deps-binary-cataloger # AUTO-GENERATED
type: custom # AUTO-GENERATED
source: # AUTO-GENERATED
file: ""
function: ""
selectors: # AUTO-GENERATED
- c#
- directory
- dotnet
- image
- installed
- language
- package
detectors: # MANUAL - edit detectors here
- method: glob
criteria:
- '**/*.deps.json'
- '**/*.dll'
- '**/*.exe'
metadata_types: # AUTO-GENERATED
- pkg.DotnetDepsEntry
- pkg.DotnetPortableExecutableEntry
package_types: # AUTO-GENERATED
- dotnet
- npm
json_schema_types: # AUTO-GENERATED
- DotnetDepsEntry
- DotnetPortableExecutableEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: dotnet # MANUAL
name: dotnet-deps-cataloger # AUTO-GENERATED
type: custom # AUTO-GENERATED
source: # AUTO-GENERATED
file: ""
function: ""
selectors: # AUTO-GENERATED
- deprecated
- package
detectors: # MANUAL - edit detectors here
- method: glob
criteria:
- '**/*.deps.json'
metadata_types: # AUTO-GENERATED
- pkg.DotnetDepsEntry
package_types: # AUTO-GENERATED
- dotnet
json_schema_types: # AUTO-GENERATED
- DotnetDepsEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: dotnet # MANUAL
name: dotnet-packages-lock-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/dotnet/cataloger.go
function: NewDotnetPackagesLockCataloger
selectors: # AUTO-GENERATED
- c#
- declared
- directory
- dotnet
- image
- language
- package
parsers: # AUTO-GENERATED structure
- function: parseDotnetPackagesLock # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/packages.lock.json'
metadata_types: # AUTO-GENERATED
- pkg.DotnetPackagesLockEntry
package_types: # AUTO-GENERATED
- dotnet
json_schema_types: # AUTO-GENERATED
- DotnetPackagesLockEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- dev
- build
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- DotnetPackagesLockEntry.ContentHash
- ecosystem: dotnet # MANUAL
name: dotnet-portable-executable-cataloger # AUTO-GENERATED
type: custom # AUTO-GENERATED
source: # AUTO-GENERATED
file: ""
function: ""
config: dotnet.CatalogerConfig # AUTO-GENERATED
selectors: # AUTO-GENERATED
- deprecated
- package
detectors: # MANUAL - edit detectors here
- method: glob
criteria:
- '**/*.dll'
- '**/*.exe'
metadata_types: # AUTO-GENERATED
- pkg.DotnetPortableExecutableEntry
package_types: # AUTO-GENERATED
- dotnet
json_schema_types: # AUTO-GENERATED
- DotnetPortableExecutableEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
# Elixir ##########################################################################################################
- ecosystem: elixir # MANUAL
name: elixir-mix-lock-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/elixir/cataloger.go
function: NewMixLockCataloger
selectors: # AUTO-GENERATED
- declared
- directory
- elixir
- language
- package
parsers: # AUTO-GENERATED structure
- function: parseMixLock # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/mix.lock'
metadata_types: # AUTO-GENERATED
- pkg.ElixirMixLockEntry
package_types: # AUTO-GENERATED
- hex
json_schema_types: # AUTO-GENERATED
- ElixirMixLockEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
# we find nodes, but can't relate them together
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- ElixirMixLockEntry.PkgHash
- ElixirMixLockEntry.PkgHashExt
# Erlang ##########################################################################################################
- ecosystem: erlang # MANUAL
name: erlang-otp-application-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/erlang/cataloger.go
function: NewOTPCataloger
selectors: # AUTO-GENERATED
- declared
- directory
- erlang
- language
- otp
- package
parsers: # AUTO-GENERATED structure
- function: parseOTPApp # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/*.app'
package_types: # AUTO-GENERATED
- erlang-otp
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: erlang # MANUAL
name: erlang-rebar-lock-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/erlang/cataloger.go
function: NewRebarLockCataloger
selectors: # AUTO-GENERATED
- declared
- directory
- erlang
- language
- package
parsers: # AUTO-GENERATED structure
- function: parseRebarLock # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/rebar.lock'
metadata_types: # AUTO-GENERATED
- pkg.ErlangRebarLockEntry
package_types: # AUTO-GENERATED
- hex
json_schema_types: # AUTO-GENERATED
- ErlangRebarLockEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- ErlangRebarLockEntry.PkgHash
- ErlangRebarLockEntry.PkgHashExt
# GitHub Actions ##################################################################################################
- ecosystem: github-actions # MANUAL
name: github-action-workflow-usage-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/githubactions/cataloger.go
function: NewWorkflowUsageCataloger
selectors: # AUTO-GENERATED
- declared
- directory
- github
- github-actions
- package
parsers: # AUTO-GENERATED structure
- function: parseWorkflowForWorkflowUsage # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/.github/workflows/*.yaml'
- '**/.github/workflows/*.yml'
metadata_types: # AUTO-GENERATED
- pkg.GitHubActionsUseStatement
package_types: # AUTO-GENERATED
- github-action-workflow
json_schema_types: # AUTO-GENERATED
- GithubActionsUseStatement
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
# no dependencies supported
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: github-actions # MANUAL
name: github-actions-usage-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/githubactions/cataloger.go
function: NewActionUsageCataloger
selectors: # AUTO-GENERATED
- declared
- directory
- github
- github-actions
- package
parsers: # AUTO-GENERATED structure
- function: parseCompositeActionForActionUsage # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/.github/actions/*/action.yml'
- '**/.github/actions/*/action.yaml'
metadata_types: # AUTO-GENERATED
- pkg.GitHubActionsUseStatement
package_types: # AUTO-GENERATED
- github-action
json_schema_types: # AUTO-GENERATED
- GithubActionsUseStatement
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
# no dependencies supported
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- function: parseWorkflowForActionUsage # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/.github/workflows/*.yaml'
- '**/.github/workflows/*.yml'
metadata_types: # AUTO-GENERATED
- pkg.GitHubActionsUseStatement
package_types: # AUTO-GENERATED
- github-action
json_schema_types: # AUTO-GENERATED
- GithubActionsUseStatement
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
# no dependencies supported
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
# Go ##############################################################################################################
- ecosystem: go # MANUAL
name: go-module-binary-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/golang/cataloger.go
function: NewGoModuleBinaryCataloger
config: golang.CatalogerConfig # AUTO-GENERATED
selectors: # AUTO-GENERATED
- binary
- directory
- go
- golang
- gomod
- image
- installed
- language
- package
parsers: # AUTO-GENERATED structure
- function: parseGoBinary # AUTO-GENERATED
detector: # AUTO-GENERATED
method: mimetype # AUTO-GENERATED
criteria: # AUTO-GENERATED
- application/x-executable
- application/x-mach-binary
- application/x-elf
- application/x-sharedlib
- application/vnd.microsoft.portable-executable
- application/x-executable
metadata_types: # AUTO-GENERATED
- pkg.GolangBinaryBuildinfoEntry
package_types: # AUTO-GENERATED
- go-module
json_schema_types: # AUTO-GENERATED
- GoModuleBuildinfoEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
conditions:
- when:
SearchLocalModCacheLicenses: true
value: true
- when:
SearchRemoteLicenses: true
value: true
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: flat
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- GolangBinaryBuildinfoEntry.H1Digest
- ecosystem: go # MANUAL
name: go-module-file-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/golang/cataloger.go
function: NewGoModuleFileCataloger
config: golang.CatalogerConfig # AUTO-GENERATED
selectors: # AUTO-GENERATED
- declared
- directory
- go
- golang
- gomod
- language
- package
parsers: # AUTO-GENERATED structure
- function: parseGoModFile # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/go.mod'
metadata_types: # AUTO-GENERATED
- pkg.GolangModuleEntry
- pkg.GolangSourceEntry
package_types: # AUTO-GENERATED
- go-module
json_schema_types: # AUTO-GENERATED
- GoModuleEntry
- GoSourceEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
conditions:
- when:
SearchLocalModCacheLicenses: true
value: true
- when:
SearchRemoteLicenses: true
value: true
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: flat
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- GolangModuleEntry.H1Digest
- GolangSourceEntry.H1Digest
# Java ############################################################################################################
- ecosystem: java # MANUAL
name: java-archive-cataloger # AUTO-GENERATED
type: custom # MANUAL OVERRIDE
source: # AUTO-GENERATED
file: syft/pkg/cataloger/java/cataloger.go
function: NewArchiveCataloger
config: java.ArchiveCatalogerConfig # AUTO-GENERATED
selectors: # AUTO-GENERATED
- directory
- image
- installed
- java
- language
- maven
- package
detectors: # MANUAL - edit detectors here
- method: glob
criteria:
- '**/*.jar'
- '**/*.war'
- '**/*.ear'
- '**/*.par'
- '**/*.sar'
- '**/*.nar'
- '**/*.jpi'
- '**/*.hpi'
- '**/*.kar'
- '**/*.lpkg'
comment: JAR-based archives - always active
- method: glob
criteria:
- '**/*.zip'
conditions:
- when:
IncludeIndexedArchives: true
comment: ZIP archives require indexed archive support
- method: glob
criteria:
- '**/*.tar'
- '**/*.tar.gz'
- '**/*.tgz'
- '**/*.tar.bz'
- '**/*.tar.bz2'
- '**/*.tbz'
- '**/*.tbz2'
- '**/*.tar.br'
- '**/*.tbr'
- '**/*.tar.lz4'
- '**/*.tlz4'
- '**/*.tar.sz'
- '**/*.tsz'
- '**/*.tar.xz'
- '**/*.txz'
- '**/*.tar.zst'
- '**/*.tzst'
- '**/*.tar.zstd'
- '**/*.tzstd'
conditions:
- when:
IncludeUnindexedArchives: true
comment: TAR archives require unindexed archive support
metadata_types: # AUTO-GENERATED
- pkg.JavaArchive
package_types: # AUTO-GENERATED
- java-archive
json_schema_types: # AUTO-GENERATED
- JavaArchive
capabilities: # MANUAL - config-driven capability definitions
# TODO: online capabilities
- name: license
default: false
# TODO: this does not account for the various sources (maven/gradle/other) that have different dependency qualities
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
# note: only applicable to archives, but not raw gradle/maven files
default: true
evidence:
- JavaArchive.ArchiveDigests
- ecosystem: java # MANUAL
name: java-gradle-lockfile-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/java/cataloger.go
function: NewGradleLockfileCataloger
selectors: # AUTO-GENERATED
- declared
- directory
- gradle
- java
- language
- package
parsers: # AUTO-GENERATED structure
- function: parseGradleLockfile
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/gradle.lockfile*'
metadata_types: # AUTO-GENERATED
- pkg.JavaArchive
package_types: # AUTO-GENERATED
- java-archive
json_schema_types: # AUTO-GENERATED
- JavaArchive
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
# we detect nodes, but can't relate them together
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: java # MANUAL
name: java-pom-cataloger # AUTO-GENERATED
type: custom # AUTO-GENERATED
source: # AUTO-GENERATED
file: ""
function: ""
selectors: # AUTO-GENERATED
- declared
- directory
- java
- language
- maven
- package
detectors: # MANUAL - edit detectors here
- method: glob
criteria:
- '*pom.xml'
metadata_types: # AUTO-GENERATED
- pkg.JavaArchive
package_types: # AUTO-GENERATED
- java-archive
json_schema_types: # AUTO-GENERATED
- JavaArchive
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: true
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: java # MANUAL
name: java-jvm-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/java/cataloger.go
function: NewJvmDistributionCataloger
selectors: # AUTO-GENERATED
- declared
- directory
- image
- installed
- java
- jdk
- jre
- jvm
- package
parsers: # AUTO-GENERATED structure
- function: parseJVMRelease
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/release'
metadata_types: # AUTO-GENERATED
- pkg.JavaVMInstallation
package_types: # AUTO-GENERATED
- binary
json_schema_types: # AUTO-GENERATED
- JavaJvmInstallation
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: true
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: true
evidence:
- JavaVMInstallation.Files
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: java # MANUAL
name: graalvm-native-image-cataloger # AUTO-GENERATED
type: custom # AUTO-GENERATED
source: # AUTO-GENERATED
file: ""
function: ""
selectors: # AUTO-GENERATED
- directory
- image
- installed
- java
- language
- package
detectors: # MANUAL - edit detectors here
- method: mimetype
criteria:
- application/x-executable
- application/x-mach-binary
- application/x-elf
- application/x-sharedlib
- application/vnd.microsoft.portable-executable
package_types: # MANUAL - edit package types here
- graalvm-native-image
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
comment: the dependencies ultimately depends on the quality of the embedded SBOM
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
# Haskell #########################################################################################################
- ecosystem: haskell # MANUAL
name: haskell-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/haskell/cataloger.go
function: NewHackageCataloger
selectors: # AUTO-GENERATED
- cabal
- declared
- directory
- hackage
- haskell
- language
- package
parsers: # AUTO-GENERATED structure
- function: parseCabalFreeze # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/cabal.project.freeze'
package_types: # AUTO-GENERATED
- hackage
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- function: parseStackLock # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/stack.yaml.lock'
metadata_types: # AUTO-GENERATED
- pkg.HackageStackYamlLockEntry
package_types: # AUTO-GENERATED
- hackage
json_schema_types: # AUTO-GENERATED
- HaskellHackageStackLockEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- HackageStackYamlLockEntry.PkgHash
- function: parseStackYaml # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/stack.yaml'
metadata_types: # AUTO-GENERATED
- pkg.HackageStackYamlEntry
package_types: # AUTO-GENERATED
- hackage
json_schema_types: # AUTO-GENERATED
- HaskellHackageStackEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- HackageStackYamlEntry.PkgHash
# Homebrew #######################################################################################################
- ecosystem: homebrew # MANUAL
name: homebrew-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/homebrew/cataloger.go
function: NewCataloger
selectors: # AUTO-GENERATED
- directory
- homebrew
- image
- installed
- package
parsers: # AUTO-GENERATED structure
- function: parseHomebrewFormula # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/Cellar/*/*/.brew/*.rb'
- '**/Library/Taps/*/*/Formula/*.rb'
metadata_types: # AUTO-GENERATED
- pkg.HomebrewFormula
package_types: # AUTO-GENERATED
- homebrew
json_schema_types: # AUTO-GENERATED
- HomebrewFormula
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: true
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
# JavaScript ######################################################################################################
- ecosystem: javascript # MANUAL
name: javascript-lock-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/javascript/cataloger.go
function: NewLockCataloger
config: javascript.CatalogerConfig # AUTO-GENERATED
selectors: # AUTO-GENERATED
- declared
- directory
- javascript
- language
- node
- npm
- package
parsers: # AUTO-GENERATED structure
- function: parsePnpmLock # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/pnpm-lock.yaml'
package_types: # AUTO-GENERATED
- npm
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
# note: though there are dev dependencies listed, they are in a different section in the document
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- function: parseYarnLock # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/yarn.lock'
metadata_types: # AUTO-GENERATED
- pkg.YarnLockEntry
package_types: # AUTO-GENERATED
- npm
json_schema_types: # AUTO-GENERATED
- JavascriptYarnLockEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
# note: though there are dev dependencies listed, they are in a different section in the document
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- YarnLockEntry.Integrity
- function: parsePackageLock # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/package-lock.json'
metadata_types: # AUTO-GENERATED
- pkg.NpmPackageLockEntry
package_types: # AUTO-GENERATED
- npm
json_schema_types: # AUTO-GENERATED
- JavascriptNpmPackageLockEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: true
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
# note: though there are dev dependencies listed, they are in a different section in the document
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- NpmPackageLockEntry.Integrity
- ecosystem: javascript # MANUAL
name: javascript-package-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/javascript/cataloger.go
function: NewPackageCataloger
selectors: # AUTO-GENERATED
- image
- installed
- javascript
- language
- node
- package
parsers: # AUTO-GENERATED structure
- function: parsePackageJSON # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/package.json'
metadata_types: # AUTO-GENERATED
- pkg.NpmPackage
package_types: # AUTO-GENERATED
- npm
json_schema_types: # AUTO-GENERATED
- JavascriptNpmPackage
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: true
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: ""
- name: dependency.kinds
# note: devDependencies not parsed by this cataloger
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
# Linux ##########################################################################################################
- ecosystem: linux # MANUAL
name: linux-kernel-cataloger # AUTO-GENERATED
type: custom # AUTO-GENERATED
source: # AUTO-GENERATED
file: ""
function: ""
config: kernel.LinuxKernelCatalogerConfig # AUTO-GENERATED
selectors: # AUTO-GENERATED
- declared
- directory
- image
- installed
- kernel
- linux
- package
detectors: # MANUAL - edit detectors here
- method: glob
criteria:
- '**/kernel'
- '**/kernel-*'
- '**/vmlinux'
- '**/vmlinux-*'
- '**/vmlinuz'
- '**/vmlinuz-*'
- '**/lib/modules/**/*.ko'
metadata_types: # AUTO-GENERATED
- pkg.LinuxKernel
- pkg.LinuxKernelModule
package_types: # AUTO-GENERATED
- linux-kernel
- linux-kernel-module
json_schema_types: # AUTO-GENERATED
- LinuxKernelArchive
- LinuxKernelModule
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: true
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
# Lua #############################################################################################################
- ecosystem: lua # MANUAL
name: lua-rock-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/lua/cataloger.go
function: NewPackageCataloger
selectors: # AUTO-GENERATED
- directory
- image
- installed
- language
- lua
- package
parsers: # AUTO-GENERATED structure
- function: parseRockspec # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/*.rockspec'
metadata_types: # AUTO-GENERATED
- pkg.LuaRocksPackage
package_types: # AUTO-GENERATED
- lua-rocks
json_schema_types: # AUTO-GENERATED
- LuarocksPackage
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: true
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
# Nix #############################################################################################################
- ecosystem: nix # MANUAL
name: nix-cataloger # AUTO-GENERATED
type: custom # AUTO-GENERATED
source: # AUTO-GENERATED
file: ""
function: ""
selectors: # AUTO-GENERATED
- directory
- image
- installed
- language
- nix
- package
detectors: # MANUAL - edit detectors here
- method: glob
criteria:
- '**/nix/var/nix/db/db.sqlite'
- '**/nix/store/*'
- '**/nix/store/*.drv'
metadata_types: # AUTO-GENERATED
- pkg.NixStoreEntry
package_types: # AUTO-GENERATED
- nix
json_schema_types: # AUTO-GENERATED
- NixStoreEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: true
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- NixStoreEntry.OutputHash
- ecosystem: nix # MANUAL
name: nix-store-cataloger # AUTO-GENERATED
type: custom # AUTO-GENERATED
source: # AUTO-GENERATED
file: ""
function: ""
config: nix.Config # AUTO-GENERATED
selectors: # AUTO-GENERATED
- deprecated
- package
detectors: # MANUAL - edit detectors here
- method: glob
criteria:
- '**/nix/store/*'
- '**/nix/store/*.drv'
metadata_types: # AUTO-GENERATED
- pkg.NixStoreEntry
package_types: # AUTO-GENERATED
- nix
json_schema_types: # AUTO-GENERATED
- NixStoreEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
conditions:
- when:
CaptureOwnedFiles: true
value: true
evidence:
- NixStoreEntry.Files
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- NixStoreEntry.OutputHash
# OCaml ##########################################################################################################
- ecosystem: ocaml # MANUAL
name: opam-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/ocaml/cataloger.go
function: NewOpamPackageManagerCataloger
selectors: # AUTO-GENERATED
- declared
- directory
- language
- ocaml
- opam
- package
parsers: # AUTO-GENERATED structure
- function: parseOpamPackage # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/*opam'
metadata_types: # AUTO-GENERATED
- pkg.OpamPackage
package_types: # AUTO-GENERATED
- opam
json_schema_types: # AUTO-GENERATED
- OpamPackage
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: true
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
# PHP #############################################################################################################
- ecosystem: php # MANUAL
name: php-composer-installed-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/php/cataloger.go
function: NewComposerInstalledCataloger
selectors: # AUTO-GENERATED
- composer
- image
- installed
- language
- package
- php
parsers: # AUTO-GENERATED structure
- function: parseInstalledJSON # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/installed.json'
metadata_types: # AUTO-GENERATED
- pkg.PhpComposerInstalledEntry
package_types: # AUTO-GENERATED
- php-composer
json_schema_types: # AUTO-GENERATED
- PhpComposerInstalledEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: true
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: php # MANUAL
name: php-composer-lock-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/php/cataloger.go
function: NewComposerLockCataloger
selectors: # AUTO-GENERATED
- composer
- declared
- directory
- language
- package
- php
parsers: # AUTO-GENERATED structure
- function: parseComposerLock # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/composer.lock'
metadata_types: # AUTO-GENERATED
- pkg.PhpComposerLockEntry
package_types: # AUTO-GENERATED
- php-composer
json_schema_types: # AUTO-GENERATED
- PhpComposerLockEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: true
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
# note: the dev dependencies are in a separate section in the lock file
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
- ecosystem: php # MANUAL
name: php-interpreter-cataloger # AUTO-GENERATED
type: custom # AUTO-GENERATED
source: # AUTO-GENERATED
file: ""
function: ""
selectors: # AUTO-GENERATED
- binary
- declared
- directory
- image
- installed
- package
- php
detectors: # MANUAL - edit detectors here
- method: glob
criteria:
- '**/php*/**/*.so'
- '**/php-fpm*'
- '**/apache*/**/libphp*.so'
metadata_types: # AUTO-GENERATED
- pkg.BinarySignature
package_types: # AUTO-GENERATED
- binary
json_schema_types: # AUTO-GENERATED
- BinarySignature
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: flat
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: php # MANUAL
name: php-pear-serialized-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/php/cataloger.go
function: NewPearCataloger
selectors: # AUTO-GENERATED
- declared
- directory
- image
- language
- package
- pear
- php
parsers: # AUTO-GENERATED structure
- function: parsePear # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/php/.registry/**/*.reg'
metadata_types: # AUTO-GENERATED
- pkg.PhpPearEntry
package_types: # AUTO-GENERATED
- php-pear
json_schema_types: # AUTO-GENERATED
- PhpPearEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: true
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: true
- name: package_manager.files.digests
default: true
- name: package_manager.package_integrity_hash
default: false
- ecosystem: php # MANUAL
name: php-pecl-serialized-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/php/cataloger.go
function: NewPeclCataloger
selectors: # AUTO-GENERATED
- deprecated
- package
parsers: # AUTO-GENERATED structure
- function: parsePecl # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/php/.registry/.channel.*/*.reg'
metadata_types: # AUTO-GENERATED
- pkg.PhpPeclEntry
package_types: # AUTO-GENERATED
- php-pecl
json_schema_types: # AUTO-GENERATED
- PhpPeclEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: true
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
# Portage (gentoo) ########################################################################################################
- ecosystem: portage # MANUAL
name: portage-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/gentoo/cataloger.go
function: NewPortageCataloger
selectors: # AUTO-GENERATED
- directory
- gentoo
- image
- installed
- linux
- os
- package
- portage
parsers: # AUTO-GENERATED structure
- function: parsePortageContents # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/var/db/pkg/*/*/CONTENTS'
metadata_types: # AUTO-GENERATED
- pkg.PortageEntry
package_types: # AUTO-GENERATED
- portage
json_schema_types: # AUTO-GENERATED
- PortageDbEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: true
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: true
evidence:
- PortageEntry.Files
- name: package_manager.files.digests
default: true
evidence:
- PortageEntry.Files[].Digest
- name: package_manager.package_integrity_hash
default: false
# Python #########################################################################################################
- ecosystem: python # MANUAL
name: python-installed-package-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/python/cataloger.go
function: NewInstalledPackageCataloger
selectors: # AUTO-GENERATED
- directory
- image
- installed
- language
- package
- python
parsers: # AUTO-GENERATED structure
- function: parseWheelOrEgg # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/*.egg-info'
- '**/*dist-info/METADATA'
- '**/*egg-info/PKG-INFO'
- '**/*DIST-INFO/METADATA'
- '**/*EGG-INFO/PKG-INFO'
metadata_types: # AUTO-GENERATED
- pkg.PythonPackage
package_types: # AUTO-GENERATED
- python
json_schema_types: # AUTO-GENERATED
- PythonPackage
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: true
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: true
evidence:
- PythonPackage.Files
- name: package_manager.files.digests
default: true
evidence:
- PythonPackage.Files[].Digest
- name: package_manager.package_integrity_hash
default: false
- ecosystem: python # MANUAL
name: python-package-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/python/cataloger.go
function: NewPackageCataloger
config: python.CatalogerConfig # AUTO-GENERATED
selectors: # AUTO-GENERATED
- declared
- directory
- language
- package
- python
parsers: # AUTO-GENERATED structure
- function: parsePdmLock # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/pdm.lock'
metadata_types: # AUTO-GENERATED
- pkg.PythonPdmLockEntry
package_types: # AUTO-GENERATED
- python
json_schema_types: # AUTO-GENERATED
- PythonPdmLockEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- dev
- optional
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- function: parseUvLock # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/uv.lock'
metadata_types: # AUTO-GENERATED
- pkg.PythonUvLockEntry
package_types: # AUTO-GENERATED
- python
json_schema_types: # AUTO-GENERATED
- PythonUvLockEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- dev
- optional
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- function: parseSetup # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/setup.py'
package_types: # AUTO-GENERATED
- python
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- function: parsePipfileLock # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/Pipfile.lock'
metadata_types: # AUTO-GENERATED
- pkg.PythonPipfileLockEntry
package_types: # AUTO-GENERATED
- python
json_schema_types: # AUTO-GENERATED
- PythonPipfileLockEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: true
evidence:
- PythonPipfileLockEntry.Hashes
- name: package_manager.package_integrity_hash
default: false
- function: parsePoetryLock # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/poetry.lock'
metadata_types: # AUTO-GENERATED
- pkg.PythonPoetryLockEntry
package_types: # AUTO-GENERATED
- python
json_schema_types: # AUTO-GENERATED
- PythonPoetryLockEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- dev
- optional
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- PythonPoetryLockEntry.PackageHashes
- function: parseRequirementsTxt
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/*requirements*.txt'
metadata_types: # AUTO-GENERATED
- pkg.PythonRequirementsEntry
package_types: # AUTO-GENERATED
- python
json_schema_types: # AUTO-GENERATED
- PythonPipRequirementsEntry
capabilities: # MANUAL - preserved across regeneration
- name: license
default: false
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- any
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
# R ###############################################################################################################
- ecosystem: r # MANUAL
name: r-package-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/r/cataloger.go
function: NewPackageCataloger
selectors: # AUTO-GENERATED
- directory
- image
- installed
- language
- package
- r
parsers: # AUTO-GENERATED structure
- function: parseDescriptionFile # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/DESCRIPTION'
metadata_types: # AUTO-GENERATED
- pkg.RDescription
package_types: # AUTO-GENERATED
- R-package
json_schema_types: # AUTO-GENERATED
- RDescription
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: true
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
# RPM (RedHat) #######################################################################################################
- ecosystem: rpm # MANUAL
name: rpm-archive-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/redhat/cataloger.go
function: NewArchiveCataloger
selectors: # AUTO-GENERATED
- declared
- directory
- linux
- os
- package
- redhat
- rpm
parsers: # AUTO-GENERATED structure
- function: parseRpmArchive # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/*.rpm'
metadata_types: # AUTO-GENERATED
- pkg.RpmArchive
package_types: # AUTO-GENERATED
- rpm
json_schema_types: # AUTO-GENERATED
- RpmArchive
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: true
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: true
evidence:
- RpmArchive.Files
- name: package_manager.files.digests
default: true
evidence:
- RpmArchive.Files[].Digest
- name: package_manager.package_integrity_hash
default: false
- ecosystem: rpm # MANUAL
name: rpm-db-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/redhat/cataloger.go
function: NewDBCataloger
selectors: # AUTO-GENERATED
- directory
- image
- installed
- linux
- os
- package
- redhat
- rpm
parsers: # AUTO-GENERATED structure
- function: parseRpmManifest # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/var/lib/rpmmanifest/container-manifest-2'
metadata_types: # AUTO-GENERATED
- pkg.RpmDBEntry
package_types: # AUTO-GENERATED
- rpm
json_schema_types: # AUTO-GENERATED
- RpmDbEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- function: parseRpmDB # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/{var/lib,usr/share,usr/lib/sysimage}/rpm/{Packages,Packages.db,rpmdb.sqlite}'
metadata_types: # AUTO-GENERATED
- pkg.RpmDBEntry
package_types: # AUTO-GENERATED
- rpm
json_schema_types: # AUTO-GENERATED
- RpmDbEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: true
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: complete
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: true
evidence:
- RpmDBEntry.Files
- name: package_manager.files.digests
default: true
evidence:
- RpmDBEntry.Files[].Digest
- name: package_manager.package_integrity_hash
default: false
# Ruby ###########################################################################################################
- ecosystem: ruby # MANUAL
name: ruby-gemfile-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/ruby/cataloger.go
function: NewGemFileLockCataloger
selectors: # AUTO-GENERATED
- declared
- directory
- gem
- language
- package
- ruby
parsers: # AUTO-GENERATED structure
- function: parseGemFileLockEntries # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/Gemfile.lock'
package_types: # AUTO-GENERATED
- gem
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: ruby # MANUAL
name: ruby-gemspec-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/ruby/cataloger.go
function: NewGemSpecCataloger
selectors: # AUTO-GENERATED
- declared
- directory
- gem
- gemspec
- language
- package
- ruby
parsers: # AUTO-GENERATED structure
- function: parseGemSpecEntries # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/*.gemspec'
metadata_types: # AUTO-GENERATED
- pkg.RubyGemspec
package_types: # AUTO-GENERATED
- gem
json_schema_types: # AUTO-GENERATED
- RubyGemspec
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: true
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: true
evidence:
- RubyGemspec.Files
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- ecosystem: ruby # MANUAL
name: ruby-installed-gemspec-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/ruby/cataloger.go
function: NewInstalledGemSpecCataloger
selectors: # AUTO-GENERATED
- gem
- gemspec
- image
- installed
- language
- package
- ruby
parsers: # AUTO-GENERATED structure
- function: parseGemSpecEntries # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/specifications/**/*.gemspec'
metadata_types: # AUTO-GENERATED
- pkg.RubyGemspec
package_types: # AUTO-GENERATED
- gem
json_schema_types: # AUTO-GENERATED
- RubyGemspec
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: true
- name: dependency.depth
default:
- direct
- indirect
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: true
evidence:
- RubyGemspec.Files
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
# SBOM ##########################################################################################################
- ecosystem: sbom # MANUAL
name: sbom-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/sbom/cataloger.go
function: NewCataloger
selectors: # AUTO-GENERATED
- package
- sbom
parsers: # AUTO-GENERATED structure
- function: parseSBOM # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/*.syft.json'
- '**/*.bom.*'
- '**/*.bom'
- '**/bom'
- '**/*.sbom.*'
- '**/*.sbom'
- '**/sbom'
- '**/*.cdx.*'
- '**/*.cdx'
- '**/*.spdx.*'
- '**/*.spdx'
metadata_types: # AUTO-GENERATED
- pkg.ApkDBEntry
package_types: # AUTO-GENERATED
- apk
json_schema_types: # AUTO-GENERATED
- ApkDbEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: true
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
# Snap ##########################################################################################################
- ecosystem: snap # MANUAL
name: snap-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/snap/cataloger.go
function: NewCataloger
selectors: # AUTO-GENERATED
- directory
- image
- installed
- package
- snap
parsers: # AUTO-GENERATED structure
- function: parseSnapdSnapcraft # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/snap/snapcraft.yaml'
metadata_types: # AUTO-GENERATED
- pkg.SnapEntry
package_types: # AUTO-GENERATED
- deb
json_schema_types: # AUTO-GENERATED
- SnapEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- function: parseSystemManifest # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/snap/manifest.yaml'
metadata_types: # AUTO-GENERATED
- pkg.SnapEntry
package_types: # AUTO-GENERATED
- deb
json_schema_types: # AUTO-GENERATED
- SnapEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- function: parseKernelChangelog # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/doc/linux-modules-*/changelog.Debian.gz'
metadata_types: # AUTO-GENERATED
- pkg.SnapEntry
package_types: # AUTO-GENERATED
- deb
json_schema_types: # AUTO-GENERATED
- SnapEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- function: parseBaseDpkgYaml # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/usr/share/snappy/dpkg.yaml'
metadata_types: # AUTO-GENERATED
- pkg.SnapEntry
package_types: # AUTO-GENERATED
- deb
json_schema_types: # AUTO-GENERATED
- SnapEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
- function: parseSnapYaml # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/meta/snap.yaml'
metadata_types: # AUTO-GENERATED
- pkg.SnapEntry
package_types: # AUTO-GENERATED
- deb
json_schema_types: # AUTO-GENERATED
- SnapEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
# Prolog ########################################################################################################
- ecosystem: prolog # MANUAL
name: swipl-pack-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/swipl/cataloger.go
function: NewSwiplPackCataloger
selectors: # AUTO-GENERATED
- declared
- directory
- language
- pack
- package
- swipl
parsers: # AUTO-GENERATED structure
- function: parsePackPackage # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/pack.pl'
metadata_types: # AUTO-GENERATED
- pkg.SwiplPackEntry
package_types: # AUTO-GENERATED
- swiplpack
json_schema_types: # AUTO-GENERATED
- SwiplpackPackage
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- dev
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
# Terraform ######################################################################################################
- ecosystem: terraform # MANUAL
name: terraform-lock-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/terraform/cataloger.go
function: NewLockCataloger
selectors: # AUTO-GENERATED
- declared
- directory
- package
- terraform
parsers: # AUTO-GENERATED structure
- function: parseTerraformLock # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/.terraform.lock.hcl'
metadata_types: # AUTO-GENERATED
- pkg.TerraformLockProviderEntry
package_types: # AUTO-GENERATED
- terraform
json_schema_types: # AUTO-GENERATED
- TerraformLockProviderEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: false
- name: dependency.depth
default:
- direct
- name: dependency.edges
default: ""
- name: dependency.kinds
default:
- runtime
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: true
evidence:
- TerraformLockProviderEntry.Hashes
# WordPress ######################################################################################################
- ecosystem: wordpress # MANUAL
name: wordpress-plugins-cataloger # AUTO-GENERATED
type: generic # AUTO-GENERATED
source: # AUTO-GENERATED
file: syft/pkg/cataloger/wordpress/cataloger.go
function: NewWordpressPluginCataloger
selectors: # AUTO-GENERATED
- directory
- image
- package
- wordpress
parsers: # AUTO-GENERATED structure
- function: parseWordpressPluginFiles # AUTO-GENERATED
detector: # AUTO-GENERATED
method: glob # AUTO-GENERATED
criteria: # AUTO-GENERATED
- '**/wp-content/plugins/*/*.php'
metadata_types: # AUTO-GENERATED
- pkg.WordpressPluginEntry
package_types: # AUTO-GENERATED
- wordpress-plugin
json_schema_types: # AUTO-GENERATED
- WordpressPluginEntry
capabilities: # MANUAL - config-driven capability definitions
- name: license
default: true
- name: dependency.depth
default: []
- name: dependency.edges
default: ""
- name: dependency.kinds
default: []
- name: package_manager.files.listing
default: false
- name: package_manager.files.digests
default: false
- name: package_manager.package_integrity_hash
default: false
Reference in New Issue View Git Blame Copy Permalink