Follow convention for naming catalogers

.github/workflows/validations.yaml

@@ -45,8 +45,8 @@ jobs:
       - name: Restore RPM test-fixture cache
         uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 #v3.3.2
         with:
-          path: syft/pkg/cataloger/rpm/test-fixtures/rpms
-          key: ${{ runner.os }}-unit-rpm-cache-${{ hashFiles( 'syft/pkg/cataloger/rpm/test-fixtures/rpms.fingerprint' ) }}
+          path: syft/pkg/cataloger/redhat/test-fixtures/rpms
+          key: ${{ runner.os }}-unit-rpm-cache-${{ hashFiles( 'syft/pkg/cataloger/redhat/test-fixtures/rpms.fingerprint' ) }}
 
       - name: Restore go binary test-fixture cache
         uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 #v3.3.2

DEVELOPING.md

@@ -202,6 +202,14 @@ From a high level catalogers have the following properties:
 - _Packages created by the cataloger should not be mutated after they are created_. There is one exception made for adding CPEs to a package after the cataloging phase, but that will most likely be moved back into the cataloger in the future.
 
 
+Cataloger names should be unique and named with the following rules of thumb in mind:
+
+- Must end with `-cataloger`
+- Use lowercase letters, numbers, and hyphens only
+- Use hyphens to separate words
+- Catalogers for language ecosystems should start with the language name (e.g. `python-` for a cataloger that raises up python packages)
+- Distinct between when the cataloger is searching for evidence of installed packages vs declared packages. For example, there are currently two different gemspec-based catalogers, the `ruby-gemspec-cataloger` and `ruby-installed-gemspec-cataloger`, where the latter requires that the gemspec is found within a `specifications` directory (which means it was installed, not just at the root of a source repo).
+
 #### Building a new Cataloger
 
 Catalogers must fulfill the [`pkg.Cataloger` interface](https://github.com/anchore/syft/tree/v0.70.0/syft/pkg/cataloger.go) in order to add packages to the SBOM.

README.md

@@ -494,18 +494,18 @@ platform: ""
 # set the list of package catalogers to use when generating the SBOM
 # default = empty (cataloger set determined automatically by the source type [image or file/directory])
 # catalogers:
-#   - alpmdb-cataloger
+#   - alpm-db-cataloger
 #   - apkdb-cataloger
 #   - binary-cataloger
 #   - cargo-auditable-binary-cataloger
 #   - cocoapods-cataloger
 #   - conan-cataloger
 #   - dartlang-lock-cataloger
 #   - dotnet-deps-cataloger
-#   - dpkgdb-cataloger
+#   - dpkg-db-cataloger
 #   - elixir-mix-lock-cataloger
 #   - erlang-rebar-lock-cataloger
-#   - go-mod-file-cataloger
+#   - go-module-file-cataloger
 #   - go-module-binary-cataloger
 #   - graalvm-native-image-cataloger
 #   - haskell-cataloger
@@ -519,12 +519,12 @@ platform: ""
 #   - php-composer-installed-cataloger
 #   - php-composer-lock-cataloger
 #   - portage-cataloger
-#   - python-index-cataloger
 #   - python-package-cataloger
+#   - python-installed-package-cataloger
 #   - rpm-db-cataloger
-#   - rpm-file-cataloger
+#   - rpm-archive-cataloger
 #   - ruby-gemfile-cataloger
-#   - ruby-gemspec-cataloger
+#   - ruby-installed-gemspec-cataloger
 #   - rust-cargo-lock-cataloger
 #   - sbom-cataloger
 #   - spm-cataloger

Taskfile.yaml

@@ -174,7 +174,9 @@ tasks:
 
   unit:
     desc: Run unit tests
-    deps: [tmpdir]
+    deps:
+      - tmpdir
+      - fixtures
     vars:
       TEST_PKGS:
         sh: "go list ./... | grep -v {{ .OWNER }}/{{ .PROJECT }}/test | tr '\n' ' '"
@@ -261,7 +263,7 @@ tasks:
       - syft/pkg/cataloger/binary/test-fixtures/cache.fingerprint
       - syft/pkg/cataloger/java/test-fixtures/java-builds/cache.fingerprint
       - syft/pkg/cataloger/golang/test-fixtures/archs/binaries.fingerprint
-      - syft/pkg/cataloger/rpm/test-fixtures/rpms.fingerprint
+      - syft/pkg/cataloger/redhat/test-fixtures/rpms.fingerprint
       - syft/pkg/cataloger/kernel/test-fixtures/cache.fingerprint
       - test/install/cache.fingerprint
       - test/cli/test-fixtures/cache.fingerprint
@@ -275,7 +277,7 @@ tasks:
       # for GO BINARY test fixtures
       - "cd syft/pkg/cataloger/golang/test-fixtures/archs && make binaries.fingerprint"
       # for RPM test fixtures
-      - "cd syft/pkg/cataloger/rpm/test-fixtures && make rpms.fingerprint"
+      - "cd syft/pkg/cataloger/redhat/test-fixtures && make rpms.fingerprint"
       # for Kernel test fixtures
       - "cd syft/pkg/cataloger/kernel/test-fixtures && make cache.fingerprint"
       # for INSTALL integration test fixtures
@@ -287,7 +289,7 @@ tasks:
     desc: Generate test fixtures
     cmds:
       - "cd syft/pkg/cataloger/java/test-fixtures/java-builds && make"
-      - "cd syft/pkg/cataloger/rpm/test-fixtures && make"
+      - "cd syft/pkg/cataloger/redhat/test-fixtures && make"
       - "cd syft/pkg/cataloger/binary/test-fixtures && make"
 
