-
Notifications
You must be signed in to change notification settings - Fork 587
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: further improvements to CPE generation for apk packages #1623
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Benchmark Test ResultsBenchmark results from the latest changes vs base branch
|
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
westonsteimel
force-pushed
the
apk-cpe-gen-improvements
branch
from
February 25, 2023 10:05
d49951a
to
ac012d9
Compare
spiffcs
approved these changes
Feb 27, 2023
This was referenced Mar 2, 2023
Closed
This was referenced Mar 3, 2023
GijsCalis
pushed a commit
to GijsCalis/syft
that referenced
this pull request
Feb 19, 2024
…#1623) * fix: consider upstream logic during apk cpe gen * fix: correct apk CPE for go * fix: correct apk CPE for ruby * fix: correct apk CPE for bazel * fix: correct apk CPE for clang * fix: correct apk CPE for openjdk * fix: correct apk CPE for glibc * fix: correct apk CPE for gli * fix: correct apk CPE for bas * fix: correct apk CPE for alsa-lib * fix: correct apk CPE for alsa * fix: determine apk cpe vendor from known URLs * fix: add more url prefix->vendor mappings for apk * refactor: allow reuse of vendor by url prefix logic * feat: extract username as vendor candidate from github/gitlab Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds many known CPE vendor candidates to APK CPE generation as well as using known project URL prefixes from APK metadata to generate known vendor candidates. Eventually we might be able to remove some of the overrides in
candidate_by_packages_type.go
and rely on the URL logic; however, currently apks installed from Wolfi don't include any URL info, so we will retain them for now.