Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve cataloger selection capabilities #1039

Closed
4 tasks done
wagoodman opened this issue Jun 9, 2022 · 2 comments · Fixed by #1383
Closed
4 tasks done

Improve cataloger selection capabilities #1039

wagoodman opened this issue Jun 9, 2022 · 2 comments · Fixed by #1383
Assignees
@wagoodman
Labels
enhancement New feature or request

Comments

@wagoodman
Copy link
Contributor

wagoodman commented Jun 9, 2022
edited

With #843 (via #1038 ) now you can set the specific set of catalogers to run when generating an SBOM:

syft myimg:latest --catalogers go-mod-cataloger
# run the go.mod package cataloger

syft myimg:latest --catalogers python,ruby
# run ALL python and ruby catalogers

This is a huge step forward!

Here are the next steps that could be next:

  • allow for the user to configure named groups of catalogers (this is implemented in Continue - Option to enable specific language or ecosystem cataloger #888 but I'm mentioning it here for completeness)
  • allow for cataloger labels which can be selected from and combined, e.g. python+installed would select any catalogers that are python-based and have the installed label.
  • expand the set of catalogers beyond packages and allow for any artifact cataloger (e.g. file-metadata, digests, etc...)
  • additive only option; something like syft ... --catalogers +file-metadata would use the default set of catalogers for the given input type and add file-metadata (today you can only set the entire list of catalogers, not append)
@wagoodman wagoodman added the enhancement New feature or request label Jun 9, 2022
@spiffcs spiffcs mentioned this issue Jun 14, 2022
Closed
@wagoodman
Copy link
Contributor Author

note: the adaptive option is being tracked under #1731

@wagoodman wagoodman mentioned this issue May 18, 2023
Merged
@wagoodman wagoodman mentioned this issue Jun 15, 2023
Closed
@wagoodman wagoodman self-assigned this Nov 20, 2023
@wagoodman
Copy link
Contributor Author

#1383 is effectively implementing this, though there are differences:

allow for the user to configure named groups of catalogers

The PR organizes the catalogers with multiple tags, which multiple catalogers can use. This is used to group catalogers by a quality, ecosystem, and other ways. The --catalogers option now can select based on a cataloger name or tag.

allow for cataloger labels which can be selected from and combined

intersection syntax has changed from python+installed to python&installed to differentiate set operations suggested in #1731 , where + is already used to represent a union. There was a way to still use + for both union and intersection but would prefer to not overload a single operation to mean multiple things.

expand the set of catalogers beyond packages and allow for any artifact cataloger

The file based catalogers cannot be selected in this way, instead they are enabled when there is a valid file selection in the configuration, or with the inclusion of file digest algorithms in the configuration. All package catalogers have a packages tag already in anticipation of other kinds of catalogers in the future (as this causes no harm)

additive only option...

Same as in #1731 ☑️

@Porkepix Porkepix mentioned this issue Jan 18, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wagoodman wagoodman

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Replace core SBOM-creation API with builder pattern anchore/syft
1 participant
@wagoodman