feat: handling source field of every pkg. Bump analyser ver.

Author: michael-go

lib/index.js

@@ -68,7 +68,7 @@ function getDependencies(analyzerBinaryPath, targetImage) {
   )
   .then(function (output) {
     scanResults = JSON.parse(output);
-    return Promise.resolve(convertDependecies(targetImage, scanResults));
+    return convertDependecies(targetImage, scanResults);
   })
   .catch(function (error) {
     if (typeof error === 'string') {
@@ -87,35 +87,39 @@ function getDependencies(analyzerBinaryPath, targetImage) {
 }
 
 function convertDependecies(targetImage, scanResults) {
-  targetSplit = targetImage.split(':');
-  imageName = targetSplit[0];
-  imageVersion = targetSplit[1];
-  imageVersion = (imageVersion ? imageVersion : 'lateset');
+  var targetSplit = targetImage.split(':');
+  var imageName = targetSplit[0];
+  var imageVersion = targetSplit[1] ? targetSplit[1] : 'latest';
 
-  root = {};
-  root.name = imageName;
-  root.version = imageVersion;
-
-  var scanResult = scanResults.filter(function (res) {
+  var analysisResults = scanResults.results.filter(function (res) {
     return res.Analysis && res.Analysis.length > 0;
   })[0];
 
   var pkgType;
-  switch (scanResult.AnalyzeType) {
+  switch (analysisResults.AnalyzeType) {
     case 'Apt': {
       pkgType = 'deb';
       break;
     }
     default: {
-      pkgType = scanResult.AnalyzeType.toLowerCase()
+      pkgType = analysisResults.AnalyzeType.toLowerCase()
     }
   }
-  root.packageFormatVersion = pkgType + ':0.0.1';
+  var root = {
+    name: imageName,
+    version: imageVersion,
+    dockerOSRelease: scanResults.osRelease,
+    packageFormatVersion: pkgType + ':0.0.1',
+  };
 
-  pkgs = scanResult['Analysis']
+  var pkgs = analysisResults['Analysis'];
 
   root.dependencies = pkgs.reduce(function (acc, pkg) {
-    name = pkg['Name'];
+    if (!pkg['Source']) {
+      name = pkg['Name'];
+    } else {
+      name = pkg['Source'] + '/' + pkg['Name'];
+    }
     version = pkg['Version'];
 
     acc[name] = {

package.json

@@ -13,7 +13,7 @@
     "semantic-release": "semantic-release pre && npm publish && semantic-release post"
   },
   "snyk-docker-analyzer": {
-    "version": "1.0.6"
+    "version": "1.2.0"
   },
   "author": "snyk.io",
   "license": "Apache-2.0",

test/system.test.js

@@ -81,14 +81,18 @@ test('inspect nginx:1.13.10', function (t) {
         name: imgName,
         version: imgTag,
         packageFormatVersion: 'deb:0.0.1',
+        dockerOSRelease: {
+          name: 'debian',
+          version: '9',
+        },
       }, 'root pkg');
 
       const deps = pkg.dependencies;
 
-      t.equal(Object.keys(deps).length, 80, 'expected number of deps');
+      t.equal(Object.keys(deps).length, 108, 'expected number of deps');
       t.match(deps, {
-        acl: {
-          name: 'acl',
+        'acl/libacl1': {
+          name: 'acl/libacl1',
           version: '2.2.52-3+b1',
         },
         adduser: {
@@ -99,8 +103,8 @@ test('inspect nginx:1.13.10', function (t) {
           name: 'nginx-module-xslt',
           version: '1.13.10-1~stretch',
         },
-        openssl: {
-          name: 'openssl',
+        'openssl/libssl1.1': {
+          name: 'openssl/libssl1.1',
           version: '1.1.0f-3+deb9u1',
         },
       }, 'deps');
@@ -125,6 +129,10 @@ test('inspect redis:3.2.11-alpine', function (t) {
         name: imgName,
         version: imgTag,
         packageFormatVersion: 'apk:0.0.1',
+        dockerOSRelease: {
+          name: 'alpine',
+          version: '3.7.0',
+        },
       }, 'root pkg');
 
       const deps = pkg.dependencies;
@@ -166,6 +174,10 @@ test('inspect centos', function (t) {
         name: imgName,
         version: imgTag,
         packageFormatVersion: 'rpm:0.0.1',
+        dockerOSRelease: {
+          name: 'centos',
+          version: '7',
+        },
       }, 'root pkg');
 
       const deps = pkg.dependencies;