syft

package

v0.52.0 Latest Latest Go to latest Published: Sep 29, 2022 License: Apache-2.0 Imports: 23 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

Documentation ¶

Overview ¶

Package syft is a "one-stop-shop" for helper utilities for all major functionality provided by child packages of the syft library.

Here is what the main execution path for syft does:

Parse a user image string to get a stereoscope image.Source object
Invoke all catalogers to catalog the image, adding discovered packages to a single catalog object
Invoke one or more encoders to output contents of the catalog

A Source object encapsulates the image object to be cataloged and the user options (catalog all layers vs. squashed layer), providing a way to inspect paths and file content within the image. The Source object, not the image object, is used throughout the main execution path. This abstraction allows for decoupling of what is cataloged (a docker image, an OCI image, a filesystem, etc) and how it is cataloged (the individual catalogers).

Similar to the cataloging process, Linux distribution identification is also performed based on what is discovered within the image.

Index ¶

Constants
func CatalogPackages(src *source.Source, cfg cataloger.Config) (*pkg.Catalog, []artifact.Relationship, *linux.Release, error)
func Decode(reader io.Reader) (*sbom.SBOM, sbom.Format, error)
func Encode(s sbom.SBOM, f sbom.Format) ([]byte, error)
func FormatByID(id sbom.FormatID) sbom.Format
func FormatByName(name string) sbom.Format
func FormatIDs() (ids []sbom.FormatID)
func IdentifyFormat(by []byte) sbom.Format
func SetBus(b *partybus.Bus)
func SetLogger(logger logger.Logger)

Constants ¶

View Source

const (
	JSONFormatID          = syftjson.ID
	TextFormatID          = text.ID
	TableFormatID         = table.ID
	CycloneDxXMLFormatID  = cyclonedxxml.ID
	CycloneDxJSONFormatID = cyclonedxjson.ID
	GitHubID              = github.ID
	SPDXTagValueFormatID  = spdx22tagvalue.ID
	SPDXJSONFormatID      = spdx22json.ID
	TemplateFormatID      = template.ID
)

these have been exported for the benefit of API users

Variables ¶

This section is empty.

Functions ¶

func CatalogPackages ¶

func CatalogPackages(src *source.Source, cfg cataloger.Config) (*pkg.Catalog, []artifact.Relationship, *linux.Release, error)

CatalogPackages takes an inventory of packages from the given image from a particular perspective (e.g. squashed source, all-layers source). Returns the discovered set of packages, the identified Linux distribution, and the source object used to wrap the data source.

func Decode ¶

func Decode(reader io.Reader) (*sbom.SBOM, sbom.Format, error)

Decode takes a reader for an SBOM and generates all internal SBOM elements.

func Encode ¶

func Encode(s sbom.SBOM, f sbom.Format) ([]byte, error)

Encode takes all SBOM elements and a format option and encodes an SBOM document.

func FormatByID ¶

func FormatByID(id sbom.FormatID) sbom.Format

func FormatByName ¶

func FormatByName(name string) sbom.Format

func FormatIDs ¶

func FormatIDs() (ids []sbom.FormatID)

func IdentifyFormat ¶

func IdentifyFormat(by []byte) sbom.Format

func SetBus ¶

func SetBus(b *partybus.Bus)

SetBus sets the event bus for all syft library bus publish events onto (in-library subscriptions are not allowed).

func SetLogger ¶

func SetLogger(logger logger.Logger)

SetLogger sets the logger object used for all syft logging calls.

Types ¶

This section is empty.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
artifact
event Package event provides event types for all events that the syft library published onto the event bus.	Package event provides event types for all events that the syft library published onto the event bus.
parsers Package parsers provides parser helpers to extract payloads for each event type that the syft library publishes onto the event bus.	Package parsers provides parser helpers to extract payloads for each event type that the syft library publishes onto the event bus.
file
formats
common
common/cyclonedxhelpers
common/spdxhelpers
common/testutils
cyclonedxjson
cyclonedxxml
github
spdx22json
spdx22json/model
spdx22tagvalue
syftjson
syftjson/model
table
template
text
linux
logger Package logger defines the logging interface which is used throughout the syft library.	Package logger defines the logging interface which is used throughout the syft library.
pkg Package pkg provides the data structures for a package, a package catalog, package types, and domain-specific metadata.	Package pkg provides the data structures for a package, a package catalog, package types, and domain-specific metadata.
cataloger Package cataloger provides the ability to process files from a container image or file system and discover packages (gems, wheels, jars, rpms, debs, etc).	Package cataloger provides the ability to process files from a container image or file system and discover packages (gems, wheels, jars, rpms, debs, etc).
cataloger/alpm
cataloger/apkdb Package apkdb provides a concrete Cataloger implementation for Alpine DB files.	Package apkdb provides a concrete Cataloger implementation for Alpine DB files.
cataloger/common Package common provides generic utilities used by multiple catalogers.	Package common provides generic utilities used by multiple catalogers.
cataloger/common/cpe
cataloger/cpp
cataloger/dart
cataloger/deb Package dpkg provides a concrete Cataloger implementation for Debian package DB status files.	Package dpkg provides a concrete Cataloger implementation for Debian package DB status files.
cataloger/dotnet
cataloger/golang Package golang provides a concrete Cataloger implementation for go.mod files.	Package golang provides a concrete Cataloger implementation for go.mod files.
cataloger/golang/internal/xcoff
cataloger/haskell
cataloger/internal/unionreader
cataloger/java Package java provides a concrete Cataloger implementation for Java archives (jar, war, ear, par, sar, jpi, hpi formats).	Package java provides a concrete Cataloger implementation for Java archives (jar, war, ear, par, sar, jpi, hpi formats).
cataloger/javascript Package javascript provides a concrete Cataloger implementation for JavaScript ecosystem files (yarn and npm).	Package javascript provides a concrete Cataloger implementation for JavaScript ecosystem files (yarn and npm).
cataloger/php Package php provides a concrete Cataloger implementation for PHP ecosystem files.	Package php provides a concrete Cataloger implementation for PHP ecosystem files.
cataloger/portage Package portage provides a concrete Cataloger implementation for Gentoo Portage.	Package portage provides a concrete Cataloger implementation for Gentoo Portage.
cataloger/python Package python provides a concrete Cataloger implementation for Python ecosystem files (egg, wheel, requirements.txt).	Package python provides a concrete Cataloger implementation for Python ecosystem files (egg, wheel, requirements.txt).
cataloger/rpm Package rpm provides a concrete DBCataloger implementation for RPM "Package" DB files and a FileCataloger for RPM files.	Package rpm provides a concrete DBCataloger implementation for RPM "Package" DB files and a FileCataloger for RPM files.
cataloger/ruby Package ruby bundler provides a concrete Cataloger implementation for Ruby Gemfile.lock bundler files.	Package ruby bundler provides a concrete Cataloger implementation for Ruby Gemfile.lock bundler files.
cataloger/rust Package rust provides a concrete Cataloger implementation for Cargo.lock files.	Package rust provides a concrete Cataloger implementation for Cargo.lock files.
cataloger/swift Package swift provides a concrete Cataloger implementation for Podfile.lock files.	Package swift provides a concrete Cataloger implementation for Podfile.lock files.
sbom
source Package source provides an abstraction to allow a user to loosely define a data source to catalog and expose a common interface that catalogers and use explore and analyze data from the data source.	Package source provides an abstraction to allow a user to loosely define a data source to catalog and expose a common interface that catalogers and use explore and analyze data from the data source.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL