Skip to content

Annotate visible/hidden paths when all-layers scope#3855

Merged
wagoodman merged 1 commit intomainfrom
annotate-all-layer-locations
May 6, 2025
Merged

Annotate visible/hidden paths when all-layers scope#3855
wagoodman merged 1 commit intomainfrom
annotate-all-layer-locations

Conversation

@wagoodman
Copy link
Copy Markdown
Contributor

@wagoodman wagoodman commented May 5, 2025
edited
Loading

#3138 added the concept of annotating locations raised up from a file.Resolver with visible=true or visible=false for any location returned so we can discover packages which have been deleted in higher layers or are otherwise hidden. That PR added a new file.Resolver to take advantage of this new capability, this PR extends these kinds of annotations to the all-layers file resolver (there are no other file resolvers this makes sense to also apply this to).

Here's an example of the changes for a single package in an alpine image where multiple apk add commands were performed each in their own RUN line in the Dockerfile:

$ syft myimage:latest -s all-layers | jq '.artifacts[] | select(.name == "alpine-release").locations'

[
  {
    "path": "/lib/apk/db/installed",
    "layerID": "sha256:02b7b5e2cb1b34e0ed386a34b364f52eaf770e524e120055bdd642e104dce1cd",
    "accessPath": "/lib/apk/db/installed",
    "annotations": {
      "evidence": "primary",
      "visible": "false"
    }
  },
  {
    "path": "/lib/apk/db/installed",
    "layerID": "sha256:a16e98724c05975ee8c40d8fe389c3481373d34ab20a1cf52ea2accc43f71f4c",
    "accessPath": "/lib/apk/db/installed",
    "annotations": {
      "evidence": "primary",
      "visible": "false"
    }
  },
  {
    "path": "/lib/apk/db/installed",
    "layerID": "sha256:eeb7e34dc34ae12fe9df0056d36f9620970ed15c30271462be4dffdef4fc69d2",
    "accessPath": "/lib/apk/db/installed",
    "annotations": {
      "evidence": "primary",
      "visible": "true"
    }
  },
  {
    "path": "/lib/apk/db/installed",
    "layerID": "sha256:ff1223b81bbf3c1c3ffc402947f2a9dfdcf789f9c6acdd36a9d9e60e7c650aa8",
    "accessPath": "/lib/apk/db/installed",
    "annotations": {
      "evidence": "primary",
      "visible": "false"
    }
  }
]

Follow-up to #3138

This does not "fix" #1818 as that issue describes adding an indication on the package and not constituent locations on the package like done in this PR.

Type of change

  • New feature (non-breaking change which adds functionality)

Checklist

  • I have added unit tests that cover changed behavior
  • I have tested my code in common scenarios and confirmed there are no regressions
  • I have added comments to my code, particularly in hard-to-understand sections

@wagoodman
annotate hidden paths in all-layers scope
5143ec9 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
@wagoodman wagoodman self-assigned this May 5, 2025
@wagoodman wagoodman added this to OSS May 5, 2025
@wagoodman wagoodman added the enhancement New feature or request label May 5, 2025
@wagoodman wagoodman moved this to In Review in OSS May 5, 2025
@wagoodman wagoodman requested a review from a team May 5, 2025 20:01
@wagoodman wagoodman mentioned this pull request May 5, 2025
Merged
4 tasks
@wagoodman wagoodman enabled auto-merge (squash) May 5, 2025 21:51
@wagoodman wagoodman merged commit 7b25ea5 into main May 6, 2025
13 checks passed
@wagoodman wagoodman deleted the annotate-all-layer-locations branch May 6, 2025 13:50
@github-project-automation github-project-automation Bot moved this from In Review to Done in OSS May 6, 2025
spiffcs added a commit that referenced this pull request May 6, 2025
@spiffcs
Merge branch 'main' into 3088-catalog-full-licenses
547e63a 
* main:
  annotate hidden paths in all-layers scope (#3855)
@BrewTestBot BrewTestBot mentioned this pull request May 14, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kzantow kzantow kzantow approved these changes

Assignees

@wagoodman wagoodman

Labels

enhancement New feature or request

Projects

OSS
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@wagoodman @kzantow