Incorporate Syft java detection improvements (#1555)

* incorporate anchore/syft#2220 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * incorporate .net core improvements Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
anchore · Oct 20, 2023 · 156c081 · 156c081
1 parent 9750ef2
commit 156c081
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 5 deletions.
diff --git a/go.mod b/go.mod
@@ -14,7 +14,7 @@ require (
 	github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4
 	github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501
 	github.com/anchore/stereoscope v0.0.0-20230925132944-bf05af58eb44
-	github.com/anchore/syft v0.93.0
+	github.com/anchore/syft v0.93.1-0.20231012142518-237cffc1b481
 	github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46
 	github.com/bmatcuk/doublestar/v2 v2.0.4
 	github.com/charmbracelet/bubbletea v0.24.2

diff --git a/go.sum b/go.sum
@@ -256,8 +256,8 @@ github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501 h1:AV7qjwM
 github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501/go.mod h1:Blo6OgJNiYF41ufcgHKkbCKF2MDOMlrqhXv/ij6ocR4=
 github.com/anchore/stereoscope v0.0.0-20230925132944-bf05af58eb44 h1:dKMvcpgqsRrX1ZWyqG53faVW+BahlaAO1RUEc7/rOjA=
 github.com/anchore/stereoscope v0.0.0-20230925132944-bf05af58eb44/go.mod h1:RtbeDCho0pxkPqrB1QNf/Jlxfc9juLmtYZAf2UbpJfk=
-github.com/anchore/syft v0.93.0 h1:0b4+4Ob6Mmbudp4Gid6JZh7402nQ3sSD5PMi5dFOpDY=
-github.com/anchore/syft v0.93.0/go.mod h1:RuSzHMGKBoiJkeR859moBeOTNnfPref3AloEMSYKDL8=
+github.com/anchore/syft v0.93.1-0.20231012142518-237cffc1b481 h1:EX4uyp6L7PejDOLs5VnZWCvVf1PHO8+3/IWtNzZl77g=
+github.com/anchore/syft v0.93.1-0.20231012142518-237cffc1b481/go.mod h1:5KqNa5BL8xDIVRkiBt5ltu27LrrXEBoHlCifrQfUqgA=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
 github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y=
 github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY=

diff --git a/test/integration/match_by_image_test.go b/test/integration/match_by_image_test.go
@@ -168,14 +168,14 @@ func addPythonMatches(t *testing.T, theSource source.Source, catalog *syftPkg.Co
 
 func addDotnetMatches(t *testing.T, theSource source.Source, catalog *syftPkg.Collection, theStore *mockStore, theResult *match.Matches) {
 	packages := catalog.PackagesByPath("/dotnet/TestLibrary.deps.json")
-	if len(packages) != 1 {
+	if len(packages) != 2 { // TestLibrary + AWSSDK.Core
 		for _, p := range packages {
 			t.Logf("Dotnet Package: %s %+v", p.ID(), p)
 		}
 
 		t.Fatalf("problem with upstream syft cataloger (dotnet)")
 	}
-	thePkg := pkg.New(packages[0])
+	thePkg := pkg.New(packages[1])
 	normalizedName := theStore.normalizedPackageNames["github:language:dotnet"][thePkg.Name]
 	theVuln := theStore.backend["github:language:dotnet"][normalizedName][0]
 	vulnObj, err := vulnerability.NewVulnerability(theVuln)