Mirrors/grype
2
0
Fork 0
mirror of https://github.com/anchore/grype synced 2024-11-10 06:34:13 +00:00
Code Issues Projects Releases Packages Wiki Activity
grype/test/integration/compare_sbom_input_vs_lib_test.go

273 lines
7.8 KiB
Go
Raw Normal View History

Bugfixes + Integration test for sbom input vs grype library comparison (#424) This change both adds a test to identify and fixes differences between loading sboms from json and loading sboms from Syft as a library. * adds integration test that compares SBOM input vs image input * fix integration test cache path * Add handler for ApkMetadataType in partialSyftPackage.UnmarshalJSON * Fix Epoch missing from Package.New RpmdbMetadataType handler and update RpmDbMetadata test in TestNew_MetadataExtraction * bump syft to version 0.24.0 * update license check for packageurl-go Co-authored-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Vijay Pillai <vijay.pillai@anchore.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Vijay Pillai <vijay.pillai@anchore.com>
2021-09-23 01:53:32 +00:00
package integration
import (
"fmt"
"os"
"testing"
Add gosimports linter (#647)
2022-03-03 19:50:24 +00:00
"github.com/scylladb/go-set/strset"
"github.com/stretchr/testify/assert"
Bugfixes + Integration test for sbom input vs grype library comparison (#424) This change both adds a test to identify and fixes differences between loading sboms from json and loading sboms from Syft as a library. * adds integration test that compares SBOM input vs image input * fix integration test cache path * Add handler for ApkMetadataType in partialSyftPackage.UnmarshalJSON * Fix Epoch missing from Package.New RpmdbMetadataType handler and update RpmDbMetadata test in TestNew_MetadataExtraction * bump syft to version 0.24.0 * update license check for packageurl-go Co-authored-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Vijay Pillai <vijay.pillai@anchore.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Vijay Pillai <vijay.pillai@anchore.com>
2021-09-23 01:53:32 +00:00
"github.com/anchore/grype/grype"
"github.com/anchore/grype/grype/db"
"github.com/anchore/grype/internal"
Incorporate format API changes from syft (#1582) * incorporate changes from anchore/syft#2228 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix testing utils to use syft SBOM Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 19:25:48 +00:00
"github.com/anchore/syft/syft/format/spdxjson"
"github.com/anchore/syft/syft/format/spdxtagvalue"
"github.com/anchore/syft/syft/format/syftjson"
Bugfixes + Integration test for sbom input vs grype library comparison (#424) This change both adds a test to identify and fixes differences between loading sboms from json and loading sboms from Syft as a library. * adds integration test that compares SBOM input vs image input * fix integration test cache path * Add handler for ApkMetadataType in partialSyftPackage.UnmarshalJSON * Fix Epoch missing from Package.New RpmdbMetadataType handler and update RpmDbMetadata test in TestNew_MetadataExtraction * bump syft to version 0.24.0 * update license check for packageurl-go Co-authored-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Vijay Pillai <vijay.pillai@anchore.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Vijay Pillai <vijay.pillai@anchore.com>
2021-09-23 01:53:32 +00:00
syftPkg "github.com/anchore/syft/syft/pkg"
Update to Syft v0.41.4 (#664)
2022-03-14 21:15:09 +00:00
"github.com/anchore/syft/syft/sbom"
Bugfixes + Integration test for sbom input vs grype library comparison (#424) This change both adds a test to identify and fixes differences between loading sboms from json and loading sboms from Syft as a library. * adds integration test that compares SBOM input vs image input * fix integration test cache path * Add handler for ApkMetadataType in partialSyftPackage.UnmarshalJSON * Fix Epoch missing from Package.New RpmdbMetadataType handler and update RpmDbMetadata test in TestNew_MetadataExtraction * bump syft to version 0.24.0 * update license check for packageurl-go Co-authored-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Vijay Pillai <vijay.pillai@anchore.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Vijay Pillai <vijay.pillai@anchore.com>
2021-09-23 01:53:32 +00:00
"github.com/anchore/syft/syft/source"
)
Finalize v4 Grype schema (#803) * initial v4 schema setup Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * update v3 => v4 for unit tests -- did NOT update - grype/db/v3/* Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * use nullable string in sqlite so null values get represented correctly Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * add missing unit test case for dotnet Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * Add db writer function for calling sqlite vacuum Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * adding normalization of package names at database adapter layer Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * refactor namespaces for v4 Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * update v4 stuff to use sqlite fork Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * Namespace should satisfy Stringer interface Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * normalize CPEs before comparison Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * vulnerability exclusion => vulnerability match exclusion Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * updates to vulnerability match exclusion models Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * add initial vulnerability match exclusion store unit tests Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * make vuln match exclusion constraints nullable Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * move vuln match namespace into constraints object and refactor Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * check db match constraints to ensure there aren't any unknown fields and add json hints Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * ensure we only keep compatible match exclusion constraints Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * use omitempty on all match exclusion structs Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * remove db v4 schema resolver and namespace types Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rename Vacuum to Close Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * lint fixes + remove panic on vuln provider creation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * WIP match exclusions Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * build list of ignore rules from v4 db records Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * quick attempt at a new uber object Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * just pass around the full object for now to quickly get to a usable state Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * fix panic when no vuln db loaded Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * use interfaces for db.store function signatures Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * Flatten the match exclusion constraint model to simplify logic Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * updating some tests Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * fix panic when no db update possible Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * more tests Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * WIP fixing match exclusion constraint usability and json mapping logic Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * add v4 db diff logic (excluding vulnerability_match_exclusion data for now) Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * lint fix Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * update integration tests Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * nvd -> nvd:cpe namespace updates Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * ensure test store uses v4 normalized names Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * set the grype db update url to staging for v4 Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * prevent more segfaults on database open Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * add continue when unable to load ignore rules Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * remove db.Status from the Store object Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * fix compare_sbom_input_vs_lib_test.go Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * remove staging endpoint now that v4 is published Signed-off-by: Weston Steimel <weston.steimel@anchore.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
2022-07-05 18:03:16 +00:00
func getListingURL() string {
if value, ok := os.LookupEnv("GRYPE_DB_UPDATE_URL"); ok {
return value
}
return internal.DBUpdateURL
}
Incorporate format API changes from syft (#1582) * incorporate changes from anchore/syft#2228 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix testing utils to use syft SBOM Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 19:25:48 +00:00
func must(e sbom.FormatEncoder, err error) sbom.FormatEncoder {
if err != nil {
panic(err)
}
return e
}
Bugfixes + Integration test for sbom input vs grype library comparison (#424) This change both adds a test to identify and fixes differences between loading sboms from json and loading sboms from Syft as a library. * adds integration test that compares SBOM input vs image input * fix integration test cache path * Add handler for ApkMetadataType in partialSyftPackage.UnmarshalJSON * Fix Epoch missing from Package.New RpmdbMetadataType handler and update RpmDbMetadata test in TestNew_MetadataExtraction * bump syft to version 0.24.0 * update license check for packageurl-go Co-authored-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Vijay Pillai <vijay.pillai@anchore.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Vijay Pillai <vijay.pillai@anchore.com>
2021-09-23 01:53:32 +00:00
func TestCompareSBOMInputToLibResults(t *testing.T) {
// get a grype DB
add DBCloser. Clients can aviod db connection leak if vulnerability db is loaded many times (#825)
2022-07-12 13:54:42 +00:00
store, _, closer, err := grype.LoadVulnerabilityDB(db.Config{
update linter + fix whitespace (#443) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-10-06 13:49:42 +00:00
DBRootDir: "test-fixtures/grype-db",
Finalize v4 Grype schema (#803) * initial v4 schema setup Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * update v3 => v4 for unit tests -- did NOT update - grype/db/v3/* Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * use nullable string in sqlite so null values get represented correctly Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * add missing unit test case for dotnet Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * Add db writer function for calling sqlite vacuum Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * adding normalization of package names at database adapter layer Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * refactor namespaces for v4 Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * update v4 stuff to use sqlite fork Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * Namespace should satisfy Stringer interface Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * normalize CPEs before comparison Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * vulnerability exclusion => vulnerability match exclusion Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * updates to vulnerability match exclusion models Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * add initial vulnerability match exclusion store unit tests Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * make vuln match exclusion constraints nullable Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * move vuln match namespace into constraints object and refactor Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * check db match constraints to ensure there aren't any unknown fields and add json hints Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * ensure we only keep compatible match exclusion constraints Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * use omitempty on all match exclusion structs Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * remove db v4 schema resolver and namespace types Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rename Vacuum to Close Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * lint fixes + remove panic on vuln provider creation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * WIP match exclusions Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * build list of ignore rules from v4 db records Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * quick attempt at a new uber object Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * just pass around the full object for now to quickly get to a usable state Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * fix panic when no vuln db loaded Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * use interfaces for db.store function signatures Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * Flatten the match exclusion constraint model to simplify logic Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * updating some tests Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * fix panic when no db update possible Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * more tests Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * WIP fixing match exclusion constraint usability and json mapping logic Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * add v4 db diff logic (excluding vulnerability_match_exclusion data for now) Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * lint fix Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * update integration tests Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * nvd -> nvd:cpe namespace updates Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * ensure test store uses v4 normalized names Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * set the grype db update url to staging for v4 Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * prevent more segfaults on database open Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * add continue when unable to load ignore rules Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * remove db.Status from the Store object Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * fix compare_sbom_input_vs_lib_test.go Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * remove staging endpoint now that v4 is published Signed-off-by: Weston Steimel <weston.steimel@anchore.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
2022-07-05 18:03:16 +00:00
ListingURL: getListingURL(),
Bugfixes + Integration test for sbom input vs grype library comparison (#424) This change both adds a test to identify and fixes differences between loading sboms from json and loading sboms from Syft as a library. * adds integration test that compares SBOM input vs image input * fix integration test cache path * Add handler for ApkMetadataType in partialSyftPackage.UnmarshalJSON * Fix Epoch missing from Package.New RpmdbMetadataType handler and update RpmDbMetadata test in TestNew_MetadataExtraction * bump syft to version 0.24.0 * update license check for packageurl-go Co-authored-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Vijay Pillai <vijay.pillai@anchore.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Vijay Pillai <vijay.pillai@anchore.com>
2021-09-23 01:53:32 +00:00
ValidateByHashOnGet: false,
}, true)
assert.NoError(t, err)
add DBCloser. Clients can aviod db connection leak if vulnerability db is loaded many times (#825)
2022-07-12 13:54:42 +00:00
if closer != nil {
defer closer.Close()
}
Bugfixes + Integration test for sbom input vs grype library comparison (#424) This change both adds a test to identify and fixes differences between loading sboms from json and loading sboms from Syft as a library. * adds integration test that compares SBOM input vs image input * fix integration test cache path * Add handler for ApkMetadataType in partialSyftPackage.UnmarshalJSON * Fix Epoch missing from Package.New RpmdbMetadataType handler and update RpmDbMetadata test in TestNew_MetadataExtraction * bump syft to version 0.24.0 * update license check for packageurl-go Co-authored-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Vijay Pillai <vijay.pillai@anchore.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Vijay Pillai <vijay.pillai@anchore.com>
2021-09-23 01:53:32 +00:00
definedPkgTypes := strset.New()
for _, p := range syftPkg.AllPkgs {
definedPkgTypes.Add(string(p))
}
chore: update Syft to v0.66.2 (#1060)
2023-01-18 17:50:46 +00:00
// exceptions: rust, php, dart, msrc (kb), etc. are not under test
Bump syft version => v0.30.1 (#498) * update syft version with correct arguments Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com> * bump integration tests with new presenter format Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com> * update integration tests to remove php-composer failure Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
2021-11-15 22:11:56 +00:00
definedPkgTypes.Remove(
chore(deps): update Syft to v0.87.1 (#1432)
2023-08-17 19:39:41 +00:00
string(syftPkg.BinaryPkg), // these are removed due to overlap-by-file-ownership
chore: update syft to latest v1.1.1 (#1784) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-04-04 15:52:02 +00:00
string(syftPkg.PhpPeclPkg),
Bump syft version => v0.30.1 (#498) * update syft version with correct arguments Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com> * bump integration tests with new presenter format Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com> * update integration tests to remove php-composer failure Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
2021-11-15 22:11:56 +00:00
string(syftPkg.RustPkg),
string(syftPkg.KbPkg),
Migrate LocationSet and add Dart support (#703)
2022-04-01 15:21:37 +00:00
string(syftPkg.DartPubPkg),
Add syft v0.46.0 Dotnet support (#747)
2022-05-13 16:46:31 +00:00
string(syftPkg.DotnetPkg),
Bump syft version => v0.30.1 (#498) * update syft version with correct arguments Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com> * bump integration tests with new presenter format Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com> * update integration tests to remove php-composer failure Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
2021-11-15 22:11:56 +00:00
string(syftPkg.PhpComposerPkg),
update syft to v0.50.0 (#818)
2022-07-06 14:48:21 +00:00
string(syftPkg.ConanPkg),
chore: update Syft to v0.66.2 (#1060)
2023-01-18 17:50:46 +00:00
string(syftPkg.HexPkg),
bump syft version to v0.51.0 (#822)
2022-07-11 19:15:12 +00:00
string(syftPkg.PortagePkg),
string(syftPkg.CocoapodsPkg),
update grype to use syft v0.52.0 (#838)
2022-07-22 16:12:18 +00:00
string(syftPkg.HackagePkg),
chore(deps): update Syft to v0.78.0 (#1242) * chore(deps): update Syft to v0.78.0 Signed-off-by: GitHub <noreply@github.com> * fix test location references and package types Signed-off-by: Alex Goodman <alex.goodman@anchore.com> --------- Signed-off-by: GitHub <noreply@github.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
2023-04-19 17:38:06 +00:00
string(syftPkg.NixPkg),
Abstract upstream package before matching (#607) * add metadata extraction from pURLs Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * extract upstream packages before matching Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * put pkg.UpstreamPackages under test Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove pURL related processing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * pull in syft spdx decoding Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * allow for more flexible GHSA namespace and source extraction Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add matching parity integration tests for all supported formats Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump syft to get spdx tv fix Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2022-02-10 21:43:12 +00:00
string(syftPkg.JenkinsPluginPkg), // package type cannot be inferred for all formats
chore(deps): update Syft to v0.78.0 (#1242) * chore(deps): update Syft to v0.78.0 Signed-off-by: GitHub <noreply@github.com> * fix test location references and package types Signed-off-by: Alex Goodman <alex.goodman@anchore.com> --------- Signed-off-by: GitHub <noreply@github.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
2023-04-19 17:38:06 +00:00
string(syftPkg.LinuxKernelPkg),
string(syftPkg.LinuxKernelModulePkg),
bump syft to pre-release of v0.81.0 (#1310) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2023-05-22 14:17:34 +00:00
string(syftPkg.Rpkg),
feat: update to Syft 1.11.0 (#2047)
2024-08-09 18:32:05 +00:00
string(syftPkg.SwiplPackPkg),
chore(deps): update Syft to v0.86.1 (#1410) * chore(deps): update Syft to v0.86.0 Signed-off-by: GitHub <noreply@github.com> * fix python package metadata shape Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * account for new metadatas added in syft Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * bump syft to unreleased but fixed version Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: GitHub <noreply@github.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
2023-07-31 17:58:36 +00:00
string(syftPkg.SwiftPkg),
Upgrade syft to v0.91.0 (#1508) * bump syft to main Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * upgdate cyclonedx presenter fixtures (bump from cdx 1.4 to 1.5) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update cyclonedx schema Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * allow for pkg type exceptions for github actions and workflows Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update cyclonedx json schema from v1.4 to v1.5 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * bump to syft v0.91.0 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * upgrade go-setup action to v4 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * remove asset upload from release workflow Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-09-20 20:39:23 +00:00
string(syftPkg.GithubActionPkg),
string(syftPkg.GithubActionWorkflowPkg),
Bump Syft in Grype to pull in unmarshaling fix (#1703) * WIP: package builds but tests do not Signed-off-by: Will Murphy <will.murphy@anchore.com> * WIP: some unit tests compile Signed-off-by: Will Murphy <will.murphy@anchore.com> * WIP: unit tests compile but do not pass Signed-off-by: Will Murphy <will.murphy@anchore.com> * Units passing with some changes to syft Signed-off-by: Will Murphy <will.murphy@anchore.com> * fix: excludes plus bad sbom should not suppress error Signed-off-by: Will Murphy <will.murphy@anchore.com> * add conan entry v2 package test Signed-off-by: Will Murphy <will.murphy@anchore.com> * bump syft again Signed-off-by: Will Murphy <will.murphy@anchore.com> * chore: fix compiler error in integration tests Signed-off-by: Will Murphy <will.murphy@anchore.com> * chore: remove erlang OTP from package types that must be seen in test image Signed-off-by: Will Murphy <will.murphy@anchore.com> * bump syft version used Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Will Murphy <will.murphy@anchore.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-07 19:28:48 +00:00
