syft

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 1, 2024 License: Apache-2.0 Imports: 32 Imported by: 0

Documentation

Overview

Package syft is a "one-stop-shop" for helper utilities for all major functionality provided by child packages of the syft library.

Here is what the main execution path for syft does:

  1. Parse a user image string to get a stereoscope image.Source object
  2. Invoke all catalogers to catalog the image, adding discovered packages to a single catalog object
  3. Invoke one or more encoders to output contents of the catalog

A Source object encapsulates the image object to be cataloged and the user options (catalog all layers vs. squashed layer), providing a way to inspect paths and file content within the image. The Source object, not the image object, is used throughout the main execution path. This abstraction allows for decoupling of what is cataloged (a docker image, an OCI image, a filesystem, etc) and how it is cataloged (the individual catalogers).

Similar to the cataloging process, Linux distribution identification is also performed based on what is discovered within the image.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CreateSBOM 

func CreateSBOM(ctx context.Context, src source.Source, cfg *CreateSBOMConfig) (*sbom.SBOM, error)

CreateSBOM creates a software bill-of-materials from the given source. If the CreateSBOMConfig is nil, then default options will be used.

func GetSource 

func GetSource(ctx context.Context, userInput string, cfg *GetSourceConfig) (source.Source, error)

GetSource uses all of Syft's known source providers to attempt to resolve the user input to a usable source.Source

func SetBus 

func SetBus(b *partybus.Bus)

SetBus sets the event bus for all syft library bus publish events onto (in-library subscriptions are not allowed).

func SetLogger 

func SetLogger(logger logger.Logger)

SetLogger sets the logger object used for all syft logging calls.

Types

type CreateSBOMConfig 

type CreateSBOMConfig struct {
	// required configuration input to specify how cataloging should be performed
	Search             cataloging.SearchConfig
	Relationships      cataloging.RelationshipsConfig
	DataGeneration     cataloging.DataGenerationConfig
	Packages           pkgcataloging.Config
	Files              filecataloging.Config
	Parallelism        int
	CatalogerSelection pkgcataloging.SelectionRequest

	// audit what tool is being used to generate the SBOM
	ToolName          string
	ToolVersion       string
	ToolConfiguration interface{}
	// contains filtered or unexported fields
}

CreateSBOMConfig specifies all parameters needed for creating an SBOM.

func DefaultCreateSBOMConfig 

func DefaultCreateSBOMConfig() *CreateSBOMConfig

func (*CreateSBOMConfig) Create 

func (c *CreateSBOMConfig) Create(ctx context.Context, src source.Source) (*sbom.SBOM, error)

Create creates an SBOM from the given source with the current SBOM configuration.

func (*CreateSBOMConfig) WithCatalogerSelection 

func (c *CreateSBOMConfig) WithCatalogerSelection(selection pkgcataloging.SelectionRequest) *CreateSBOMConfig

WithCatalogerSelection allows for adding to, removing from, or sub-selecting the final set of catalogers by name or tag.

func (*CreateSBOMConfig) WithCatalogers 

func (c *CreateSBOMConfig) WithCatalogers(catalogerRefs ...pkgcataloging.CatalogerReference) *CreateSBOMConfig

WithCatalogers allows for adding user-provided catalogers to the final set of catalogers that will always be run regardless of the source type or any cataloger selections provided.

func (*CreateSBOMConfig) WithDataGenerationConfig 

func (c *CreateSBOMConfig) WithDataGenerationConfig(cfg cataloging.DataGenerationConfig) *CreateSBOMConfig

WithDataGenerationConfig allows for defining what data elements that cannot be discovered from the underlying target being scanned that should be generated after package creation.

func (*CreateSBOMConfig) WithFilesConfig 

func (c *CreateSBOMConfig) WithFilesConfig(cfg filecataloging.Config) *CreateSBOMConfig

WithFilesConfig allows for defining file-based cataloging parameters.

func (*CreateSBOMConfig) WithPackagesConfig 

func (c *CreateSBOMConfig) WithPackagesConfig(cfg pkgcataloging.Config) *CreateSBOMConfig

WithPackagesConfig allows for defining any specific behavior for syft-implemented catalogers.

func (*CreateSBOMConfig) WithParallelism 

func (c *CreateSBOMConfig) WithParallelism(p int) *CreateSBOMConfig

WithParallelism allows for setting the number of concurrent cataloging tasks that can be performed at once

func (*CreateSBOMConfig) WithRelationshipsConfig 

func (c *CreateSBOMConfig) WithRelationshipsConfig(cfg cataloging.RelationshipsConfig) *CreateSBOMConfig

WithRelationshipsConfig allows for defining the specific relationships that should be captured during cataloging.

func (*CreateSBOMConfig) WithSearchConfig 

func (c *CreateSBOMConfig) WithSearchConfig(cfg cataloging.SearchConfig) *CreateSBOMConfig

WithSearchConfig allows for setting the specific search configuration for cataloging.

func (*CreateSBOMConfig) WithTool 

func (c *CreateSBOMConfig) WithTool(name, version string, cfg ...any) *CreateSBOMConfig

WithTool allows for setting the specific name, version, and any additional configuration that is not captured in the syft default API configuration. This could cover inputs for catalogers that were user-provided, thus, is not visible to the syft API, but would be useful to see in the SBOM output.

func (*CreateSBOMConfig) WithoutCatalogers 

func (c *CreateSBOMConfig) WithoutCatalogers() *CreateSBOMConfig

WithoutCatalogers removes all catalogers from the final set of catalogers. This is useful if you want to only use user-provided catalogers (without the default syft-provided catalogers).

func (*CreateSBOMConfig) WithoutFiles 

func (c *CreateSBOMConfig) WithoutFiles() *CreateSBOMConfig

WithoutFiles allows for disabling file cataloging altogether.

type GetSourceConfig 

type GetSourceConfig struct {
	// SourceProviderConfig may optionally be provided to be used when constructing the default set of source providers, unused if All specified
	SourceProviderConfig *sourceproviders.Config

	// Sources is an explicit list of source names to use, in order, to attempt to locate a source
	Sources []string

	// DefaultImagePullSource will cause a particular image pull source to be used as the first pull source, followed by other pull sources
	DefaultImagePullSource string
}

func DefaultGetSourceConfig 

func DefaultGetSourceConfig() *GetSourceConfig

func (*GetSourceConfig) WithAlias 

func (c *GetSourceConfig) WithAlias(alias source.Alias) *GetSourceConfig

func (*GetSourceConfig) WithBasePath 

func (c *GetSourceConfig) WithBasePath(basePath string) *GetSourceConfig

func (*GetSourceConfig) WithDefaultImagePullSource 

func (c *GetSourceConfig) WithDefaultImagePullSource(defaultImagePullSource string) *GetSourceConfig

func (*GetSourceConfig) WithDigestAlgorithms 

func (c *GetSourceConfig) WithDigestAlgorithms(algorithms ...crypto.Hash) *GetSourceConfig

func (*GetSourceConfig) WithExcludeConfig 

func (c *GetSourceConfig) WithExcludeConfig(excludeConfig source.ExcludeConfig) *GetSourceConfig

func (*GetSourceConfig) WithPlatform 

func (c *GetSourceConfig) WithPlatform(platform *image.Platform) *GetSourceConfig

func (*GetSourceConfig) WithRegistryOptions 

func (c *GetSourceConfig) WithRegistryOptions(registryOptions *image.RegistryOptions) *GetSourceConfig

func (*GetSourceConfig) WithSources 

func (c *GetSourceConfig) WithSources(sources ...string) *GetSourceConfig

Source Files

View all Source files

Directories

Path Synopsis
filecataloging
pkgcataloging
Package event provides event types for all events that the syft library published onto the event bus.
 Package event provides event types for all events that the syft library published onto the event bus.
monitor
parsers
Package parsers provides parser helpers to extract payloads for each event type that the syft library publishes onto the event bus.
 Package parsers provides parser helpers to extract payloads for each event type that the syft library publishes onto the event bus.
cataloger/executable
cataloger/filecontent
cataloger/filedigest
cataloger/filemetadata
cataloger/internal
common/cyclonedxhelpers
common/spdxhelpers
cyclonedxjson
cyclonedxxml
github
github/internal/model
internal/cyclonedxutil
internal/cyclonedxutil/helpers
internal/spdxutil
internal/spdxutil/helpers
internal/stream
internal/testutil
spdxjson
spdxtagvalue
syftjson
syftjson/model
table
template
text
fileresolver
jsonschema
packagemetadata
packagemetadata/generate
sourcemetadata
sourcemetadata/generate
testutil
unionreader
windows
package license provides common methods for working with SPDX license data
 package license provides common methods for working with SPDX license data
pkg
Package pkg provides the data structures for a package, a package catalog, package types, and domain-specific metadata.
 Package pkg provides the data structures for a package, a package catalog, package types, and domain-specific metadata.
cataloger/alpine
Package alpine provides a concrete Cataloger implementations for packages relating to the Alpine linux distribution.
 Package alpine provides a concrete Cataloger implementations for packages relating to the Alpine linux distribution.
cataloger/arch
Package arch provides a concrete Cataloger implementations for packages relating to the Arch linux distribution.
 Package arch provides a concrete Cataloger implementations for packages relating to the Arch linux distribution.
cataloger/binary
Package binary provides a concrete cataloger implementations for surfacing possible packages based on signatures found within binary files.
 Package binary provides a concrete cataloger implementations for surfacing possible packages based on signatures found within binary files.
cataloger/binary/test-fixtures/manager
cataloger/binary/test-fixtures/manager/internal
cataloger/binary/test-fixtures/manager/internal/cli
cataloger/binary/test-fixtures/manager/internal/cli/commands
cataloger/binary/test-fixtures/manager/internal/config
cataloger/binary/test-fixtures/manager/internal/ui
cataloger/binary/test-fixtures/manager/testutil
cataloger/common/cpe
cataloger/cpp
Package cpp provides a concrete Cataloger implementations for the C/C++ language ecosystem.
 Package cpp provides a concrete Cataloger implementations for the C/C++ language ecosystem.
cataloger/dart
Package dart provides a concrete Cataloger implementations for the Dart language ecosystem.
 Package dart provides a concrete Cataloger implementations for the Dart language ecosystem.
cataloger/debian
Package debian provides a concrete Cataloger implementation relating to packages within the Debian linux distribution.
 Package debian provides a concrete Cataloger implementation relating to packages within the Debian linux distribution.
cataloger/dotnet
Package dotnet provides a concrete Cataloger implementation relating to packages within the C#/.NET language/runtime ecosystem.
 Package dotnet provides a concrete Cataloger implementation relating to packages within the C#/.NET language/runtime ecosystem.
cataloger/elixir
Package elixir provides a concrete Cataloger implementation relating to packages within the Elixir language ecosystem.
 Package elixir provides a concrete Cataloger implementation relating to packages within the Elixir language ecosystem.
cataloger/erlang
Package erlang provides concrete Catalogers implementation relating to packages within the Erlang language ecosystem.
 Package erlang provides concrete Catalogers implementation relating to packages within the Erlang language ecosystem.
cataloger/generic
cataloger/gentoo
Package gentoo provides a concrete Cataloger implementation related to packages within the Gentoo linux ecosystem.
 Package gentoo provides a concrete Cataloger implementation related to packages within the Gentoo linux ecosystem.
cataloger/githubactions
Package githubactions provides a concrete Cataloger implementation for GitHub Actions packages (both actions and workflows).
 Package githubactions provides a concrete Cataloger implementation for GitHub Actions packages (both actions and workflows).
cataloger/golang
Package golang provides a concrete Cataloger implementation relating to packages within the Go language ecosystem.
 Package golang provides a concrete Cataloger implementation relating to packages within the Go language ecosystem.
cataloger/golang/internal/xcoff
cataloger/haskell
Package haskell provides a concrete Cataloger implementation relating to packages within the Haskell language ecosystem.
 Package haskell provides a concrete Cataloger implementation relating to packages within the Haskell language ecosystem.
cataloger/internal/cpegenerate
cataloger/internal/cpegenerate/dictionary
cataloger/internal/cpegenerate/dictionary/index-generator
This program downloads the latest CPE dictionary from NIST and processes it into a JSON file that can be embedded into Syft for more accurate CPE results.
 This program downloads the latest CPE dictionary from NIST and processes it into a JSON file that can be embedded into Syft for more accurate CPE results.
cataloger/internal/pkgtest
cataloger/java
Package java provides a concrete Cataloger implementation for packages relating to the Java language ecosystem.
 Package java provides a concrete Cataloger implementation for packages relating to the Java language ecosystem.
cataloger/javascript
Package javascript provides a concrete Cataloger implementation for packages relating to the JavaScript language ecosystem.
 Package javascript provides a concrete Cataloger implementation for packages relating to the JavaScript language ecosystem.
cataloger/kernel
Package kernel provides a concrete Cataloger implementation for linux kernel and module files.
 Package kernel provides a concrete Cataloger implementation for linux kernel and module files.
cataloger/nix
Package nix provides a concrete Cataloger implementation for packages within the Nix packaging ecosystem.
 Package nix provides a concrete Cataloger implementation for packages within the Nix packaging ecosystem.
cataloger/php
Package php provides a concrete Cataloger implementation relating to packages within the PHP language ecosystem.
 Package php provides a concrete Cataloger implementation relating to packages within the PHP language ecosystem.
cataloger/python
Package python provides a concrete Cataloger implementation relating to packages within the Python language ecosystem.
 Package python provides a concrete Cataloger implementation relating to packages within the Python language ecosystem.
cataloger/r
Package r provides a concrete Cataloger implementation relating to packages within the R language ecosystem.
 Package r provides a concrete Cataloger implementation relating to packages within the R language ecosystem.
cataloger/redhat
Package redhat provides a concrete DBCataloger implementation relating to packages within the RedHat linux distribution.
 Package redhat provides a concrete DBCataloger implementation relating to packages within the RedHat linux distribution.
cataloger/ruby
Package ruby provides a concrete Cataloger implementation relating to packages within the Ruby language ecosystem.
 Package ruby provides a concrete Cataloger implementation relating to packages within the Ruby language ecosystem.
cataloger/rust
Package rust provides a concrete Cataloger implementation relating to packages within the Rust language ecosystem.
 Package rust provides a concrete Cataloger implementation relating to packages within the Rust language ecosystem.
cataloger/sbom
Package sbom provides a concrete Cataloger implementation for capturing packages embedded within SBOM files.
 Package sbom provides a concrete Cataloger implementation for capturing packages embedded within SBOM files.
cataloger/swift
Package swift provides a concrete Cataloger implementation relating to packages within the swift language ecosystem.
 Package swift provides a concrete Cataloger implementation relating to packages within the swift language ecosystem.
cataloger/wordpress
Package source provides an abstraction to allow a user to loosely define a data source to catalog and expose a common interface that catalogers and use explore and analyze data from the data source.
 Package source provides an abstraction to allow a user to loosely define a data source to catalog and expose a common interface that catalogers and use explore and analyze data from the data source.
directorysource
filesource
internal
sourceproviders
stereoscopesource

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.