Skip to content

feat: add identifiable field to source object#1243

Merged
spiffcs merged 5 commits intomainfrom
1241-syft-json-updates
Oct 5, 2022
Merged

feat: add identifiable field to source object#1243
spiffcs merged 5 commits intomainfrom
1241-syft-json-updates

Conversation

@spiffcs
Copy link
Copy Markdown
Contributor

@spiffcs spiffcs commented Oct 4, 2022
edited
Loading

Allow source.Source struct to set reproducible id for the following scheme:

  • DirectoryScheme
  • FileScheme
  • ImageScheme
  • UnknownScheme

This ID is calculated in the following ways:

Followups coming in separate smaller PR:

  • Add ID field to source and generate a relationship to packages
  • Update SPDX format to reflect this relationship of source --> package via OCI PURL

Signed-off-by: Christopher Phillips christopher.phillips@anchore.com

@spiffcs
feat: add identifiable field to source object
1e7d2c7 
Allow source.Source struct to set reproducable id for different scheme.
This ID is calcuated either as a digest from the given directory or file
path. If the scheme is detected to be an ImageScheme then the ID is
calculated as a ChainID: https://github.com/opencontainers/image-spec/blob/main/config.md#layer-chainid

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Oct 4, 2022
edited
Loading

Benchmark Test Results

Benchmark results from the latest changes vs base branch 
name                                                       old time/op    new time/op    delta
ImagePackageCatalogers/alpmdb-cataloger-2                    12.5ms ±16%    15.1ms ±14%  +20.61%  (p=0.032 n=5+5)
ImagePackageCatalogers/ruby-gemspec-cataloger-2              1.31ms ± 1%    1.65ms ± 9%  +25.67%  (p=0.008 n=5+5)
ImagePackageCatalogers/python-package-cataloger-2            3.33ms ± 0%    3.85ms ± 3%  +15.55%  (p=0.008 n=5+5)
ImagePackageCatalogers/php-composer-installed-cataloger-2    1.08ms ± 0%    1.31ms ± 1%  +21.42%  (p=0.008 n=5+5)
ImagePackageCatalogers/javascript-package-cataloger-2         755µs ± 0%     908µs ± 2%  +20.20%  (p=0.008 n=5+5)
ImagePackageCatalogers/dpkgdb-cataloger-2                     892µs ± 1%    1110µs ± 3%  +24.35%  (p=0.008 n=5+5)
ImagePackageCatalogers/rpm-db-cataloger-2                    1.29ms ± 1%    1.59ms ± 4%  +23.09%  (p=0.008 n=5+5)
ImagePackageCatalogers/java-cataloger-2                      14.6ms ± 1%    17.3ms ± 4%  +18.17%  (p=0.008 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                     1.26ms ± 1%    1.46ms ± 7%  +15.90%  (p=0.008 n=5+5)
ImagePackageCatalogers/go-module-binary-cataloger-2          2.22µs ± 1%    2.90µs ± 4%  +30.65%  (p=0.008 n=5+5)
ImagePackageCatalogers/dotnet-deps-cataloger-2               1.38ms ± 0%    1.70ms ± 2%  +23.50%  (p=0.008 n=5+5)
ImagePackageCatalogers/portage-cataloger-2                    706µs ± 0%     862µs ± 3%  +22.13%  (p=0.008 n=5+5)

name                                                       old alloc/op   new alloc/op   delta
ImagePackageCatalogers/alpmdb-cataloger-2                    5.26MB ± 0%    5.26MB ± 0%     ~     (p=1.000 n=5+5)
ImagePackageCatalogers/ruby-gemspec-cataloger-2               202kB ± 0%     202kB ± 0%     ~     (p=0.802 n=5+5)
ImagePackageCatalogers/python-package-cataloger-2             945kB ± 0%     946kB ± 0%     ~     (p=0.310 n=5+5)
ImagePackageCatalogers/php-composer-installed-cataloger-2     214kB ± 0%     214kB ± 0%     ~     (p=0.310 n=5+5)
ImagePackageCatalogers/javascript-package-cataloger-2         158kB ± 0%     158kB ± 0%   +0.07%  (p=0.008 n=5+5)
ImagePackageCatalogers/dpkgdb-cataloger-2                     203kB ± 0%     203kB ± 0%     ~     (p=0.556 n=4+5)
ImagePackageCatalogers/rpm-db-cataloger-2                     302kB ± 0%     302kB ± 0%   -0.10%  (p=0.032 n=5+5)
ImagePackageCatalogers/java-cataloger-2                      3.44MB ± 0%    3.44MB ± 0%     ~     (p=1.000 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                     1.25MB ± 0%    1.25MB ± 0%     ~     (p=0.690 n=5+5)
ImagePackageCatalogers/go-module-binary-cataloger-2            672B ± 0%      672B ± 0%     ~     (all equal)
ImagePackageCatalogers/dotnet-deps-cataloger-2                369kB ± 0%     369kB ± 0%     ~     (p=0.222 n=5+5)
ImagePackageCatalogers/portage-cataloger-2                    136kB ± 0%     136kB ± 0%   +0.04%  (p=0.032 n=5+5)

name                                                       old allocs/op  new allocs/op  delta
ImagePackageCatalogers/alpmdb-cataloger-2                     85.7k ± 0%     85.7k ± 0%     ~     (p=0.881 n=5+5)
ImagePackageCatalogers/ruby-gemspec-cataloger-2               4.25k ± 0%     4.25k ± 0%     ~     (p=1.000 n=5+5)
ImagePackageCatalogers/python-package-cataloger-2             16.6k ± 0%     16.6k ± 0%     ~     (p=0.730 n=5+5)
ImagePackageCatalogers/php-composer-installed-cataloger-2     5.53k ± 0%     5.53k ± 0%     ~     (p=0.421 n=5+5)
ImagePackageCatalogers/javascript-package-cataloger-2         3.32k ± 0%     3.32k ± 0%     ~     (p=0.333 n=5+4)
ImagePackageCatalogers/dpkgdb-cataloger-2                     4.60k ± 0%     4.60k ± 0%     ~     (all equal)
ImagePackageCatalogers/rpm-db-cataloger-2                     8.13k ± 0%     8.13k ± 0%     ~     (all equal)
ImagePackageCatalogers/java-cataloger-2                       57.5k ± 0%     57.5k ± 0%     ~     (p=0.952 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                      5.43k ± 0%     5.43k ± 0%     ~     (p=0.968 n=5+4)
ImagePackageCatalogers/go-module-binary-cataloger-2            15.0 ± 0%      15.0 ± 0%     ~     (all equal)
ImagePackageCatalogers/dotnet-deps-cataloger-2                7.27k ± 0%     7.27k ± 0%     ~     (all equal)
ImagePackageCatalogers/portage-cataloger-2                    3.59k ± 0%     3.59k ± 0%     ~     (all equal)

spiffcs
spiffcs commented Oct 4, 2022
View reviewed changes
Comment thread syft/source/source.go Outdated
func (s *Source) SetID() {
if s.Metadata.Scheme != ImageScheme {
// How do we generate ID for non-image sources?
s.id = digest.FromString(s.Metadata.Path).String()
Copy link
Copy Markdown
Contributor Author

@spiffcs spiffcs Oct 4, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No path digest here: I think we want what's seen here
https://github.com/anchore/syft/pull/1218/files#diff-b79b344d258161c0ca7b6347af27d5ed643fdb01f4fbe654a69a688efe6a97cf

Getting a sum from the file itself or the metadata from the dir

lumjjb
lumjjb reviewed Oct 4, 2022
View reviewed changes
Comment thread syft/source/source.go
spiffcs added 2 commits October 5, 2022 10:11
@spiffcs
chore: run go mod tidy
520cc83 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
@spiffcs
fix: update unit tests to pass for all scheme
2d00444 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
@spiffcs spiffcs marked this pull request as ready for review October 5, 2022 15:05
@spiffcs
fix: update lint suggestions
c407df1 
[optional footer(s)]

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
kzantow
kzantow approved these changes Oct 5, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@kzantow kzantow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

Comment thread syft/source/source.go
return s.id
}

func (s *Source) SetID() {
Copy link
Copy Markdown
Contributor

@kzantow kzantow Oct 5, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this PR include a call to this function?

Copy link
Copy Markdown
Contributor Author

@spiffcs spiffcs Oct 5, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

^ Second PR is going to do that so we can link it into relationships - Just wanted to keep this PR small, but I can add the call so we're setting it on construction

Copy link
Copy Markdown
Contributor Author

@spiffcs spiffcs Oct 5, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking again, there also isn't ONE great place to put the single call since we have functions like New, NewFromImage NewFromDirectory NewFromFile.

Let me see all the places it needs to be included so we have full coverage of all the source creation

Copy link
Copy Markdown
Contributor Author

@spiffcs spiffcs Oct 5, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I could just have it get set on the first call to ID if s.id = ""

@spiffcs
fix: add call to s.SetID when invoking ID if blank
bafb427 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
@spiffcs spiffcs merged commit 7d2fe9d into main Oct 5, 2022
@spiffcs spiffcs deleted the 1241-syft-json-updates branch October 5, 2022 18:01
spiffcs added a commit that referenced this pull request Oct 13, 2022
@spiffcs
Merge branch 'main' into kubecon-draft
b6f6c46 
* main: (45 commits)
  feat: add RelationshipsBySourceOwnership to syft json output (#1248)
  fix: reset merged package into map; (#1258)
  refactor: Remove experimental Anchore Enterprise upload functionality (#1257)
  Update syft bootstrap tools to latest versions. (#1254)
  Update Stereoscope to d24c9d626b33fa720210b007a20767801827b532 (#1253)
  Update syft bootstrap tools to latest versions. (#1244)
  fix apkdb checksum representation (#1247)
  feat: add identifiable field to source object (#1243)
  feat: attest support for Singularity images (#1201)
  Update syft bootstrap tools to latest versions. (#1239)
  Update Stereoscope to 1b1b744a919964f38d14e1416fb3f25221b761ce (#1240)
  fix: Follow symlinks when searching for globs in all-layers scope (#1221)
  update requires to use list; remove field (#1234)
  Add Conan (C/C++) conan.lock file support (#1230)
  add sequence diagrams and flesh out TODO notes (#1233)
  Do not fail if unable to parse `.rpm` file (#1232)
  fix: support exclude patterns on Windows (#1228)
  Update syft bootstrap tools to latest versions. (#1225)
  Update Stereoscope to 56552770e555d764ea72b99d3c810326b27ead4a (#1224)
  Update syft bootstrap tools to latest versions. (#1223)
  ...

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
aiwantaozi pushed a commit to aiwantaozi/syft that referenced this pull request Oct 20, 2022
@spiffcs @aiwantaozi
feat: add identifiable field to source object (anchore#1243)
45b3d8e
spiffcs added a commit that referenced this pull request Oct 21, 2022
@spiffcs
feat: add identifiable field to source object (#1243)
0060f61 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
spiffcs added a commit that referenced this pull request Oct 21, 2022
@spiffcs
feat: add identifiable field to source object (#1243)
3c7ca60 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@spiffcs
feat: add identifiable field to source object (anchore#1243)
c8eb4ae
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kzantow kzantow kzantow approved these changes

+1 more reviewer

@lumjjb lumjjb lumjjb left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@spiffcs @kzantow @lumjjb