mirror of
https://github.com/anchore/syft
synced 2024-11-10 06:14:16 +00:00
05e8ba948d
* add python package relationships Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * nil for empty relationships collections Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * new json schema for optional python requiremenets Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update format snapshots for python packages Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * decompose python parsers more + add tests around plural fields Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update JSON schema with python dep refs Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
26 lines
705 B
Go
26 lines
705 B
Go
package relationship
|
|
|
|
import (
|
|
"github.com/anchore/syft/syft/artifact"
|
|
"github.com/anchore/syft/syft/pkg"
|
|
)
|
|
|
|
func EvidentBy(catalog *pkg.Collection) []artifact.Relationship {
|
|
var edges []artifact.Relationship
|
|
for _, p := range catalog.Sorted() {
|
|
for _, l := range p.Locations.ToSlice() {
|
|
if v, exists := l.Annotations[pkg.EvidenceAnnotationKey]; !exists || v != pkg.PrimaryEvidenceAnnotation {
|
|
// skip non-primary evidence from being expressed as a relationship.
|
|
// note: this may be configurable in the future.
|
|
continue
|
|
}
|
|
edges = append(edges, artifact.Relationship{
|
|
From: p,
|
|
To: l.Coordinates,
|
|
Type: artifact.EvidentByRelationship,
|
|
})
|
|
}
|
|
}
|
|
|
|
return edges
|
|
}
|