Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add support for Bitnami cataloguer #3341

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

feat: add support for Bitnami cataloguer #3341

wants to merge 9 commits into from
+3,783 −134

Conversation

juan131
Copy link

@juan131 juan131 commented Oct 16, 2024

Description

This PR adds supports for a new Bitnami cataloguer so Syft is able to recognize Bitnami SBOMs and properly detect the packages available on Bitnami images.

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (please discuss with the team first; Syft is 1.0 software and we won't accept breaking changes without going to 2.0)
  • Documentation (updates the documentation)
  • Chore (improve the developer experience, fix a test flake, etc, without changing the visible behavior of Syft)
  • Performance (make Syft run faster or use less memory, without changing visible behavior much)

Checklist:

  • I have added unit tests that cover changed behavior
  • I have tested my code in common scenarios and confirmed there are no regressions
  • I have added comments to my code, particularly in hard-to-understand sections

willmurphyscode and others added 6 commits October 16, 2024 16:04
@willmurphyscode @juan131
prototype: start bitnami cataloger
1c9e6b4 
Bitnami images have spdx SBOMs at predictable paths, and Syft could more
accurately identify the software in these images by scanning those
SBOMs. Start work on this by forking the sbom-cataloger as a new
bitnami-cataloger.

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
@willmurphyscode @juan131
wire up bitnami cataloger to run on images by default
b2a3d72 
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
@juan131
feat: add support for Bitnami cataloguer
7267d13 
Signed-off-by: juan131 <jariza@vmware.com>
@juan131
feat: use a better SPDX sample for unit tests
a1e3157 
Signed-off-by: juan131 <jariza@vmware.com>
@juan131
bugfix: only report bitnami pkgs
40c449b 
Signed-off-by: juan131 <jariza@vmware.com>
@juan131
feat: adapt JSON schema, spdxutil and packagemetadata
de25720 
Signed-off-by: juan131 <jariza@vmware.com>
@github-actions github-actions bot added the json-schema Changes the json schema label Oct 17, 2024
@juan131 juan131 marked this pull request as ready for review October 17, 2024 10:26
@juan131
Copy link
Author

juan131 commented Oct 17, 2024

cc @willmurphyscode

@willmurphyscode willmurphyscode self-assigned this Oct 18, 2024
@juan131 juan131 mentioned this pull request Oct 18, 2024
Open
@juan131
bugfix: use new bitnami purl type
7e26fa5 
Signed-off-by: juan131 <jariza@vmware.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@willmurphyscode willmurphyscode

Labels
json-schema Changes the json schema
Projects
OSS
Status: In Review
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support Bitnami embedded SBOMs
2 participants
@juan131 @willmurphyscode