string(syftPkg.ErlangOTPPkg),
chore(deps): update Syft to v0.105.0 (#1714) * chore(deps): update Syft to v0.105.0 Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-14 22:09:50 +00:00
string(syftPkg.WordpressPluginPkg), // TODO: remove me when there is a matcher for this merged in https://github.com/anchore/grype/pull/1553
Update syft to 1.4.2-0.20240528141306-ac34808b9c55 (#1895) * update to latest syft Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix tests related to syft bump Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-05-28 15:06:16 +00:00
string(syftPkg.LuaRocksPkg),
Bump syft version => v0.30.1 (#498) * update syft version with correct arguments Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com> * bump integration tests with new presenter format Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com> * update integration tests to remove php-composer failure Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
2021-11-15 22:11:56 +00:00
)
Bugfixes + Integration test for sbom input vs grype library comparison (#424) This change both adds a test to identify and fixes differences between loading sboms from json and loading sboms from Syft as a library. * adds integration test that compares SBOM input vs image input * fix integration test cache path * Add handler for ApkMetadataType in partialSyftPackage.UnmarshalJSON * Fix Epoch missing from Package.New RpmdbMetadataType handler and update RpmDbMetadata test in TestNew_MetadataExtraction * bump syft to version 0.24.0 * update license check for packageurl-go Co-authored-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Vijay Pillai <vijay.pillai@anchore.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Vijay Pillai <vijay.pillai@anchore.com>
2021-09-23 01:53:32 +00:00
observedPkgTypes := strset.New()
Refactor integ test to table test (#1390) To make it easier to see which tests fail if there's a failure. Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 15:27:46 +00:00
testCases := []struct {
name string
image string
Incorporate format API changes from syft (#1582) * incorporate changes from anchore/syft#2228 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix testing utils to use syft SBOM Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 19:25:48 +00:00
format sbom.FormatEncoder
Refactor integ test to table test (#1390) To make it easier to see which tests fail if there's a failure. Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 15:27:46 +00:00
}{
{
image: "anchore/test_images:vulnerabilities-alpine",
Incorporate format API changes from syft (#1582) * incorporate changes from anchore/syft#2228 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix testing utils to use syft SBOM Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 19:25:48 +00:00
format: syftjson.NewFormatEncoder(),
Refactor integ test to table test (#1390) To make it easier to see which tests fail if there's a failure. Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 15:27:46 +00:00
name: "alpine-syft-json",
},
{
image: "anchore/test_images:vulnerabilities-alpine",
Incorporate format API changes from syft (#1582) * incorporate changes from anchore/syft#2228 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix testing utils to use syft SBOM Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 19:25:48 +00:00
format: must(spdxjson.NewFormatEncoderWithConfig(spdxjson.DefaultEncoderConfig())),
Refactor integ test to table test (#1390) To make it easier to see which tests fail if there's a failure. Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 15:27:46 +00:00
name: "alpine-spdx-json",
},
{
image: "anchore/test_images:vulnerabilities-alpine",
Incorporate format API changes from syft (#1582) * incorporate changes from anchore/syft#2228 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix testing utils to use syft SBOM Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 19:25:48 +00:00
format: must(spdxtagvalue.NewFormatEncoderWithConfig(spdxtagvalue.DefaultEncoderConfig())),
Refactor integ test to table test (#1390) To make it easier to see which tests fail if there's a failure. Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 15:27:46 +00:00
name: "alpine-spdx-tag-value",
},
{
image: "anchore/test_images:gems",
Incorporate format API changes from syft (#1582) * incorporate changes from anchore/syft#2228 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix testing utils to use syft SBOM Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 19:25:48 +00:00
format: syftjson.NewFormatEncoder(),
Refactor integ test to table test (#1390) To make it easier to see which tests fail if there's a failure. Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 15:27:46 +00:00
name: "gems-syft-json",
},
{
image: "anchore/test_images:gems",
Incorporate format API changes from syft (#1582) * incorporate changes from anchore/syft#2228 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix testing utils to use syft SBOM Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 19:25:48 +00:00
format: must(spdxjson.NewFormatEncoderWithConfig(spdxjson.DefaultEncoderConfig())),
Refactor integ test to table test (#1390) To make it easier to see which tests fail if there's a failure. Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 15:27:46 +00:00
