From cbdec2ae5e6cb36a41b148d005d63d3b0bdbccd6 Mon Sep 17 00:00:00 2001 From: Keith Zantow Date: Mon, 14 Mar 2022 17:15:09 -0400 Subject: [PATCH] Update to Syft v0.41.4 (#664) --- go.mod | 10 ++-- go.sum | 53 +++++++++++++----- grype/pkg/syft_provider.go | 7 ++- grype/pkg/syft_sbom_provider.go | 5 +- grype/presenter/json/presenter_test.go | 21 ++----- .../snapshot/TestEmptyJsonPresenter.golden | 18 +++--- .../snapshot/TestJsonImgsPresenter.golden | 24 ++++---- .../stereoscope-fixture-image-simple.golden | Bin 23552 -> 22016 bytes grype/presenter/sarif/presenter_test.go | 2 +- .../snapshot/TestSarifPresenterDir.golden | 6 +- .../snapshot/TestSarifPresenterImage.golden | 10 ++-- .../compare_sbom_input_vs_lib_test.go | 19 ++++--- test/integration/match_by_image_test.go | 7 ++- test/integration/utils_test.go | 14 +++-- 14 files changed, 115 insertions(+), 81 deletions(-) diff --git a/go.mod b/go.mod index bd998a9c..f7d7b96e 100644 --- a/go.mod +++ b/go.mod @@ -10,8 +10,8 @@ require ( github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04 github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4 github.com/anchore/packageurl-go v0.0.0-20210922164639-b3fa992ebd29 - github.com/anchore/stereoscope v0.0.0-20220217141419-c6f02aed9ed2 - github.com/anchore/syft v0.39.4-0.20220301223752-edac8c7bf77a + github.com/anchore/stereoscope v0.0.0-20220307154759-8a5a70c227d3 + github.com/anchore/syft v0.41.4 github.com/bmatcuk/doublestar/v2 v2.0.4 github.com/docker/docker v20.10.12+incompatible github.com/dustin/go-humanize v1.0.0 @@ -55,7 +55,7 @@ require ( cloud.google.com/go/compute v1.3.0 // indirect cloud.google.com/go/iam v0.1.1 // indirect cloud.google.com/go/storage v1.21.0 // indirect - github.com/CycloneDX/cyclonedx-go v0.4.0 // indirect + github.com/CycloneDX/cyclonedx-go v0.5.0 // indirect github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver/v3 v3.1.1 // indirect github.com/Microsoft/go-winio v0.5.1 // indirect @@ -65,12 +65,12 @@ require ( github.com/aws/aws-sdk-go v1.43.0 // indirect github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect github.com/bmatcuk/doublestar/v4 v4.0.2 // indirect - github.com/containerd/containerd v1.5.9 // indirect + github.com/containerd/containerd v1.5.10 // indirect github.com/containerd/stargz-snapshotter/estargz v0.10.1 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/denisenkom/go-mssqldb v0.11.0 // indirect github.com/docker/cli v20.10.12+incompatible // indirect - github.com/docker/distribution v2.7.1+incompatible // indirect + github.com/docker/distribution v2.8.0+incompatible // indirect github.com/docker/docker-credential-helpers v0.6.4 // indirect github.com/docker/go-connections v0.4.0 // indirect github.com/docker/go-units v0.4.0 // indirect diff --git a/go.sum b/go.sum index 2ce38c78..241da588 100644 --- a/go.sum +++ b/go.sum @@ -171,8 +171,8 @@ github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBp github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/CycloneDX/cyclonedx-go v0.4.0 h1:Wz4QZ9B4RXGWIWTypVLEOVJgOdFfy5mcS5PGNzUkZxU= -github.com/CycloneDX/cyclonedx-go v0.4.0/go.mod h1:rmRcf//gT7PIzovatusbWi377xqCg1FS4jyST0GH20E= +github.com/CycloneDX/cyclonedx-go v0.5.0 h1:RWCnu2OrWUTF5C9DA3L0qVziUD2HlxSUWcL2OXlxfqE= +github.com/CycloneDX/cyclonedx-go v0.5.0/go.mod h1:nQXAzrejxO39b14JFz2SvsUElegYfwBDowIzqjdUMk4= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24/go.mod h1:4UJr5HIiMZrwgkSPdsjy2uOQExX/WEILpIrO9UPGuXs= github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo= @@ -223,8 +223,10 @@ github.com/PaesslerAG/gval v1.0.0/go.mod h1:y/nm5yEyTeX6av0OfKJNp9rBNj2XrGhAf5+v github.com/PaesslerAG/jsonpath v0.1.0/go.mod h1:4BzmtoM/PI8fPO4aQGIusjGxGir2BzcV0grWtFzq1Y8= github.com/PaesslerAG/jsonpath v0.1.1/go.mod h1:lVboNxFGal/VwW6d9JzIy56bUsYAP6tH/x80vjnCseY= github.com/PuerkitoBio/goquery v1.5.1/go.mod h1:GsLWisAFVj4WgDibEWF4pvYnkVQBpKBKeU+7zCJoLcc= +github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/purell v1.1.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= +github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/ReneKroon/ttlcache/v2 v2.10.0/go.mod h1:mBxvsNY+BT8qLLd6CuAJubbKo6r0jh3nb5et22bbfGY= github.com/ReneKroon/ttlcache/v2 v2.11.0/go.mod h1:mBxvsNY+BT8qLLd6CuAJubbKo6r0jh3nb5et22bbfGY= @@ -268,10 +270,10 @@ github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4 h1:rmZG77uXgE github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E= github.com/anchore/packageurl-go v0.0.0-20210922164639-b3fa992ebd29 h1:K9LfnxwhqvihqU0+MF325FNy7fsKV9EGaUxdfR4gnWk= github.com/anchore/packageurl-go v0.0.0-20210922164639-b3fa992ebd29/go.mod h1:Oc1UkGaJwY6ND6vtAqPSlYrptKRJngHwkwB6W7l1uP0= -github.com/anchore/stereoscope v0.0.0-20220217141419-c6f02aed9ed2 h1:QuvMG+rqqJmtFRL+jqj5pFgjQcJSnEHEbtj1lKowLLQ= -github.com/anchore/stereoscope v0.0.0-20220217141419-c6f02aed9ed2/go.mod h1:QpDHHV2h1NNfu7klzU75XC8RvSlaPK6HHgi0dy8A6sk= -github.com/anchore/syft v0.39.4-0.20220301223752-edac8c7bf77a h1:I4xog2RBBFuiicWqH0d5yMCmNWw0yONhKUUZyTIKgz0= -github.com/anchore/syft v0.39.4-0.20220301223752-edac8c7bf77a/go.mod h1:q2JbddnRXu93j/mtOTfyyuKa7hgVB/HCj7mdsuXjzzk= +github.com/anchore/stereoscope v0.0.0-20220307154759-8a5a70c227d3 h1:Kx2jlMdENAf4cVjYGYLI+fiavVhzhtmU89GUYDITJ1w= +github.com/anchore/stereoscope v0.0.0-20220307154759-8a5a70c227d3/go.mod h1:XESZQTgFETDBatmyoet6XZ0zVknoIMDSAhj2INj2a5w= +github.com/anchore/syft v0.41.4 h1:dJqD0mqdBqDXA6ua09axLIQ/L/ecOAppcagVoL6bWoU= +github.com/anchore/syft v0.41.4/go.mod h1:WXsoXmglV394k35V/q3ABsWKmvXvtSYX9j2yK+W54zc= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNgfBlViaCIJKLlCJ6/fmUseuG0wVQ= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/andybalholm/brotli v1.0.0/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y= @@ -408,8 +410,8 @@ github.com/bmizerany/perks v0.0.0-20141205001514-d9a9656a3a4b/go.mod h1:ac9efd0D github.com/bombsimon/wsl/v3 v3.3.0/go.mod h1:st10JtZYLE4D5sC7b8xV4zTKZwAQjCH/Hy2Pm1FNZIc= github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b/go.mod h1:H0wQNHz2YrLsuXOZozoeDmnHXkNCRmMW0gwFWDfEZDA= github.com/bradleyfalzon/ghinstallation/v2 v2.0.3/go.mod h1:tlgi+JWCXnKFx/Y4WtnDbZEINo31N5bcvnCoqieefmk= -github.com/bradleyjkemp/cupaloy/v2 v2.6.0 h1:knToPYa2xtfg42U3I6punFEjaGFKWQRXJwj0JTv4mTs= -github.com/bradleyjkemp/cupaloy/v2 v2.6.