Mirrors/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft synced 2024-11-10 14:24:12 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #334 from anchore/ignore-ownership

Browse source 
Ignore ownership for shared copyright resources
This commit is contained in:
Alex Goodman 2021-02-26 15:59:49 -05:00 committed by GitHub
commit 40e9c4b146
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
syft/pkg/catalog.go
View file

@ -7,12 +7,6 @@ import (
"github.com/anchore/syft/internal/log"
)
var globsForbiddenFromBeingOwned = []string{
ApkDbGlob,
DpkgDbGlob,
RpmDbGlob,
}
// Catalog represents a collection of Packages.
type Catalog struct {
byID map[ID]*Package

10
syft/pkg/ownership_by_files_relationship.go
View file

@ -6,6 +6,16 @@ import (
"github.com/scylladb/go-set/strset"
)
var globsForbiddenFromBeingOwned = []string{
// any OS DBs should automatically be ignored to prevent cyclic issues (e.g. the "rpm" RPM owns the path to the
// RPM DB, so if not ignored that package would own all other packages on the system).
ApkDbGlob,
DpkgDbGlob,
RpmDbGlob,
// DEB packages share common copyright info between, this does not mean that sharing these paths implies ownership.
"/usr/share/doc/**/copyright",
}
type ownershipByFilesMetadata struct {
Files []string `json:"files"`
}