mirror of
https://github.com/anchore/syft.git
synced 2025-11-19 09:23:15 +01:00
ef627d82ef
* migrate pkg.ID and pkg.Relationship to artifact package Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * return relationships from tasks Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix more tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add artifact.Identifiable by Identity() method Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove catalog ID assignment Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * adjust spdx helpers to use copy of packages Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * stabilize package ID relative to encode-decode format cycles Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rename Identity() to ID() Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * use zero value for nils in ID generation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * enable source.Location to be identifiable Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * hoist up package relationship discovery to analysis stage Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update ownership-by-file-overlap relationship description Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add test reminders to put new relationships under test Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * adjust PHP composer.lock parser function to return relationships Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
87 lines
1.6 KiB
Plaintext
87 lines
1.6 KiB
Plaintext
{
|
|
"artifacts": [
|
|
{
|
|
"id": "cbf4f3077fc7deee",
|
|
"name": "package-1",
|
|
"version": "1.0.1",
|
|
"type": "python",
|
|
"foundBy": "the-cataloger-1",
|
|
"locations": [
|
|
{
|
|
"path": "/some/path/pkg1"
|
|
}
|
|
],
|
|
"licenses": [
|
|
"MIT"
|
|
],
|
|
"language": "python",
|
|
"cpes": [
|
|
"cpe:2.3:*:some:package:2:*:*:*:*:*:*:*"
|
|
],
|
|
"purl": "a-purl-2",
|
|
"metadataType": "PythonPackageMetadata",
|
|
"metadata": {
|
|
"name": "package-1",
|
|
"version": "1.0.1",
|
|
"license": "",
|
|
"author": "",
|
|
"authorEmail": "",
|
|
"platform": "",
|
|
"files": [
|
|
{
|
|
"path": "/some/path/pkg1/dependencies/foo"
|
|
}
|
|
],
|
|
"sitePackagesRootPath": ""
|
|
}
|
|
},
|
|
{
|
|
"id": "1a39aadd9705c2b9",
|
|
"name": "package-2",
|
|
"version": "2.0.1",
|
|
"type": "deb",
|
|
"foundBy": "the-cataloger-2",
|
|
"locations": [
|
|
{
|
|
"path": "/some/path/pkg1"
|
|
}
|
|
],
|
|
"licenses": [],
|
|
"language": "",
|
|
"cpes": [
|
|
"cpe:2.3:*:some:package:2:*:*:*:*:*:*:*"
|
|
],
|
|
"purl": "a-purl-2",
|
|
"metadataType": "DpkgMetadata",
|
|
"metadata": {
|
|
"package": "package-2",
|
|
"source": "",
|
|
"version": "2.0.1",
|
|
"sourceVersion": "",
|
|
"architecture": "",
|
|
"maintainer": "",
|
|
"installedSize": 0,
|
|
"files": null
|
|
}
|
|
}
|
|
],
|
|
"artifactRelationships": [],
|
|
"source": {
|
|
"type": "directory",
|
|
"target": "/some/path"
|
|
},
|
|
"distro": {
|
|
"name": "debian",
|
|
"version": "1.2.3",
|
|
"idLike": "like!"
|
|
},
|
|
"descriptor": {
|
|
"name": "syft",
|
|
"version": "[not provided]"
|
|
},
|
|
"schema": {
|
|
"version": "1.1.0",
|
|
"url": "https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-1.1.0.json"
|
|
}
|
|
}
|