Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: suppress some known incorrect vendor candidates for npm CPEs #1659

Merged
merged 1 commit into from
Mar 7, 2023
Merged

fix: suppress some known incorrect vendor candidates for npm CPEs #1659

merged 1 commit into from
Mar 7, 2023

Conversation

westonsteimel
Copy link
Contributor

No description provided.

@westonsteimel
fix: suppress some known incorrect vendor candidates for npm CPEs
93cb933 
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
@westonsteimel westonsteimel requested a review from a team March 7, 2023 14:31
@github-actions
Copy link

github-actions bot commented Mar 7, 2023

Benchmark Test Results

Benchmark results from the latest changes vs base branch 
goos: linux
goarch: amd64
pkg: github.com/anchore/syft/test/integration
cpu: Intel(R) Xeon(R) Platinum 8370C CPU @ 2.80GHz
                                                          │ ./.tmp/benchmark-0c21453.txt │
                                                          │            sec/op            │
ImagePackageCatalogers/alpmdb-cataloger-2                                   11.76m ± 20%
ImagePackageCatalogers/ruby-gemspec-cataloger-2                             812.6µ ±  3%
ImagePackageCatalogers/python-package-cataloger-2                           3.031m ±  2%
ImagePackageCatalogers/php-composer-installed-cataloger-2                   652.6µ ±  1%
ImagePackageCatalogers/javascript-package-cataloger-2                       377.9µ ±  2%
ImagePackageCatalogers/dpkgdb-cataloger-2                                   466.7µ ±  1%
ImagePackageCatalogers/rpm-db-cataloger-2                                   438.9µ ±  1%
ImagePackageCatalogers/java-cataloger-2                                     10.51m ±  1%
ImagePackageCatalogers/graalvm-native-image-cataloger-2                     8.101µ ±  2%
ImagePackageCatalogers/apkdb-cataloger-2                                    503.9µ ±  1%
ImagePackageCatalogers/go-module-binary-cataloger-2                         18.09µ ±  0%
ImagePackageCatalogers/dotnet-deps-cataloger-2                              952.1µ ±  1%
ImagePackageCatalogers/portage-cataloger-2                                  286.5µ ±  1%
ImagePackageCatalogers/sbom-cataloger-2                                     104.6µ ±  1%
ImagePackageCatalogers/binary-cataloger-2                                   181.8µ ±  1%
geomean                                                                     448.1µ

                                                          │ ./.tmp/benchmark-0c21453.txt │
                                                          │             B/op             │
ImagePackageCatalogers/alpmdb-cataloger-2                                   5.060Mi ± 0%
ImagePackageCatalogers/ruby-gemspec-cataloger-2                             123.9Ki ± 0%
ImagePackageCatalogers/python-package-cataloger-2                           947.6Ki ± 0%
ImagePackageCatalogers/php-composer-installed-cataloger-2                   155.8Ki ± 0%
ImagePackageCatalogers/javascript-package-cataloger-2                       98.39Ki ± 0%
ImagePackageCatalogers/dpkgdb-cataloger-2                                   144.7Ki ± 0%
ImagePackageCatalogers/rpm-db-cataloger-2                                   170.8Ki ± 0%
ImagePackageCatalogers/java-cataloger-2                                     2.723Mi ± 0%
ImagePackageCatalogers/graalvm-native-image-cataloger-2                     1.555Ki ± 0%
ImagePackageCatalogers/apkdb-cataloger-2                                    129.3Ki ± 0%
ImagePackageCatalogers/go-module-binary-cataloger-2                         3.133Ki ± 0%
ImagePackageCatalogers/dotnet-deps-cataloger-2                              314.2Ki ± 0%
ImagePackageCatalogers/portage-cataloger-2                                  75.57Ki ± 0%
ImagePackageCatalogers/sbom-cataloger-2                                     13.09Ki ± 0%
ImagePackageCatalogers/binary-cataloger-2                                   26.97Ki ± 0%
geomean                                                                     108.5Ki

                                                          │ ./.tmp/benchmark-0c21453.txt │
                                                          │          allocs/op           │
ImagePackageCatalogers/alpmdb-cataloger-2                                    86.71k ± 0%
ImagePackageCatalogers/ruby-gemspec-cataloger-2                              2.049k ± 0%
ImagePackageCatalogers/python-package-cataloger-2                            15.49k ± 0%
ImagePackageCatalogers/php-composer-installed-cataloger-2                    3.457k ± 0%
ImagePackageCatalogers/javascript-package-cataloger-2                        1.381k ± 0%
ImagePackageCatalogers/dpkgdb-cataloger-2                                    2.646k ± 0%
ImagePackageCatalogers/rpm-db-cataloger-2                                    3.759k ± 0%
ImagePackageCatalogers/java-cataloger-2                                      38.27k ± 0%
ImagePackageCatalogers/graalvm-native-image-cataloger-2                       40.00 ± 0%
ImagePackageCatalogers/apkdb-cataloger-2                                     3.437k ± 0%
ImagePackageCatalogers/go-module-binary-cataloger-2                           101.0 ± 0%
ImagePackageCatalogers/dotnet-deps-cataloger-2                               5.010k ± 0%
ImagePackageCatalogers/portage-cataloger-2                                   1.487k ± 0%
ImagePackageCatalogers/sbom-cataloger-2                                       392.0 ± 0%
ImagePackageCatalogers/binary-cataloger-2                                     772.0 ± 0%
geomean                                                                      2.220k

@westonsteimel westonsteimel enabled auto-merge (squash) March 7, 2023 14:40
kzantow
kzantow approved these changes Mar 7, 2023
View reviewed changes
Copy link
Contributor

@kzantow kzantow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@westonsteimel westonsteimel merged commit 096d2b7 into main Mar 7, 2023
@westonsteimel westonsteimel deleted the squash-npm-cpe-fps branch March 7, 2023 15:18
@westonsteimel westonsteimel added the changelog-ignore Don't include this issue in the release changelog label Mar 8, 2023
spiffcs added a commit to deitch/syft that referenced this pull request Mar 21, 2023
@spiffcs
Merge branch 'main' into proper-license-expression
fef61e1 
* main: (47 commits)
  Deprecate config.yaml as valid config source; Add unit regression for correct config paths (anchore#1640)
  chore: Update syft bootstrap tools to latest versions. (anchore#1682)
  Update documentation: (anchore#1680)
  chore: Update Stereoscope to 7928713c391e20abaede6a029f4ce37b628a4c8b (anchore#1681)
  fix: reduce logging for bad dpkg lines (anchore#1675)
  fix ruby classifier (anchore#1678)
  feat: add shared dir for easier cleanup (anchore#1676)
  chore(deps): bump github.com/google/go-containerregistry (anchore#1672)
  chore(deps): bump actions/setup-go from 3 to 4 (anchore#1671)
  fix: move defer after error to protect panic case (anchore#1670)
  feat: add argocd, helm, kustomize and kubectl binary classifiers (anchore#1663)
  defer closing file (anchore#1668)
  fix: remove author contributing to javascript CPEs (anchore#1669)
  fix: more python matching support (anchore#1667)
  Update syft bootstrap tools to latest versions. (anchore#1666)
  feat: add ruby classifier (anchore#1665)
  Update syft bootstrap tools to latest versions. (anchore#1658)
  fix: improved Python binary detection (anchore#1648)
  fix: suppress some known incorrect vendor candidates for npm CPEs (anchore#1659)
  fix: sanitize SPDX LicenseRefs (anchore#1657)
  ...

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@westonsteimel
fix: suppress some known incorrect vendor candidates for npm CPEs (an…
49ac4a5 
…chore#1659)

Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kzantow kzantow kzantow approved these changes

Assignees
No one assigned
Labels
changelog-ignore Don't include this issue in the release changelog
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@westonsteimel @kzantow