Add Erlang OTP Application cataloger #2403
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
LaurentGoderre
force-pushed
the
erlang-otp-cataloger
branch
5 times, most recently
from
dda083a to
0a0caf4
Compare
wagoodman
reviewed
Dec 11, 2023
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
LaurentGoderre
force-pushed
the
erlang-otp-cataloger
branch
from
0a0caf4 to
7d959ab
Compare
LaurentGoderre
commented
Dec 22, 2023
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
LaurentGoderre
force-pushed
the
erlang-otp-cataloger
branch
from
7d959ab to
0c26738
Compare
wagoodman
reviewed
Feb 2, 2024
|
I can spend a little time today getting this rebased and ready for review/merge |
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
wagoodman
force-pushed
the
erlang-otp-cataloger
branch
from
6f8fe24 to
2787029
Compare
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
wagoodman
force-pushed
the
erlang-otp-cataloger
branch
from
02ff1c3 to
c1e7645
Compare
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
|
I've made one function alteration: the OTP cataloger is only active in directory scans, not image scans. But I'm not 100% certain it's correct, would the *.app be indicative of an description? or evidence of an installation? For the meantime I'm going to assume that it should follow other description-based catalogers (if this is wrong we can open it up to image scans in another small follow up PR) |
wagoodman
approved these changes
Feb 2, 2024
GijsCalis
pushed a commit
to GijsCalis/syft
that referenced
this pull request
Feb 19, 2024
* Add cataloger for Erlang OTP applications Signed-off-by: Laurent Goderre <laurent.goderre@docker.com> * Add OTP Package type and Purl for ErLang Signed-off-by: Laurent Goderre <laurent.goderre@docker.com> * remove erlang OTP metadata type Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * use OTP purl type Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * restore otp fixture and adjust tests for dir-only results Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Laurent Goderre <laurent.goderre@docker.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds a cataloger for Erlang OTP applications.
Depends on:
ErLang OTP Manifest format: https://www.erlang.org/doc/man/app.html
OTP Purl proposal: https://erlef.github.io/security-wg/specs/otp_purl_type.html