name: "gems-spdx-json",
},
{
image: "anchore/test_images:gems",
Incorporate format API changes from syft (#1582) * incorporate changes from anchore/syft#2228 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix testing utils to use syft SBOM Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 19:25:48 +00:00
format: must(spdxtagvalue.NewFormatEncoderWithConfig(spdxtagvalue.DefaultEncoderConfig())),
Refactor integ test to table test (#1390) To make it easier to see which tests fail if there's a failure. Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 15:27:46 +00:00
name: "gems-spdx-tag-value",
},
{
image: "anchore/test_images:vulnerabilities-debian",
Incorporate format API changes from syft (#1582) * incorporate changes from anchore/syft#2228 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix testing utils to use syft SBOM Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 19:25:48 +00:00
format: syftjson.NewFormatEncoder(),
Refactor integ test to table test (#1390) To make it easier to see which tests fail if there's a failure. Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 15:27:46 +00:00
name: "debian-syft-json",
},
{
image: "anchore/test_images:vulnerabilities-debian",
Incorporate format API changes from syft (#1582) * incorporate changes from anchore/syft#2228 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix testing utils to use syft SBOM Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 19:25:48 +00:00
format: must(spdxjson.NewFormatEncoderWithConfig(spdxjson.DefaultEncoderConfig())),
Refactor integ test to table test (#1390) To make it easier to see which tests fail if there's a failure. Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 15:27:46 +00:00
name: "debian-spdx-json",
},
{
image: "anchore/test_images:vulnerabilities-debian",
Incorporate format API changes from syft (#1582) * incorporate changes from anchore/syft#2228 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix testing utils to use syft SBOM Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 19:25:48 +00:00
format: must(spdxtagvalue.NewFormatEncoderWithConfig(spdxtagvalue.DefaultEncoderConfig())),
Refactor integ test to table test (#1390) To make it easier to see which tests fail if there's a failure. Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 15:27:46 +00:00
name: "debian-spdx-tag-value",
},
{
image: "anchore/test_images:vulnerabilities-centos",
Incorporate format API changes from syft (#1582) * incorporate changes from anchore/syft#2228 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix testing utils to use syft SBOM Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 19:25:48 +00:00
format: syftjson.NewFormatEncoder(),
Refactor integ test to table test (#1390) To make it easier to see which tests fail if there's a failure. Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 15:27:46 +00:00
name: "centos-syft-json",
},
{
image: "anchore/test_images:vulnerabilities-centos",
Incorporate format API changes from syft (#1582) * incorporate changes from anchore/syft#2228 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix testing utils to use syft SBOM Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 19:25:48 +00:00
format: must(spdxjson.NewFormatEncoderWithConfig(spdxjson.DefaultEncoderConfig())),
Refactor integ test to table test (#1390) To make it easier to see which tests fail if there's a failure. Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 15:27:46 +00:00
name: "centos-spdx-json",
},
{
image: "anchore/test_images:vulnerabilities-centos",
Incorporate format API changes from syft (#1582) * incorporate changes from anchore/syft#2228 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix testing utils to use syft SBOM Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 19:25:48 +00:00
format: must(spdxtagvalue.NewFormatEncoderWithConfig(spdxtagvalue.DefaultEncoderConfig())),
Refactor integ test to table test (#1390) To make it easier to see which tests fail if there's a failure. Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 15:27:46 +00:00
name: "centos-spdx-tag-value",
},
{
image: "anchore/test_images:npm",
Incorporate format API changes from syft (#1582) * incorporate changes from anchore/syft#2228 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix testing utils to use syft SBOM Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 19:25:48 +00:00
format: syftjson.NewFormatEncoder(),
Refactor integ test to table test (#1390) To make it easier to see which tests fail if there's a failure. Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 15:27:46 +00:00
name: "npm-syft-json",
},
{
image: "anchore/test_images:npm",
Incorporate format API changes from syft (#1582) * incorporate changes from anchore/syft#2228 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix testing utils to use syft SBOM Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 19:25:48 +00:00
format: must(spdxjson.NewFormatEncoderWithConfig(spdxjson.DefaultEncoderConfig())),
Refactor integ test to table test (#1390) To make it easier to see which tests fail if there's a failure. Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 15:27:46 +00:00
name: "npm-spdx-json",
},
{
image: "anchore/test_images:npm",
Incorporate format API changes from syft (#1582) * incorporate changes from anchore/syft#2228 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix testing utils to use syft SBOM Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 19:25:48 +00:00
format: must(spdxtagvalue.NewFormatEncoderWithConfig(spdxtagvalue.DefaultEncoderConfig())),
Refactor integ test to table test (#1390) To make it easier to see which tests fail if there's a failure. Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 15:27:46 +00:00
name: "npm-spdx-tag-value",
},
{
image: "anchore/test_images:java",
Incorporate format API changes from syft (#1582) * incorporate changes from anchore/syft#2228 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix testing utils to use syft SBOM Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 19:25:48 +00:00
format: syftjson.NewFormatEncoder(),
Refactor integ test to table test (#1390) To make it easier to see which tests fail if there's a failure. Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 15:27:46 +00:00
name: "java-syft-json",
},
Bugfixes + Integration test for sbom input vs grype library comparison (#424) This change both adds a test to identify and fixes differences between loading sboms from json and loading sboms from Syft as a library. * adds integration test that compares SBOM input vs image input * fix integration test cache path * Add handler for ApkMetadataType in partialSyftPackage.UnmarshalJSON * Fix Epoch missing from Package.New RpmdbMetadataType handler and update RpmDbMetadata test in TestNew_MetadataExtraction * bump syft to version 0.24.0 * update license check for packageurl-go Co-authored-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Vijay Pillai <vijay.pillai@anchore.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Vijay Pillai <vijay.pillai@anchore.com>
2021-09-23 01:53:32 +00:00
Refactor integ test to table test (#1390) To make it easier to see which tests fail if there's a failure. Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 15:27:46 +00:00
{
image: "anchore/test_images:java",
Incorporate format API changes from syft (#1582) * incorporate changes from anchore/syft#2228 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix testing utils to use syft SBOM Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 19:25:48 +00:00
format: must(spdxjson.NewFormatEncoderWithConfig(spdxjson.DefaultEncoderConfig())),
Refactor integ test to table test (#1390) To make it easier to see which tests fail if there's a failure. Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 15:27:46 +00:00
name: "java-spdx-json",
},
{
image: "anchore/test_images:java",
Incorporate format API changes from syft (#1582) * incorporate changes from anchore/syft#2228 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix testing utils to use syft SBOM Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 19:25:48 +00:00
format: must(spdxtagvalue.NewFormatEncoderWithConfig(spdxtagvalue.DefaultEncoderConfig())),
Refactor integ test to table test (#1390) To make it easier to see which tests fail if there's a failure. Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 15:27:46 +00:00
name: "java-spdx-tag-value",
},
{
image: "anchore/test_images:golang-56d52bc",
Incorporate format API changes from syft (#1582) * incorporate changes from anchore/syft#2228 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix testing utils to use syft SBOM Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 19:25:48 +00:00
format: syftjson.NewFormatEncoder(),
Refactor integ test to table test (#1390) To make it easier to see which tests fail if there's a failure. Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 15:27:46 +00:00
name: "go-syft-json",
},
{
image: "anchore/test_images:golang-56d52bc",
Incorporate format API changes from syft (#1582) * incorporate changes from anchore/syft#2228 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix testing utils to use syft SBOM Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 19:25:48 +00:00
format: must(spdxjson.NewFormatEncoderWithConfig(spdxjson.DefaultEncoderConfig())),
Refactor integ test to table test (#1390) To make it easier to see which tests fail if there's a failure. Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 15:27:46 +00:00
name: "go-spdx-json",
},
{
image: "anchore/test_images:golang-56d52bc",
Incorporate format API changes from syft (#1582) * incorporate changes from anchore/syft#2228 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix testing utils to use syft SBOM Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 19:25:48 +00:00
format: must(spdxtagvalue.NewFormatEncoderWithConfig(spdxtagvalue.DefaultEncoderConfig())),
Refactor integ test to table test (#1390) To make it easier to see which tests fail if there's a failure. Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 15:27:46 +00:00
name: "go-spdx-tag-value",
},
{
image: "anchore/test_images:arch",
Incorporate format API changes from syft (#1582) * incorporate changes from anchore/syft#2228 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix testing utils to use syft SBOM Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 19:25:48 +00:00
format: syftjson.NewFormatEncoder(),
Refactor integ test to table test (#1390) To make it easier to see which tests fail if there's a failure. Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 15:27:46 +00:00
name: "arch-syft-json",
},
{
image: "anchore/test_images:arch",
Incorporate format API changes from syft (#1582) * incorporate changes from anchore/syft#2228 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix testing utils to use syft SBOM Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 19:25:48 +00:00
format: must(spdxjson.NewFormatEncoderWithConfig(spdxjson.DefaultEncoderConfig())),
Refactor integ test to table test (#1390) To make it easier to see which tests fail if there's a failure. Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 15:27:46 +00:00
name: "arch-spdx-json",
},
{
image: "anchore/test_images:arch",
Incorporate format API changes from syft (#1582) * incorporate changes from anchore/syft#2228 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix testing utils to use syft SBOM Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 19:25:48 +00:00
