crash.software
Projects
Pull Requests
Issues
Builds
syft
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY syft Commits dfcc07e5
🤬
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■ ■
    README.md
    skipped 109 lines
    110 110  syft <image> --scope all-layers
    111 111  ```
    112 112   
    113  - 
    114  - 
    115  -## Supported sources
     113 +### Supported sources
    116 114   
    117 115  Syft can generate a SBOM from a variety of sources:
    118 116   
    skipped 22 lines
    141 139  registry:yourrepo/yourimage:tag pull image directly from a registry (no container runtime required)
    142 140  ```
    143 141   
    144  -#### Default Cataloger Configuration by scan type
     142 +If an image source is not provided and cannot be detected from the given reference it is assumed the image should be pulled from the Docker daemon.
     143 +If docker is not present, then the Podman daemon is attempted next, followed by reaching out directly to the image registry last.
     144 + 
     145 + 
     146 +This default behavior can be overridden with the `default-image-pull-source` configuration option (See [Configuration](https://github.com/anchore/syft#configuration) for more details).
     147 + 
     148 +### Default Cataloger Configuration by scan type
    145 149   
    146 150  ##### Image Scanning:
    147 151  - alpmdb
    skipped 31 lines
    179 183  - conan
    180 184  - hackage
    181 185   
    182  -#### Non Default:
     186 +##### Non Default:
    183 187  - cargo-auditable-binary
    184 188   
    185 189  ### Excluding file paths
    skipped 207 lines
    393 397  Certificate issuer URL: https://accounts.google.com
    394 398  ```
    395 399   
    396  -#### Local private key support
     400 +### Local private key support
    397 401   
    398 402  To generate an SBOM attestation for a container image using a local private key:
    399 403  ```
    skipped 35 lines
    435 439  # enable/disable checking for application updates on startup
    436 440  # same as SYFT_CHECK_FOR_APP_UPDATE env var
    437 441  check-for-app-update: true
     442 + 
     443 +# allows users to specify which image source should be used to generate the sbom
     444 +# valid values are: registry, docker, podman
     445 +default-image-pull-source: ""
    438 446   
    439 447  # a list of globs to exclude from scanning. same as --exclude ; for example:
    440 448  # exclude:
    skipped 221 lines
  • ■ ■ ■ ■
    cmd/syft/cli/attest/attest.go
    skipped 46 lines
    47 47   // could be an image or a directory, with or without a scheme
    48 48   // TODO: validate that source is image
    49 49   userInput := args[0]
    50  - si, err := source.ParseInputWithName(userInput, app.Platform, true, app.Name)
     50 + si, err := source.ParseInputWithName(userInput, app.Platform, app.Name, app.DefaultImagePullSource)
    51 51   if err != nil {
    52 52   return fmt.Errorf("could not generate source input for packages command: %w", err)
    53 53   }
    skipped 192 lines
  • ■ ■ ■ ■
    cmd/syft/cli/packages/packages.go
    skipped 41 lines
    42 42   
    43 43   // could be an image or a directory, with or without a scheme
    44 44   userInput := args[0]
    45  - si, err := source.ParseInputWithName(userInput, app.Platform, true, app.Name)
     45 + si, err := source.ParseInputWithName(userInput, app.Platform, app.Name, app.DefaultImagePullSource)
    46 46   if err != nil {
    47 47   return fmt.Errorf("could not generate source input for packages command: %w", err)
    48 48   }
    skipped 104 lines
  • ■ ■ ■ ■
    cmd/syft/cli/poweruser/poweruser.go
    skipped 46 lines
    47 47   }()
    48 48   
    49 49   userInput := args[0]
    50  - si, err := source.ParseInputWithName(userInput, app.Platform, true, app.Name)
     50 + si, err := source.ParseInputWithName(userInput, app.Platform, app.Name, app.DefaultImagePullSource)
    51 51   if err != nil {
    52 52   return fmt.Errorf("could not generate source input for packages command: %w", err)
    53 53   }
    skipped 67 lines
  • ■ ■ ■ ■ ■ ■
    internal/config/application.go
    skipped 39 lines
    40 40   ConfigPath string `yaml:"configPath,omitempty" json:"configPath" mapstructure:"config"`
    41 41   Verbosity uint `yaml:"verbosity,omitempty" json:"verbosity" mapstructure:"verbosity"`
    42 42   // -q, indicates to not show any status output to stderr (ETUI or logging UI)
    43  - Quiet bool `yaml:"quiet" json:"quiet" mapstructure:"quiet"`
    44  - Outputs []string `yaml:"output" json:"output" mapstructure:"output"` // -o, the format to use for output
    45  - OutputTemplatePath string `yaml:"output-template-path" json:"output-template-path" mapstructure:"output-template-path"` // -t template file to use for output
    46  - File string `yaml:"file" json:"file" mapstructure:"file"` // --file, the file to write report output to
    47  - CheckForAppUpdate bool `yaml:"check-for-app-update" json:"check-for-app-update" mapstructure:"check-for-app-update"` // whether to check for an application update on start up or not
    48  - Dev development `yaml:"dev" json:"dev" mapstructure:"dev"`
    49  - Log logging `yaml:"log" json:"log" mapstructure:"log"` // all logging-related options
    50  - Catalogers []string `yaml:"catalogers" json:"catalogers" mapstructure:"catalogers"`
    51  - Package pkg `yaml:"package" json:"package" mapstructure:"package"`
    52  - Golang golang `yaml:"golang" json:"golang" mapstructure:"golang"`
    53  - Attest attest `yaml:"attest" json:"attest" mapstructure:"attest"`
    54  - FileMetadata FileMetadata `yaml:"file-metadata" json:"file-metadata" mapstructure:"file-metadata"`
    55  - FileClassification fileClassification `yaml:"file-classification" json:"file-classification" mapstructure:"file-classification"`
    56  - FileContents fileContents `yaml:"file-contents" json:"file-contents" mapstructure:"file-contents"`
    57  - Secrets secrets `yaml:"secrets" json:"secrets" mapstructure:"secrets"`
    58  - Registry registry `yaml:"registry" json:"registry" mapstructure:"registry"`
    59  - Exclusions []string `yaml:"exclude" json:"exclude" mapstructure:"exclude"`
    60  - Platform string `yaml:"platform" json:"platform" mapstructure:"platform"`
    61  - Name string `yaml:"name" json:"name" mapstructure:"name"`
    62  - Parallelism int `yaml:"parallelism" json:"parallelism" mapstructure:"parallelism"` // the number of catalog workers to run in parallel
     43 + Quiet bool `yaml:"quiet" json:"quiet" mapstructure:"quiet"`
     44 + Outputs []string `yaml:"output" json:"output" mapstructure:"output"` // -o, the format to use for output
     45 + OutputTemplatePath string `yaml:"output-template-path" json:"output-template-path" mapstructure:"output-template-path"` // -t template file to use for output
     46 + File string `yaml:"file" json:"file" mapstructure:"file"` // --file, the file to write report output to
     47 + CheckForAppUpdate bool `yaml:"check-for-app-update" json:"check-for-app-update" mapstructure:"check-for-app-update"` // whether to check for an application update on start up or not
     48 + Dev development `yaml:"dev" json:"dev" mapstructure:"dev"`
     49 + Log logging `yaml:"log" json:"log" mapstructure:"log"` // all logging-related options
     50 + Catalogers []string `yaml:"catalogers" json:"catalogers" mapstructure:"catalogers"`
     51 + Package pkg `yaml:"package" json:"package" mapstructure:"package"`
     52 + Golang golang `yaml:"golang" json:"golang" mapstructure:"golang"`
     53 + Attest attest `yaml:"attest" json:"attest" mapstructure:"attest"`
     54 + FileMetadata FileMetadata `yaml:"file-metadata" json:"file-metadata" mapstructure:"file-metadata"`
     55 + FileClassification fileClassification `yaml:"file-classification" json:"file-classification" mapstructure:"file-classification"`
     56 + FileContents fileContents `yaml:"file-contents" json:"file-contents" mapstructure:"file-contents"`
     57 + Secrets secrets `yaml:"secrets" json:"secrets" mapstructure:"secrets"`
     58 + Registry registry `yaml:"registry" json:"registry" mapstructure:"registry"`
     59 + Exclusions []string `yaml:"exclude" json:"exclude" mapstructure:"exclude"`
     60 + Platform string `yaml:"platform" json:"platform" mapstructure:"platform"`
     61 + Name string `yaml:"name" json:"name" mapstructure:"name"`
     62 + Parallelism int `yaml:"parallelism" json:"parallelism" mapstructure:"parallelism"` // the number of catalog workers to run in parallel
     63 + DefaultImagePullSource string `yaml:"default-image-pull-source" json:"default-image-pull-source" mapstructure:"default-image-pull-source"` // specify default image pull source
    63 64  }
    64 65   
    65 66  func (cfg Application) ToCatalogerConfig() cataloger.Config {
    skipped 64 lines
    130 131   return err
    131 132   }
    132 133   }
     134 + 
     135 + if err := checkDefaultSourceValues(cfg.DefaultImagePullSource); err != nil {
     136 + return err
     137 + }
     138 + 
     139 + // check for valid default source options
    133 140   // parse nested config options
    134 141   // for each field in the configuration struct, see if the field implements the parser interface
    135 142   // note: the app config is a pointer, so we need to grab the elements explicitly (to traverse the address)
    skipped 56 lines
    192 199   v.SetDefault("check-for-app-update", true)
    193 200   v.SetDefault("catalogers", nil)
    194 201   v.SetDefault("parallelism", 1)
     202 + v.SetDefault("default-image-pull-source", "")
    195 203   
    196 204   // for each field in the configuration struct, see if the field implements the defaultValueLoader interface and invoke it if it does
    197 205   value := reflect.ValueOf(Application{})
    skipped 94 lines
    292 300   return nil
    293 301  }
    294 302   
     303 +var validDefaultSourceValues = []string{"registry", "docker", "podman", ""}
     304 + 
     305 +func checkDefaultSourceValues(source string) error {
     306 + validValues := internal.NewStringSet(validDefaultSourceValues...)
