Skip to content

feat: add use-all-catalogers flag#1050

Merged
spiffcs merged 1 commit intoanchore:mainfrom
cpendery:golang
Jun 27, 2022
Merged

feat: add use-all-catalogers flag#1050
spiffcs merged 1 commit intoanchore:mainfrom
cpendery:golang

Conversation

@cpendery
Copy link
Copy Markdown
Contributor

@cpendery cpendery commented Jun 15, 2022
edited
Loading

Description

Add a new switch --use-all-catalogers that allows for the use of both image and file catalogers to run on the subject. This is useful when scanning an image built to use as a build environment, where artifacts may be installed using the files present soon.

Closes #1049

@cpendery cpendery changed the title feat: add use-all-catalogers flag [WIP] feat: add use-all-catalogers flag Jun 15, 2022
@cpendery cpendery marked this pull request as ready for review June 15, 2022 21:18
@cpendery
Copy link
Copy Markdown
Contributor Author

cpendery commented Jun 15, 2022
edited
Loading

While #1038 allows us to use the config to turn on certain catalogers, I think it would be easier for my use case, using all of them, to have a general switch to turn them all on. If there is an in between you all like, happy to adjust accordingly and contribute it.

@spiffcs
Copy link
Copy Markdown
Contributor

spiffcs commented Jun 24, 2022
edited
Loading

Thanks for the PR here @cpendery!

Rather than make a new flag here I think we'd like to extend on the work done in #1038.

Notice how the config can now take a []string as Catalogers that syft should enable.

syft/internal/config/application.go

Line 50 in 546eaec

Catalogers []string `yaml:"catalogers" json:"catalogers" mapstructure:"catalogers"`

Test showing the catalogers option

syft/test/cli/packages_cmd_test.go

Lines 230 to 237 in 546eaec

{
name: "catalogers-option",
args: []string{"packages", "-o", "json", "--catalogers", "python,ruby-gemspec", coverageImage},
assertions: []traitAssertion{
assertPackageCount(6),
assertSuccessfulReturnCode,
},
},

If we use the flag --catalogers here and pass something like all we can keep the CLI surface area small while also extending the --catalogers flag ability to turn all options on with a single command.

Let me know what you think of this direction.

spiffcs
spiffcs reviewed Jun 24, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@spiffcs spiffcs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added small comment about use of new flag vs extending a newly merged flag

@cpendery
Copy link
Copy Markdown
Contributor Author

cpendery commented Jun 24, 2022

Added small comment about use of new flag vs extending a newly merged flag

I think extending the existing flag makes a lot of sense. I'll switch over to using that flag and part of the config 👍

@cpendery
feat: add all variable to catalogers to override defaults
e774ca3 
Signed-off-by: cpendery <cpendery@vt.edu>
@spiffcs spiffcs merged commit 2b8e15b into anchore:main Jun 27, 2022
spiffcs added a commit to jonasagx/syft that referenced this pull request Jun 27, 2022
@spiffcs
Merge branch 'main' into PR
55c1775 
* main: (70 commits)
  fix: add php catalogers to all catalogers (anchore#1065)
  feat: add use-all-catalogers flag (anchore#1050)
  Updates parsing of `yarn.lock` to use `resolved` URLs that are pulled from yarn and npm registries (anchore#926)
  remove OSS Meetup message (anchore#1057)
  add pom.xml cataloger (anchore#1055)
  Add support for CBL-Mariner distroless images (anchore#1045)
  Add catalogers configuration (anchore#1038)
  add template output (anchore#1051)
  update stereoscope to latest version (anchore#1052)
  update zip_read_closer to incorporate zip64 support (anchore#1041)
  Add pacman (alpm) parser support (anchore#943)
  Update of README.md (anchore#1027)
  bump cosign to v1.9.0 to resolve reporting of GHSA-66x3-6cw3-v5gj (anchore#1025)
  add workflows to test new project automation (anchore#1023)
  improve LanguageByName and add unit tests (anchore#1034)
  Read Description from dpkg status files (anchore#996)
  Add announcement for Anchore OSS Virtual Meetup (anchore#1033)
  add main module field to go bin metadata (anchore#1026)
  Add filters to package cataloger (anchore#1021)
  change draft to false for release process (anchore#1016)
  ...

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
@spiffcs spiffcs self-assigned this Jun 28, 2022
aiwantaozi pushed a commit to aiwantaozi/syft that referenced this pull request Oct 20, 2022
@cpendery @aiwantaozi
feat: add use-all-catalogers flag (anchore#1050)
32fd95b
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@cpendery
feat: add use-all-catalogers flag (anchore#1050)
7346bf6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@spiffcs spiffcs spiffcs approved these changes

Assignees

@spiffcs spiffcs

Labels

None yet

Projects

OSS
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

add flag for image scanning to use all catalogers rather than just some

2 participants

@cpendery @spiffcs