Mirrors/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft synced 2024-11-10 06:14:16 +00:00
Code Issues Projects Releases Packages Wiki Activity

chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.2 to 0.8.0 (#2413)

Browse source
This commit is contained in:
dependabot[bot] 2023-12-14 17:18:37 -05:00 committed by GitHub
parent 38a12bd91a
commit b83cc8485a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 70 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -121,7 +121,7 @@ syft <image> --scope all-layers
### Supported sources
Syft can generate a SBOM from a variety of sources:
Syft can generate an SBOM from a variety of sources:
```
# catalog a container image archive (from the result of `docker image save ...`, `podman save ...`, or `skopeo copy` commands)

2
go.mod
View file

@ -3,7 +3,7 @@ module github.com/anchore/syft
go 1.21.0
require (
github.com/CycloneDX/cyclonedx-go v0.7.2
github.com/CycloneDX/cyclonedx-go v0.8.0
github.com/Masterminds/semver v1.5.0
github.com/Masterminds/sprig/v3 v3.2.3
github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d

4
go.sum
View file

@ -58,8 +58,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03
github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
github.com/CycloneDX/cyclonedx-go v0.7.2 h1:kKQ0t1dPOlugSIYVOMiMtFqeXI2wp/f5DBIdfux8gnQ=
github.com/CycloneDX/cyclonedx-go v0.7.2/go.mod h1:K2bA+324+Og0X84fA8HhN2X066K7Bxz4rpMQ4ZhjtSk=
github.com/CycloneDX/cyclonedx-go v0.8.0 h1:FyWVj6x6hoJrui5uRQdYZcSievw3Z32Z88uYzG/0D6M=
github.com/CycloneDX/cyclonedx-go v0.8.0/go.mod h1:K2bA+324+Og0X84fA8HhN2X066K7Bxz4rpMQ4ZhjtSk=
github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
github.com/DataDog/zstd v1.4.5 h1:EndNeuB0l9syBZhut0wns3gV1hL8zX8LIu6ZiVHWLIQ=
github.com/DataDog/zstd v1.4.5/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo=

19
syft/format/common/cyclonedxhelpers/decoder.go
View file

@ -249,9 +249,22 @@ func extractDescriptor(meta *cyclonedx.Metadata) (desc sbom.Descriptor) {
return
}
for _, t := range *meta.Tools {
desc.Name = t.Name
desc.Version = t.Version
// handle 1.5 component element
if meta.Tools.Components != nil {
for _, t := range *meta.Tools.Components {
desc.Name = t.Name
desc.Version = t.Version
return
}
}
// handle pre-1.5 tool element
if meta.Tools.Tools != nil {
for _, t := range *meta.Tools.Tools {
desc.Name = t.Name
desc.Version = t.Version
return
}
}
return

13
syft/format/common/cyclonedxhelpers/format.go
View file

@ -114,11 +114,14 @@ func formatCPE(cpeString string) string {
func toBomDescriptor(name, version string, srcMetadata source.Description) *cyclonedx.Metadata {
return &cyclonedx.Metadata{
Timestamp: time.Now().Format(time.RFC3339),
Tools: &[]cyclonedx.Tool{
{
Vendor: "anchore",
Name: name,
Version: version,
Tools: &cyclonedx.ToolsChoice{
Components: &[]cyclonedx.Component{
{
Type: cyclonedx.ComponentTypeApplication,
Author: "anchore",
Name: name,
Version: version,
},
},
},
Properties: toBomProperties(srcMetadata),

15
syft/format/common/cyclonedxhelpers/format_test.go
View file

@ -168,13 +168,14 @@ func Test_toBomDescriptor(t *testing.T) {
want: &cyclonedx.Metadata{
Timestamp: "",
Lifecycles: nil,
Tools: &[]cyclonedx.Tool{
{
Vendor: "anchore",
Name: "test-image",
Version: "1.0.0",
Hashes: nil,
ExternalReferences: nil,
Tools: &cyclonedx.ToolsChoice{
Components: &[]cyclonedx.Component{
{
Type: cyclonedx.ComponentTypeApplication,
Author: "anchore",
Name: "test-image",
Version: "1.0.0",
},
},
},
Authors: nil,

17
syft/format/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden
View file

@ -6,13 +6,16 @@
"version": 1,
"metadata": {
"timestamp": "timestamp:redacted",
"tools": [
{
"vendor": "anchore",
"name": "syft",
"version": "v0.42.0-bogus"
}
],
"tools": {
"components": [
{
"type": "application",
"author": "anchore",
"name": "syft",
"version": "v0.42.0-bogus"
}
]
},
"component": {
"bom-ref":"redacted",
"type": "file",

17
syft/format/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden
View file

@ -6,13 +6,16 @@
"version": 1,
"metadata": {
"timestamp": "timestamp:redacted",
"tools": [
{
"vendor": "anchore",
"name": "syft",
"version": "v0.42.0-bogus"
}
],
"tools": {
"components": [
{
"type": "application",
"author": "anchore",
"name": "syft",
"version": "v0.42.0-bogus"
}
]
},
"component": {
"bom-ref":"redacted",
"type": "container",

12
syft/format/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden
View file

@ -3,11 +3,13 @@
<metadata>
<timestamp>redacted</timestamp>
<tools>
<tool>
<vendor>anchore</vendor>
<name>syft</name>
<version>v0.42.0-bogus</version>
</tool>
<components>
<component type="application">
<author>anchore</author>
<name>syft</name>
<version>v0.42.0-bogus</version>
</component>
</components>
</tools>
<component bom-ref="redacted" type="file">
<name>some/path</name>

12
syft/format/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden
View file

@ -3,11 +3,13 @@
<metadata>
<timestamp>redacted</timestamp>
<tools>
<tool>
<vendor>anchore</vendor>
<name>syft</name>
<version>v0.42.0-bogus</version>
</tool>
<components>
<component type="application">
<author>anchore</author>
<name>syft</name>
<version>v0.42.0-bogus</version>
</component>
</components>
</tools>
<component bom-ref="redacted" type="container">
<name>user-image-input</name>