Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: correct apk purls for other distros #1620

Merged
merged 1 commit into from
Feb 24, 2023
Merged

fix: correct apk purls for other distros #1620

merged 1 commit into from
Feb 24, 2023

Conversation

westonsteimel
Copy link
Contributor

The apk purl spec allows for vendor-specific namespace. I noticed in the embedded SBOMs from wolfi that the purls are of the form pkg:apk/wolfi/curl@7.83.0-r0?arch=x86, but the current logic in syft actually prevents purl generation entirely if the distro isn't alpine, so this corrects that behaviour.

The apk purl spec allows for vendor-specific namespace.  I noticed
in the embedded SBOMs from wolfi that the purls are of the form
`pkg:apk/wolfi/curl@7.83.0-r0?arch=x86`, but the current logic in
syft actually prevents purl generation entirely if the distro isn't
alpine, so this corrects that behaviour.

Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
@github-actions
Copy link

Benchmark Test Results

Benchmark results from the latest changes vs base branch
goos: linux
goarch: amd64
pkg: github.com/anchore/syft/test/integration
cpu: Intel(R) Xeon(R) Platinum 8171M CPU @ 2.60GHz
                                                          │ ./.tmp/benchmark-4b4703a.txt │
                                                          │            sec/op            │
ImagePackageCatalogers/alpmdb-cataloger-2                                    14.68m ± 4%
ImagePackageCatalogers/ruby-gemspec-cataloger-2                              1.135m ± 8%
ImagePackageCatalogers/python-package-cataloger-2                            3.839m ± 3%
ImagePackageCatalogers/php-composer-installed-cataloger-2                    878.8µ ± 5%
ImagePackageCatalogers/javascript-package-cataloger-2                        469.9µ ± 2%
ImagePackageCatalogers/dpkgdb-cataloger-2                                    647.8µ ± 4%
ImagePackageCatalogers/rpm-db-cataloger-2                                    628.9µ ± 3%
ImagePackageCatalogers/java-cataloger-2                                      13.81m ± 3%
ImagePackageCatalogers/graalvm-native-image-cataloger-2                      10.39µ ± 2%
ImagePackageCatalogers/apkdb-cataloger-2                                     648.5µ ± 4%
ImagePackageCatalogers/go-module-binary-cataloger-2                          23.19µ ± 2%
ImagePackageCatalogers/dotnet-deps-cataloger-2                               1.235m ± 4%
ImagePackageCatalogers/portage-cataloger-2                                   407.6µ ± 3%
ImagePackageCatalogers/sbom-cataloger-2                                      129.8µ ± 1%
ImagePackageCatalogers/binary-cataloger-2                                    172.9µ ± 2%
geomean                                                                      577.1µ

                                                          │ ./.tmp/benchmark-4b4703a.txt │
                                                          │             B/op             │
ImagePackageCatalogers/alpmdb-cataloger-2                                   5.060Mi ± 0%
ImagePackageCatalogers/ruby-gemspec-cataloger-2                             141.7Ki ± 0%
ImagePackageCatalogers/python-package-cataloger-2                           946.9Ki ± 0%
ImagePackageCatalogers/php-composer-installed-cataloger-2                   155.8Ki ± 0%
ImagePackageCatalogers/javascript-package-cataloger-2                       95.62Ki ± 0%
ImagePackageCatalogers/dpkgdb-cataloger-2                                   144.6Ki ± 0%
ImagePackageCatalogers/rpm-db-cataloger-2                                   170.3Ki ± 0%
ImagePackageCatalogers/java-cataloger-2                                     2.722Mi ± 0%
ImagePackageCatalogers/graalvm-native-image-cataloger-2                     1.523Ki ± 0%
ImagePackageCatalogers/apkdb-cataloger-2                                    123.0Ki ± 0%
ImagePackageCatalogers/go-module-binary-cataloger-2                         3.102Ki ± 0%
ImagePackageCatalogers/dotnet-deps-cataloger-2                              314.4Ki ± 0%
ImagePackageCatalogers/portage-cataloger-2                                  75.39Ki ± 0%
ImagePackageCatalogers/sbom-cataloger-2                                     13.04Ki ± 0%
ImagePackageCatalogers/binary-cataloger-2                                   21.18Ki ± 0%
geomean                                                                     106.9Ki

                                                          │ ./.tmp/benchmark-4b4703a.txt │
                                                          │          allocs/op           │
ImagePackageCatalogers/alpmdb-cataloger-2                                    86.71k ± 0%
ImagePackageCatalogers/ruby-gemspec-cataloger-2                              2.159k ± 0%
ImagePackageCatalogers/python-package-cataloger-2                            15.49k ± 0%
ImagePackageCatalogers/php-composer-installed-cataloger-2                    3.457k ± 0%
ImagePackageCatalogers/javascript-package-cataloger-2                        1.253k ± 0%
ImagePackageCatalogers/dpkgdb-cataloger-2                                    2.646k ± 0%
ImagePackageCatalogers/rpm-db-cataloger-2                                    3.759k ± 0%
ImagePackageCatalogers/java-cataloger-2                                      38.26k ± 0%
ImagePackageCatalogers/graalvm-native-image-cataloger-2                       40.00 ± 0%
ImagePackageCatalogers/apkdb-cataloger-2                                     3.252k ± 0%
ImagePackageCatalogers/go-module-binary-cataloger-2                           101.0 ± 0%
ImagePackageCatalogers/dotnet-deps-cataloger-2                               5.011k ± 0%
ImagePackageCatalogers/portage-cataloger-2                                   1.487k ± 0%
ImagePackageCatalogers/sbom-cataloger-2                                       392.0 ± 0%
ImagePackageCatalogers/binary-cataloger-2                                     649.0 ± 0%
geomean                                                                      2.180k

@westonsteimel westonsteimel requested a review from a team February 24, 2023 16:16
@westonsteimel westonsteimel enabled auto-merge (squash) February 24, 2023 16:17
@westonsteimel westonsteimel merged commit 3ee1af0 into main Feb 24, 2023
@westonsteimel westonsteimel deleted the fix-apk-purls branch February 24, 2023 20:07
@kzantow kzantow added the bug Something isn't working label Mar 2, 2023
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
The apk purl spec allows for vendor-specific namespace.  I noticed
in the embedded SBOMs from wolfi that the purls are of the form
`pkg:apk/wolfi/curl@7.83.0-r0?arch=x86`, but the current logic in
syft actually prevents purl generation entirely if the distro isn't
alpine, so this corrects that behaviour.

Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants