Skip to content

Bump github.com/anchore/syft from 0.76.0 to 0.79.0 #488

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sophiewigmore merged 2 commits into from
Apr 25, 2023
Merged

Bump github.com/anchore/syft from 0.76.0 to 0.79.0 #488

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
afa48a6
Bump github.com/anchore/syft from 0.76.0 to 0.79.0
dependabot[bot] Apr 24, 2023
c2b5602
Fix SBOM tests and linting failures
Apr 25, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@ require (
github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04
github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b
github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501
github.com/anchore/stereoscope v0.0.0-20230323161519-d7551b7f46f5
github.com/anchore/syft v0.76.0
github.com/anchore/stereoscope v0.0.0-20230412183729-8602f1afc574
github.com/anchore/syft v0.79.0
github.com/apex/log v1.9.0
github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5
github.com/gabriel-vasile/mimetype v1.4.2
Expand All @@ -19,7 +19,7 @@ require (
github.com/sclevine/spec v1.4.0
github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e
github.com/sergi/go-diff v1.3.1
github.com/spdx/tools-golang v0.5.0-rc1
github.com/spdx/tools-golang v0.5.0
github.com/stretchr/testify v1.8.2
github.com/ulikunitz/xz v0.5.11
)
710 changes: 654 additions & 56 deletions go.sum
View file
Open in desktop

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions sbom/formatted_reader_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,7 @@ func testFormattedReader(t *testing.T, context spec.G, it spec.S) {
Expect(spdxOutput.Packages[5].Name).To(Equal("wrappy"), buffer.String())

// Ensure documentNamespace and creationInfo.created have reproducible values
Expect(spdxOutput.DocumentNamespace).To(Equal("https://paketo.io/packit/dir/testdata-5eefce5c-6108-5ab7-9c19-9e4ae08b0d1b"), buffer.String())
Expect(spdxOutput.DocumentNamespace).To(Equal("https://paketo.io/packit/dir/testdata-e5ba1162-56a7-57ac-8372-3aff3f15e036"), buffer.String())
Expect(spdxOutput.CreationInfo.Created).To(BeZero(), buffer.String())

rerunBuffer := bytes.NewBuffer(nil)
Expand Down Expand Up @@ -180,7 +180,7 @@ func testFormattedReader(t *testing.T, context spec.G, it spec.S) {
Expect(spdxOutput.Packages[5].Name).To(Equal("wrappy"), buffer.String())

// Ensure documentNamespace and creationInfo.created have reproducible values
Expect(spdxOutput.DocumentNamespace).To(Equal("https://paketo.io/packit/dir/testdata-fd843ffd-eeb2-5be4-881d-52072b2836a3"), buffer.String())
Expect(spdxOutput.DocumentNamespace).To(Equal("https://paketo.io/packit/dir/testdata-ef57d584-3f15-5c91-be8c-0f7c011883a8"), buffer.String())
Expect(spdxOutput.CreationInfo.Created).To(Equal(time.Unix(1659551872, 0).UTC()), buffer.String())

rerunBuffer := bytes.NewBuffer(nil)
Expand Down
2 changes: 1 addition & 1 deletion sbom/internal/formats/cyclonedx13/cyclonedxhelpers/component_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ func Test_encodeComponentProperties(t *testing.T) {
input: pkg.Package{
FoundBy: "cataloger",
Locations: source.NewLocationSet(
source.Location{Coordinates: source.Coordinates{RealPath: "test"}},
source.Location{LocationData: source.LocationData{Coordinates: source.Coordinates{RealPath: "test"}}},
),
Metadata: pkg.ApkMetadata{
Package: "libc-utils",
Expand Down
6 changes: 4 additions & 2 deletions sbom/internal/formats/spdx22/model/to_syft_model.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -225,8 +225,10 @@ func toSyftCoordinates(f *spdx.File) source.Coordinates {

func toSyftLocation(f *spdx.File) *source.Location {
return &source.Location{
Coordinates: toSyftCoordinates(f),
VirtualPath: f.FileName,
LocationData: source.LocationData{
Coordinates: toSyftCoordinates(f),
VirtualPath: f.FileName,
},
}
}