   show-test-image-cache:

syft/format/cyclonedxjson/test-fixtures/identify/1.3.json

@@ -31,7 +31,7 @@
       "properties": [
         {
           "name": "syft:package:foundBy",
-          "value": "go-mod-file-cataloger"
+          "value": "go-module-file-cataloger"
         },
         {
           "name": "syft:package:language",

syft/format/cyclonedxjson/test-fixtures/identify/1.4.json

@@ -31,7 +31,7 @@
       "properties": [
         {
           "name": "syft:package:foundBy",
-          "value": "go-mod-file-cataloger"
+          "value": "go-module-file-cataloger"
         },
         {
           "name": "syft:package:language",

syft/format/cyclonedxjson/test-fixtures/identify/1.5.json

@@ -31,7 +31,7 @@
       "properties": [
         {
           "name": "syft:package:foundBy",
-          "value": "go-mod-file-cataloger"
+          "value": "go-module-file-cataloger"
         },
         {
           "name": "syft:package:language",

syft/format/cyclonedxxml/test-fixtures/identify/1.3.xml

@@ -21,7 +21,7 @@
       <cpe>cpe:2.3:a:wagoodman:go-partybus:v0.0.0-20230516145632-8ccac152c651:*:*:*:*:*:*:*</cpe>
       <purl>pkg:golang/github.com/wagoodman/go-partybus@v0.0.0-20230516145632-8ccac152c651</purl>
       <properties>
-        <property name="syft:package:foundBy">go-mod-file-cataloger</property>
+        <property name="syft:package:foundBy">go-module-file-cataloger</property>
         <property name="syft:package:language">go</property>
         <property name="syft:package:metadataType">GolangModMetadata</property>
         <property name="syft:package:type">go-module</property>

syft/format/cyclonedxxml/test-fixtures/identify/1.4.xml

@@ -21,7 +21,7 @@
       <cpe>cpe:2.3:a:wagoodman:go-partybus:v0.0.0-20230516145632-8ccac152c651:*:*:*:*:*:*:*</cpe>
       <purl>pkg:golang/github.com/wagoodman/go-partybus@v0.0.0-20230516145632-8ccac152c651</purl>
       <properties>
-        <property name="syft:package:foundBy">go-mod-file-cataloger</property>
+        <property name="syft:package:foundBy">go-module-file-cataloger</property>
         <property name="syft:package:language">go</property>
         <property name="syft:package:metadataType">GolangModMetadata</property>
         <property name="syft:package:type">go-module</property>

syft/format/cyclonedxxml/test-fixtures/identify/1.5.xml

@@ -21,7 +21,7 @@
       <cpe>cpe:2.3:a:wagoodman:go-partybus:v0.0.0-20230516145632-8ccac152c651:*:*:*:*:*:*:*</cpe>
       <purl>pkg:golang/github.com/wagoodman/go-partybus@v0.0.0-20230516145632-8ccac152c651</purl>
       <properties>
-        <property name="syft:package:foundBy">go-mod-file-cataloger</property>
+        <property name="syft:package:foundBy">go-module-file-cataloger</property>
         <property name="syft:package:language">go</property>
         <property name="syft:package:metadataType">GolangModMetadata</property>
         <property name="syft:package:type">go-module</property>

syft/format/syftjson/test-fixtures/identify/11.0.0.json

@@ -5,7 +5,7 @@
    "name": "github.com/wagoodman/go-partybus",
    "version": "v0.0.0-20230516145632-8ccac152c651",
    "type": "go-module",
-   "foundBy": "go-mod-file-cataloger",
+   "foundBy": "go-module-file-cataloger",
    "locations": [
     {
      "path": "/go.mod",

syft/pkg/cataloger/alpine/cataloger.go

@@ -0,0 +1,15 @@
+/*
+Package alpine provides a concrete Cataloger implementations for packages relating to the Alpine linux distribution.
+*/
+package alpine
+
+import (
+	"github.com/anchore/syft/syft/pkg"
+	"github.com/anchore/syft/syft/pkg/cataloger/generic"
+)
+
+// NewDBCataloger returns a new cataloger object initialized for Alpine package DB flat-file stores.
+func NewDBCataloger() *generic.Cataloger {
+	return generic.NewCataloger("apk-db-cataloger").
+		WithParserByGlobs(parseApkDB, pkg.ApkDBGlob)
+}

syft/pkg/cataloger/apkdb/cataloger_test.go → syft/pkg/cataloger/alpine/cataloger_test.go

@@ -1,4 +1,4 @@
-package apkdb
+package alpine
 
 import (
 	"testing"
@@ -25,7 +25,7 @@ func TestCataloger_Globs(t *testing.T) {
 				FromDirectory(t, test.fixture).
 				ExpectsResolverContentQueries(test.expected).
 				IgnoreUnfulfilledPathResponses("etc/apk/repositories").
-				TestCataloger(t, NewApkdbCataloger())
+				TestCataloger(t, NewDBCataloger())
 		})
 	}
 }

syft/pkg/cataloger/apkdb/package.go → syft/pkg/cataloger/alpine/package.go

@@ -1,4 +1,4 @@
-package apkdb
+package alpine
 
 import (
 	"strings"

syft/pkg/cataloger/apkdb/package_test.go → syft/pkg/cataloger/alpine/package_test.go

@@ -1,4 +1,4 @@
-package apkdb
+package alpine
 
 import (
 	"strings"

syft/pkg/cataloger/apkdb/parse_apk_db.go → syft/pkg/cataloger/alpine/parse_apk_db.go

@@ -1,4 +1,4 @@
-package apkdb
+package alpine
 
 import (
 	"bufio"

syft/pkg/cataloger/apkdb/parse_apk_db_test.go → syft/pkg/cataloger/alpine/parse_apk_db_test.go

@@ -1,4 +1,4 @@
-package apkdb
+package alpine
 
 import (
 	"io"

syft/pkg/cataloger/arch/cataloger.go

@@ -0,0 +1,15 @@
+/*
+Package arch provides a concrete Cataloger implementations for packages relating to the Arch linux distribution.
+*/
+package arch
+
+import (
+	"github.com/anchore/syft/syft/pkg"
+	"github.com/anchore/syft/syft/pkg/cataloger/generic"
+)
+
+// NewDBCataloger returns a new cataloger object initialized for arch linux pacman database flat-file stores.
+func NewDBCataloger() *generic.Cataloger {
+	return generic.NewCataloger("alpm-db-cataloger").
+		WithParserByGlobs(parseAlpmDB, pkg.AlpmDBGlob)
+}

syft/pkg/cataloger/alpm/cataloger_test.go → syft/pkg/cataloger/arch/cataloger_test.go

@@ -1,4 +1,4 @@
-package alpm
+package arch
 
 import (
 	"testing"
@@ -18,7 +18,7 @@ func TestAlpmCataloger(t *testing.T) {
 			Name:    "gmp",
 			Version: "6.2.1-2",
 			Type:    pkg.AlpmPkg,
-			FoundBy: "alpmdb-cataloger",
+			FoundBy: "alpm-db-cataloger",
 			Licenses: pkg.NewLicenseSet(
 				pkg.NewLicenseFromLocations("LGPL3", dbLocation),
 				pkg.NewLicenseFromLocations("GPL", dbLocation),
@@ -177,7 +177,7 @@ func TestAlpmCataloger(t *testing.T) {
 		FromDirectory(t, "test-fixtures/gmp-fixture").
 		WithCompareOptions(cmpopts.IgnoreFields(pkg.AlpmFileRecord{}, "Time")).
 		Expects(expectedPkgs, expectedRelationships).
-		TestCataloger(t, NewAlpmdbCataloger())
+		TestCataloger(t, NewDBCataloger())
 
 }
 
@@ -203,7 +203,7 @@ func TestCataloger_Globs(t *testing.T) {
 				FromDirectory(t, test.fixture).
 				ExpectsResolverContentQueries(test.expected).
 				IgnoreUnfulfilledPathResponses("var/lib/pacman/local/base-1.0/mtree", "var/lib/pacman/local/dive-0.10.0/mtree").
-				TestCataloger(t, NewAlpmdbCataloger())
+				TestCataloger(t, NewDBCataloger())
 		})
 	}
 }

syft/pkg/cataloger/alpm/package.go → syft/pkg/cataloger/arch/package.go

@@ -1,4 +1,4 @@
-package alpm
+package arch
 
 import (
 	"strings"

syft/pkg/cataloger/alpm/package_test.go → syft/pkg/cataloger/arch/package_test.go

@@ -1,4 +1,4 @@
-package alpm
+package arch
 
 import (
 	"testing"

syft/pkg/cataloger/alpm/parse_alpm_db.go → syft/pkg/cataloger/arch/parse_alpm_db.go

@@ -1,4 +1,4 @@
-package alpm
+package arch
 
 import (
 	"bufio"

syft/pkg/cataloger/alpm/parse_alpm_db_test.go → syft/pkg/cataloger/arch/parse_alpm_db_test.go

@@ -1,4 +1,4 @@
-package alpm
+package arch
 
 import (
 	"bufio"

syft/pkg/cataloger/binary/cataloger.go

@@ -1,3 +1,6 @@
+/*
+Package binary provides a concrete Cataloger implementations for surfacing possible packages based on signatures found within binary files.
+*/
 package binary
 
 import (