Mirrors/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft synced 2024-09-20 06:01:53 +00:00
Code Issues Projects Releases Packages Wiki Activity

Add alpine type to purl (#1431)

Browse source 
Signed-off-by: Benji Visser <benji@093b.org>
This commit is contained in:
Benji Visser 2023-01-04 17:35:46 -05:00 committed by GitHub
parent bc1edb9c8a
commit bb6fc6525c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 67 additions and 67 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
go.mod
View file

@ -10,7 +10,7 @@ require (
github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb
github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04
github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b
github.com/anchore/packageurl-go v0.1.1-0.20220428202044-a072fa3cb6d7
github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501
github.com/bmatcuk/doublestar/v4 v4.0.2
github.com/dustin/go-humanize v1.0.0
github.com/facebookincubator/nvdtools v0.1.4

4
go.sum
View file

@ -278,8 +278,8 @@ github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04 h1:VzprUTpc0v
github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04/go.mod h1:6dK64g27Qi1qGQZ67gFmBFvEHScy0/C8qhQhNe5B5pQ=
github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b h1:e1bmaoJfZVsCYMrIZBpFxwV26CbsuoEh5muXD5I1Ods=
github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E=
github.com/anchore/packageurl-go v0.1.1-0.20220428202044-a072fa3cb6d7 h1:kDrYkTSM9uIxaX/P9s0F4nKYNM+hnSgLJdLpqvsaQ/g=
github.com/anchore/packageurl-go v0.1.1-0.20220428202044-a072fa3cb6d7/go.mod h1:Blo6OgJNiYF41ufcgHKkbCKF2MDOMlrqhXv/ij6ocR4=
github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501 h1:AV7qjwMcM4r8wFhJq3jLRztew3ywIyPTRapl2T1s9o8=
github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501/go.mod h1:Blo6OgJNiYF41ufcgHKkbCKF2MDOMlrqhXv/ij6ocR4=
github.com/anchore/stereoscope v0.0.0-20221208011002-c5ff155d72f1 h1:DXUAm/H9chRTEzMfkFyduBIcCiJyFXhCmv3zH3C0HGs=
github.com/anchore/stereoscope v0.0.0-20221208011002-c5ff155d72f1/go.mod h1:/zjVnu2Jdl7xQCUtASegzeEg+IHKrM7SyMqdao3e+Nc=
github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=

4
syft/formats/common/cyclonedxhelpers/decoder_test.go
View file

@ -92,7 +92,7 @@ func Test_decode(t *testing.T) {
},
},
CPE: "cpe:2.3:*:another:package:2:*:*:*:*:*:*:*",
PackageURL: "pkg:alpine/alpine-baselayout@3.2.0-r16?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.14.2",
PackageURL: "pkg:apk/alpine/alpine-baselayout@3.2.0-r16?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.14.2",
Properties: &[]cyclonedx.Property{
{
@ -193,7 +193,7 @@ func Test_decode(t *testing.T) {
{
pkg: "package-2",
ver: "2.0.2",
purl: "pkg:alpine/alpine-baselayout@3.2.0-r16?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.14.2",
purl: "pkg:apk/alpine/alpine-baselayout@3.2.0-r16?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.14.2",
},
},
},

4
syft/formats/common/spdxhelpers/to_syft_model_test.go
View file

@ -46,7 +46,7 @@ func TestToSyftModel(t *testing.T) {
},
{
Category: "PACKAGE-MANAGER",
Locator: "pkg:alpine/pkg-1@5.4.3?arch=x86_64&upstream=p1-origin&distro=alpine-3.10.9",
Locator: "pkg:apk/alpine/pkg-1@5.4.3?arch=x86_64&upstream=p1-origin&distro=alpine-3.10.9",
RefType: "purl",
},
},
@ -145,7 +145,7 @@ func Test_extractMetadata(t *testing.T) {
PackageExternalReferences: []*spdx.PackageExternalReference{
{
Category: "PACKAGE-MANAGER",
Locator: "pkg:alpine/pkg-2@7.3.1?arch=x86_64&upstream=apk-origin@9.1.3&distro=alpine-3.10.9",
Locator: "pkg:apk/alpine/pkg-2@7.3.1?arch=x86_64&upstream=apk-origin@9.1.3&distro=alpine-3.10.9",
RefType: "purl",
},
},

6
syft/formats/spdxjson/test-fixtures/spdx/alpine-3.10.syft.spdx.json
View file

@ -27,7 +27,7 @@
},
{
"referenceCategory": "PACKAGE_MANAGER",
"referenceLocator": "pkg:alpine/busybox@1.30.1-r5?arch=x86_64&distro=alpine-3.10.9",
"referenceLocator": "pkg:apk/alpine/busybox@1.30.1-r5?arch=x86_64&distro=alpine-3.10.9",
"referenceType": "purl"
}
],
@ -51,7 +51,7 @@
},
{
"referenceCategory": "PACKAGE_MANAGER",
"referenceLocator": "pkg:alpine/libssl1.1@1.1.1k-r0?arch=x86_64&distro=alpine-3.10.9",
"referenceLocator": "pkg:apk/alpine/libssl1.1@1.1.1k-r0?arch=x86_64&distro=alpine-3.10.9",
"referenceType": "purl"
}
],
@ -100,7 +100,7 @@
},
{
"referenceCategory": "PACKAGE_MANAGER",
"referenceLocator": "pkg:alpine/ssl_client@1.30.1-r5?arch=x86_64&upstream=busybox&distro=alpine-3.10.9",
"referenceLocator": "pkg:apk/alpine/ssl_client@1.30.1-r5?arch=x86_64&upstream=busybox&distro=alpine-3.10.9",
"referenceType": "purl"
}
],

2
syft/formats/spdxtagvalue/test-fixtures/tag-value.spdx
View file

@ -21,7 +21,7 @@ PackageLicenseDeclared: GPL-2.0-only
PackageCopyrightText: NOASSERTION
PackageDescription: Size optimized toolbox of many common UNIX utilities
ExternalRef: SECURITY cpe23Type cpe:2.3:a:busybox:busybox:1.31.1-r19:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:alpine/busybox@1.31.1-r19?arch=x86_64&upstream=busybox&distro=alpine-3.12.5
ExternalRef: PACKAGE-MANAGER purl pkg:apk/alpine/busybox@1.31.1-r19?arch=x86_64&upstream=busybox&distro=alpine-3.12.5
##### Package: my-app

28
syft/formats/test-fixtures/alpine-syft.json
View file

@ -24,7 +24,7 @@
"cpe:2.3:a:alpine:alpine-baselayout:3.2.0-r16:*:*:*:*:*:*:*",
"cpe:2.3:a:alpine:alpine_baselayout:3.2.0-r16:*:*:*:*:*:*:*"
],
"purl": "pkg:alpine/alpine-baselayout@3.2.0-r16?arch=x86_64",
"purl": "pkg:apk/alpine/alpine-baselayout@3.2.0-r16?arch=x86_64",
"metadataType": "ApkMetadata",
"metadata": {
"package": "alpine-baselayout",
@ -504,7 +504,7 @@
"cpe:2.3:a:alpine:alpine-keys:2.3-r1:*:*:*:*:*:*:*",
"cpe:2.3:a:alpine:alpine_keys:2.3-r1:*:*:*:*:*:*:*"
],
"purl": "pkg:alpine/alpine-keys@2.3-r1?arch=x86_64",
"purl": "pkg:apk/alpine/alpine-keys@2.3-r1?arch=x86_64",
"metadataType": "ApkMetadata",
"metadata": {
"package": "alpine-keys",
@ -790,7 +790,7 @@
"cpe:2.3:a:apk:apk-tools:2.12.7-r0:*:*:*:*:*:*:*",
"cpe:2.3:a:apk:apk_tools:2.12.7-r0:*:*:*:*:*:*:*"
],
"purl": "pkg:alpine/apk-tools@2.12.7-r0?arch=x86_64",
"purl": "pkg:apk/alpine/apk-tools@2.12.7-r0?arch=x86_64",
"metadataType": "ApkMetadata",
"metadata": {
"package": "apk-tools",
@ -882,7 +882,7 @@
"cpes": [
"cpe:2.3:a:busybox:busybox:1.33.1-r3:*:*:*:*:*:*:*"
],
"purl": "pkg:alpine/busybox@1.33.1-r3?arch=x86_64",
"purl": "pkg:apk/alpine/busybox@1.33.1-r3?arch=x86_64",
"metadataType": "ApkMetadata",
"metadata": {
"package": "busybox",
@ -1059,7 +1059,7 @@
"cpe:2.3:a:ca:ca-certificates-bundle:20191127-r5:*:*:*:*:*:*:*",
"cpe:2.3:a:ca:ca_certificates_bundle:20191127-r5:*:*:*:*:*:*:*"
],
"purl": "pkg:alpine/ca-certificates-bundle@20191127-r5?arch=x86_64",
"purl": "pkg:apk/alpine/ca-certificates-bundle@20191127-r5?arch=x86_64",
"metadataType": "ApkMetadata",
"metadata": {
"package": "ca-certificates-bundle",
@ -1131,7 +1131,7 @@
"cpe:2.3:a:libc:libc-utils:0.7.2-r3:*:*:*:*:*:*:*",
"cpe:2.3:a:libc:libc_utils:0.7.2-r3:*:*:*:*:*:*:*"
],
"purl": "pkg:alpine/libc-utils@0.7.2-r3?arch=x86_64",
"purl": "pkg:apk/alpine/libc-utils@0.7.2-r3?arch=x86_64",
"metadataType": "ApkMetadata",
"metadata": {
"package": "libc-utils",
@ -1169,7 +1169,7 @@
"cpes": [
"cpe:2.3:a:libcrypto1.1:libcrypto1.1:1.1.1l-r0:*:*:*:*:*:*:*"
],
"purl": "pkg:alpine/libcrypto1.1@1.1.1l-r0?arch=x86_64",
"purl": "pkg:apk/alpine/libcrypto1.1@1.1.1l-r0?arch=x86_64",
"metadataType": "ApkMetadata",
"metadata": {
"package": "libcrypto1.1",
@ -1347,7 +1347,7 @@
"cpes": [
"cpe:2.3:a:libretls:libretls:3.3.3p1-r2:*:*:*:*:*:*:*"
],
"purl": "pkg:alpine/libretls@3.3.3p1-r2?arch=x86_64",
"purl": "pkg:apk/alpine/libretls@3.3.3p1-r2?arch=x86_64",
"metadataType": "ApkMetadata",
"metadata": {
"package": "libretls",
@ -1412,7 +1412,7 @@
"cpes": [
"cpe:2.3:a:libssl1.1:libssl1.1:1.1.1l-r0:*:*:*:*:*:*:*"
],
"purl": "pkg:alpine/libssl1.1@1.1.1l-r0?arch=x86_64",
"purl": "pkg:apk/alpine/libssl1.1@1.1.1l-r0?arch=x86_64",
"metadataType": "ApkMetadata",
"metadata": {
"package": "libssl1.1",
@ -1480,7 +1480,7 @@
"cpes": [
"cpe:2.3:a:musl:musl:1.2.2-r3:*:*:*:*:*:*:*"
],
"purl": "pkg:alpine/musl@1.2.2-r3?arch=x86_64",
"purl": "pkg:apk/alpine/musl@1.2.2-r3?arch=x86_64",
"metadataType": "ApkMetadata",
"metadata": {
"package": "musl",
@ -1549,7 +1549,7 @@
"cpe:2.3:a:musl:musl-utils:1.2.2-r3:*:*:*:*:*:*:*",
"cpe:2.3:a:musl:musl_utils:1.2.2-r3:*:*:*:*:*:*:*"
],
"purl": "pkg:alpine/musl-utils@1.2.2-r3?arch=x86_64",
"purl": "pkg:apk/alpine/musl-utils@1.2.2-r3?arch=x86_64",
"metadataType": "ApkMetadata",
"metadata": {
"package": "musl-utils",
@ -1647,7 +1647,7 @@
"cpes": [
"cpe:2.3:a:scanelf:scanelf:1.3.2-r0:*:*:*:*:*:*:*"
],
"purl": "pkg:alpine/scanelf@1.3.2-r0?arch=x86_64",
"purl": "pkg:apk/alpine/scanelf@1.3.2-r0?arch=x86_64",
"metadataType": "ApkMetadata",
"metadata": {
"package": "scanelf",
@ -1707,7 +1707,7 @@
"cpe:2.3:a:ssl:ssl-client:1.33.1-r3:*:*:*:*:*:*:*",
"cpe:2.3:a:ssl:ssl_client:1.33.1-r3:*:*:*:*:*:*:*"
],
"purl": "pkg:alpine/ssl_client@1.33.1-r3?arch=x86_64",
"purl": "pkg:apk/alpine/ssl_client@1.33.1-r3?arch=x86_64",
"metadataType": "ApkMetadata",
"metadata": {
"package": "ssl_client",
@ -1762,7 +1762,7 @@
"cpes": [
"cpe:2.3:a:zlib:zlib:1.2.11-r3:*:*:*:*:*:*:*"
],
"purl": "pkg:alpine/zlib@1.2.11-r3?arch=x86_64",
"purl": "pkg:apk/alpine/zlib@1.2.11-r3?arch=x86_64",
"metadataType": "ApkMetadata",
"metadata": {
"package": "zlib",

4
syft/pkg/cataloger/apkdb/package.go
View file

@ -42,10 +42,8 @@ func packageURL(m pkg.ApkMetadata, distro *linux.Release) string {
}
return packageurl.NewPackageURL(
// note: this is currently a candidate and not technically within spec
// see https://github.com/package-url/purl-spec#other-candidate-types-to-define
packageurl.TypeAlpine,
"alpine",
"",
m.Package,
m.Version,
pkg.PURLQualifiers(

10
syft/pkg/cataloger/apkdb/package_test.go
View file

@ -43,7 +43,7 @@ func Test_PackageURL(t *testing.T) {
ID: "alpine",
VersionID: "3.4.6",
},
expected: "pkg:alpine/p@v?arch=a&distro=alpine-3.4.6",
expected: "pkg:apk/alpine/p@v?arch=a&distro=alpine-3.4.6",
},
{
name: "missing architecture",
@ -55,7 +55,7 @@ func Test_PackageURL(t *testing.T) {
ID: "alpine",
VersionID: "3.4.6",
},
expected: "pkg:alpine/p@v?distro=alpine-3.4.6",
expected: "pkg:apk/alpine/p@v?distro=alpine-3.4.6",
},
// verify #351
{
@ -68,7 +68,7 @@ func Test_PackageURL(t *testing.T) {
ID: "alpine",
VersionID: "3.4.6",
},
expected: "pkg:alpine/g++@v84?arch=am86&distro=alpine-3.4.6",
expected: "pkg:apk/alpine/g++@v84?arch=am86&distro=alpine-3.4.6",
},
{
metadata: pkg.ApkMetadata{
@ -80,7 +80,7 @@ func Test_PackageURL(t *testing.T) {
ID: "alpine",
VersionID: "3.15.0",
},
expected: "pkg:alpine/g%20plus%20plus@v84?arch=am86&distro=alpine-3.15.0",
expected: "pkg:apk/alpine/g%20plus%20plus@v84?arch=am86&distro=alpine-3.15.0",
},
{
name: "add source information as qualifier",
@ -94,7 +94,7 @@ func Test_PackageURL(t *testing.T) {
ID: "alpine",
VersionID: "3.4.6",
},
expected: "pkg:alpine/p@v?arch=a&upstream=origin&distro=alpine-3.4.6",
expected: "pkg:apk/alpine/p@v?arch=a&upstream=origin&distro=alpine-3.4.6",
},
}

4
syft/pkg/cataloger/apkdb/parse_apk_db_test.go
View file

@ -637,7 +637,7 @@ func TestMultiplePackages(t *testing.T) {
Version: "0.7.2-r0",
Licenses: []string{"BSD"},
Type: pkg.ApkPkg,
PURL: "pkg:alpine/libc-utils@0.7.2-r0?arch=x86_64&upstream=libc-dev&distro=alpine-3.12",
PURL: "pkg:apk/alpine/libc-utils@0.7.2-r0?arch=x86_64&upstream=libc-dev&distro=alpine-3.12",
Locations: fixtureLocationSet,
MetadataType: pkg.ApkMetadataType,
Metadata: pkg.ApkMetadata{
@ -663,7 +663,7 @@ func TestMultiplePackages(t *testing.T) {
Version: "1.1.24-r2",
Licenses: []string{"MIT", "BSD", "GPL2+"},
Type: pkg.ApkPkg,
PURL: "pkg:alpine/musl-utils@1.1.24-r2?arch=x86_64&upstream=musl&distro=alpine-3.12",
PURL: "pkg:apk/alpine/musl-utils@1.1.24-r2?arch=x86_64&upstream=musl&distro=alpine-3.12",
Locations: fixtureLocationSet,
MetadataType: pkg.ApkMetadataType,
Metadata: pkg.ApkMetadata{

