syft

package

v0.0.0-...-0710af2 Latest Latest Go to latest Published: Aug 21, 2023 License: Apache-2.0 Imports: 22 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

Documentation ¶

Overview ¶

Package syft is a "one-stop-shop" for helper utilities for all major functionality provided by child packages of the syft library.

Here is what the main execution path for syft does:

Parse a user image string to get a stereoscope image.Source object
Invoke all catalogers to catalog the image, adding discovered packages to a single catalog object
Invoke one or more encoders to output contents of the catalog

A Source object encapsulates the image object to be cataloged and the user options (catalog all layers vs. squashed layer), providing a way to inspect paths and file content within the image. The Source object, not the image object, is used throughout the main execution path. This abstraction allows for decoupling of what is cataloged (a docker image, an OCI image, a filesystem, etc) and how it is cataloged (the individual catalogers).

Similar to the cataloging process, Linux distribution identification is also performed based on what is discovered within the image.

Index ¶

Constants
func CatalogPackages(src source.Source, cfg cataloger.Config) (*pkg.Collection, []artifact.Relationship, *linux.Release, error)
func Decode(reader io.Reader) (*sbom.SBOM, sbom.Format, error)
func Encode(s sbom.SBOM, f sbom.Format) ([]byte, error)
func FormatByID(id sbom.FormatID) sbom.Format
func FormatByName(name string) sbom.Format
func FormatIDs() (ids []sbom.FormatID)
func IdentifyFormat(by []byte) sbom.Format
func SetBus(b *partybus.Bus)
func SetLogger(logger logger.Logger)

Constants ¶

View Source

const (
	JSONFormatID          = syftjson.ID
	TextFormatID          = text.ID
	TableFormatID         = table.ID
	CycloneDxXMLFormatID  = cyclonedxxml.ID
	CycloneDxJSONFormatID = cyclonedxjson.ID
	GitHubFormatID        = github.ID
	SPDXTagValueFormatID  = spdxtagvalue.ID
	SPDXJSONFormatID      = spdxjson.ID
	TemplateFormatID      = template.ID
)

these have been exported for the benefit of API users TODO: deprecated: now that the formats package has been moved to syft/formats, will be removed in v1.0.0

Variables ¶

This section is empty.

Functions ¶

func CatalogPackages ¶

func CatalogPackages(src source.Source, cfg cataloger.Config) (*pkg.Collection, []artifact.Relationship, *linux.Release, error)

CatalogPackages takes an inventory of packages from the given image from a particular perspective (e.g. squashed source, all-layers source). Returns the discovered set of packages, the identified Linux distribution, and the source object used to wrap the data source.