Documentation ¶
Overview ¶
Package syft is a "one-stop-shop" for helper utilities for all major functionality provided by child packages of the syft library.
Here is what the main execution path for syft does:
- Parse a user image string to get a stereoscope image.Source object
- Invoke all catalogers to catalog the image, adding discovered packages to a single catalog object
- Invoke one or more encoders to output contents of the catalog
A Source object encapsulates the image object to be cataloged and the user options (catalog all layers vs. squashed layer), providing a way to inspect paths and file content within the image. The Source object, not the image object, is used throughout the main execution path. This abstraction allows for decoupling of what is cataloged (a docker image, an OCI image, a filesystem, etc) and how it is cataloged (the individual catalogers).
Similar to the cataloging process, Linux distribution identification is also performed based on what is discovered within the image.
Index ¶
- Constants
- func CatalogPackages(src *source.Source, cfg cataloger.Config) (*pkg.Collection, []artifact.Relationship, *linux.Release, error)
- func Decode(reader io.Reader) (*sbom.SBOM, sbom.Format, error)
- func Encode(s sbom.SBOM, f sbom.Format) ([]byte, error)
- func FormatByID(id sbom.FormatID) sbom.Format
- func FormatByName(name string) sbom.Format
- func FormatIDs() (ids []sbom.FormatID)
- func IdentifyFormat(by []byte) sbom.Format
- func SetBus(b *partybus.Bus)
- func SetLogger(logger logger.Logger)
Constants ¶
const ( JSONFormatID = syftjson.ID TextFormatID = text.ID TableFormatID = table.ID CycloneDxXMLFormatID = cyclonedxxml.ID CycloneDxJSONFormatID = cyclonedxjson.ID GitHubFormatID = github.ID SPDXTagValueFormatID = spdxtagvalue.ID SPDXJSONFormatID = spdxjson.ID TemplateFormatID = template.ID )
these have been exported for the benefit of API users TODO: deprecated: now that the formats package has been moved to syft/formats, will be removed in v1.0.0
Variables ¶
This section is empty.
Functions ¶
func CatalogPackages ¶ added in v0.15.0
func CatalogPackages(src *source.Source, cfg cataloger.Config) (*pkg.Collection, []artifact.Relationship, *linux.Release, error)
CatalogPackages takes an inventory of packages from the given image from a particular perspective (e.g. squashed source, all-layers source). Returns the discovered set of packages, the identified Linux distribution, and the source object used to wrap the data source.
func Decode ¶ added in v0.27.0
TODO: deprecated, moved to syft/formats/formats.go. will be removed in v1.0.0
func Encode ¶ added in v0.27.0
TODO: deprecated, moved to syft/formats/formats.go. will be removed in v1.0.0
func FormatByID ¶ added in v0.41.0
TODO: deprecated, moved to syft/formats/formats.go. will be removed in v1.0.0
func FormatByName ¶ added in v0.41.0
TODO: deprecated, moved to syft/formats/formats.go. will be removed in v1.0.0
func FormatIDs ¶ added in v0.41.0
TODO: deprecated, moved to syft/formats/formats.go. will be removed in v1.0.0
func IdentifyFormat ¶ added in v0.41.0
TODO: deprecated, moved to syft/formats/formats.go. will be removed in v1.0.0
Types ¶
This section is empty.
Directories ¶
Path | Synopsis |
---|---|
Package event provides event types for all events that the syft library published onto the event bus.
|
Package event provides event types for all events that the syft library published onto the event bus. |
parsers
Package parsers provides parser helpers to extract payloads for each event type that the syft library publishes onto the event bus.
|
Package parsers provides parser helpers to extract payloads for each event type that the syft library publishes onto the event bus. |
internal
|
|
package license provides common methods for working with SPDX license data
|
package license provides common methods for working with SPDX license data |
Package pkg provides the data structures for a package, a package catalog, package types, and domain-specific metadata.
|
Package pkg provides the data structures for a package, a package catalog, package types, and domain-specific metadata. |
cataloger
Package cataloger provides the ability to process files from a container image or file system and discover packages (gems, wheels, jars, rpms, debs, etc).
|
Package cataloger provides the ability to process files from a container image or file system and discover packages (gems, wheels, jars, rpms, debs, etc). |
cataloger/apkdb
Package apkdb provides a concrete Cataloger implementation for Alpine DB files.
|
Package apkdb provides a concrete Cataloger implementation for Alpine DB files. |
cataloger/deb
Package deb provides a concrete Cataloger implementation for Debian package DB status files.
|
Package deb provides a concrete Cataloger implementation for Debian package DB status files. |
cataloger/elixir
Package elixir provides a concrete Cataloger implementation for elixir specific package manger files.
|
Package elixir provides a concrete Cataloger implementation for elixir specific package manger files. |
cataloger/erlang
Package erlang provides a concrete Cataloger implementation for erlang specific package manger files.
|
Package erlang provides a concrete Cataloger implementation for erlang specific package manger files. |
cataloger/golang
Package golang provides a concrete Cataloger implementation for go.mod files.
|
Package golang provides a concrete Cataloger implementation for go.mod files. |
cataloger/java
Package java provides a concrete Cataloger implementation for Java archives (jar, war, ear, par, sar, jpi, hpi, and native-image formats).
|
Package java provides a concrete Cataloger implementation for Java archives (jar, war, ear, par, sar, jpi, hpi, and native-image formats). |
cataloger/javascript
Package javascript provides a concrete Cataloger implementation for JavaScript ecosystem files (yarn and npm).
|
Package javascript provides a concrete Cataloger implementation for JavaScript ecosystem files (yarn and npm). |
cataloger/kernel
Package kernel provides a concrete Cataloger implementation for linux kernel and module files.
|
Package kernel provides a concrete Cataloger implementation for linux kernel and module files. |
cataloger/php
Package php provides a concrete Cataloger implementation for PHP ecosystem files.
|
Package php provides a concrete Cataloger implementation for PHP ecosystem files. |
cataloger/portage
Package portage provides a concrete Cataloger implementation for Gentoo Portage.
|
Package portage provides a concrete Cataloger implementation for Gentoo Portage. |
cataloger/rpm
Package rpm provides a concrete DBCataloger implementation for RPM "Package" DB files and a FileCataloger for RPM files.
|
Package rpm provides a concrete DBCataloger implementation for RPM "Package" DB files and a FileCataloger for RPM files. |
cataloger/ruby
Package ruby bundler provides a concrete Cataloger implementation for Ruby Gemfile.lock bundler files.
|
Package ruby bundler provides a concrete Cataloger implementation for Ruby Gemfile.lock bundler files. |
cataloger/rust
Package rust provides a concrete Cataloger implementation for Cargo.lock files.
|
Package rust provides a concrete Cataloger implementation for Cargo.lock files. |
cataloger/swift
Package swift provides a concrete Cataloger implementation for Podfile.lock files.
|
Package swift provides a concrete Cataloger implementation for Podfile.lock files. |
Package source provides an abstraction to allow a user to loosely define a data source to catalog and expose a common interface that catalogers and use explore and analyze data from the data source.
|
Package source provides an abstraction to allow a user to loosely define a data source to catalog and expose a common interface that catalogers and use explore and analyze data from the data source. |