This repository has been archived by the owner on Jan 27, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 271
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
integrate syft go-module detection with engine (#1361)
* integrate syft go-module detection with engine Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * add functional tests for golang analyzer Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * update README Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
- Loading branch information
1 parent
43224af
commit e9382a8
Showing
9 changed files
with
3,310 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -124,3 +124,4 @@ docs/resources/_gen | |
|
||
|
||
.DS_Store | ||
.local |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
from anchore_engine.analyzers.syft.handlers.common import save_entry_to_findings | ||
|
||
|
||
def save_entry(findings, engine_entry, pkg_key=None): | ||
if not pkg_key: | ||
pkg_name = engine_entry.get("name", "") | ||
pkg_version = engine_entry.get("version", engine_entry.get("latest", "")) | ||
location = engine_entry.get("location", "/virtual/gopkg/") | ||
pkg_key = f"{location}:{pkg_name}@{pkg_version}" | ||
|
||
save_entry_to_findings(findings, engine_entry, "pkgs.go", pkg_key) | ||
|
||
|
||
def translate_and_save_entry(findings, artifact): | ||
""" | ||
Handler function to map syft results for the go-module type into the engine "raw" document format. | ||
""" | ||
|
||
if len(artifact["locations"]) > 0: | ||
location = artifact["locations"][0]["path"] | ||
else: | ||
location = None | ||
|
||
# craft the artifact document | ||
pkg_value = { | ||
"name": artifact["name"], | ||
"version": artifact["version"], | ||
"location": location, | ||
"type": "go", | ||
"files": [], | ||
"license": "N/A", | ||
"origin": "N/A", | ||
"cpes": artifact.get("cpes", []), | ||
"metadata": artifact.get("metadata", {}), | ||
} | ||
|
||
# inject the artifact document into the "raw" analyzer document | ||
save_entry(findings, pkg_value) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
31 changes: 31 additions & 0 deletions
31
.../test_images@sha256:d7efe8ef45def7a7aa6571de3cc5857281b1d7dc5477e7e0cbff6ccb2d5f5f8c.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
{ | ||
"schemaVersion": 2, | ||
"mediaType": "application/vnd.docker.distribution.manifest.v2+json", | ||
"config": { | ||
"mediaType": "application/vnd.docker.container.image.v1+json", | ||
"size": 2086, | ||
"digest": "sha256:66799fd8f271518d88d027e7df08a428e17b205a624b18399f51b5fca60d1155" | ||
}, | ||
"layers": [ | ||
{ | ||
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", | ||
"size": 1032, | ||
"digest": "sha256:50d154fea6c198cc6ef3efbe19990bcdb65fc3335928f90a3f4d6683e05ca273" | ||
}, | ||
{ | ||
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", | ||
"size": 1271, | ||
"digest": "sha256:980015ae30c35f67f9d44ff6fbf0057a255791ec336272d2266fa7725ee13f9e" | ||
}, | ||
{ | ||
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", | ||
"size": 9331819, | ||
"digest": "sha256:f07027bbe83d08e7432d6587b405a675809eb24e308d45f66a1d02bbec2074fd" | ||
}, | ||
{ | ||
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", | ||
"size": 7580902, | ||
"digest": "sha256:88788463780d9bfa8b52f6800eb0862fce614097408d7e6e08b284f02bb54916" | ||
} | ||
] | ||
} |
Oops, something went wrong.