SBOM cataloger

Signed-off-by: Patrik Beno <patrik.beno@greenhorn.sk>
anchore · Jun 5, 2022 · dbf7411 · dbf7411
1 parent 0aea55f
commit dbf7411
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 0 deletions.
diff --git a/syft/pkg/cataloger/cataloger.go b/syft/pkg/cataloger/cataloger.go
@@ -20,6 +20,7 @@ import (
 	"github.com/anchore/syft/syft/pkg/cataloger/rpmdb"
 	"github.com/anchore/syft/syft/pkg/cataloger/ruby"
 	"github.com/anchore/syft/syft/pkg/cataloger/rust"
+	"github.com/anchore/syft/syft/pkg/cataloger/sbom"
 	"github.com/anchore/syft/syft/source"
 )
 
@@ -46,6 +47,7 @@ func ImageCatalogers(cfg Config) []Cataloger {
 		apkdb.NewApkdbCataloger(),
 		golang.NewGoModuleBinaryCataloger(),
 		dotnet.NewDotnetDepsCataloger(),
+		sbom.NewSBOMCataloger(),
 	}
 }
 
@@ -66,6 +68,7 @@ func DirectoryCatalogers(cfg Config) []Cataloger {
 		rust.NewCargoLockCataloger(),
 		dart.NewPubspecLockCataloger(),
 		dotnet.NewDotnetDepsCataloger(),
+		sbom.NewSBOMCataloger(),
 	}
 }
 
@@ -87,5 +90,6 @@ func AllCatalogers(cfg Config) []Cataloger {
 		rust.NewCargoLockCataloger(),
 		dart.NewPubspecLockCataloger(),
 		dotnet.NewDotnetDepsCataloger(),
+		sbom.NewSBOMCataloger(),
 	}
 }
diff --git a/syft/pkg/cataloger/sbom/cataloger.go b/syft/pkg/cataloger/sbom/cataloger.go
@@ -0,0 +1,40 @@
+package sbom
+
+import (
+    "bytes"
+    "fmt"
+    "github.com/anchore/syft/internal/formats/cyclonedxjson"
+    "github.com/anchore/syft/syft/artifact"
+    "github.com/anchore/syft/syft/pkg"
+    "github.com/anchore/syft/syft/pkg/cataloger/common"
+    "io"
+)
+
+// NewSBOMCataloger returns a new SBOM cataloger object loaded from saved SBOM JSON.
+func NewSBOMCataloger() *common.GenericCataloger {
+    globParsers := map[string]common.ParserFn{
+        "**/deps.json":         parseSBOM,
+        "**/sbom.json":         parseSBOM,
+    }
+
+    return common.NewGenericCataloger(nil, globParsers, "sbom-cataloger")
+}
+
+func parseSBOM(path string, reader io.Reader) ([]*pkg.Package, []artifact.Relationship, error) {
+    by, err := io.ReadAll(reader)
+    if err != nil {
+        return nil, nil, fmt.Errorf("unable to read sbom: %w", err)
+    }
+
+    f := cyclonedxjson.Format()
+
+    s, _ := f.Decode(bytes.NewReader(by))
+
+    var packages []*pkg.Package
+    for _, p := range s.Artifacts.PackageCatalog.Sorted() {
+        x := p //copy
+        packages = append(packages, &x)
+    }
+
+    return packages, nil, nil
+}