Skip to content

Commit

Permalink
Incorporate Syft java detection improvements (#1555)
Browse files Browse the repository at this point in the history
* incorporate anchore/syft#2220

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* incorporate .net core improvements

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
  • Loading branch information
wagoodman committed Oct 20, 2023
1 parent 9750ef2 commit 156c081
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 5 deletions.
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ require (
github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4
github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501
github.com/anchore/stereoscope v0.0.0-20230925132944-bf05af58eb44
github.com/anchore/syft v0.93.0
github.com/anchore/syft v0.93.1-0.20231012142518-237cffc1b481
github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46
github.com/bmatcuk/doublestar/v2 v2.0.4
github.com/charmbracelet/bubbletea v0.24.2
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -256,8 +256,8 @@ github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501 h1:AV7qjwM
github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501/go.mod h1:Blo6OgJNiYF41ufcgHKkbCKF2MDOMlrqhXv/ij6ocR4=
github.com/anchore/stereoscope v0.0.0-20230925132944-bf05af58eb44 h1:dKMvcpgqsRrX1ZWyqG53faVW+BahlaAO1RUEc7/rOjA=
github.com/anchore/stereoscope v0.0.0-20230925132944-bf05af58eb44/go.mod h1:RtbeDCho0pxkPqrB1QNf/Jlxfc9juLmtYZAf2UbpJfk=
github.com/anchore/syft v0.93.0 h1:0b4+4Ob6Mmbudp4Gid6JZh7402nQ3sSD5PMi5dFOpDY=
github.com/anchore/syft v0.93.0/go.mod h1:RuSzHMGKBoiJkeR859moBeOTNnfPref3AloEMSYKDL8=
github.com/anchore/syft v0.93.1-0.20231012142518-237cffc1b481 h1:EX4uyp6L7PejDOLs5VnZWCvVf1PHO8+3/IWtNzZl77g=
github.com/anchore/syft v0.93.1-0.20231012142518-237cffc1b481/go.mod h1:5KqNa5BL8xDIVRkiBt5ltu27LrrXEBoHlCifrQfUqgA=
github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y=
github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY=
Expand Down
4 changes: 2 additions & 2 deletions test/integration/match_by_image_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -168,14 +168,14 @@ func addPythonMatches(t *testing.T, theSource source.Source, catalog *syftPkg.Co

func addDotnetMatches(t *testing.T, theSource source.Source, catalog *syftPkg.Collection, theStore *mockStore, theResult *match.Matches) {
packages := catalog.PackagesByPath("/dotnet/TestLibrary.deps.json")
if len(packages) != 1 {
if len(packages) != 2 { // TestLibrary + AWSSDK.Core
for _, p := range packages {
t.Logf("Dotnet Package: %s %+v", p.ID(), p)
}

t.Fatalf("problem with upstream syft cataloger (dotnet)")
}
thePkg := pkg.New(packages[0])
thePkg := pkg.New(packages[1])
normalizedName := theStore.normalizedPackageNames["github:language:dotnet"][thePkg.Name]
theVuln := theStore.backend["github:language:dotnet"][normalizedName][0]
vulnObj, err := vulnerability.NewVulnerability(theVuln)
Expand Down

0 comments on commit 156c081

Please sign in to comment.