-
Notifications
You must be signed in to change notification settings - Fork 552
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow for pip extras #1251
Allow for pip extras #1251
Conversation
- Allow pip packages to specify extras. - Syntax: package_name[extra1, extra2] - Using regex the extras will be removed from the package name. Closes anchore#1246 Signed-off-by: Shane Dell <shanedell100@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this should happen in Syft when parsing requirements.txt, no?
@kzantow So in Syft it already works ✔ Indexed requirements.txt
✔ Cataloged packages [2 packages]
NAME VERSION TYPE
celery[redis, pytest] 4.4.7 python
starlette 0.17.1 python However, when it comes back over into Grype it doesn't scan |
I mean: |
@kzantow So are you saying update Syft to remove the extras content ( |
- Update pip requirements.txt parsing to remove pip extras from package name if included. Closes anchore/grype#1246 Closes anchore/grype#1251 Signed-off-by: Shane Dell <shanedell100@gmail.com>
- Update pip requirements.txt parsing to remove pip extras from package name if included. - Add unit test to test that extras are removed from package name. Closes anchore/grype#1246 Closes anchore/grype#1251 Signed-off-by: Shane Dell <shanedell100@gmail.com>
- Create new metadata struct and type for python requirements. - Update parsing of python requirements to use python requirements metadata. - Remove pip extras from package name, add them to metadata instead. - Add unit test to test that extras are removed from package name. - Will need updated in future to support more than just == for the version constraint. Closes anchore/grype#1246 Closes anchore/grype#1251 Signed-off-by: Shane Dell <shanedell100@gmail.com>
- Create new metadata struct and type for python requirements. - Update parsing of python requirements to use python requirements metadata. - Remove pip extras from package name, add them to metadata instead. - Add unit test to test that extras are removed from package name. - Will need updated in future to support more than just == for the version constraint. Closes anchore/grype#1246 Closes anchore/grype#1251 Signed-off-by: Shane Dell <shanedell100@gmail.com>
- Create new metadata struct and type for python requirements. - Update parsing of python requirements to use python requirements metadata. - Remove pip extras from package name, add them to metadata instead. - Add unit test to test that extras are removed from package name. - Will need updated in future to support more than just == for the version constraint. Closes anchore/grype#1246 Closes anchore/grype#1251 Signed-off-by: Shane Dell <shanedell100@gmail.com>
- Create new metadata struct and type for python requirements. - Update parsing of python requirements to use python requirements metadata. - Remove pip extras from package name, add them to metadata instead. - Add unit test to test that extras are removed from package name. - Will need updated in future to support more than just == for the version constraint. Closes anchore/grype#1246 Closes anchore/grype#1251 Signed-off-by: Shane Dell <shanedell100@gmail.com>
- Create new metadata struct and type for python requirements. - Update parsing of python requirements to use python requirements metadata. - Remove pip extras from package name, add them to metadata instead. - Add unit test to test that extras are removed from package name. - Will need updated in future to support more than just == for the version constraint. - Update JSON schema data Closes anchore/grype#1246 Closes anchore/grype#1251 Signed-off-by: Shane Dell <shanedell100@gmail.com>
- Create new metadata struct and type for python requirements. - Update parsing of python requirements to use python requirements metadata. - Remove pip extras from package name, add them to metadata instead. - Add unit test to test that extras are removed from package name. - Will need updated in future to support more than just == for the version constraint. - Update JSON schema data Closes anchore/grype#1246 Closes anchore/grype#1251 Signed-off-by: Shane Dell <shanedell100@gmail.com>
- Create new metadata struct and type for python requirements. - Update parsing of python requirements to use python requirements metadata. - Remove extras and url from line. Add them to metadata instead. - Add unit test to test that extras are removed from package name. - Update test to look at requirements metadata. - Will need updated in future to support more than just == for the version constraint. - Update JSON schema data Closes anchore/grype#1246 Closes anchore/grype#1251 Signed-off-by: Shane Dell <shanedell100@gmail.com>
- Create new metadata struct and type for python requirements. - Update parsing of python requirements to use python requirements metadata. - Remove extras and url from line. Add them to metadata instead. - Add unit test to test that extras are removed from package name. - Update test to look at requirements metadata. - Will need updated in future to support more than just == for the version constraint. - Update JSON schema data Closes anchore/grype#1246 Closes anchore/grype#1251 Signed-off-by: Shane Dell <shanedell100@gmail.com>
- Create new metadata struct and type for python requirements. - Update parsing of python requirements to use python requirements metadata. - Remove extras and url from line. Add them to metadata instead. - Add unit test to test that extras are removed from package name. - Update test to look at requirements metadata. - Will need updated in future to support more than just == for the version constraint. - Update JSON schema data Closes anchore/grype#1246 Closes anchore/grype#1251 Signed-off-by: Shane Dell <shanedell100@gmail.com>
- Create new metadata struct and type for python requirements. - Update parsing of python requirements to use python requirements metadata. - Remove extras and url from line. Add them to metadata instead. - Add unit test to test that extras are removed from package name. - Update test to look at requirements metadata. - Will need updated in future to support more than just == for the version constraint. - Update JSON schema data Closes anchore/grype#1246 Closes anchore/grype#1251 Signed-off-by: Shane Dell <shanedell100@gmail.com>
Allow for pip extras
Closes #1246
Testing
Filename:
requirements.txt
Content:
Command:
go run main.go file:requirements.txt
Output Before
Output After