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0= +github.com/bradleyjkemp/cupaloy/v2 v2.7.0 h1:AT0vOjO68RcLyenLCHOGZzSNiuto7ziqzq6Q1/3xzMQ= +github.com/bradleyjkemp/cupaloy/v2 v2.7.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0= github.com/breml/bidichk v0.1.1/go.mod h1:zbfeitpevDUGI7V91Uzzuwrn4Vls8MoBMrwtt78jmso= github.com/bshuster-repo/logrus-logstash-hook v0.4.1/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk= github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= @@ -511,8 +513,9 @@ github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoT github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g= github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0QMhscqVp1AR9c= github.com/containerd/containerd v1.5.8/go.mod h1:YdFSv5bTFLpG2HIYmfqDpSYYTDX+mc5qtSuYx1YUb/s= -github.com/containerd/containerd v1.5.9 h1:rs6Xg1gtIxaeyG+Smsb/0xaSDu1VgFhOCKBXxMxbsF4= github.com/containerd/containerd v1.5.9/go.mod h1:fvQqCfadDGga5HZyn3j4+dx56qj2I9YwBrlSdalvJYQ= +github.com/containerd/containerd v1.5.10 h1:3cQ2uRVCkJVcx5VombsE7105Gl9Wrl7ORAO3+4+ogf4= +github.com/containerd/containerd v1.5.10/go.mod h1:fvQqCfadDGga5HZyn3j4+dx56qj2I9YwBrlSdalvJYQ= github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= @@ -633,8 +636,9 @@ github.com/docker/cli v20.10.12+incompatible h1:lZlz0uzG+GH+c0plStMUdF/qk3ppmgns github.com/docker/cli v20.10.12+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY= github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug= github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= +github.com/docker/distribution v2.8.0+incompatible h1:l9EaZDICImO1ngI+uTifW+ZYvvz7fKISBAKpg+MbWbY= +github.com/docker/distribution v2.8.0+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v20.10.10+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.11+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.12+incompatible h1:CEeNmFM0QZIsJCZKMkZx0ZcahTiewkrgiwfYD+dfl1U= @@ -779,6 +783,7 @@ github.com/go-openapi/analysis v0.19.10/go.mod h1:qmhS3VNFxBlquFJ0RGoDtylO9y4pgT github.com/go-openapi/analysis v0.19.16/go.mod h1:GLInF007N83Ad3m8a/CbQ5TPzdnGT7workfHwuVjNVk= github.com/go-openapi/analysis v0.20.0/go.mod h1:BMchjvaHDykmRMsK40iPtvyOfFdMMxlOmQr9FBZk+Og= github.com/go-openapi/analysis v0.20.1/go.mod h1:BMchjvaHDykmRMsK40iPtvyOfFdMMxlOmQr9FBZk+Og= +github.com/go-openapi/analysis v0.21.2/go.mod h1:HZwRk4RRisyG8vx2Oe6aqeSQcoxRp47Xkp3+K6q+LdY= github.com/go-openapi/errors v0.17.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0= github.com/go-openapi/errors v0.18.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0= github.com/go-openapi/errors v0.19.2/go.mod h1:qX0BLWsyaKfvhluLejVpVNwNRdXZhEbTA4kxxpKBC94= @@ -788,11 +793,14 @@ github.com/go-openapi/errors v0.19.7/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpX github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/errors v0.19.9/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/errors v0.20.1/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= +github.com/go-openapi/errors v0.20.2/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= +github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0= github.com/go-openapi/jsonpointer v0.17.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M= github.com/go-openapi/jsonpointer v0.18.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M= github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= +github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg= github.com/go-openapi/jsonreference v0.17.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I= github.com/go-openapi/jsonreference v0.18.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I= github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc= @@ -810,6 +818,7 @@ github.com/go-openapi/loads v0.19.7/go.mod h1:brCsvE6j8mnbmGBh103PT/QLHfbyDxA4hs github.com/go-openapi/loads v0.20.0/go.mod h1:2LhKquiE513rN5xC6Aan6lYOSddlL8Mp20AW9kpviM4= github.com/go-openapi/loads v0.20.2/go.mod h1:hTVUotJ+UonAMMZsvakEgmWKgtulweO9vYP2bQYKA/o= github.com/go-openapi/loads v0.21.0/go.mod h1:rHYve9nZrQ4CJhyeIIFJINGCg1tQpx2yJrrNo8sf1ws= +github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZCvBmwUG+g= github.com/go-openapi/runtime v0.0.0-20180920151709-4f900dc2ade9/go.mod h1:6v9a6LTXWQCdL8k1AO3cvqx5OtZY/Y9wKTgaoP6YRfA= github.com/go-openapi/runtime v0.19.0/go.mod h1:OwNfisksmmaZse4+gpV3Ne9AyMOlP1lt4sK4FXt0O64= github.com/go-openapi/runtime v0.19.4/go.mod h1:X277bwSUBxVlCYR3r7xgZZGKVvBd/29gLDlFGtJ8NL4= @@ -817,7 +826,8 @@ github.com/go-openapi/runtime v0.19.15/go.mod h1:dhGWCTKRXlAfGnQG0ONViOZpjfg0m2g github.com/go-openapi/runtime v0.19.16/go.mod h1:5P9104EJgYcizotuXhEuUrzVc+j1RiSjahULvYmlv98= github.com/go-openapi/runtime v0.19.24/go.mod h1:Lm9YGCeecBnUUkFTxPC4s1+lwrkJ0pthx8YvyjCfkgk= github.com/go-openapi/runtime v0.21.0/go.mod h1:aQg+kaIQEn+A2CRSY1TxbM8+sT9g2V3aLc1FbIAnbbs= -github.com/go-openapi/runtime v0.23.0/go.mod h1:aQg+kaIQEn+A2CRSY1TxbM8+sT9g2V3aLc1FbIAnbbs= +github.com/go-openapi/runtime v0.23.1/go.mod h1:AKurw9fNre+h3ELZfk6ILsfvPN+bvvlaU/M9q/r9hpk= +github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc= github.com/go-openapi/spec v0.17.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI= github.com/go-openapi/spec v0.18.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI= github.com/go-openapi/spec v0.19.2/go.mod h1:sCxk3jxKgioEJikev4fgkNmwS+3kuYdJtcsZsD5zxMY= @@ -842,6 +852,7 @@ github.com/go-openapi/strfmt v0.20.2/go.mod h1:43urheQI9dNtE5lTZQfuFJvjYJKPrxicA github.com/go-openapi/strfmt v0.21.0/go.mod h1:ZRQ409bWMj+SOgXofQAGTIo2Ebu72Gs+WaRADcS5iNg= github.com/go-openapi/strfmt v0.21.1/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k= github.com/go-openapi/strfmt v0.21.2/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k= +github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I= github.com/go-openapi/swag v0.17.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg= github.com/go-openapi/swag v0.18.