format: must(spdxtagvalue.NewFormatEncoderWithConfig(spdxtagvalue.DefaultEncoderConfig())),
Refactor integ test to table test (#1390) To make it easier to see which tests fail if there's a failure. Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 15:27:46 +00:00
name: "arch-spdx-tag-value",
},
}
for _, tc := range testCases {
imageArchive := PullThroughImageCache(t, tc.image)
Incorporate format API changes from syft (#1582) * incorporate changes from anchore/syft#2228 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix testing utils to use syft SBOM Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 19:25:48 +00:00
Refactor integ test to table test (#1390) To make it easier to see which tests fail if there's a failure. Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 15:27:46 +00:00
t.Run(tc.name, func(t *testing.T) {
// get SBOM from syft, write to temp file
chore: update syft source providers (#1727)
2024-02-28 01:47:51 +00:00
sbomBytes := getSyftSBOM(t, imageArchive, "docker-archive", tc.format)
Refactor integ test to table test (#1390) To make it easier to see which tests fail if there's a failure. Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 15:27:46 +00:00
sbomFile, err := os.CreateTemp("", "")
assert.NoError(t, err)
t.Cleanup(func() {
assert.NoError(t, os.Remove(sbomFile.Name()))
})
_, err = sbomFile.WriteString(sbomBytes)
assert.NoError(t, err)
assert.NoError(t, sbomFile.Close())
// get vulns (sbom)
matchesFromSbom, _, pkgsFromSbom, err := grype.FindVulnerabilities(*store, fmt.Sprintf("sbom:%s", sbomFile.Name()), source.SquashedScope, nil)
assert.NoError(t, err)
// get vulns (image)
chore: update syft source providers (#1727)
2024-02-28 01:47:51 +00:00
imageSource := fmt.Sprintf("docker-archive:%s", imageArchive)
Refactor integ test to table test (#1390) To make it easier to see which tests fail if there's a failure. Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 15:27:46 +00:00
matchesFromImage, _, _, err := grype.FindVulnerabilities(*store, imageSource, source.SquashedScope, nil)
assert.NoError(t, err)
Bugfixes + Integration test for sbom input vs grype library comparison (#424) This change both adds a test to identify and fixes differences between loading sboms from json and loading sboms from Syft as a library. * adds integration test that compares SBOM input vs image input * fix integration test cache path * Add handler for ApkMetadataType in partialSyftPackage.UnmarshalJSON * Fix Epoch missing from Package.New RpmdbMetadataType handler and update RpmDbMetadata test in TestNew_MetadataExtraction * bump syft to version 0.24.0 * update license check for packageurl-go Co-authored-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Vijay Pillai <vijay.pillai@anchore.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Vijay Pillai <vijay.pillai@anchore.com>
2021-09-23 01:53:32 +00:00
Refactor integ test to table test (#1390) To make it easier to see which tests fail if there's a failure. Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 15:27:46 +00:00
// compare packages (shallow)
matchSetFromSbom := getMatchSet(matchesFromSbom)
matchSetFromImage := getMatchSet(matchesFromImage)
assert.Empty(t, strset.Difference(matchSetFromSbom, matchSetFromImage).List(), "vulnerabilities present only in results when using sbom as input")
assert.Empty(t, strset.Difference(matchSetFromImage, matchSetFromSbom).List(), "vulnerabilities present only in results when using image as input")
// track all covered package types (for use after the test)
for _, p := range pkgsFromSbom {
observedPkgTypes.Add(string(p.Type))
Update to Syft v0.41.4 (#664)
2022-03-14 21:15:09 +00:00
}
Abstract upstream package before matching (#607) * add metadata extraction from pURLs Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * extract upstream packages before matching Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * put pkg.UpstreamPackages under test Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove pURL related processing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * pull in syft spdx decoding Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * allow for more flexible GHSA namespace and source extraction Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add matching parity integration tests for all supported formats Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump syft to get spdx tv fix Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2022-02-10 21:43:12 +00:00
Refactor integ test to table test (#1390) To make it easier to see which tests fail if there's a failure. Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 15:27:46 +00:00
})
Bugfixes + Integration test for sbom input vs grype library comparison (#424) This change both adds a test to identify and fixes differences between loading sboms from json and loading sboms from Syft as a library. * adds integration test that compares SBOM input vs image input * fix integration test cache path * Add handler for ApkMetadataType in partialSyftPackage.UnmarshalJSON * Fix Epoch missing from Package.New RpmdbMetadataType handler and update RpmDbMetadata test in TestNew_MetadataExtraction * bump syft to version 0.24.0 * update license check for packageurl-go Co-authored-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Vijay Pillai <vijay.pillai@anchore.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Vijay Pillai <vijay.pillai@anchore.com>
2021-09-23 01:53:32 +00:00
}
// ensure we've covered all package types (-rust, -kb)
unobservedPackageTypes := strset.Difference(definedPkgTypes, observedPkgTypes)
assert.Empty(t, unobservedPackageTypes.List(), "not all package type were covered in testing")
}
Reference in a new issue Copy permalink