Add a homebrew cataloger#3724
Merged
wagoodman merged 14 commits intoanchore:mainfrom May 13, 2025
Merged
Conversation
Contributor
|
Thanks for the contribution @rezmoss ! I haven't been able to give this a proper review, but overall it looks like you've done the right things. I just wanted to note that contributions need to have all git commits signed-off, this will get DCO passing. |
rezmoss
force-pushed
the
cataloger-homebrew2
branch
from
5da8a21 to
e0d6354
Compare
* homebrew cataloger * uptd * fixed test * fixed test * fixed tests * fixed lint * inc schema ver * upt schema * fixed integration test * fixed integration tst * fixed test Signed-off-by: Rez Moss <hi@rezmoss.com>
Signed-off-by: Rez Moss <hi@rezmoss.com>
fixed DCO Signed-off-by: Rez Moss <hi@rezmoss.com> Signed-off-by: Rez Moss <hi@rezmoss.com>
add evd anno to test Signed-off-by: Rez Moss <hi@rezmoss.com>
rezmoss
force-pushed
the
cataloger-homebrew2
branch
from
e0d6354 to
ccef42e
Compare
Signed-off-by: Rez Moss <hi@rezmoss.com>
rezmoss
force-pushed
the
cataloger-homebrew2
branch
from
ccef42e to
d1e1ea2
Compare
Contributor
Author
|
Thanks for your feedback! @kzantow fixed the DCO issue and it's passing now, let me know if there's anything else to adjust, looking forward to your review ;) |
kzantow
reviewed
Mar 17, 2025
|
|
||
| case pkg.HomebrewMetadata: | ||
| typ = orgType | ||
| author = "auth" |
Contributor
There was a problem hiding this comment.
If we don't have a specific author, it should default to no type / empty string so it gets omitted and output as NOASSERTION for supplier, or is this intended to mean "homebrew" somehow? Maybe homebrew itself is the supplier -- is there a way to verify a package came from the main homebrew or an alternate tap?
Contributor
There was a problem hiding this comment.
I'm leaving this out since I don't have a good field for this yet
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
This comment was marked as outdated.
This comment was marked as outdated.
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
wagoodman
approved these changes
May 13, 2025
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR adds a new cataloger for homebrew on macos in syft, it scans installed homebrew packages and lets users generate sboms that include homebrew-installed software
This PR is intended for macos, future updates might add support for homebrew on linux and wsl2 @popey
Checklist