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg= github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= @@ -861,6 +872,7 @@ github.com/go-openapi/validate v0.19.12/go.mod h1:Rzou8hA/CBw8donlS6WNEUQupNvUZ0 github.com/go-openapi/validate v0.19.15/go.mod h1:tbn/fdOwYHgrhPBzidZfJC2MIVvs9GA7monOmWBbeCI= github.com/go-openapi/validate v0.20.1/go.mod h1:b60iJT+xNNLfaQJUqLI7946tYiFEOuE9E4k54HpKcJ0= github.com/go-openapi/validate v0.20.3/go.mod h1:goDdqVGiigM3jChcrYJxD2joalke3ZXeftD16byIjA4= +github.com/go-openapi/validate v0.21.0/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg= github.com/go-piv/piv-go v1.9.0/go.mod h1:NZ2zmjVkfFaL/CF8cVQ/pXdXtuj110zEKGdJM6fJZZM= github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM= @@ -884,6 +896,7 @@ github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LB github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE= github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/go-stack/stack v1.8.1/go.mod h1:dcoOX6HbPZSZptuspn9bctJ+N/CnF5gGygcUP3XYfe4= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/go-test/deep v1.0.7/go.mod h1:QV8Hv/iy04NyLBxAdO9njL0iVPN1S4d/A3NVv1V36o8= @@ -1250,7 +1263,9 @@ github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKEN github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= github.com/hashicorp/vault/api v1.3.0/go.mod h1:EabNQLI0VWbWoGlA+oBLC8PXmR9D60aUVgQGvangFWQ= github.com/hashicorp/vault/api v1.3.1/go.mod h1:QeJoWxMFt+MsuWcYhmwRLwKEXrjwAFFywzhptMsTIUw= +github.com/hashicorp/vault/api v1.4.1/go.mod h1:LkMdrZnWNrFaQyYYazWVn7KshilfDidgVBq6YiTq/bM= github.com/hashicorp/vault/sdk v0.3.0/go.mod h1:aZ3fNuL5VNydQk8GcLJ2TV8YCRVvyaakYkhZRoVuhj0= +github.com/hashicorp/vault/sdk v0.4.1/go.mod h1:aZ3fNuL5VNydQk8GcLJ2TV8YCRVvyaakYkhZRoVuhj0= github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ= github.com/howeyc/gopass v0.0.0-20190910152052-7cb4b85ec19c/go.mod h1:lADxMC39cJJqL93Duh1xhAs4I2Zs8mKS89XWXFGp9cs= @@ -1415,6 +1430,7 @@ github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czP github.com/magiconair/properties v1.8.4/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= github.com/magiconair/properties v1.8.5 h1:b6kJs+EmPFMYGkow9GiUyCyOvIwYetYJ3fSaWak/Gls= github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= +github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= @@ -1814,6 +1830,7 @@ github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo= github.com/secure-systems-lab/go-securesystemslib v0.2.0/go.mod h1:eIjBmIP8LD2MLBL/DkQWayLiz006Q4p+hCu79rvWleY= github.com/secure-systems-lab/go-securesystemslib v0.3.0/go.mod h1:o8hhjkbNl2gOamKUA/eNW3xUrntHT9L4W89W1nfj43U= +github.com/secure-systems-lab/go-securesystemslib v0.3.1/go.mod h1:o8hhjkbNl2gOamKUA/eNW3xUrntHT9L4W89W1nfj43U= github.com/securego/gosec/v2 v2.9.1/go.mod h1:oDcDLcatOJxkCGaCaq8lua1jTnYf6Sou4wdiJ1n4iHc= github.com/segmentio/ksuid v1.0.4/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= @@ -1828,7 +1845,7 @@ github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFR github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk= github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= -github.com/sigstore/cosign v1.5.2-0.20220222220736-ec79daf63c24/go.mod h1:eedJzrb6Lf1Bq2nA3ipcNHE61Lgkpvt3hmxfZAMi02I= +github.com/sigstore/cosign v1.6.0/go.mod h1:Ocd28z0Pwtd6+A8s/Vb4SbhwuWOqVdeYAW4yCGF4Ndg= github.com/sigstore/fulcio v0.1.2-0.20220114150912-86a2036f9bc7/go.mod h1:ANQivY/lfOp9hN92S813LEthkm/kit96hzeIF3SNoZA= github.com/sigstore/rekor v0.4.1-0.20220114213500-23f583409af3/go.mod h1:u9clLqaVjqV9pExVL1XkM37dGyMCOX/LMocS9nsnWDY= github.com/sigstore/sigstore v1.0.2-0.20211210190220-04746d994282/go.mod h1:SuM+QIHtnnR9eGsURRLv5JfxM6KeaU0XKA1O7FmLs4Q= @@ -1902,7 +1919,7 @@ github.com/spf13/viper v1.9.0/go.mod h1:+i6ajR7OX2XaiBkrcZJFK21htRk7eDeLg7+O6bhU github.com/spf13/viper v1.10.0/go.mod h1:SoyBPwAtKDzypXNDFKN5kzH7ppppbGZtls1UpIy5AsM= github.com/spf13/viper v1.10.1 h1:nuJZuYpG7gTj/XqiUwg8bA0cp1+M2mC3J4g5luUYBKk= github.com/spf13/viper v1.10.1/go.mod h1:IGlFPqhNAPKRxohIzWpI5QEy4kuI7tcl5WvR+8qy1rU= -github.com/spiffe/go-spiffe/v2 v2.0.0-beta.11/go.mod h1:TEfgrEcyFhuSuvqohJt6IxENUNeHfndWCCV1EX7UaVk= +github.com/spiffe/go-spiffe/v2 v2.0.0-beta.12/go.mod h1:TEfgrEcyFhuSuvqohJt6IxENUNeHfndWCCV1EX7UaVk= github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI= github.com/ssgreg/nlreturn/v2 v2.2.1/go.mod h1:E/iiPB78hV7Szg2YfRgyIrk1AD6JVMTRkkxBiELzh2I= github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8= @@ -2022,7 +2039,7 @@ github.com/withfig/autocomplete-tools/packages/cobra v0.0.0-20220122124547-31d38 github.com/x-cray/logrus-prefixed-formatter v0.5.2 h1:00txxvfBM9muc0jiLIEAkAcIMJzfthRT6usrui8uGmg= github.com/x-cray/logrus-prefixed-formatter v0.5.2/go.mod h1:2duySbKsL6M18s5GU7VPsoEPHyzalCE06qoARUCeBBE= github.com/xanzy/go-gitlab v0.31.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug= -github.com/xanzy/go-gitlab v0.55.1/go.mod h1:F0QEXwmqiBUxCgJm8fE9S+1veX4XC9Z4cfaAbqwk4YM= +github.com/xanzy/go-gitlab v0.56.0/go.mod h1:F0QEXwmqiBUxCgJm8fE9S+1veX4XC9Z4cfaAbqwk4YM= github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4= github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs= @@ -2108,6 +2125,7 @@ go.mongodb.org/mongo-driver v1.4.6/go.mod h1:WcMNYLx/IlOxLe6JRJiv2uXuCz6zBLndR4S go.mongodb.org/mongo-driver v1.5.1/go.mod h1:gRXCHX4Jo7J0IJ1oDQyUxF7jfy19UfxniMS4xxMmUqw= go.mongodb.org/mongo-driver v1.7.3/go.mod h1:NqaYOwnXWr5Pm7AOpO5QFxKJ503nbMse/R79oO62zWg= go.mongodb.org/mongo-driver v1.7.5/go.mod h1:VXEWRZ6URJIkUq2SCAyapmhH0ZLRBP+FT4xhp5Zvxng= +go.mongodb.org/mongo-driver v1.8.3/go.mod h1:0sQWfOeY63QTntERDJJ/0SuKK0T1uVSgKCuAROlKEPY= go.mozilla.org/mozlog v0.0.0-20170222151521-4bb13139d403/go.mod h1:jHoPAGnDrCy6kaI2tAze5Prf0Nr0w/oNkROt2lw3n3o= go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= go.opencensus.io v0.15.0/go.mod h1:UffZAU+4sDEINUGP/B7UfBBkq4fqLu9zXAX7ke6CHW0= @@ -2171,6 +2189,7 @@ go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI= go.uber.org/zap v1.20.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw= +go.uber.org/zap v1.21.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw= gocloud.dev v0.19.0/go.mod h1:SmKwiR8YwIMMJvQBKLsC3fHNyMwXLw3PMDO+VVteJMI= gocloud.dev v0.24.1-0.20211119014450-028788aaaa4c/go.mod h1:EIJSlY7nvfeoWaV2GauF6es27gZfqtTVon47QFueoyE= golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= @@ -2207,6 +2226,7 @@ golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20200930160638-afb6bcd081ae/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= @@ -2576,6 +2596,7 @@ golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGm golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190110163146-51295c7ec13a/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -3006,6 +3027,7 @@ k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8= k8s.io/api v0.22.5/go.mod h1:mEhXyLaSD1qTOf40rRiKXkc+2iCem09rWLlFwhCEiAs= k8s.io/api v0.23.3/go.mod h1:w258XdGyvCmnBj/vGzQMj6kzdufJZVUwEM1U2fRJwSQ= k8s.io/apiextensions-apiserver v0.22.5/go.mod h1:tIXeZ0BrDxUb1PoAz+tgOz43Zi1Bp4BEEqVtUccMJbE= +k8s.io/apimachinery v0.19.7/go.mod h1:6sRbGRAVY5DOCuZwB5XkqguBqpqLU6q/kOaOdk29z6Q= k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= k8s.io/apimachinery v0.20.4/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= k8s.io/apimachinery v0.20.6/go.mod h1:ejZXtW1Ra6V1O5H8xPBGz+T3+4gfkTCeExAHKU57MAc= @@ -3039,6 +3061,7 @@ k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.9.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.40.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o= k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM= k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk= @@ -3051,6 +3074,7 @@ k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b/go.mod h1:jPW/WVKK9YHAvNhRxK0md/ k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20220127004650-9b3446523e65/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= knative.dev/hack v0.0.0-20220118141833-9b2ed8471e30/go.mod h1:PHt8x8yX5Z9pPquBEfIj0X66f8iWkWfR0S/sarACJrI= +knative.dev/hack/schema v0.0.0-20220224013837-e1785985d364/go.mod h1:ffjwmdcrH5vN3mPhO8RrF2KfNnbHeCE2C60A+2cv3U0= knative.dev/pkg v0.0.0-20220202132633-df430fa0dd96/go.mod h1:etVT7Tm8pSDf4RKhGk4r7j/hj3dNBpvT7bO6a6wpahs= mvdan.cc/gofumpt v0.1.1/go.mod h1:yXG1r1WqZVKWbVRtBWKWX9+CxGYfA51nSomhM0woR48= mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed/go.mod h1:Xkxe497xwlCKkIaQYRfC7CSLworTXY9RMqwhhCm+8Nc= @@ -3068,6 +3092,7 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.22/go.mod h1:LEScyz sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6/go.mod h1:p4QtZmO4uMYipTQNzagwnNoseA6OxSUutVw05NhYDRs= sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2/go.mod h1:B+TnT182UBxE84DiCz4CVE26eOSDAeYCpfDnC2kdKMY= sigs.k8s.io/release-utils v0.4.1-0.20220207182343-6dadf2228617/go.mod h1:t9pL38kZkTBVDcjL1y7ajrkNQFLiArVAjOVO0sxzFF0= +sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.0.3/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.1.2/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= diff --git a/grype/pkg/syft_provider.go b/grype/pkg/syft_provider.go index 2b72f3c1..a68b13f1 100644 --- a/grype/pkg/syft_provider.go +++ b/grype/pkg/syft_provider.go @@ -10,7 +10,12 @@ func syftProvider(userInput string, config ProviderConfig) ([]Package, Context, return nil, Context{}, errDoesNotProvide } - src, cleanup, err := source.New(userInput, config.RegistryOptions, config.Exclusions) + sourceInput, err := source.ParseInput(userInput, "", true) + if err != nil { + return nil, Context{}, err + } + + src, cleanup, err := source.New(*sourceInput, config.RegistryOptions, config.Exclusions) if err != nil { return nil, Context{}, err } diff --git a/grype/pkg/syft_sbom_provider.go b/grype/pkg/syft_sbom_provider.go index 17a286c5..108fcd13 100644 --- a/grype/pkg/syft_sbom_provider.go +++ b/grype/pkg/syft_sbom_provider.go @@ -12,7 +12,6 @@ import ( "github.com/anchore/grype/internal" "github.com/anchore/grype/internal/log" "github.com/anchore/syft/syft" - "github.com/anchore/syft/syft/format" ) func syftSBOMProvider(userInput string, config ProviderConfig) ([]Package, Context, error) { @@ -21,11 +20,11 @@ func syftSBOMProvider(userInput string, config ProviderConfig) ([]Package, Conte return nil, Context{}, err } - sbom, formatOption, err := syft.Decode(reader) + sbom, format, err := syft.Decode(reader) if err != nil { return nil, Context{}, fmt.Errorf("unable to decode sbom: %w", err) } - if formatOption == format.UnknownFormatOption { + if format == nil { return nil, Context{}, errDoesNotProvide } diff --git a/grype/presenter/json/presenter_test.go b/grype/presenter/json/presenter_test.go index da84ed04..fb4a0a3a 100644 --- a/grype/presenter/json/presenter_test.go +++ b/grype/presenter/json/presenter_test.go @@ -5,7 +5,7 @@ import ( "flag" "testing" - "github.com/sergi/go-diff/diffmatchpatch" + "github.com/stretchr/testify/assert" "github.com/anchore/go-testutils" "github.com/anchore/grype/grype/match" @@ -184,11 +184,7 @@ func TestJsonImgsPresenter(t *testing.T) { var expected = testutils.GetGoldenFileContents(t) - if !bytes.Equal(expected, actual) { - dmp := diffmatchpatch.New() - diffs := dmp.DiffMain(string(expected), string(actual), true) - t.Errorf("mismatched output:\n%s", dmp.DiffPrettyText(diffs)) - } + assert.JSONEq(t, string(expected), string(actual)) // TODO: add me back in when there is a JSON schema // validateAgainstDbSchema(t, string(actual)) @@ -327,11 +323,7 @@ func TestJsonDirsPresenter(t *testing.T) { var expected = testutils.GetGoldenFileContents(t) - if !bytes.Equal(expected, actual) { - dmp := diffmatchpatch.New() - diffs := dmp.DiffMain(string(expected), string(actual), true) - t.Errorf("mismatched output:\n%s", dmp.DiffPrettyText(diffs)) - } + assert.JSONEq(t, string(expected), string(actual)) // TODO: add me back in when there is a JSON schema // validateAgainstDbSchema(t, string(actual)) @@ -378,10 +370,5 @@ func TestEmptyJsonPresenter(t *testing.T) { var expected = testutils.GetGoldenFileContents(t) - if !bytes.Equal(expected, actual) { - dmp := diffmatchpatch.New() - diffs := dmp.DiffMain(string(expected), string(actual), true) - t.Errorf("mismatched output:\n%s", dmp.DiffPrettyText(diffs)) - } - + assert.JSONEq(t, string(expected), string(actual)) } diff --git a/grype/presenter/json/test-fixtures/snapshot/TestEmptyJsonPresenter.golden b/grype/presenter/json/test-fixtures/snapshot/TestEmptyJsonPresenter.golden index f1fdc100..ca1eb4df 100644 --- a/grype/presenter/json/test-fixtures/snapshot/TestEmptyJsonPresenter.golden +++ b/grype/presenter/json/test-fixtures/snapshot/TestEmptyJsonPresenter.golden @@ -4,8 +4,8 @@ "type": "image", "target": { "userInput": "user-input", - "imageID": "sha256:30106aa3e610767b78942c78b70fb807f2ca80dd47096ea9b3acb16b93732f88", - "manifestDigest": "sha256:e5e021b9e81612453210955772e660f01d44b7a4d6aaedd06a56ad3e34770095", + "imageID": "sha256:d3e1fb516ff9cfe9407646ddd377ebdabc27c989a5228d870b8bebd8e105f3b4", + "manifestDigest": "sha256:46f5dd5aad14479e97bb6157a7261233bfffdb61e3c1067afb6f1b2a709f3fc7", "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "tags": [ "stereoscope-fixture-image-simple:04e16e44161c8888a1a963720fd0443cbf7eef8101434c431de8725cd98cc9f7" @@ -14,23 +14,25 @@ "layers": [ { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", - "digest": "sha256:dfe944be41eac682e5e92fe0af95960b2d9bbf347e7d16cfe58755b090c5f337", + "digest": "sha256:41e7295da66c405eb3a4df29188dcf80f622f9304d487033a86d4a22e3f01abe", "size": 22 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", - "digest": "sha256:055e7b2f971fc19a0cb498d70ffca566a4e95a06bdc051fbbcbc4986fa3c0a4b", + "digest": "sha256:68a2c166dcb3acf6b7303e995ca1fe7d794bd3b5852a0b4048f9c96b796086aa", "size": 16 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", - "digest": "sha256:bf2eaa9c79b1ac06cd9bb4da92cb1c9fa80952ee17a23d2bea363e7a8f3298e8", + "digest": "sha256:36ad949c168c4fd54aab3183f2d84d54c263347dd789bf33fbac6953530873ac", "size": 27 } ], - "manifest": "eyJzY2hlbWFWZXJzaW9uIjoyLCJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiY29uZmlnIjp7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuY29udGFpbmVyLmltYWdlLnYxK2pzb24iLCJzaXplIjoxNzk5LCJkaWdlc3QiOiJzaGEyNTY6MzAxMDZhYTNlNjEwNzY3Yjc4OTQyYzc4YjcwZmI4MDdmMmNhODBkZDQ3MDk2ZWE5YjNhY2IxNmI5MzczMmY4OCJ9LCJsYXllcnMiOlt7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoyMDQ4LCJkaWdlc3QiOiJzaGEyNTY6ZGZlOTQ0YmU0MWVhYzY4MmU1ZTkyZmUwYWY5NTk2MGIyZDliYmYzNDdlN2QxNmNmZTU4NzU1YjA5MGM1ZjMzNyJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjIwNDgsImRpZ2VzdCI6InNoYTI1NjowNTVlN2IyZjk3MWZjMTlhMGNiNDk4ZDcwZmZjYTU2NmE0ZTk1YTA2YmRjMDUxZmJiY2JjNDk4NmZhM2MwYTRiIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MzU4NCwiZGlnZXN0Ijoic2hhMjU2OmJmMmVhYTljNzliMWFjMDZjZDliYjRkYTkyY2IxYzlmYTgwOTUyZWUxN2EyM2QyYmVhMzYzZTdhOGYzMjk4ZTgifV19", - "config": "eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImNvbmZpZyI6eyJIb3N0bmFtZSI6IiIsIkRvbWFpbm5hbWUiOiIiLCJVc2VyIjoiIiwiQXR0YWNoU3RkaW4iOmZhbHNlLCJBdHRhY2hTdGRvdXQiOmZhbHNlLCJBdHRhY2hTdGRlcnIiOmZhbHNlLCJUdHkiOmZhbHNlLCJPcGVuU3RkaW4iOmZhbHNlLCJTdGRpbk9uY2UiOmZhbHNlLCJFbnYiOlsiUEFUSD0vdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iXSwiQ21kIjpudWxsLCJJbWFnZSI6InNoYTI1NjozOWY5N2NlMjA1N2FmNzJmYTZkMWUwOTJhODE4ZjcyZmNjNTc5ZjJiYTEyYjNiYjFjMDJmMTAxZDM0Yzg5ZTc2IiwiVm9sdW1lcyI6bnVsbCwiV29ya2luZ0RpciI6IiIsIkVudHJ5cG9pbnQiOm51bGwsIk9uQnVpbGQiOm51bGwsIkxhYmVscyI6bnVsbH0sImNvbnRhaW5lcl9jb25maWciOnsiSG9zdG5hbWUiOiIiLCJEb21haW5uYW1lIjoiIiwiVXNlciI6IiIsIkF0dGFjaFN0ZGluIjpmYWxzZSwiQXR0YWNoU3Rkb3V0IjpmYWxzZSwiQXR0YWNoU3RkZXJyIjpmYWxzZSwiVHR5IjpmYWxzZSwiT3BlblN0ZGluIjpmYWxzZSwiU3RkaW5PbmNlIjpmYWxzZSwiRW52IjpbIlBBVEg9L3Vzci9sb2NhbC9zYmluOi91c3IvbG9jYWwvYmluOi91c3Ivc2JpbjovdXNyL2Jpbjovc2JpbjovYmluIl0sIkNtZCI6WyIvYmluL3NoIiwiLWMiLCIjKG5vcCkgQUREIGRpcjpjOTM3YzZhYTUwODkwN2UyODUwOWI2NDRhMTJmOGQ2YzY3ZDM0ZTk2OWY4M2IxNGRlZTkzZWExN2Q3NjkwMjhhIGluIC8gIl0sIkltYWdlIjoic2hhMjU2OjM5Zjk3Y2UyMDU3YWY3MmZhNmQxZTA5MmE4MThmNzJmY2M1NzlmMmJhMTJiM2JiMWMwMmYxMDFkMzRjODllNzYiLCJWb2x1bWVzIjpudWxsLCJXb3JraW5nRGlyIjoiIiwiRW50cnlwb2ludCI6bnVsbCwiT25CdWlsZCI6bnVsbCwiTGFiZWxzIjpudWxsfSwiY3JlYXRlZCI6IjIwMjEtMDMtMjZUMTY6MDU6NDIuMDU1Njg4MloiLCJkb2NrZXJfdmVyc2lvbiI6IjIwLjEwLjIiLCJoaXN0b3J5IjpbeyJjcmVhdGVkIjoiMjAyMS0wMy0yNlQxNjowNTo0MS42NzE3NjlaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIEFERCBmaWxlOmFjMzJkYTIzZDUxZTgwMWYwMmY5MjQxMjNlZDMwOTkwZWIzZjBmZWMxYjllZDRmMGIwNmMyNGU4OGI5YzM2OTUgaW4gL3NvbWVmaWxlLTEudHh0ICJ9LHsiY3JlYXRlZCI6IjIwMjEtMDMtMjZUMTY6MDU6NDEuODU2ODY5MloiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgQUREIGZpbGU6ZGYzYjc0NGY1NGE5YjE2YjliOWFlZDQwZTNlOThkOWNhMmI0OWY1YTc3ZDlmYThhOTc2OTBkN2JhZjU4ODgyMCBpbiAvc29tZWZpbGUtMi50eHQgIn0seyJjcmVhdGVkIjoiMjAyMS0wMy0yNlQxNjowNTo0Mi4wNTU2ODgyWiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSBBREQgZGlyOmM5MzdjNmFhNTA4OTA3ZTI4NTA5YjY0NGExMmY4ZDZjNjdkMzRlOTY5ZjgzYjE0ZGVlOTNlYTE3ZDc2OTAyOGEgaW4gLyAifV0sIm9zIjoibGludXgiLCJyb290ZnMiOnsidHlwZSI6ImxheWVycyIsImRpZmZfaWRzIjpbInNoYTI1NjpkZmU5NDRiZTQxZWFjNjgyZTVlOTJmZTBhZjk1OTYwYjJkOWJiZjM0N2U3ZDE2Y2ZlNTg3NTViMDkwYzVmMzM3Iiwic2hhMjU2OjA1NWU3YjJmOTcxZmMxOWEwY2I0OThkNzBmZmNhNTY2YTRlOTVhMDZiZGMwNTFmYmJjYmM0OTg2ZmEzYzBhNGIiLCJzaGEyNTY6YmYyZWFhOWM3OWIxYWMwNmNkOWJiNGRhOTJjYjFjOWZhODA5NTJlZTE3YTIzZDJiZWEzNjNlN2E4ZjMyOThlOCJdfX0=", - "repoDigests": [] + "manifest": "eyJzY2hlbWFWZXJzaW9uIjoyLCJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiY29uZmlnIjp7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuY29udGFpbmVyLmltYWdlLnYxK2pzb24iLCJzaXplIjo4NjYsImRpZ2VzdCI6InNoYTI1NjpkM2UxZmI1MTZmZjljZmU5NDA3NjQ2ZGRkMzc3ZWJkYWJjMjdjOTg5YTUyMjhkODcwYjhiZWJkOGUxMDVmM2I0In0sImxheWVycyI6W3sibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjIwNDgsImRpZ2VzdCI6InNoYTI1Njo0MWU3Mjk1ZGE2NmM0MDVlYjNhNGRmMjkxODhkY2Y4MGY2MjJmOTMwNGQ0ODcwMzNhODZkNGEyMmUzZjAxYWJlIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MjA0OCwiZGlnZXN0Ijoic2hhMjU2OjY4YTJjMTY2ZGNiM2FjZjZiNzMwM2U5OTVjYTFmZTdkNzk0YmQzYjU4NTJhMGI0MDQ4ZjljOTZiNzk2MDg2YWEifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjozNTg0LCJkaWdlc3QiOiJzaGEyNTY6MzZhZDk0OWMxNjhjNGZkNTRhYWIzMTgzZjJkODRkNTRjMjYzMzQ3ZGQ3ODliZjMzZmJhYzY5NTM1MzA4NzNhYyJ9XX0=", + "config": "eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImNvbmZpZyI6eyJFbnYiOlsiUEFUSD0vdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iXSwiV29ya2luZ0RpciI6Ii8iLCJPbkJ1aWxkIjpudWxsfSwiY3JlYXRlZCI6IjIwMjEtMTItMDlUMTc6MDk6NTAuNDc1ODQ1MjE3WiIsImhpc3RvcnkiOlt7ImNyZWF0ZWQiOiIyMDIxLTEyLTA5VDE3OjA5OjUwLjQyMzQ2MTI1OVoiLCJjcmVhdGVkX2J5IjoiQUREIGZpbGUtMS50eHQgL3NvbWVmaWxlLTEudHh0ICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjEtMTItMDlUMTc6MDk6NTAuNDQ4MzcyMTIxWiIsImNyZWF0ZWRfYnkiOiJBREQgZmlsZS0yLnR4dCAvc29tZWZpbGUtMi50eHQgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyMS0xMi0wOVQxNzowOTo1MC40NzU4NDUyMTdaIiwiY3JlYXRlZF9ieSI6IkFERCB0YXJnZXQgLyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifV0sIm9zIjoibGludXgiLCJyb290ZnMiOnsidHlwZSI6ImxheWVycyIsImRpZmZfaWRzIjpbInNoYTI1Njo0MWU3Mjk1ZGE2NmM0MDVlYjNhNGRmMjkxODhkY2Y4MGY2MjJmOTMwNGQ0ODcwMzNhODZkNGEyMmUzZjAxYWJlIiwic2hhMjU2OjY4YTJjMTY2ZGNiM2FjZjZiNzMwM2U5OTVjYTFmZTdkNzk0YmQzYjU4NTJhMGI0MDQ4ZjljOTZiNzk2MDg2YWEiLCJzaGEyNTY6MzZhZDk0OWMxNjhjNGZkNTRhYWIzMTgzZjJkODRkNTRjMjYzMzQ3ZGQ3ODliZjMzZmJhYzY5NTM1MzA4NzNhYyJdfX0=", + "repoDigests": [], + "architecture": "", + "os": "" } }, "distro": { diff --git a/grype/presenter/json/test-fixtures/snapshot/TestJsonImgsPresenter.golden b/grype/presenter/json/test-fixtures/snapshot/TestJsonImgsPresenter.golden index a9e75c39..a515c42e 100644 --- a/grype/presenter/json/test-fixtures/snapshot/TestJsonImgsPresenter.golden +++ b/grype/presenter/json/test-fixtures/snapshot/TestJsonImgsPresenter.golden @@ -48,7 +48,7 @@ "locations": [ { "path": "/somefile-1.txt", - "layerID": "sha256:dfe944be41eac682e5e92fe0af95960b2d9bbf347e7d16cfe58755b090c5f337" + "layerID": "sha256:41e7295da66c405eb3a4df29188dcf80f622f9304d487033a86d4a22e3f01abe" } ], "language": "", @@ -117,7 +117,7 @@ "locations": [ { "path": "/somefile-1.txt", - "layerID": "sha256:dfe944be41eac682e5e92fe0af95960b2d9bbf347e7d16cfe58755b090c5f337" + "layerID": "sha256:41e7295da66c405eb3a4df29188dcf80f622f9304d487033a86d4a22e3f01abe" } ], "language": "", @@ -174,7 +174,7 @@ "locations": [ { "path": "/somefile-1.txt", - "layerID": "sha256:dfe944be41eac682e5e92fe0af95960b2d9bbf347e7d16cfe58755b090c5f337" + "layerID": "sha256:41e7295da66c405eb3a4df29188dcf80f622f9304d487033a86d4a22e3f01abe" } ], "language": "", @@ -200,8 +200,8 @@ "type": "image", "target": { "userInput": "user-input", - "imageID": "sha256:30106aa3e610767b78942c78b70fb807f2ca80dd47096ea9b3acb16b93732f88", - "manifestDigest": "sha256:e5e021b9e81612453210955772e660f01d44b7a4d6aaedd06a56ad3e34770095", + "imageID": "sha256:d3e1fb516ff9cfe9407646ddd377ebdabc27c989a5228d870b8bebd8e105f3b4", + "manifestDigest": "sha256:46f5dd5aad14479e97bb6157a7261233bfffdb61e3c1067afb6f1b2a709f3fc7", "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "tags": [ "stereoscope-fixture-image-simple:04e16e44161c8888a1a963720fd0443cbf7eef8101434c431de8725cd98cc9f7" @@ -210,23 +210,25 @@ "layers": [ { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", - "digest": "sha256:dfe944be41eac682e5e92fe0af95960b2d9bbf347e7d16cfe58755b090c5f337", + "digest": "sha256:41e7295da66c405eb3a4df29188dcf80f622f9304d487033a86d4a22e3f01abe", "size": 22 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", - "digest": "sha256:055e7b2f971fc19a0cb498d70ffca566a4e95a06bdc051fbbcbc4986fa3c0a4b", + "digest": "sha256:68a2c166dcb3acf6b7303e995ca1fe7d794bd3b5852a0b4048f9c96b796086aa", "size": 16 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", - "digest": "sha256:bf2eaa9c79b1ac06cd9bb4da92cb1c9fa80952ee17a23d2bea363e7a8f3298e8", + "digest": "sha256:36ad949c168c4fd54aab3183f2d84d54c263347dd789bf33fbac6953530873ac", "size": 27 } ], - "manifest": "eyJzY2hlbWFWZXJzaW9uIjoyLCJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiY29uZmlnIjp7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuY29udGFpbmVyLmltYWdlLnYxK2pzb24iLCJzaXplIjoxNzk5LCJkaWdlc3QiOiJzaGEyNTY6MzAxMDZhYTNlNjEwNzY3Yjc4OTQyYzc4YjcwZmI4MDdmMmNhODBkZDQ3MDk2ZWE5YjNhY2IxNmI5MzczMmY4OCJ9LCJsYXllcnMiOlt7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoyMDQ4LCJkaWdlc3QiOiJzaGEyNTY6ZGZlOTQ0YmU0MWVhYzY4MmU1ZTkyZmUwYWY5NTk2MGIyZDliYmYzNDdlN2QxNmNmZTU4NzU1YjA5MGM1ZjMzNyJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjIwNDgsImRpZ2VzdCI6InNoYTI1NjowNTVlN2IyZjk3MWZjMTlhMGNiNDk4ZDcwZmZjYTU2NmE0ZTk1YTA2YmRjMDUxZmJiY2JjNDk4NmZhM2MwYTRiIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MzU4NCwiZGlnZXN0Ijoic2hhMjU2OmJmMmVhYTljNzliMWFjMDZjZDliYjRkYTkyY2IxYzlmYTgwOTUyZWUxN2EyM2QyYmVhMzYzZTdhOGYzMjk4ZTgifV19", - "config": "eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImNvbmZpZyI6eyJIb3N0bmFtZSI6IiIsIkRvbWFpbm5hbWUiOiIiLCJVc2VyIjoiIiwiQXR0YWNoU3RkaW4iOmZhbHNlLCJBdHRhY2hTdGRvdXQiOmZhbHNlLCJBdHRhY2hTdGRlcnIiOmZhbHNlLCJUdHkiOmZhbHNlLCJPcGVuU3RkaW4iOmZhbHNlLCJTdGRpbk9uY2UiOmZhbHNlLCJFbnYiOlsiUEFUSD0vdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iXSwiQ21kIjpudWxsLCJJbWFnZSI6InNoYTI1NjozOWY5N2NlMjA1N2FmNzJmYTZkMWUwOTJhODE4ZjcyZmNjNTc5ZjJiYTEyYjNiYjFjMDJmMTAxZDM0Yzg5ZTc2IiwiVm9sdW1lcyI6bnVsbCwiV29ya2luZ0RpciI6IiIsIkVudHJ5cG9pbnQiOm51bGwsIk9uQnVpbGQiOm51bGwsIkxhYmVscyI6bnVsbH0sImNvbnRhaW5lcl9jb25maWciOnsiSG9zdG5hbWUiOiIiLCJEb21haW5uYW1lIjoiIiwiVXNlciI6IiIsIkF0dGFjaFN0ZGluIjpmYWxzZSwiQXR0YWNoU3Rkb3V0IjpmYWxzZSwiQXR0YWNoU3RkZXJyIjpmYWxzZSwiVHR5IjpmYWxzZSwiT3BlblN0ZGluIjpmYWxzZSwiU3RkaW5PbmNlIjpmYWxzZSwiRW52IjpbIlBBVEg9L3Vzci9sb2NhbC9zYmluOi91c3IvbG9jYWwvYmluOi91c3Ivc2JpbjovdXNyL2Jpbjovc2JpbjovYmluIl0sIkNtZCI6WyIvYmluL3NoIiwiLWMiLCIjKG5vcCkgQUREIGRpcjpjOTM3YzZhYTUwODkwN2UyODUwOWI2NDRhMTJmOGQ2YzY3ZDM0ZTk2OWY4M2IxNGRlZTkzZWExN2Q3NjkwMjhhIGluIC8gIl0sIkltYWdlIjoic2hhMjU2OjM5Zjk3Y2UyMDU3YWY3MmZhNmQxZTA5MmE4MThmNzJmY2M1NzlmMmJhMTJiM2JiMWMwMmYxMDFkMzRjODllNzYiLCJWb2x1bWVzIjpudWxsLCJXb3JraW5nRGlyIjoiIiwiRW50cnlwb2ludCI6bnVsbCwiT25CdWlsZCI6bnVsbCwiTGFiZWxzIjpudWxsfSwiY3JlYXRlZCI6IjIwMjEtMDMtMjZUMTY6MDU6NDIuMDU1Njg4MloiLCJkb2NrZXJfdmVyc2lvbiI6IjIwLjEwLjIiLCJoaXN0b3J5IjpbeyJjcmVhdGVkIjoiMjAyMS0wMy0yNlQxNjowNTo0MS42NzE3NjlaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIEFERCBmaWxlOmFjMzJkYTIzZDUxZTgwMWYwMmY5MjQxMjNlZDMwOTkwZWIzZjBmZWMxYjllZDRmMGIwNmMyNGU4OGI5YzM2OTUgaW4gL3NvbWVmaWxlLTEudHh0ICJ9LHsiY3JlYXRlZCI6IjIwMjEtMDMtMjZUMTY6MDU6NDEuODU2ODY5MloiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgQUREIGZpbGU6ZGYzYjc0NGY1NGE5YjE2YjliOWFlZDQwZTNlOThkOWNhMmI0OWY1YTc3ZDlmYThhOTc2OTBkN2JhZjU4ODgyMCBpbiAvc29tZWZpbGUtMi50eHQgIn0seyJjcmVhdGVkIjoiMjAyMS0wMy0yNlQxNjowNTo0Mi4wNTU2ODgyWiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSBBREQgZGlyOmM5MzdjNmFhNTA4OTA3ZTI4NTA5YjY0NGExMmY4ZDZjNjdkMzRlOTY5ZjgzYjE0ZGVlOTNlYTE3ZDc2OTAyOGEgaW4gLyAifV0sIm9zIjoibGludXgiLCJyb290ZnMiOnsidHlwZSI6ImxheWVycyIsImRpZmZfaWRzIjpbInNoYTI1NjpkZmU5NDRiZTQxZWFjNjgyZTVlOTJmZTBhZjk1OTYwYjJkOWJiZjM0N2U3ZDE2Y2ZlNTg3NTViMDkwYzVmMzM3Iiwic2hhMjU2OjA1NWU3YjJmOTcxZmMxOWEwY2I0OThkNzBmZmNhNTY2YTRlOTVhMDZiZGMwNTFmYmJjYmM0OTg2ZmEzYzBhNGIiLCJzaGEyNTY6YmYyZWFhOWM3OWIxYWMwNmNkOWJiNGRhOTJjYjFjOWZhODA5NTJlZTE3YTIzZDJiZWEzNjNlN2E4ZjMyOThlOCJdfX0=", - "repoDigests": [] + "manifest": "eyJzY2hlbWFWZXJzaW9uIjoyLCJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiY29uZmlnIjp7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuY29udGFpbmVyLmltYWdlLnYxK2pzb24iLCJzaXplIjo4NjYsImRpZ2VzdCI6InNoYTI1NjpkM2UxZmI1MTZmZjljZmU5NDA3NjQ2ZGRkMzc3ZWJkYWJjMjdjOTg5YTUyMjhkODcwYjhiZWJkOGUxMDVmM2I0In0sImxheWVycyI6W3sibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjIwNDgsImRpZ2VzdCI6InNoYTI1Njo0MWU3Mjk1ZGE2NmM0MDVlYjNhNGRmMjkxODhkY2Y4MGY2MjJmOTMwNGQ0ODcwMzNhODZkNGEyMmUzZjAxYWJlIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MjA0OCwiZGlnZXN0Ijoic2hhMjU2OjY4YTJjMTY2ZGNiM2FjZjZiNzMwM2U5OTVjYTFmZTdkNzk0YmQzYjU4NTJhMGI0MDQ4ZjljOTZiNzk2MDg2YWEifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjozNTg0LCJkaWdlc3QiOiJzaGEyNTY6MzZhZDk0OWMxNjhjNGZkNTRhYWIzMTgzZjJkODRkNTRjMjYzMzQ3ZGQ3ODliZjMzZmJhYzY5NTM1MzA4NzNhYyJ9XX0=", + "config": "eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImNvbmZpZyI6eyJFbnYiOlsiUEFUSD0vdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iXSwiV29ya2luZ0RpciI6Ii8iLCJPbkJ1aWxkIjpudWxsfSwiY3JlYXRlZCI6IjIwMjEtMTItMDlUMTc6MDk6NTAuNDc1ODQ1MjE3WiIsImhpc3RvcnkiOlt7ImNyZWF0ZWQiOiIyMDIxLTEyLTA5VDE3OjA5OjUwLjQyMzQ2MTI1OVoiLCJjcmVhdGVkX2J5IjoiQUREIGZpbGUtMS50eHQgL3NvbWVmaWxlLTEudHh0ICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjEtMTItMDlUMTc6MDk6NTAuNDQ4MzcyMTIxWiIsImNyZWF0ZWRfYnkiOiJBREQgZmlsZS0yLnR4dCAvc29tZWZpbGUtMi50eHQgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyMS0xMi0wOVQxNzowOTo1MC40NzU4NDUyMTdaIiwiY3JlYXRlZF9ieSI6IkFERCB0YXJnZXQgLyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifV0sIm9zIjoibGludXgiLCJyb290ZnMiOnsidHlwZSI6ImxheWVycyIsImRpZmZfaWRzIjpbInNoYTI1Njo0MWU3Mjk1ZGE2NmM0MDVlYjNhNGRmMjkxODhkY2Y4MGY2MjJmOTMwNGQ0ODcwMzNhODZkNGEyMmUzZjAxYWJlIiwic2hhMjU2OjY4YTJjMTY2ZGNiM2FjZjZiNzMwM2U5OTVjYTFmZTdkNzk0YmQzYjU4NTJhMGI0MDQ4ZjljOTZiNzk2MDg2YWEiLCJzaGEyNTY6MzZhZDk0OWMxNjhjNGZkNTRhYWIzMTgzZjJkODRkNTRjMjYzMzQ3ZGQ3ODliZjMzZmJhYzY5NTM1MzA4NzNhYyJdfX0=", + "repoDigests": [], + "architecture": "", + "os": "" } }, "distro": { diff --git a/grype/presenter/json/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden b/grype/presenter/json/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden index af36dbb8584ed2d692d926684cdfbe7f0b1f1546..67091ed0032db870bea97a3cb8cc07ad5fd93670 100644 GIT binary patch literal 22016 zcmeHPTW{Mo6wY&hg{!?LHt!S-?4fH4v_P>8ZPo!Rf`Z~D)@nkIkVhRW}p*`_OG%p(J-5i$NSOC3Ea^< z`DUU|7ajeOkEat?Ue)}O7oXGY^e|oY_ElCD=Vy7ELBHnb9%a8w)A3T&Tb;P^;`Gb? zD2HS;PP6H^=yHoMwO!rR@Pn~FcSXNmL*037@qc!6{YNkt!T;}6Xp0qPK5;%By93;> zzEv#>UJ${F+>{Me>eCa5+tnuy0Cx1|GLof)4fJx|8D{Rlaz1Ze@K$x|D6n)1^(A` z7yx*8rVDs<1R$#^q!h5k4za|hhTjeThXs}4|G$d~V2S^c?}`7-_W#%MKNRfWh5cvP zFIfVA&%3y0xJJ-G&_K{Y(7^ZC0QXoDt}T(sdn<**mY5hD7JF%t@EXcuj6|Yk;)OQa zc&EAKis4v!ytDW}8SuYO21jH2?*{*4G(7)zV*h~ub)x1cdy&Te-yHwLoNUH_VzndC9!1j`UrcwbcEe!?5b=4XGmDSjrarp9gK|J7|42gLsp#^L!t@IP8N#SMWA`)95M?#7O$ zfyetltomU8FZllrbG2TuZvWYC5N&%WaBKWOkiFL9|EUQ4uhva{t3aLQ)yNey3c&Mc zU(;&T10s?u`~Ci{?L%SEK+r(YK+wSdLj#sN>=TZK_X@W56uhYeBK)njR7#gvofsmG zik0Ss#5R^Fi4!P~9Xz9Xny`Kw_%9Hn5dYK30K16p0JW~s!xO6PR!{1B_wG3(q>A5;!w@addZ zZbpag{nSfp+V|GMPuXUKRFjZa%xBUN!f>py+acYe!g2C16|l?vBjj@K!o9 z&$r%@H3)rEBf#c9byaWh*!u?{b_EOFkBU66JaF4DqU!vtMoed5VF|jlsrR2!3w0l( za-@M!G-TLGqPW#U7>2k@sAkp^h2z*7A0saa@roj58B9Zz>R4E&331dT419W!x{xGd zO$-*o8jxYUNF+tnDaDP(-bpJJODs)z%!x(`LlEnrjDluLpjc>qEr|*sK`{lwV#B-z zPLxh4j;SX$W{@?oPeqxuR>msvl=?&)p*ZCf#S*R^om_TJ=zrv_G0|D-;o<)w^Y|l0 zFPm?B{u2_dybB1@!2b^T?^1m`O~Bmwa`85fsFk$f=x>6&Mesr}lX&1DdI&)Rh9WbJV(Vgv zSTa_{#waiA-JiGhJ1AzCYsx*i4rhn^Xu6TPF0A1W>x!_G%adnq4T=J6Ri^Min!25_ z{6we?5{ZX}T?r(_A}AoSTCL`~F(h`dUD&GXzjK_XZPMLt z(mIJ+cC56qGc(8Ia~YrO07Pe9E~$=`2BW#Lkw~wIp~mt6Oh_7?a8%}ma>0T$57+YMbDG=?E3uWER?Ho=2tIEhm%$6!^lsK=;u`kPSPK(Jks2_|Clg03h z!>q#7Y*Lh`@3M=nP<3-4eF=X&F=wG3b~@CZ#~S(P@9Td=3YO&mPK0i;p{b@J7L#y9 zhV8p{i-4Cvt)V{v>imRB)cvK%K^_1>`lt1O34^;kZO273=onxyHqD@0qC?p>ySrb4 zoG_3ukT8%i@HjBQ@Z~IwVL=d(LRzUbr%oy>AzB48QfCx+&n0Mq{z1!(vqV^p?`s;B z8uqvU70zDD*Nf#$#-8LpEmXJ zq;h6*+}NTVEnQz<-ZadAy1c~G?DYqYyk=}@E=Ej8EnT3HOB2x(ZiFWRG&PE-?%JX2 z96jgO5NesV!~u;2h-cg>9i%`+ZrN6RVpjAvDfB8kMuHtTW5nu_!+&3VSyr>J2G5>9 zANZmkIb4(+E@n9>4Kh%bgSO~+M&d-}g%c9#6131!F-y1)L9<{m+98Dos?4A$2gies zA+AjQ$IAuR&K3$3JuU2riW4G6kdHVWLY@nyXy(IC@vAI{}{-&h=WMUBCc8!SMkmPLrc5vzme5iq9YC=W_m?U>N{oD{3J=^(o}TsKjL&n@))!58kRwKMgR zS;=|KIlkPw7n{`vrv!lot-N*ygIqf1MoO=vQAT&n;-xh)SBPU+ohj|C==C#QA<+gi z-6D5iAbT(Qn+~(Os@jMSsPn8nn{{u1xksnzc&CW*P2sWaRkn}>AA{!H22O%;LeY>1 zO=AEPb*=?i>b13zaT%m1!o`p)jQm;9;PS|rM5qf$$fH48WD7~6BievNJS&fCM|36^ z!l0z)288tvauTh@FeP>n(J%*w+Z#wWV&KwfCy{=}AtQBj;NED8nu_a)20Eu95ZN&# zwZSmKf;1{Js#Q?g>x+GR-S+Wj-|QZFK%`mk@f(*%rxfu54=orI0YW5%Ykc1Ui(2Vi zcq0P`!z>Fb&A#!!FJVdl??>1TN2mDjhKTx~cIz$w{q28B z+3oxfbVcOJ{@(}7E#kj@*#Nb%nW-^!fchiqg*K1eN}|xOL{$t%SV9;_i#ckI`i1u< z5EXL6!5Qv6aTf4`DIDqz!n%nizi*DL>dsFqrkt$do%lpPV&p!FRD*4@#cHm?qjg~1 z;dNZHOg~+lY#;0X)jj$y{9DNXkRQtbNdEsT3hnkA{dtqg*(O%}!{@P4{`X4$2Rer^ z|0m^tKOE(3Dj> z4)r_*@bl09E!yz_6OltR91iaTCiP7iNEk>MNEmox80hP)-9%;FNdH@{|IJC#|MtR3 zz3IQ3`0w2QPxjyLSs=xKcaP)8e23oh-#`8f5{>=U{U30jiB$i$7q(f%fBUk*a{RY% zN$E=bH`NmFwwAar;kOX~`9S?IW`v~r&%Mb1b&mBsb9pznTfGZ?uM2-aUv5k12?GfO2?GfO|6dGDO<63sRc*t?dLG7PR!fOy0JFYp=w+;3rDed*A*Eb72QTkM@=!E zVWlAOKt$l22!ho|N*Q9X_()QS9yn*tMj1j>SX9fgsFpM0gOW7IA}{5zxJ!2Bnm=@V z5Y2Db*Y>&ySy#l_Z`ev9}^pb`cW1`-CIDhB=oB_P#~ diff --git a/grype/presenter/sarif/presenter_test.go b/grype/presenter/sarif/presenter_test.go index 55eefe73..60694b1a 100644 --- a/grype/presenter/sarif/presenter_test.go +++ b/grype/presenter/sarif/presenter_test.go @@ -20,7 +20,7 @@ import ( "github.com/anchore/syft/syft/source" ) -var update = flag.Bool("update", true, "update the *.golden files for json presenters") +var update = flag.Bool("update", false, "update the *.golden files for json presenters") func createResults() (match.Matches, []pkg.Package) { diff --git a/grype/presenter/sarif/test-fixtures/snapshot/TestSarifPresenterDir.golden b/grype/presenter/sarif/test-fixtures/snapshot/TestSarifPresenterDir.golden index 880ad660..2bab6b8e 100644 --- a/grype/presenter/sarif/test-fixtures/snapshot/TestSarifPresenterDir.golden +++ b/grype/presenter/sarif/test-fixtures/snapshot/TestSarifPresenterDir.golden @@ -5,7 +5,7 @@ { "tool": { "driver": { - "name": "Anchore Grype Scan", + "name": "Grype", "version": "0.0.0-dev", "informationUri": "https://github.com/anchore/grype", "rules": [ @@ -24,7 +24,7 @@ "markdown": "**Vulnerability CVE-1999-0001**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | package-1 | 1.0.1 | | deb | /some/path/etc/pkg-1 | source-1 | CVE-1999-0001 |\n" }, "properties": { - "security-severity": "1.0" + "security-severity": "4.000000" } }, { @@ -42,7 +42,7 @@ "markdown": "**Vulnerability CVE-1999-0002**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| critical | package-2 | 2.0.1 | | deb | /some/path/pkg-2 | source-2 | CVE-1999-0002 |\n" }, "properties": { - "security-severity": "9.0" + "security-severity": "1.000000" } } ] diff --git a/grype/presenter/sarif/test-fixtures/snapshot/TestSarifPresenterImage.golden b/grype/presenter/sarif/test-fixtures/snapshot/TestSarifPresenterImage.golden index fb30c3f4..f4dc1345 100644 --- a/grype/presenter/sarif/test-fixtures/snapshot/TestSarifPresenterImage.golden +++ b/grype/presenter/sarif/test-fixtures/snapshot/TestSarifPresenterImage.golden @@ -5,7 +5,7 @@ { "tool": { "driver": { - "name": "Anchore Grype Scan", + "name": "Grype", "version": "0.0.0-dev", "informationUri": "https://github.com/anchore/grype", "rules": [ @@ -24,7 +24,7 @@ "markdown": "**Vulnerability CVE-1999-0001**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | package-1 | 1.0.1 | | deb | etc/pkg-1 | source-1 | CVE-1999-0001 |\n" }, "properties": { - "security-severity": "1.0" + "security-severity": "4.000000" } }, { @@ -42,7 +42,7 @@ "markdown": "**Vulnerability CVE-1999-0002**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| critical | package-2 | 2.0.1 | | deb | pkg-2 | source-2 | CVE-1999-0002 |\n" }, "properties": { - "security-severity": "9.0" + "security-severity": "1.000000" } } ] @@ -70,7 +70,7 @@ "logicalLocations": [ { "name": "etc/pkg-1", - "fullyQualifiedName": "user-input@asdf:etc/pkg-1" + "fullyQualifiedName": "user-input@sha256:asdf:/etc/pkg-1" } ] } @@ -97,7 +97,7 @@ "logicalLocations": [ { "name": "pkg-2", - "fullyQualifiedName": "user-input@asdf:pkg-2" + "fullyQualifiedName": "user-input@sha256:asdf:/pkg-2" } ] } diff --git a/test/integration/compare_sbom_input_vs_lib_test.go b/test/integration/compare_sbom_input_vs_lib_test.go index 914ff021..d7c548ad 100644 --- a/test/integration/compare_sbom_input_vs_lib_test.go +++ b/test/integration/compare_sbom_input_vs_lib_test.go @@ -11,8 +11,9 @@ import ( "github.com/anchore/grype/grype" "github.com/anchore/grype/grype/db" "github.com/anchore/grype/internal" - "github.com/anchore/syft/syft/format" + "github.com/anchore/syft/syft" syftPkg "github.com/anchore/syft/syft/pkg" + "github.com/anchore/syft/syft/sbom" "github.com/anchore/syft/syft/source" ) @@ -27,10 +28,10 @@ var imagesWithVulnerabilities = []string{ } func TestCompareSBOMInputToLibResults(t *testing.T) { - formats := []format.Option{ - format.JSONOption, - format.SPDXJSONOption, - format.SPDXTagValueOption, + formats := []sbom.FormatID{ + syft.JSONFormatID, + syft.SPDXJSONFormatID, + syft.SPDXTagValueFormatID, } // get a grype DB @@ -58,8 +59,12 @@ func TestCompareSBOMInputToLibResults(t *testing.T) { imageArchive := PullThroughImageCache(t, image) imageSource := fmt.Sprintf("docker-archive:%s", imageArchive) - for _, f := range formats { - t.Run(fmt.Sprintf("%s/%s", image, f), func(t *testing.T) { + for _, formatID := range formats { + f := syft.FormatByID(formatID) + if f == nil { + t.Errorf("Invalid formatID: %s", formatID) + } + t.Run(fmt.Sprintf("%s/%s", image, formatID), func(t *testing.T) { // get SBOM from syft, write to temp file sbomBytes := getSyftSBOM(t, imageSource, f) diff --git a/test/integration/match_by_image_test.go b/test/integration/match_by_image_test.go index e5224d12..62ca3269 100644 --- a/test/integration/match_by_image_test.go +++ b/test/integration/match_by_image_test.go @@ -357,8 +357,13 @@ func TestMatchByImage(t *testing.T) { userImage := "docker-archive:" + tarPath + sourceInput, err := source.ParseInput(userImage, "", true) + if err != nil { + t.Fatalf("unable to parse user input %+v", err) + } + // this is purely done to help setup mocks - theSource, cleanup, err := source.New(userImage, nil, nil) + theSource, cleanup, err := source.New(*sourceInput, nil, nil) if err != nil { t.Fatalf("failed to determine image source: %+v", err) } diff --git a/test/integration/utils_test.go b/test/integration/utils_test.go index f52c0f6c..738e29a4 100644 --- a/test/integration/utils_test.go +++ b/test/integration/utils_test.go @@ -13,7 +13,6 @@ import ( "github.com/anchore/grype/grype/match" "github.com/anchore/syft/syft" - "github.com/anchore/syft/syft/format" "github.com/anchore/syft/syft/pkg/cataloger" "github.com/anchore/syft/syft/sbom" "github.com/anchore/syft/syft/source" @@ -62,8 +61,13 @@ func saveImage(t testing.TB, imageName string, destPath string) { t.Logf("Stdout: %s\n", out) } -func getSyftSBOM(t testing.TB, image string, formatOption format.Option) string { - src, cleanup, err := source.New(image, nil, nil) +func getSyftSBOM(t testing.TB, image string, format sbom.Format) string { + sourceInput, err := source.ParseInput(image, "", true) + if err != nil { + t.Fatalf("could not generate source input for packages command: %+v", err) + } + + src, cleanup, err := source.New(*sourceInput, nil, nil) if err != nil { t.Fatalf("can't get the source: %+v", err) } @@ -74,7 +78,7 @@ func getSyftSBOM(t testing.TB, image string, formatOption format.Option) string // TODO: relationships are not verified at this time catalog, _, distro, err := syft.CatalogPackages(src, config) - sbom := sbom.SBOM{ + s := sbom.SBOM{ Artifacts: sbom.Artifacts{ PackageCatalog: catalog, LinuxDistribution: distro, @@ -82,7 +86,7 @@ func getSyftSBOM(t testing.TB, image string, formatOption format.Option) string Source: src.Metadata, } - bytes, err := syft.Encode(sbom, formatOption) + bytes, err := syft.Encode(s, format) if err != nil { t.Fatalf("presenter failed: %+v", err) }