28
syft/pkg/cataloger/sbom/cataloger_test.go
View file

@ -41,7 +41,7 @@ func Test_parseSBOM(t *testing.T) {
Locations: source.NewLocationSet(source.NewLocation("sbom.syft.json")),
Licenses: []string{"GPL-2.0-only"},
FoundBy: "sbom-cataloger",
PURL: "pkg:alpine/alpine-baselayout@3.2.0-r23?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.16.3",
PURL: "pkg:apk/alpine/alpine-baselayout@3.2.0-r23?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.16.3",
CPEs: mustCPEs(
"cpe:2.3:a:alpine-baselayout:alpine-baselayout:3.2.0-r23:*:*:*:*:*:*:*",
"cpe:2.3:a:alpine-baselayout:alpine_baselayout:3.2.0-r23:*:*:*:*:*:*:*",
@ -58,7 +58,7 @@ func Test_parseSBOM(t *testing.T) {
Locations: source.NewLocationSet(source.NewLocation("sbom.syft.json")),
Licenses: []string{"GPL-2.0-only"},
FoundBy: "sbom-cataloger",
PURL: "pkg:alpine/alpine-baselayout-data@3.2.0-r23?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.16.3",
PURL: "pkg:apk/alpine/alpine-baselayout-data@3.2.0-r23?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.16.3",
CPEs: mustCPEs(
"cpe:2.3:a:alpine-baselayout-data:alpine-baselayout-data:3.2.0-r23:*:*:*:*:*:*:*",
"cpe:2.3:a:alpine-baselayout-data:alpine_baselayout_data:3.2.0-r23:*:*:*:*:*:*:*",
@ -79,7 +79,7 @@ func Test_parseSBOM(t *testing.T) {
Locations: source.NewLocationSet(source.NewLocation("sbom.syft.json")),
Licenses: []string{"MIT"},
FoundBy: "sbom-cataloger",
PURL: "pkg:alpine/alpine-keys@2.4-r1?arch=x86_64&upstream=alpine-keys&distro=alpine-3.16.3",
PURL: "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&upstream=alpine-keys&distro=alpine-3.16.3",
CPEs: mustCPEs(
"cpe:2.3:a:alpine-keys:alpine-keys:2.4-r1:*:*:*:*:*:*:*",
"cpe:2.3:a:alpine-keys:alpine_keys:2.4-r1:*:*:*:*:*:*:*",
@ -96,7 +96,7 @@ func Test_parseSBOM(t *testing.T) {
Locations: source.NewLocationSet(source.NewLocation("sbom.syft.json")),
Licenses: []string{"GPL-2.0-only"},
FoundBy: "sbom-cataloger",
PURL: "pkg:alpine/apk-tools@2.12.9-r3?arch=x86_64&upstream=apk-tools&distro=alpine-3.16.3",
PURL: "pkg:apk/alpine/apk-tools@2.12.9-r3?arch=x86_64&upstream=apk-tools&distro=alpine-3.16.3",
CPEs: mustCPEs(
"cpe:2.3:a:apk-tools:apk-tools:2.12.9-r3:*:*:*:*:*:*:*",
"cpe:2.3:a:apk-tools:apk_tools:2.12.9-r3:*:*:*:*:*:*:*",
@ -113,7 +113,7 @@ func Test_parseSBOM(t *testing.T) {
Locations: source.NewLocationSet(source.NewLocation("sbom.syft.json")),
Licenses: []string{"GPL-2.0-only"},
FoundBy: "sbom-cataloger",
PURL: "pkg:alpine/busybox@1.35.0-r17?arch=x86_64&upstream=busybox&distro=alpine-3.16.3",
PURL: "pkg:apk/alpine/busybox@1.35.0-r17?arch=x86_64&upstream=busybox&distro=alpine-3.16.3",
CPEs: mustCPEs(
"cpe:2.3:a:busybox:busybox:1.35.0-r17:*:*:*:*:*:*:*",
),
@ -125,7 +125,7 @@ func Test_parseSBOM(t *testing.T) {
Locations: source.NewLocationSet(source.NewLocation("sbom.syft.json")),
Licenses: []string{"MPL-2.0", "AND", "MIT"},
FoundBy: "sbom-cataloger",
PURL: "pkg:alpine/ca-certificates-bundle@20220614-r0?arch=x86_64&upstream=ca-certificates&distro=alpine-3.16.3",
PURL: "pkg:apk/alpine/ca-certificates-bundle@20220614-r0?arch=x86_64&upstream=ca-certificates&distro=alpine-3.16.3",
CPEs: mustCPEs(
"cpe:2.3:a:ca-certificates-bundle:ca-certificates-bundle:20220614-r0:*:*:*:*:*:*:*",
"cpe:2.3:a:ca-certificates-bundle:ca_certificates_bundle:20220614-r0:*:*:*:*:*:*:*",
@ -146,7 +146,7 @@ func Test_parseSBOM(t *testing.T) {
Locations: source.NewLocationSet(source.NewLocation("sbom.syft.json")),
Licenses: []string{"BSD-2-Clause", "AND", "BSD-3-Clause"},
FoundBy: "sbom-cataloger",
PURL: "pkg:alpine/libc-utils@0.7.2-r3?arch=x86_64&upstream=libc-dev&distro=alpine-3.16.3",
PURL: "pkg:apk/alpine/libc-utils@0.7.2-r3?arch=x86_64&upstream=libc-dev&distro=alpine-3.16.3",
CPEs: mustCPEs(
"cpe:2.3:a:libc-utils:libc-utils:0.7.2-r3:*:*:*:*:*:*:*",
"cpe:2.3:a:libc-utils:libc_utils:0.7.2-r3:*:*:*:*:*:*:*",
@ -163,7 +163,7 @@ func Test_parseSBOM(t *testing.T) {
Locations: source.NewLocationSet(source.NewLocation("sbom.syft.json")),
Licenses: []string{"OpenSSL"},
FoundBy: "sbom-cataloger",
PURL: "pkg:alpine/libcrypto1.1@1.1.1s-r0?arch=x86_64&upstream=openssl&distro=alpine-3.16.3",
PURL: "pkg:apk/alpine/libcrypto1.1@1.1.1s-r0?arch=x86_64&upstream=openssl&distro=alpine-3.16.3",
CPEs: mustCPEs(
"cpe:2.3:a:libcrypto1.1:libcrypto1.1:1.1.1s-r0:*:*:*:*:*:*:*",
),
@ -175,7 +175,7 @@ func Test_parseSBOM(t *testing.T) {
Locations: source.NewLocationSet(source.NewLocation("sbom.syft.json")),
Licenses: []string{"OpenSSL"},
FoundBy: "sbom-cataloger",
PURL: "pkg:alpine/libssl1.1@1.1.1s-r0?arch=x86_64&upstream=openssl&distro=alpine-3.16.3",
PURL: "pkg:apk/alpine/libssl1.1@1.1.1s-r0?arch=x86_64&upstream=openssl&distro=alpine-3.16.3",
CPEs: mustCPEs(
"cpe:2.3:a:libssl1.1:libssl1.1:1.1.1s-r0:*:*:*:*:*:*:*",
),
@ -187,7 +187,7 @@ func Test_parseSBOM(t *testing.T) {
Locations: source.NewLocationSet(source.NewLocation("sbom.syft.json")),
Licenses: []string{"MIT"},
FoundBy: "sbom-cataloger",
PURL: "pkg:alpine/musl@1.2.3-r1?arch=x86_64&upstream=musl&distro=alpine-3.16.3",
PURL: "pkg:apk/alpine/musl@1.2.3-r1?arch=x86_64&upstream=musl&distro=alpine-3.16.3",
CPEs: mustCPEs(
"cpe:2.3:a:musl:musl:1.2.3-r1:*:*:*:*:*:*:*",
),
@ -199,7 +199,7 @@ func Test_parseSBOM(t *testing.T) {
Locations: source.NewLocationSet(source.NewLocation("sbom.syft.json")),
Licenses: []string{"MIT", "BSD", "GPL2+"},
FoundBy: "sbom-cataloger",
PURL: "pkg:alpine/musl-utils@1.2.3-r1?arch=x86_64&upstream=musl&distro=alpine-3.16.3",
PURL: "pkg:apk/alpine/musl-utils@1.2.3-r1?arch=x86_64&upstream=musl&distro=alpine-3.16.3",
CPEs: mustCPEs(
"cpe:2.3:a:musl-utils:musl-utils:1.2.3-r1:*:*:*:*:*:*:*",
"cpe:2.3:a:musl-utils:musl_utils:1.2.3-r1:*:*:*:*:*:*:*",
@ -216,7 +216,7 @@ func Test_parseSBOM(t *testing.T) {
Locations: source.NewLocationSet(source.NewLocation("sbom.syft.json")),
Licenses: []string{"GPL-2.0-only"},
FoundBy: "sbom-cataloger",
PURL: "pkg:alpine/scanelf@1.3.4-r0?arch=x86_64&upstream=pax-utils&distro=alpine-3.16.3",
PURL: "pkg:apk/alpine/scanelf@1.3.4-r0?arch=x86_64&upstream=pax-utils&distro=alpine-3.16.3",
CPEs: mustCPEs(
"cpe:2.3:a:scanelf:scanelf:1.3.4-r0:*:*:*:*:*:*:*",
),
@ -228,7 +228,7 @@ func Test_parseSBOM(t *testing.T) {
Locations: source.NewLocationSet(source.NewLocation("sbom.syft.json")),
Licenses: []string{"GPL-2.0-only"},
FoundBy: "sbom-cataloger",
PURL: "pkg:alpine/ssl_client@1.35.0-r17?arch=x86_64&upstream=busybox&distro=alpine-3.16.3",
PURL: "pkg:apk/alpine/ssl_client@1.35.0-r17?arch=x86_64&upstream=busybox&distro=alpine-3.16.3",
CPEs: mustCPEs(
"cpe:2.3:a:ssl-client:ssl-client:1.35.0-r17:*:*:*:*:*:*:*",
"cpe:2.3:a:ssl-client:ssl_client:1.35.0-r17:*:*:*:*:*:*:*",
@ -245,7 +245,7 @@ func Test_parseSBOM(t *testing.T) {
Locations: source.NewLocationSet(source.NewLocation("sbom.syft.json")),
Licenses: []string{"Zlib"},
FoundBy: "sbom-cataloger",
PURL: "pkg:alpine/zlib@1.2.12-r3?arch=x86_64&upstream=zlib&distro=alpine-3.16.3",
PURL: "pkg:apk/alpine/zlib@1.2.12-r3?arch=x86_64&upstream=zlib&distro=alpine-3.16.3",
CPEs: mustCPEs(
"cpe:2.3:a:zlib:zlib:1.2.12-r3:*:*:*:*:*:*:*",
),

28
syft/pkg/cataloger/sbom/test-fixtures/alpine/syft-json/sbom.syft.json
View file

@ -24,7 +24,7 @@
"cpe:2.3:a:alpine:alpine-baselayout:3.2.0-r23:*:*:*:*:*:*:*",
"cpe:2.3:a:alpine:alpine_baselayout:3.2.0-r23:*:*:*:*:*:*:*"
],
"purl": "pkg:alpine/alpine-baselayout@3.2.0-r23?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.16.3",
"purl": "pkg:apk/alpine/alpine-baselayout@3.2.0-r23?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.16.3",
"metadataType": "ApkMetadata",
"metadata": {
"package": "alpine-baselayout",
@ -411,7 +411,7 @@
"cpe:2.3:a:alpine:alpine-baselayout-data:3.2.0-r23:*:*:*:*:*:*:*",
"cpe:2.3:a:alpine:alpine_baselayout_data:3.2.0-r23:*:*:*:*:*:*:*"
],
"purl": "pkg:alpine/alpine-baselayout-data@3.2.0-r23?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.16.3",
"purl": "pkg:apk/alpine/alpine-baselayout-data@3.2.0-r23?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.16.3",
"metadataType": "ApkMetadata",
"metadata": {
"package": "alpine-baselayout-data",
@ -570,7 +570,7 @@
"cpe:2.3:a:alpine:alpine-keys:2.4-r1:*:*:*:*:*:*:*",
"cpe:2.3:a:alpine:alpine_keys:2.4-r1:*:*:*:*:*:*:*"
],
"purl": "pkg:alpine/alpine-keys@2.4-r1?arch=x86_64&upstream=alpine-keys&distro=alpine-3.16.3",
"purl": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&upstream=alpine-keys&distro=alpine-3.16.3",
"metadataType": "ApkMetadata",
"metadata": {
"package": "alpine-keys",
@ -1007,7 +1007,7 @@
"cpe:2.3:a:apk:apk-tools:2.12.9-r3:*:*:*:*:*:*:*",
"cpe:2.3:a:apk:apk_tools:2.12.9-r3:*:*:*:*:*:*:*"
],
"purl": "pkg:alpine/apk-tools@2.12.9-r3?arch=x86_64&upstream=apk-tools&distro=alpine-3.16.3",
"purl": "pkg:apk/alpine/apk-tools@2.12.9-r3?arch=x86_64&upstream=apk-tools&distro=alpine-3.16.3",
"metadataType": "ApkMetadata",
"metadata": {
"package": "apk-tools",
@ -1110,7 +1110,7 @@
"cpes": [
"cpe:2.3:a:busybox:busybox:1.35.0-r17:*:*:*:*:*:*:*"
],
"purl": "pkg:alpine/busybox@1.35.0-r17?arch=x86_64&upstream=busybox&distro=alpine-3.16.3",
"purl": "pkg:apk/alpine/busybox@1.35.0-r17?arch=x86_64&upstream=busybox&distro=alpine-3.16.3",
"metadataType": "ApkMetadata",
"metadata": {
"package": "busybox",
@ -1294,7 +1294,7 @@
"cpe:2.3:a:ca:ca-certificates-bundle:20220614-r0:*:*:*:*:*:*:*",
"cpe:2.3:a:ca:ca_certificates_bundle:20220614-r0:*:*:*:*:*:*:*"
],
"purl": "pkg:alpine/ca-certificates-bundle@20220614-r0?arch=x86_64&upstream=ca-certificates&distro=alpine-3.16.3",
"purl": "pkg:apk/alpine/ca-certificates-bundle@20220614-r0?arch=x86_64&upstream=ca-certificates&distro=alpine-3.16.3",
"metadataType": "ApkMetadata",
"metadata": {
"package": "ca-certificates-bundle",
@ -1369,7 +1369,7 @@
"cpe:2.3:a:libc:libc-utils:0.7.2-r3:*:*:*:*:*:*:*",
"cpe:2.3:a:libc:libc_utils:0.7.2-r3:*:*:*:*:*:*:*"
],
"purl": "pkg:alpine/libc-utils@0.7.2-r3?arch=x86_64&upstream=libc-dev&distro=alpine-3.16.3",
"purl": "pkg:apk/alpine/libc-utils@0.7.2-r3?arch=x86_64&upstream=libc-dev&distro=alpine-3.16.3",
"metadataType": "ApkMetadata",
"metadata": {
"package": "libc-utils",
@ -1410,7 +1410,7 @@
"cpes": [
"cpe:2.3:a:libcrypto1.1:libcrypto1.1:1.1.1s-r0:*:*:*:*:*:*:*"
],
"purl": "pkg:alpine/libcrypto1.1@1.1.1s-r0?arch=x86_64&upstream=openssl&distro=alpine-3.16.3",