Expand Down
4 changes: 2 additions & 2 deletions sbom/internal/formats/spdx22/test-fixtures/snapshot/TestSPDXJSONDirectoryEncoder.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@
"referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*"
},
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceCategory": "PACKAGE_MANAGER",
"referenceType": "purl",
"referenceLocator": "a-purl-2"
}
Expand All @@ -59,7 +59,7 @@
"referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*"
},
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceCategory": "PACKAGE_MANAGER",
"referenceType": "purl",
"referenceLocator": "pkg:deb/debian/package-2@2.0.1"
}
Expand Down
4 changes: 2 additions & 2 deletions sbom/internal/formats/spdx22/test-fixtures/snapshot/TestSPDXJSONImageEncoder.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@
"referenceLocator": "cpe:2.3:*:some:package:1:*:*:*:*:*:*:*"
},
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceCategory": "PACKAGE_MANAGER",
"referenceType": "purl",
"referenceLocator": "a-purl-1"
}
Expand All @@ -59,7 +59,7 @@
"referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*"
},
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceCategory": "PACKAGE_MANAGER",
"referenceType": "purl",
"referenceLocator": "pkg:deb/debian/package-2@2.0.1"
}
Expand Down
4 changes: 2 additions & 2 deletions sbom/internal/formats/spdx22/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@
"referenceLocator": "cpe:2.3:*:some:package:1:*:*:*:*:*:*:*"
},
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceCategory": "PACKAGE_MANAGER",
"referenceType": "purl",
"referenceLocator": "a-purl-1"
}
Expand All @@ -59,7 +59,7 @@
"referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*"
},
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceCategory": "PACKAGE_MANAGER",
"referenceType": "purl",
"referenceLocator": "pkg:deb/debian/package-2@2.0.1"
}
Expand Down
12 changes: 8 additions & 4 deletions sbom/internal/formats/syft2/encoder_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,10 @@ func TestEncodeFullJSONDocument(t *testing.T) {
Version: "1.0.1",
Locations: source.NewLocationSet(
source.Location{
Coordinates: source.Coordinates{
RealPath: "/a/place/a",
LocationData: source.LocationData{
Coordinates: source.Coordinates{
RealPath: "/a/place/a",
},
},
},
),
Expand All @@ -73,8 +75,10 @@ func TestEncodeFullJSONDocument(t *testing.T) {
Version: "2.0.1",
Locations: source.NewLocationSet(
source.Location{
Coordinates: source.Coordinates{
RealPath: "/b/place/b",
LocationData: source.LocationData{
Coordinates: source.Coordinates{
RealPath: "/b/place/b",
},
},
},
),
Expand Down
4 changes: 4 additions & 0 deletions sbom/internal/formats/syft2/test-fixtures/snapshot/TestEncodeFullJSONDocument.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,7 @@
},
"metadata": {
"mode": 775,
"size": 0,
"type": "Directory",
"userID": 0,
"groupID": 0,
Expand All @@ -91,6 +92,7 @@
},
"metadata": {
"mode": 775,
"size": 0,
"type": "RegularFile",
"userID": 0,
"groupID": 0,
Expand All @@ -111,6 +113,7 @@
},
"metadata": {
"mode": 775,
"size": 0,
"type": "SymbolicLink",
"linkDestination": "/c",
"userID": 0,
Expand All @@ -125,6 +128,7 @@
},
"metadata": {
"mode": 644,
"size": 0,
"type": "RegularFile",
"userID": 1,
"groupID": 2,
Expand Down
26 changes: 13 additions & 13 deletions sbom/internal/formats/syft301/encoder_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,11 +44,11 @@ func TestEncodeFullJSONDocument(t *testing.T) {
Name: "package-1",
Version: "1.0.1",
Locations: source.NewLocationSet(
source.Location{
Coordinates: source.Coordinates{
source.NewLocationFromCoordinates(
source.Coordinates{
RealPath: "/a/place/a",
},
},
),
),
Type: pkg.PythonPkg,
FoundBy: "the-cataloger-1",
Expand All @@ -70,11 +70,11 @@ func TestEncodeFullJSONDocument(t *testing.T) {
Name: "package-2",
Version: "2.0.1",
Locations: source.NewLocationSet(
source.Location{
Coordinates: source.Coordinates{
source.NewLocationFromCoordinates(
source.Coordinates{
RealPath: "/b/place/b",
},
},
),
),
Type: pkg.DebPkg,
FoundBy: "the-cataloger-2",
Expand All @@ -97,48 +97,48 @@ func TestEncodeFullJSONDocument(t *testing.T) {
Artifacts: sbom.Artifacts{
PackageCatalog: catalog,
FileMetadata: map[source.Coordinates]source.FileMetadata{
source.NewLocation("/a/place").Coordinates: {
source.NewLocation("/a/place").LocationData.Coordinates: {
Mode: 0775,
Type: stereoFile.TypeDirectory,
UserID: 0,
GroupID: 0,
},
source.NewLocation("/a/place/a").Coordinates: {
source.NewLocation("/a/place/a").LocationData.Coordinates: {
Mode: 0775,
Type: stereoFile.TypeRegular,
UserID: 0,
GroupID: 0,
},
source.NewLocation("/b").Coordinates: {
source.NewLocation("/b").LocationData.Coordinates: {
Mode: 0775,
Type: stereoFile.TypeSymLink,
LinkDestination: "/c",
UserID: 0,
GroupID: 0,
},
source.NewLocation("/b/place/b").Coordinates: {
source.NewLocation("/b/place/b").LocationData.Coordinates: {
Mode: 0644,
Type: stereoFile.TypeRegular,
UserID: 1,
GroupID: 2,
},
},
FileDigests: map[source.Coordinates][]file.Digest{
source.NewLocation("/a/place/a").Coordinates: {
source.NewLocation("/a/place/a").LocationData.Coordinates: {
{
Algorithm: "sha256",
Value: "366a3f5653e34673b875891b021647440d0127c2ef041e3b1a22da2a7d4f3703",
},
},
source.NewLocation("/b/place/b").Coordinates: {
source.NewLocation("/b/place/b").LocationData.Coordinates: {
{
Algorithm: "sha256",
Value: "1b3722da2a7d90d033b87581a2a3f12021647445653e34666ef041e3b4f3707c",
},
},
},
FileContents: map[source.Coordinates]string{
source.NewLocation("/a/place/a").Coordinates: "the-contents",
source.NewLocation("/a/place/a").LocationData.Coordinates: "the-contents",
},
LinuxDistribution: &linux.Release{
ID: "redhat",
Expand Down
4 changes: 4 additions & 0 deletions sbom/internal/formats/syft301/test-fixtures/snapshot/TestEncodeFullJSONDocument.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,7 @@
},
"metadata": {
"mode": 775,
"size": 0,
"type": "Directory",
"userID": 0,
"groupID": 0,
Expand All @@ -91,6 +92,7 @@
},
"metadata": {
"mode": 775,
"size": 0,
"type": "RegularFile",
"userID": 0,
"groupID": 0,
Expand All @@ -111,6 +113,7 @@
},
"metadata": {
"mode": 775,
"size": 0,
"type": "SymbolicLink",
"linkDestination": "/c",
"userID": 0,
Expand All @@ -125,6 +128,7 @@
},
"metadata": {
"mode": 644,
"size": 0,
"type": "RegularFile",
"userID": 1,
"groupID": 2,
Expand Down
12 changes: 3 additions & 9 deletions sbom/internal/formats/syft301/to_format_model.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ func toFile(s sbom.SBOM) []model.File {
results = append(results, model.File{
ID: string(coordinates.ID()),
Location: coordinates,
Metadata: toFileMetadataEntry(coordinates, metadata),
Metadata: toFileMetadataEntry(metadata),
Digests: digests,
Contents: contents,
})
Expand All @@ -123,7 +123,7 @@ func toFile(s sbom.SBOM) []model.File {
return results
}

func toFileMetadataEntry(coordinates source.Coordinates, metadata *source.FileMetadata) *model.FileMetadataEntry {
func toFileMetadataEntry(metadata *source.FileMetadata) *model.FileMetadataEntry {
if metadata == nil {
return nil
}
Expand Down Expand Up @@ -192,20 +192,14 @@ func toPackageModel(p pkg.Package) model.Package {
licenses = p.Licenses
}

locations := p.Locations.ToSlice()
var coordinates = make([]source.Coordinates, len(locations))
for i, l := range locations {
coordinates[i] = l.Coordinates
}

return model.Package{
PackageBasicData: model.PackageBasicData{
ID: string(p.ID()),
Name: p.Name,
Version: p.Version,
Type: p.Type,
FoundBy: p.FoundBy,
Locations: coordinates,
Locations: p.Locations.ToSlice(),
Licenses: licenses,
Language: p.Language,
CPEs: cpes,
Expand Down
2 changes: 1 addition & 1 deletion sbom/sbom_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -184,7 +184,7 @@ func testSBOM(t *testing.T, context spec.G, it spec.S) {
Type: "cpe23Type",
}), spdx.String())
Expect(goPackage.ExternalRefs).To(ContainElement(externalRef{
Category: "PACKAGE-MANAGER",
Category: "PACKAGE_MANAGER",
Locator: "pkg:generic/go@go1.16.9?checksum=0a1cc7fd7bd20448f71ebed64d846138850d5099b18cf5cc10a4fc45160d8c3d&download_url=https://dl.google.com/go/go1.16.9.src.tar.gz",
Type: "purl",
}), spdx.String())
Expand Down