chore(deps): update Syft to v0.100.0 (#1649)

* chore(deps): update Syft to v0.100.0

Signed-off-by: GitHub <noreply@github.com>

* apply CLI options over default cataloging config

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: willmurphyscode <willmurphyscode@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>

cmd/grype/cli/commands/root.go

@@ -36,6 +36,7 @@ import (
 	"github.com/anchore/grype/internal/stringutil"
 	"github.com/anchore/syft/syft/linux"
 	syftPkg "github.com/anchore/syft/syft/pkg"
+	"github.com/anchore/syft/syft/pkg/cataloger"
 	"github.com/anchore/syft/syft/sbom"
 )
 
@@ -289,11 +290,14 @@ func getMatchers(opts *options.Grype) []matcher.Matcher {
 }
 
 func getProviderConfig(opts *options.Grype) pkg.ProviderConfig {
+	cfg := cataloger.DefaultConfig()
+	cfg.Search = opts.Search.ToConfig()
+
 	return pkg.ProviderConfig{
 		SyftProviderConfig: pkg.SyftProviderConfig{
 			RegistryOptions:        opts.Registry.ToOptions(),
 			Exclusions:             opts.Exclusions,
-			CatalogingOptions:      opts.Search.ToConfig(),
+			CatalogingOptions:      cfg,
 			Platform:               opts.Platform,
 			Name:                   opts.Name,
 			DefaultImagePullSource: opts.DefaultImagePullSource,

cmd/grype/cli/commands/root_test.go

@@ -3,10 +3,16 @@ package commands
 import (
 	"testing"
 
+	"github.com/google/go-cmp/cmp"
+	"github.com/google/go-cmp/cmp/cmpopts"
 	"github.com/stretchr/testify/assert"
 
+	"github.com/anchore/clio"
 	"github.com/anchore/grype/cmd/grype/cli/options"
 	"github.com/anchore/grype/grype/pkg"
+	"github.com/anchore/stereoscope/pkg/image"
+	"github.com/anchore/syft/syft/pkg/cataloger"
+	"github.com/anchore/syft/syft/pkg/cataloger/binary"
 )
 
 func Test_applyDistroHint(t *testing.T) {
@@ -40,3 +46,35 @@ func Test_applyDistroHint(t *testing.T) {
 	assert.Equal(t, "ubuntu", ctx.Distro.Name)
 	assert.Equal(t, "latest", ctx.Distro.Version)
 }
+
+func Test_getProviderConfig(t *testing.T) {
+	tests := []struct {
+		name string
+		opts *options.Grype
+		want pkg.ProviderConfig
+	}{
+		{
+			name: "default-options-are-set",
+			opts: options.DefaultGrype(clio.Identification{
+				Name:    "test",
+				Version: "1.0",
+			}),
+			want: pkg.ProviderConfig{
+				SyftProviderConfig: pkg.SyftProviderConfig{
+					CatalogingOptions: cataloger.DefaultConfig(),
+					RegistryOptions: &image.RegistryOptions{
+						Credentials: []image.RegistryCredentials{},
+					},
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			opts := cmpopts.IgnoreFields(binary.Classifier{}, "EvidenceMatcher")
+			if d := cmp.Diff(tt.want, getProviderConfig(tt.opts), opts); d != "" {
+				t.Errorf("getProviderConfig() mismatch (-want +got):\n%s", d)
+			}
+		})
+	}
+}

cmd/grype/cli/options/search.go

@@ -37,13 +37,10 @@ func (cfg search) GetScope() source.Scope {
 	return source.ParseScope(cfg.Scope)
 }
 
-func (cfg search) ToConfig() cataloger.Config {
-	return cataloger.Config{
-		Search: cataloger.SearchConfig{
-			IncludeIndexedArchives:   cfg.IncludeIndexedArchives,
-			IncludeUnindexedArchives: cfg.IncludeUnindexedArchives,
-			Scope:                    cfg.GetScope(),
-		},
-		ExcludeBinaryOverlapByOwnership: true,
+func (cfg search) ToConfig() cataloger.SearchConfig {
+	return cataloger.SearchConfig{
+		IncludeIndexedArchives:   cfg.IncludeIndexedArchives,
+		IncludeUnindexedArchives: cfg.IncludeUnindexedArchives,
+		Scope:                    cfg.GetScope(),
 	}
 }

go.mod

@@ -13,8 +13,8 @@ require (
 	github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04
 	github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4
 	github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501
-	github.com/anchore/stereoscope v0.0.0-20231215220732-4b999b76ca89
-	github.com/anchore/syft v0.99.0
+	github.com/anchore/stereoscope v0.0.0-20231220161148-590920dabc54
+	github.com/anchore/syft v0.100.0
 	github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46
 	github.com/bmatcuk/doublestar/v2 v2.0.4
 	github.com/charmbracelet/bubbletea v0.25.0

go.sum

@@ -249,10 +249,10 @@ github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4 h1:rmZG77uXgE
 github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E=
 github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501 h1:AV7qjwMcM4r8wFhJq3jLRztew3ywIyPTRapl2T1s9o8=
 github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501/go.mod h1:Blo6OgJNiYF41ufcgHKkbCKF2MDOMlrqhXv/ij6ocR4=
-github.com/anchore/stereoscope v0.0.0-20231215220732-4b999b76ca89 h1:dymFMCwnENqLr74KQppq8zHKwOPL0M1ToYAU+KVfTew=
-github.com/anchore/stereoscope v0.0.0-20231215220732-4b999b76ca89/go.mod h1:GKAnytSVV1hoqB5r5Gd9M5Ph3Rzqq0zPdEJesewjC2w=
-github.com/anchore/syft v0.99.0 h1:oqycIA7XfHCB09meroN7eY2RWTGUZIdtWsMQL2HlPvw=
-github.com/anchore/syft v0.99.0/go.mod h1:tGZGyDxB2z/yu+x266+b67fMenGKCrUvSNVKED1euuo=
+github.com/anchore/stereoscope v0.0.0-20231220161148-590920dabc54 h1:i2YK5QEs9H2YB3B2zv+AGR44ves0nmAGOD07lMphH14=
+github.com/anchore/stereoscope v0.0.0-20231220161148-590920dabc54/go.mod h1:IylG7ofLoUKHwS1XDF6rPhOmaE3GgpAgsMdvvYfooTU=
+github.com/anchore/syft v0.100.0 h1:XUpV4xWmD2cBS9hhhEdJEppItz0AxG8f5W3JhI2tQvY=
+github.com/anchore/syft v0.100.0/go.mod h1:laFRFA/okrA+ut+wPCU32hNkdPEwQfXyaB7E21ymWFc=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
 github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y=
 github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY=