Skip to content

Commit

Permalink
Merge a4dba97 into 5503327
Browse files Browse the repository at this point in the history
  • Loading branch information
@matthyx
matthyx committed Mar 22, 2023
2 parents 5503327 + a4dba97 commit b4f7bbd
Show file tree
Hide file tree
Showing 18 changed files with 782 additions and 1,896 deletions.
2 changes: 1 addition & 1 deletion adapters/mockcve.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ func (m MockCVEAdapter) Ready(context.Context) bool {
func (m MockCVEAdapter) ScanSBOM(ctx context.Context, sbom domain.SBOM) (domain.CVEManifest, error) {
logger.L().Info("ScanSBOM")
return domain.CVEManifest{
ImageID: sbom.ID,
ID: sbom.ID,
SBOMCreatorVersion: sbom.SBOMCreatorVersion,
CVEScannerVersion: m.Version(ctx),
CVEDBVersion: m.DBVersion(ctx),
Expand Down
6 changes: 3 additions & 3 deletions adapters/mockplatform.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,17 +38,17 @@ func (m MockPlatform) SendStatus(ctx context.Context, step int) error {

logger.L().Info(
"SendStatus",
helpers.String("Wlid", workload.Wlid),
helpers.String("wlid", workload.Wlid),
helpers.Int("step", step),
)
return nil
}

// SubmitCVE logs the given ID for CVE calculation
func (m MockPlatform) SubmitCVE(ctx context.Context, cve domain.CVEManifest, cvep domain.CVEManifest) error {
func (m MockPlatform) SubmitCVE(_ context.Context, cve domain.CVEManifest, _ domain.CVEManifest) error {
logger.L().Info(
"SubmitCVE",
helpers.String("ID", cve.ImageID),
helpers.String("ID", cve.ID),
)
return nil
}
2 changes: 1 addition & 1 deletion adapters/v1/grype.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,7 @@ func (g *GrypeAdapter) ScanSBOM(ctx context.Context, sbom domain.SBOM) (domain.C

logger.L().Debug("returning CVE manifest", helpers.String("imageID", sbom.ID))
return domain.CVEManifest{
ImageID: sbom.ID,
ID: sbom.ID,
SBOMCreatorVersion: sbom.SBOMCreatorVersion,
CVEScannerVersion: g.Version(ctx),
CVEDBVersion: g.DBVersion(ctx),
Expand Down
100 changes: 86 additions & 14 deletions adapters/v1/testdata/alpine-sbom.format.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
"externalDocumentRefs": null,
"comment": "",
"creationInfo": {
"licenseListVersion": "3.19",
"licenseListVersion": "<<PRESENCE>>",
"creators": [
"Organization: Anchore, Inc",
"Tool: syft-"
Expand Down Expand Up @@ -79,7 +79,7 @@
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceType": "purl",
"referenceLocator": "pkg:apk/alpine/alpine-baselayout@3.4.0-r0?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.17.2",
"referenceLocator": "pkg:apk/alpine/alpine-baselayout@3.4.0-r0?arch=x86_64&distro=alpine-3.17.2",
"comment": ""
}
],
Expand Down Expand Up @@ -251,7 +251,7 @@
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceType": "purl",
"referenceLocator": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&upstream=alpine-keys&distro=alpine-3.17.2",
"referenceLocator": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&distro=alpine-3.17.2",
"comment": ""
}
],
Expand Down Expand Up @@ -325,7 +325,7 @@
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceType": "purl",
"referenceLocator": "pkg:apk/alpine/apk-tools@2.12.10-r1?arch=x86_64&upstream=apk-tools&distro=alpine-3.17.2",
"referenceLocator": "pkg:apk/alpine/apk-tools@2.12.10-r1?arch=x86_64&distro=alpine-3.17.2",
"comment": ""
}
],
Expand All @@ -340,7 +340,7 @@
{
"hasFiles": null,
"name": "busybox",
"SPDXID": "SPDXRef-Package-binary-busybox-d49bb0510b7c7ca7",
"SPDXID": "SPDXRef-Package-binary-busybox-e93bc067bebd50a9",
"versionInfo": "1.35.0",
"packageFileName": "",
"supplier": null,
Expand Down Expand Up @@ -413,7 +413,7 @@
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceType": "purl",
"referenceLocator": "pkg:apk/alpine/busybox@1.35.0-r29?arch=x86_64&upstream=busybox&distro=alpine-3.17.2",
"referenceLocator": "pkg:apk/alpine/busybox@1.35.0-r29?arch=x86_64&distro=alpine-3.17.2",
"comment": ""
}
],
Expand Down Expand Up @@ -570,6 +570,18 @@
"referenceLocator": "cpe:2.3:a:ca_certificates:ca_certificates_bundle:20220614-r4:*:*:*:*:*:*:*",
"comment": ""
},
{
"referenceCategory": "SECURITY",
"referenceType": "cpe23Type",
"referenceLocator": "cpe:2.3:a:mozilla:ca-certificates-bundle:20220614-r4:*:*:*:*:*:*:*",
"comment": ""
},
{
"referenceCategory": "SECURITY",
"referenceType": "cpe23Type",
"referenceLocator": "cpe:2.3:a:mozilla:ca_certificates_bundle:20220614-r4:*:*:*:*:*:*:*",
"comment": ""
},
{
"referenceCategory": "SECURITY",
"referenceType": "cpe23Type",
Expand Down Expand Up @@ -700,6 +712,24 @@
"referenceLocator": "cpe:2.3:a:libcrypto3:libcrypto3:3.0.8-r0:*:*:*:*:*:*:*",
"comment": ""
},
{
"referenceCategory": "SECURITY",
"referenceType": "cpe23Type",
"referenceLocator": "cpe:2.3:a:libcrypto3:libcrypto:3.0.8-r0:*:*:*:*:*:*:*",
"comment": ""
},
{
"referenceCategory": "SECURITY",
"referenceType": "cpe23Type",
"referenceLocator": "cpe:2.3:a:libcrypto:libcrypto3:3.0.8-r0:*:*:*:*:*:*:*",
"comment": ""
},
{
"referenceCategory": "SECURITY",
"referenceType": "cpe23Type",
"referenceLocator": "cpe:2.3:a:libcrypto:libcrypto:3.0.8-r0:*:*:*:*:*:*:*",
"comment": ""
},
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceType": "purl",
Expand Down Expand Up @@ -744,6 +774,24 @@
"referenceLocator": "cpe:2.3:a:libssl3:libssl3:3.0.8-r0:*:*:*:*:*:*:*",
"comment": ""
},
{
"referenceCategory": "SECURITY",
"referenceType": "cpe23Type",
"referenceLocator": "cpe:2.3:a:libssl3:libssl:3.0.8-r0:*:*:*:*:*:*:*",
"comment": ""
},
{
"referenceCategory": "SECURITY",
"referenceType": "cpe23Type",
"referenceLocator": "cpe:2.3:a:libssl:libssl3:3.0.8-r0:*:*:*:*:*:*:*",
"comment": ""
},
{
"referenceCategory": "SECURITY",
"referenceType": "cpe23Type",
"referenceLocator": "cpe:2.3:a:libssl:libssl:3.0.8-r0:*:*:*:*:*:*:*",
"comment": ""
},
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceType": "purl",
Expand Down Expand Up @@ -782,6 +830,18 @@
"description": "the musl c library (libc) implementation",
"comment": "",
"externalRefs": [
{
"referenceCategory": "SECURITY",
"referenceType": "cpe23Type",
"referenceLocator": "cpe:2.3:a:musl-libc:musl:1.2.3-r4:*:*:*:*:*:*:*",
"comment": ""
},
{
"referenceCategory": "SECURITY",
"referenceType": "cpe23Type",
"referenceLocator": "cpe:2.3:a:musl_libc:musl:1.2.3-r4:*:*:*:*:*:*:*",
"comment": ""
},
{
"referenceCategory": "SECURITY",
"referenceType": "cpe23Type",
Expand All @@ -791,7 +851,7 @@
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceType": "purl",
"referenceLocator": "pkg:apk/alpine/musl@1.2.3-r4?arch=x86_64&upstream=musl&distro=alpine-3.17.2",
"referenceLocator": "pkg:apk/alpine/musl@1.2.3-r4?arch=x86_64&distro=alpine-3.17.2",
"comment": ""
}
],
Expand Down Expand Up @@ -850,6 +910,18 @@
"referenceLocator": "cpe:2.3:a:musl_utils:musl_utils:1.2.3-r4:*:*:*:*:*:*:*",
"comment": ""
},
{
"referenceCategory": "SECURITY",
"referenceType": "cpe23Type",
"referenceLocator": "cpe:2.3:a:musl-libc:musl-utils:1.2.3-r4:*:*:*:*:*:*:*",
"comment": ""
},
{
"referenceCategory": "SECURITY",
"referenceType": "cpe23Type",
"referenceLocator": "cpe:2.3:a:musl-libc:musl_utils:1.2.3-r4:*:*:*:*:*:*:*",
"comment": ""
},
{
"referenceCategory": "SECURITY",
"referenceType": "cpe23Type",
Expand Down Expand Up @@ -1027,7 +1099,7 @@
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceType": "purl",
"referenceLocator": "pkg:apk/alpine/zlib@1.2.13-r0?arch=x86_64&upstream=zlib&distro=alpine-3.17.2",
"referenceLocator": "pkg:apk/alpine/zlib@1.2.13-r0?arch=x86_64&distro=alpine-3.17.2",
"comment": ""
}
],
Expand Down Expand Up @@ -3002,18 +3074,18 @@
"relationshipType": "CONTAINS",
"comment": ""
},
{
"spdxElementId": "SPDXRef-Package-apk-busybox-623d53216342d45e",
"relatedSpdxElement": "SPDXRef-Package-binary-busybox-d49bb0510b7c7ca7",
"relationshipType": "OTHER",
"comment": "ownership-by-file-overlap: indicates that the parent package claims ownership of a child package since the parent metadata indicates overlap with a location that a cataloger found the child package by"
},
{
"spdxElementId": "SPDXRef-Package-apk-busybox-623d53216342d45e",
"relatedSpdxElement": "SPDXRef-da2faa18609cadef",
"relationshipType": "CONTAINS",
"comment": ""
},
{
"spdxElementId": "SPDXRef-Package-apk-busybox-623d53216342d45e",
"relatedSpdxElement": "SPDXRef-Package-binary-busybox-e93bc067bebd50a9",
"relationshipType": "OTHER",
"comment": "ownership-by-file-overlap: indicates that the parent package claims ownership of a child package since the parent metadata indicates overlap with a location that a cataloger found the child package by"
},
{
"spdxElementId": "SPDXRef-Package-apk-busybox-623d53216342d45e",
"relatedSpdxElement": "SPDXRef-faa5e8897571d717",
Expand Down
Loading

0 comments on commit b4f7bbd

Please sign in to comment.