"purl": "pkg:apk/alpine/libcrypto1.1@1.1.1s-r0?arch=x86_64&upstream=openssl&distro=alpine-3.16.3",
"metadataType": "ApkMetadata",
"metadata": {
"package": "libcrypto1.1",
@ -1589,7 +1589,7 @@
"cpes": [
"cpe:2.3:a:libssl1.1:libssl1.1:1.1.1s-r0:*:*:*:*:*:*:*"
],
"purl": "pkg:alpine/libssl1.1@1.1.1s-r0?arch=x86_64&upstream=openssl&distro=alpine-3.16.3",
"purl": "pkg:apk/alpine/libssl1.1@1.1.1s-r0?arch=x86_64&upstream=openssl&distro=alpine-3.16.3",
"metadataType": "ApkMetadata",
"metadata": {
"package": "libssl1.1",
@ -1663,7 +1663,7 @@
"cpes": [
"cpe:2.3:a:musl:musl:1.2.3-r1:*:*:*:*:*:*:*"
],
"purl": "pkg:alpine/musl@1.2.3-r1?arch=x86_64&upstream=musl&distro=alpine-3.16.3",
"purl": "pkg:apk/alpine/musl@1.2.3-r1?arch=x86_64&upstream=musl&distro=alpine-3.16.3",
"metadataType": "ApkMetadata",
"metadata": {
"package": "musl",
@ -1735,7 +1735,7 @@
"cpe:2.3:a:musl:musl-utils:1.2.3-r1:*:*:*:*:*:*:*",
"cpe:2.3:a:musl:musl_utils:1.2.3-r1:*:*:*:*:*:*:*"
],
"purl": "pkg:alpine/musl-utils@1.2.3-r1?arch=x86_64&upstream=musl&distro=alpine-3.16.3",
"purl": "pkg:apk/alpine/musl-utils@1.2.3-r1?arch=x86_64&upstream=musl&distro=alpine-3.16.3",
"metadataType": "ApkMetadata",
"metadata": {
"package": "musl-utils",
@ -1843,7 +1843,7 @@
"cpes": [
"cpe:2.3:a:scanelf:scanelf:1.3.4-r0:*:*:*:*:*:*:*"
],
"purl": "pkg:alpine/scanelf@1.3.4-r0?arch=x86_64&upstream=pax-utils&distro=alpine-3.16.3",
"purl": "pkg:apk/alpine/scanelf@1.3.4-r0?arch=x86_64&upstream=pax-utils&distro=alpine-3.16.3",
"metadataType": "ApkMetadata",
"metadata": {
"package": "scanelf",
@ -1908,7 +1908,7 @@
"cpe:2.3:a:ssl:ssl-client:1.35.0-r17:*:*:*:*:*:*:*",
"cpe:2.3:a:ssl:ssl_client:1.35.0-r17:*:*:*:*:*:*:*"
],
"purl": "pkg:alpine/ssl_client@1.35.0-r17?arch=x86_64&upstream=busybox&distro=alpine-3.16.3",
"purl": "pkg:apk/alpine/ssl_client@1.35.0-r17?arch=x86_64&upstream=busybox&distro=alpine-3.16.3",
"metadataType": "ApkMetadata",
"metadata": {
"package": "ssl_client",
@ -1970,7 +1970,7 @@
"cpes": [
"cpe:2.3:a:zlib:zlib:1.2.12-r3:*:*:*:*:*:*:*"
],
"purl": "pkg:alpine/zlib@1.2.12-r3?arch=x86_64&upstream=zlib&distro=alpine-3.16.3",
"purl": "pkg:apk/alpine/zlib@1.2.12-r3?arch=x86_64&upstream=zlib&distro=alpine-3.16.3",
"metadataType": "ApkMetadata",
"metadata": {
"package": "zlib",

8
syft/pkg/type.go
View file

@ -1,6 +1,8 @@
package pkg
import "github.com/anchore/packageurl-go"
import (
"github.com/anchore/packageurl-go"
)
// Type represents a Package Type for or within a language ecosystem (there may be multiple package types within a language ecosystem)
type Type string
@ -58,7 +60,7 @@ var AllPkgs = []Type{
func (t Type) PackageURLType() string {
switch t {
case ApkPkg:
return "alpine"
return packageurl.TypeAlpine
case AlpmPkg:
return "alpm"
case GemPkg:
@ -114,7 +116,7 @@ func TypeByName(name string) Type {
return RpmPkg
case "alpm":
return AlpmPkg
case "alpine":
case packageurl.TypeAlpine, "alpine":
return ApkPkg
case packageurl.TypeMaven:
return JavaPkg

2
syft/pkg/type_test.go
View file

@ -19,7 +19,7 @@ func TestTypeFromPURL(t *testing.T) {
expected: RpmPkg,
},
{
purl: "pkg:alpine/util-linux@2.32.1",
purl: "pkg:apk/alpine/util-linux@2.32.1",
expected: ApkPkg,
},
{