We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
What would you like to be added:
An additional file classifier which finds Apache HTTP Server binary.
Why is this needed:
Apache HTTP Server is still widely used httpd
pullCount : 1B+ starCount : 4.3K From : https://hub.docker.com/_/httpd
Apache HTTP Server will be installed without a package manger in container env with official image. We want to be able to catalog this.
$ syft -q httpd:latest | grep -e apache -e httpd $ docker run -it --rm httpd:latest httpd -v Server version: Apache/2.4.54 (Unix) Server built: Dec 21 2022 11:26:04
Additional context:
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* is used in NVD https://nvd.nist.gov/vuln/detail/CVE-2022-26377
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
DOCKER OFFICIAL IMAGE : httpd:latest
# which httpd /usr/local/apache2/bin/httpd # /usr/local/apache2/bin/httpd -v Server version: Apache/2.4.54 (Unix) Server built: Dec 21 2022 11:26:04 # strings /usr/local/apache2/bin/httpd | grep "2.4.54" Apache/2.4.54 Apache/2.4.54 (Unix)
DOCKER OFFICIAL IMAGE : httpd:alpine
# which httpd /usr/local/apache2/bin/httpd # /usr/local/apache2/bin/httpd -v Server version: Apache/2.4.54 (Unix) Server built: Nov 30 2022 21:28:45 # strings /usr/local/apache2/bin/httpd | grep "2.4.54" Apache/2.4.54 (Unix) Apache/2.4.54
Ubuntu 22.04 + OS Package (This will be shown as package installed apache2)
# which apache2 /usr/sbin/apache2 # /usr/sbin/apache2 -v Server version: Apache/2.4.52 (Ubuntu) Server built: 2022-09-30T04:09:50 # strings /usr/sbin/apache2 | grep "2.4.52" Apache/2.4.52 (Ubuntu) Apache/2.4.52
RHEL8 + OS Package (This will be shown as package installed httpd)
# which httpd /usr/sbin/httpd # /usr/sbin/httpd -v Server version: Apache/2.4.37 (Red Hat Enterprise Linux) Server built: Jul 28 2022 23:43:33 # strings /usr/sbin/httpd | grep "2.4.37" Apache/2.4.37 Apache/2.4.37 (Red Hat Enterprise Linux) Apache/2.4.37 (Red Hat Enterprise Linux) (Release 51.module+el8.7.0+16050+02173b8e) httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64.debug
The text was updated successfully, but these errors were encountered:
This sounds like something we would probably like to add -- I'll add it to our backlog, but PRs are always welcome, too! 👍
Sorry, something went wrong.
Successfully merging a pull request may close this issue.
What would you like to be added:
An additional file classifier which finds Apache HTTP Server binary.
Why is this needed:
Apache HTTP Server is still widely used httpd
Apache HTTP Server will be installed without a package manger in container env with official image.
We want to be able to catalog this.
Additional context:
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
is used in NVDhttps://nvd.nist.gov/vuln/detail/CVE-2022-26377
DOCKER OFFICIAL IMAGE : httpd:latest
DOCKER OFFICIAL IMAGE : httpd:alpine
Ubuntu 22.04 + OS Package (This will be shown as package installed apache2)
RHEL8 + OS Package (This will be shown as package installed httpd)
The text was updated successfully, but these errors were encountered: