syft

package
v0.42.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 23, 2022 License: Apache-2.0 Imports: 22 Imported by: 56

Documentation

Overview

Package syft is a "one-stop-shop" for helper utilities for all major functionality provided by child packages of the syft library.

Here is what the main execution path for syft does:

  1. Parse a user image string to get a stereoscope image.Source object
  2. Invoke all catalogers to catalog the image, adding discovered packages to a single catalog object
  3. Invoke one or more encoders to output contents of the catalog

A Source object encapsulates the image object to be cataloged and the user options (catalog all layers vs. squashed layer), providing a way to inspect paths and file content within the image. The Source object, not the image object, is used throughout the main execution path. This abstraction allows for decoupling of what is cataloged (a docker image, an OCI image, a filesystem, etc) and how it is cataloged (the individual catalogers).

Similar to the cataloging process, Linux distribution identification is also performed based on what is discovered within the image.

Index

Constants

View Source
const (
	JSONFormatID          = syftjson.ID
	TextFormatID          = text.ID
	TableFormatID         = table.ID
	CycloneDxXMLFormatID  = cyclonedxxml.ID
	CycloneDxJSONFormatID = cyclonedxjson.ID
	GitHubID              = github.ID
	SPDXTagValueFormatID  = spdx22tagvalue.ID
	SPDXJSONFormatID      = spdx22json.ID
)

these have been exported for the benefit of API users

Variables

This section is empty.

Functions

func CatalogPackages added in v0.15.0

func CatalogPackages(src *source.Source, cfg cataloger.Config) (*pkg.Catalog, []artifact.Relationship, *linux.Release, error)

CatalogPackages takes an inventory of packages from the given image from a particular perspective (e.g. squashed source, all-layers source). Returns the discovered set of packages, the identified Linux distribution, and the source object used to wrap the data source.

func Decode added in v0.27.0

func Decode(reader io.Reader) (*sbom.SBOM, sbom.Format, error)

Decode takes a reader for an SBOM and generates all internal SBOM elements.

func Encode added in v0.27.0

func Encode(s sbom.SBOM, f sbom.Format) ([]byte, error)

Encode takes all SBOM elements and a format option and encodes an SBOM document.

func FormatByID added in v0.41.0

func FormatByID(id sbom.FormatID) sbom.Format

func FormatByName added in v0.41.0

func FormatByName(name string) sbom.Format

func FormatIDs added in v0.41.0

func FormatIDs() (ids []sbom.FormatID)

func IdentifyFormat added in v0.41.0

func IdentifyFormat(by []byte) sbom.Format

func SetBus

func SetBus(b *partybus.Bus)

SetBus sets the event bus for all syft library bus publish events onto (in-library subscriptions are not allowed).

func SetLogger

func SetLogger(logger logger.Logger)

SetLogger sets the logger object used for all syft logging calls.

Types

This section is empty.

Directories

Path Synopsis
Package event provides event types for all events that the syft library published onto the event bus.
Package event provides event types for all events that the syft library published onto the event bus.
parsers
Package parsers provides parser helpers to extract payloads for each event type that the syft library publishes onto the event bus.
Package parsers provides parser helpers to extract payloads for each event type that the syft library publishes onto the event bus.
Package logger defines the logging interface which is used throughout the syft library.
Package logger defines the logging interface which is used throughout the syft library.
pkg
Package pkg provides the data structures for a package, a package catalog, package types, and domain-specific metadata.
Package pkg provides the data structures for a package, a package catalog, package types, and domain-specific metadata.
cataloger
Package cataloger provides the ability to process files from a container image or file system and discover packages (gems, wheels, jars, rpms, debs, etc).
Package cataloger provides the ability to process files from a container image or file system and discover packages (gems, wheels, jars, rpms, debs, etc).
cataloger/apkdb
Package apkdb provides a concrete Cataloger implementation for Alpine DB files.
Package apkdb provides a concrete Cataloger implementation for Alpine DB files.
cataloger/common
Package common provides generic utilities used by multiple catalogers.
Package common provides generic utilities used by multiple catalogers.
cataloger/deb
Package dpkg provides a concrete Cataloger implementation for Debian package DB status files.
Package dpkg provides a concrete Cataloger implementation for Debian package DB status files.
cataloger/golang
Package golang provides a concrete Cataloger implementation for go.mod files.
Package golang provides a concrete Cataloger implementation for go.mod files.
cataloger/golang/internal/xcoff
nolint //this is an internal golang lib nolint // this is an internal golang lib
nolint //this is an internal golang lib nolint // this is an internal golang lib
cataloger/java
Package java provides a concrete Cataloger implementation for Java archives (jar, war, ear, par, sar, jpi, hpi formats).
Package java provides a concrete Cataloger implementation for Java archives (jar, war, ear, par, sar, jpi, hpi formats).
cataloger/javascript
Package javascript provides a concrete Cataloger implementation for JavaScript ecosystem files (yarn and npm).
Package javascript provides a concrete Cataloger implementation for JavaScript ecosystem files (yarn and npm).
cataloger/php
Package php provides a concrete Cataloger implementation for PHP ecosystem files.
Package php provides a concrete Cataloger implementation for PHP ecosystem files.
cataloger/python
Package python provides a concrete Cataloger implementation for Python ecosystem files (egg, wheel, requirements.txt).
Package python provides a concrete Cataloger implementation for Python ecosystem files (egg, wheel, requirements.txt).
cataloger/rpmdb
Package rpmdb provides a concrete Cataloger implementation for RPM "Package" DB files.
Package rpmdb provides a concrete Cataloger implementation for RPM "Package" DB files.
cataloger/ruby
Package ruby bundler provides a concrete Cataloger implementation for Ruby Gemfile.lock bundler files.
Package ruby bundler provides a concrete Cataloger implementation for Ruby Gemfile.lock bundler files.
cataloger/rust
Package rust provides a concrete Cataloger implementation for Cargo.lock files.
Package rust provides a concrete Cataloger implementation for Cargo.lock files.
Package source provides an abstraction to allow a user to loosely define a data source to catalog and expose a common interface that catalogers and use explore and analyze data from the data source.
Package source provides an abstraction to allow a user to loosely define a data source to catalog and expose a common interface that catalogers and use explore and analyze data from the data source.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL