-
Notifications
You must be signed in to change notification settings - Fork 587
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add file source digest support #1914
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Benchmark Test ResultsBenchmark results from the latest changes vs base branch
|
spiffcs
approved these changes
Jul 5, 2023
spiffcs
added a commit
that referenced
this pull request
Jul 11, 2023
* main: feat: CLI flag for directory base (#1867) Fix CPE gen for k8s python client (#1921) chore: update iterations to protect against race (#1927) chore(deps): update bootstrap tools to latest versions (#1922) fix: Don't use the actual redis or grpc CPEs for gems (#1926) fix(install): return with right error code (#1915) Remove erroneous Java CPEs from generation (#1918) chore(deps): bump golang.org/x/net from 0.11.0 to 0.12.0 (#1916) Switch UI to bubbletea (#1888) fix: use filepath.EvalSymlinks if os.Readlink fails to evaluate the link (#1884) add file source digest support (#1914) chore(deps): update bootstrap tools to latest versions (#1908) chore(deps): bump golang.org/x/mod from 0.11.0 to 0.12.0 (#1912) chore(deps): bump golang.org/x/term from 0.9.0 to 0.10.0 (#1913) doc(readme): add installation section with scoop (#1909) Refactor source API (#1846) chore(deps): update bootstrap tools to latest versions (#1905)
This was referenced Jul 12, 2023
Merged
This was referenced Jul 28, 2023
GijsCalis
pushed a commit
to GijsCalis/syft
that referenced
this pull request
Feb 19, 2024
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
With #1846 it became possible to express the digest of a scanned file (e.g.
syft ./go.mod -o json
can now support showing a digest in the.source
section). This new feature was only added in the json schema but not wired up to start adding values -- this PR adds this wiring.The default algorithm for file sources is sha-256, however, this is configurable with
SYFT_SOURCE_FILE_DIGEST
which can take one or more values (comma separated). This additionally expands the allowable digest algorithms in general for syft to include other sha224, sha384, and sha512. While working on this I attempted to move morefile
API surface area to underinternal
.I've migrated the
source-name
andsource-version
configuration options to reside under the newsource
struct, which will break users depending onsource-name
andsource-version
. This does not affect users depending on the CLI option.