-
Notifications
You must be signed in to change notification settings - Fork 554
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Add license parsing for java #1385
Conversation
Signed-off-by: dja-fr <denis.jackowski@gmail.com>
Signed-off-by: dja-fr <denis.jackowski@gmail.com>
Sorry I just make a fix for unit test and linter. Local Tests Result``` @dja-fr ➜ /workspaces/syft (main ✗) $ make unit Generating test fixtures cd syft/pkg/cataloger/java/test-fixtures/java-builds && make make[1]: Entering directory '/workspaces/syft/syft/pkg/cataloger/java/test-fixtures/java-builds' make[1]: Nothing to be done for 'all'. make[1]: Leaving directory '/workspaces/syft/syft/pkg/cataloger/java/test-fixtures/java-builds' cd syft/pkg/cataloger/rpm/test-fixtures && make make[1]: Entering directory '/workspaces/syft/syft/pkg/cataloger/rpm/test-fixtures' make[1]: Nothing to be done for 'all'. make[1]: Leaving directory '/workspaces/syft/syft/pkg/cataloger/rpm/test-fixtures' Running unit tests go test -coverprofile test/results/unit-coverage-details.txt github.com/anchore/syft/cmd/syft github.com/anchore/syft/cmd/syft/cli github.com/anchore/syft/cmd/syft/cli/attest github.com/anchore/syft/cmd/syft/cli/convert github.com/anchore/syft/cmd/syft/cli/eventloop github.com/anchore/syft/cmd/syft/cli/options github.com/anchore/syft/cmd/syft/cli/packages github.com/anchore/syft/cmd/syft/cli/poweruser github.com/anchore/syft/internal github.com/anchore/syft/internal/bus github.com/anchore/syft/internal/config github.com/anchore/syft/internal/file github.com/anchore/syft/internal/log github.com/anchore/syft/internal/spdxlicense github.com/anchore/syft/internal/spdxlicense/generate github.com/anchore/syft/internal/ui github.com/anchore/syft/internal/ui/components github.com/anchore/syft/internal/version github.com/anchore/syft/schema/json github.com/anchore/syft/syft github.com/anchore/syft/syft/artifact github.com/anchore/syft/syft/event github.com/anchore/syft/syft/event/parsers github.com/anchore/syft/syft/file github.com/anchore/syft/syft/formats github.com/anchore/syft/syft/formats/common github.com/anchore/syft/syft/formats/common/cyclonedxhelpers github.com/anchore/syft/syft/formats/common/spdxhelpers github.com/anchore/syft/syft/formats/common/testutils github.com/anchore/syft/syft/formats/common/util github.com/anchore/syft/syft/formats/cyclonedxjson github.com/anchore/syft/syft/formats/cyclonedxxml github.com/anchore/syft/syft/formats/github github.com/anchore/syft/syft/formats/spdxjson github.com/anchore/syft/syft/formats/spdxtagvalue github.com/anchore/syft/syft/formats/syftjson github.com/anchore/syft/syft/formats/syftjson/model github.com/anchore/syft/syft/formats/table github.com/anchore/syft/syft/formats/template github.com/anchore/syft/syft/formats/text github.com/anchore/syft/syft/linux github.com/anchore/syft/syft/pkg github.com/anchore/syft/syft/pkg/cataloger github.com/anchore/syft/syft/pkg/cataloger/alpm github.com/anchore/syft/syft/pkg/cataloger/apkdb github.com/anchore/syft/syft/pkg/cataloger/binary github.com/anchore/syft/syft/pkg/cataloger/common/cpe github.com/anchore/syft/syft/pkg/cataloger/cpp github.com/anchore/syft/syft/pkg/cataloger/dart github.com/anchore/syft/syft/pkg/cataloger/deb github.com/anchore/syft/syft/pkg/cataloger/dotnet github.com/anchore/syft/syft/pkg/cataloger/generic github.com/anchore/syft/syft/pkg/cataloger/golang github.com/anchore/syft/syft/pkg/cataloger/golang/internal/xcoff github.com/anchore/syft/syft/pkg/cataloger/haskell github.com/anchore/syft/syft/pkg/cataloger/internal/pkgtest github.com/anchore/syft/syft/pkg/cataloger/internal/unionreader github.com/anchore/syft/syft/pkg/cataloger/java github.com/anchore/syft/syft/pkg/cataloger/javascript github.com/anchore/syft/syft/pkg/cataloger/php github.com/anchore/syft/syft/pkg/cataloger/portage github.com/anchore/syft/syft/pkg/cataloger/python github.com/anchore/syft/syft/pkg/cataloger/rpm github.com/anchore/syft/syft/pkg/cataloger/ruby github.com/anchore/syft/syft/pkg/cataloger/rust github.com/anchore/syft/syft/pkg/cataloger/sbom github.com/anchore/syft/syft/pkg/cataloger/swift github.com/anchore/syft/syft/sbom github.com/anchore/syft/syft/source github.com/anchore/syft/ui ? github.com/anchore/syft/cmd/syft [no test files] ? github.com/anchore/syft/cmd/syft/cli [no test files] ? github.com/anchore/syft/cmd/syft/cli/attest [no test files] ? github.com/anchore/syft/cmd/syft/cli/convert [no test files] ok github.com/anchore/syft/cmd/syft/cli/eventloop 0.058s coverage: 24.5% of statements ok github.com/anchore/syft/cmd/syft/cli/options 0.045s coverage: 24.4% of statements ? github.com/anchore/syft/cmd/syft/cli/packages [no test files] ? github.com/anchore/syft/cmd/syft/cli/poweruser [no test files] ok github.com/anchore/syft/internal 0.006s coverage: 39.4% of statements ? github.com/anchore/syft/internal/bus [no test files] ok github.com/anchore/syft/internal/config 0.053s coverage: 2.4% of statements ok github.com/anchore/syft/internal/file 0.107s coverage: 54.2% of statements ? github.com/anchore/syft/internal/log [no test files] ok github.com/anchore/syft/internal/spdxlicense 0.017s coverage: 100.0% of statements ok github.com/anchore/syft/internal/spdxlicense/generate 0.031s coverage: 66.7% of statements ? github.com/anchore/syft/internal/ui [no test files] ? github.com/anchore/syft/internal/ui/components [no test files] ok github.com/anchore/syft/internal/version 0.031s coverage: 87.9% of statements ? github.com/anchore/syft/schema/json [no test files] ? github.com/anchore/syft/syft [no test files] ? github.com/anchore/syft/syft/artifact [no test files] ? github.com/anchore/syft/syft/event [no test files] ? github.com/anchore/syft/syft/event/parsers [no test files] ok github.com/anchore/syft/syft/file 0.225s coverage: 82.9% of statements ok github.com/anchore/syft/syft/formats 0.017s coverage: 50.0% of statements ok github.com/anchore/syft/syft/formats/common 0.012s coverage: 81.9% of statements ok github.com/anchore/syft/syft/formats/common/cyclonedxhelpers 0.018s coverage: 53.8% of statements ok github.com/anchore/syft/syft/formats/common/spdxhelpers 0.022s coverage: 71.3% of statements ? github.com/anchore/syft/syft/formats/common/testutils [no test files] ok github.com/anchore/syft/syft/formats/common/util 0.012s coverage: 91.3% of statements ok github.com/anchore/syft/syft/formats/cyclonedxjson 0.030s coverage: 100.0% of statements ok github.com/anchore/syft/syft/formats/cyclonedxxml 0.023s coverage: 100.0% of statements ok github.com/anchore/syft/syft/formats/github 0.013s coverage: 80.5% of statements ok github.com/anchore/syft/syft/formats/spdxjson 0.027s coverage: 83.3% of statements ok github.com/anchore/syft/syft/formats/spdxtagvalue 0.094s coverage: 66.7% of statements ok github.com/anchore/syft/syft/formats/syftjson 0.028s coverage: 76.5% of statements ok github.com/anchore/syft/syft/formats/syftjson/model 0.016s coverage: 77.8% of statements ok github.com/anchore/syft/syft/formats/table 0.025s coverage: 92.5% of statements ok github.com/anchore/syft/syft/formats/template 0.014s coverage: 69.0% of statements ok github.com/anchore/syft/syft/formats/text 0.016s coverage: 88.9% of statements ok github.com/anchore/syft/syft/linux 0.028s coverage: 65.2% of statements ok github.com/anchore/syft/syft/pkg 0.092s coverage: 73.9% of statements ok github.com/anchore/syft/syft/pkg/cataloger 0.019s coverage: 22.2% of statements ok github.com/anchore/syft/syft/pkg/cataloger/alpm 0.017s coverage: 62.1% of statements ok github.com/anchore/syft/syft/pkg/cataloger/apkdb 0.902s coverage: 87.1% of statements ok github.com/anchore/syft/syft/pkg/cataloger/binary 0.145s coverage: 81.3% of statements ok github.com/anchore/syft/syft/pkg/cataloger/common/cpe 0.028s coverage: 93.4% of statements ok github.com/anchore/syft/syft/pkg/cataloger/cpp 0.020s coverage: 87.7% of statements ok github.com/anchore/syft/syft/pkg/cataloger/dart 0.012s coverage: 86.1% of statements ok github.com/anchore/syft/syft/pkg/cataloger/deb 0.034s coverage: 92.5% of statements ok github.com/anchore/syft/syft/pkg/cataloger/dotnet 0.017s coverage: 92.6% of statements ok github.com/anchore/syft/syft/pkg/cataloger/generic 0.026s coverage: 68.9% of statements ok github.com/anchore/syft/syft/pkg/cataloger/golang 0.041s coverage: 59.5% of statements ok github.com/anchore/syft/syft/pkg/cataloger/golang/internal/xcoff 0.014s coverage: 64.4% of statements ok github.com/anchore/syft/syft/pkg/cataloger/haskell 0.027s coverage: 88.3% of statements ? github.com/anchore/syft/syft/pkg/cataloger/internal/pkgtest [no test files] ok github.com/anchore/syft/syft/pkg/cataloger/internal/unionreader 0.009s coverage: 36.8% of statements ok github.com/anchore/syft/syft/pkg/cataloger/java 0.936s coverage: 81.8% of statements ok github.com/anchore/syft/syft/pkg/cataloger/javascript 0.054s coverage: 89.2% of statements ok github.com/anchore/syft/syft/pkg/cataloger/php 0.028s coverage: 88.0% of statements ok github.com/anchore/syft/syft/pkg/cataloger/portage 0.017s coverage: 81.7% of statements ok github.com/anchore/syft/syft/pkg/cataloger/python 0.029s coverage: 82.5% of statements ok github.com/anchore/syft/syft/pkg/cataloger/rpm 0.049s coverage: 83.8% of statements ok github.com/anchore/syft/syft/pkg/cataloger/ruby 0.035s coverage: 90.8% of statements ok github.com/anchore/syft/syft/pkg/cataloger/rust 0.040s coverage: 80.0% of statements ok github.com/anchore/syft/syft/pkg/cataloger/sbom 0.045s coverage: 80.0% of statements ok github.com/anchore/syft/syft/pkg/cataloger/swift 0.015s coverage: 83.3% of statements ok github.com/anchore/syft/syft/sbom 0.016s coverage: 30.4% of statements ok github.com/anchore/syft/syft/source 1.547s coverage: 64.4% of statements ? github.com/anchore/syft/ui [no test files] Coverage: 69.6 @dja-fr ➜ /workspaces/syft (main ✗) $ make static-analysis Capturing original state of files... 'go.mod' -> 'TEMP-original-state-r1xSi9Qt9/go.mod' 'go.sum' -> 'TEMP-original-state-r1xSi9Qt9/go.sum' Capturing state of go.mod and go.sum after running go mod tidy... go: downloading gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c go: downloading github.com/fatih/set v0.2.1 go: downloading github.com/bradleyjkemp/cupaloy/v2 v2.7.0 go: downloading go.uber.org/goleak v1.2.0 go: downloading github.com/sebdah/goldie/v2 v2.5.3 go: downloading github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb go: downloading github.com/depcheck-test/depcheck-test v0.0.0-20220607135614-199033aaa936 go: downloading gotest.tools/v3 v3.1.0 go: downloading gotest.tools v2.2.0+incompatible go: downloading github.com/frankban/quicktest v1.14.3 go: downloading github.com/kr/pretty v0.3.0 go: downloading github.com/go-rod/rod v0.111.0 go: downloading github.com/tidwall/pretty v1.2.0 go: downloading github.com/mattn/go-sqlite3 v1.14.12 go: downloading modernc.org/tcl v1.13.1 go: downloading github.com/kr/text v0.2.0 go: downloading github.com/rogpeppe/go-internal v1.8.0 go: downloading github.com/Azure/go-autorest/autorest/mocks v0.4.2 go: downloading github.com/onsi/ginkgo v1.16.5 go: downloading github.com/onsi/gomega v1.19.0 go: downloading github.com/go-playground/assert/v2 v2.0.1 go: downloading github.com/ysmood/goob v0.4.0 go: downloading github.com/ysmood/gson v0.7.2 go: downloading github.com/honeycombio/beeline-go v1.10.0 go: downloading github.com/cenkalti/backoff v2.2.1+incompatible go: downloading modernc.org/ccorpus v1.11.6 go: downloading github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 go: downloading github.com/morikuni/aec v1.0.0 go: downloading github.com/jmespath/go-jmespath/internal/testify v1.5.1 go: downloading github.com/ysmood/leakless v0.8.0 go: downloading github.com/googleapis/gax-go v2.0.2+incompatible go: downloading github.com/honeycombio/libhoney-go v1.16.0 go: downloading github.com/jmhodges/clock v0.0.0-20160418191101-880ee4c33548 go: downloading modernc.org/httpfs v1.0.6 go: downloading github.com/nxadm/tail v1.4.8 go: downloading github.com/go-sql-driver/mysql v1.6.0 go: downloading gopkg.in/alexcesaro/statsd.v2 v2.0.0 go: downloading github.com/facebookgo/muster v0.0.0-20150708232844-fd3d7953fd52 go: downloading github.com/vmihailenco/msgpack/v5 v5.3.5 go: downloading github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 go: downloading gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 go: downloading modernc.org/z v1.5.1 go: downloading github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5 go: downloading github.com/BurntSushi/toml v0.4.1 go: downloading github.com/facebookgo/clock v0.0.0-20150410010913-600d898af40a go: downloading github.com/facebookgo/limitgroup v0.0.0-20150612190941-6abd8d71ec01 go: downloading github.com/vmihailenco/tagparser/v2 v2.0.0 go: downloading github.com/cockroachdb/errors v1.2.4 go: downloading github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f go: downloading github.com/getsentry/raven-go v0.2.0 go: downloading github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054 'go.mod' -> 'TEMP-tidy-state-1XtuuJfvB/go.mod' 'go.sum' -> 'TEMP-tidy-state-1XtuuJfvB/go.sum''TEMP-original-state-r1xSi9Qt9/go.mod' -> './go.mod' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for updating the tests! Approved with the condition of CI passing. Thanks very much for the enhancement!
* main: (87 commits) feat: Add license parsing for java (anchore#1385) fix: cyclonedx component type for binaries (anchore#1406) fix: openjdk detection pattern (anchore#1415) bug: spdx checksum empty array; allow syft to generate SHA1 for spdx-tag-value documents (anchore#1404) Add NetBSD support. (anchore#1412) feat: add catalog delete (anchore#1377) docs: remove file classifier (anchore#1397) chore: update latest cyclonedx library (anchore#1390) feat: Add Java binary catalogers (anchore#1392) chore: Update SPDX license list to 3.19 (anchore#1389) fix: add manual vendor/product removal to fix false flags (anchore#1070) Update Stereoscope to c5ff155d72f166e2332e160a75c3ff2b8e9c7e2e (anchore#1395) chore: fix test busybox image sha (anchore#1393) fix: go version not properly identified in binary (anchore#1384) Update Stereoscope to 3b80d983223f6e6fc2d33b0ffa003d30268418e9 (anchore#1376) fix: Update node binary package name (anchore#1375) feat: Generic Binary Cataloger (anchore#1336) recover from bad parsing of golang binary (anchore#1371) Fix parsing of apk databases with large entries (anchore#1365) Update syft bootstrap tools to latest versions. (anchore#1369) ...
* main: (189 commits) feat: add h1digest when scanning go.mod (anchore#1405) feat: Add license parsing for java (anchore#1385) fix: cyclonedx component type for binaries (anchore#1406) fix: openjdk detection pattern (anchore#1415) bug: spdx checksum empty array; allow syft to generate SHA1 for spdx-tag-value documents (anchore#1404) Add NetBSD support. (anchore#1412) feat: add catalog delete (anchore#1377) docs: remove file classifier (anchore#1397) chore: update latest cyclonedx library (anchore#1390) feat: Add Java binary catalogers (anchore#1392) chore: Update SPDX license list to 3.19 (anchore#1389) fix: add manual vendor/product removal to fix false flags (anchore#1070) Update Stereoscope to c5ff155d72f166e2332e160a75c3ff2b8e9c7e2e (anchore#1395) chore: fix test busybox image sha (anchore#1393) fix: go version not properly identified in binary (anchore#1384) Update Stereoscope to 3b80d983223f6e6fc2d33b0ffa003d30268418e9 (anchore#1376) fix: Update node binary package name (anchore#1375) feat: Generic Binary Cataloger (anchore#1336) recover from bad parsing of golang binary (anchore#1371) Fix parsing of apk databases with large entries (anchore#1365) ...
This PR aim to add support for license parsing for java package.
Previous behavior
$ syft joda-time-2.12.2.jar -o json
Licenses is an empty array.
After this patch behavior
$ syft joda-time-2.12.2.jar -o json
Licenses is fill with manifest.mf content.
Signed-off-by: dja-fr denis.jackowski@gmail.com