     307 + if !validValues.Contains(source) {
     308 + validValuesString := strings.Join(validDefaultSourceValues, ", ")
     309 + return fmt.Errorf("%s is not a valid default source; please use one of the following: %s''", source, validValuesString)
     310 + }
     311 + 
     312 + return nil
     313 +}
     314 + 
  • ■ ■ ■ ■ ■ ■
    syft/source/source.go
    skipped 39 lines
    40 40  // Input is an object that captures the detected user input regarding source location, scheme, and provider type.
    41 41  // It acts as a struct input for some source constructors.
    42 42  type Input struct {
    43  - UserInput string
    44  - Scheme Scheme
    45  - ImageSource image.Source
    46  - Location string
    47  - Platform string
    48  - Name string
    49  - autoDetectAvailableImageSources bool
     43 + UserInput string
     44 + Scheme Scheme
     45 + ImageSource image.Source
     46 + Location string
     47 + Platform string
     48 + Name string
    50 49  }
    51 50   
    52 51  // ParseInput generates a source Input that can be used as an argument to generate a new source
    53 52  // from specific providers including a registry.
    54  -func ParseInput(userInput string, platform string, detectAvailableImageSources bool) (*Input, error) {
    55  - return ParseInputWithName(userInput, platform, detectAvailableImageSources, "")
     53 +func ParseInput(userInput string, platform string) (*Input, error) {
     54 + return ParseInputWithName(userInput, platform, "", "")
    56 55  }
    57 56   
    58 57  // ParseInputWithName generates a source Input that can be used as an argument to generate a new source
    59 58  // from specific providers including a registry, with an explicit name.
    60  -func ParseInputWithName(userInput string, platform string, detectAvailableImageSources bool, name string) (*Input, error) {
     59 +func ParseInputWithName(userInput string, platform, name, defaultImageSource string) (*Input, error) {
    61 60   fs := afero.NewOsFs()
    62 61   scheme, source, location, err := DetectScheme(fs, image.DetectSource, userInput)
    63 62   if err != nil {
    skipped 5 lines
    69 68   // only check on packages command, attest we automatically try to pull from userInput
    70 69   switch scheme {
    71 70   case ImageScheme, UnknownScheme:
    72  - if detectAvailableImageSources {
    73  - if imagePullSource := image.DetermineDefaultImagePullSource(userInput); imagePullSource != image.UnknownSource {
    74  - scheme = ImageScheme
    75  - source = imagePullSource
    76  - location = userInput
    77  - }
     71 + scheme = ImageScheme
     72 + location = userInput
     73 + if defaultImageSource != "" {
     74 + source = parseDefaultImageSource(defaultImageSource)
     75 + } else {
     76 + imagePullSource := image.DetermineDefaultImagePullSource(userInput)
     77 + source = imagePullSource
    78 78   }
    79 79   if location == "" {
    80 80   location = userInput
    skipped 8 lines
    89 89   
    90 90   // collect user input for downstream consumption
    91 91   return &Input{
    92  - UserInput: userInput,
    93  - Scheme: scheme,
    94  - ImageSource: source,
    95  - Location: location,
    96  - Platform: platform,
    97  - Name: name,
    98  - autoDetectAvailableImageSources: detectAvailableImageSources,
     92 + UserInput: userInput,
     93 + Scheme: scheme,
     94 + ImageSource: source,
     95 + Location: location,
     96 + Platform: platform,
     97 + Name: name,
    99 98   }, nil
     99 +}
     100 + 
     101 +func parseDefaultImageSource(defaultImageSource string) image.Source {
     102 + switch defaultImageSource {
     103 + case "registry":
     104 + return image.OciRegistrySource
     105 + case "docker":
     106 + return image.DockerDaemonSource
     107 + case "podman":
     108 + return image.PodmanDaemonSource
     109 + default:
     110 + return image.UnknownSource
     111 + }
    100 112  }
    101 113   
    102 114  type sourceDetector func(string) (image.Source, string, error)
    skipped 100 lines
    203 215   
    204 216   // We need to determine the image source again, such that this determination
    205 217   // doesn't take scheme parsing into account.
    206  - if in.autoDetectAvailableImageSources {
    207  - in.ImageSource = image.DetermineDefaultImagePullSource(in.UserInput)
    208  - }
     218 + in.ImageSource = image.DetermineDefaultImagePullSource(in.UserInput)
    209 219   img, err = stereoscope.GetImageFromSource(ctx, in.UserInput, in.ImageSource, opts...)
    210 220   cleanup = func() {
    211 221   if err := img.Cleanup(); err != nil {
    skipped 364 lines
  • ■ ■ ■ ■ ■ ■
    syft/source/source_test.go
    skipped 51 lines
    52 52   if test.errFn == nil {
    53 53   test.errFn = require.NoError
    54 54   }
    55  - sourceInput, err := ParseInput(test.input, test.platform, true)
     55 + sourceInput, err := ParseInput(test.input, test.platform)
    56 56   test.errFn(t, err)
    57 57   if test.expected != "" {
    58 58   require.NotNil(t, sourceInput)
    skipped 537 lines
    596 596   registryOpts := &image.RegistryOptions{}
    597 597   for _, test := range testCases {
    598 598   t.Run(test.desc, func(t *testing.T) {
    599  - sourceInput, err := ParseInput("dir:"+test.input, "", false)
     599 + sourceInput, err := ParseInput("dir:"+test.input, "")
    600 600   require.NoError(t, err)
    601 601   src, fn, err := New(*sourceInput, registryOpts, test.exclusions)
    602 602   defer fn()
    skipped 93 lines
    696 696   for _, test := range testCases {
    697 697   t.Run(test.desc, func(t *testing.T) {
    698 698   archiveLocation := imagetest.PrepareFixtureImage(t, "docker-archive", test.input)
    699  - sourceInput, err := ParseInput(archiveLocation, "", false)
     699 + sourceInput, err := ParseInput(archiveLocation, "")
    700 700   require.NoError(t, err)
    701 701   src, fn, err := New(*sourceInput, registryOpts, test.exclusions)
    702 702   defer fn()
    skipped 235 lines
  • ■ ■ ■ ■
    test/integration/catalog_packages_test.go
    skipped 24 lines
    25 25   for _, c := range cataloger.ImageCatalogers(cataloger.DefaultConfig()) {
    26 26   // in case of future alteration where state is persisted, assume no dependency is safe to reuse
    27 27   userInput := "docker-archive:" + tarPath
    28  - sourceInput, err := source.ParseInput(userInput, "", false)
     28 + sourceInput, err := source.ParseInput(userInput, "")
    29 29   require.NoError(b, err)
    30 30   theSource, cleanupSource, err := source.New(*sourceInput, nil, nil)
    31 31   b.Cleanup(cleanupSource)
    skipped 226 lines
  • ■ ■ ■ ■ ■ ■
    test/integration/utils_test.go
    skipped 15 lines
    16 16   imagetest.GetFixtureImage(t, "docker-archive", fixtureImageName)
    17 17   tarPath := imagetest.GetFixtureImageTarPath(t, fixtureImageName)
    18 18   userInput := "docker-archive:" + tarPath
    19  - sourceInput, err := source.ParseInput(userInput, "", false)
     19 + sourceInput, err := source.ParseInput(userInput, "")
    20 20   require.NoError(t, err)
    21 21   theSource, cleanupSource, err := source.New(*sourceInput, nil, nil)
    22 22   t.Cleanup(cleanupSource)
    skipped 29 lines
    52 52   
    53 53  func catalogDirectory(t *testing.T, dir string) (sbom.SBOM, *source.Source) {
    54 54   userInput := "dir:" + dir
    55  - sourceInput, err := source.ParseInput(userInput, "", false)
     55 + sourceInput, err := source.ParseInput(userInput, "")
    56 56   require.NoError(t, err)
    57 57   theSource, cleanupSource, err := source.New(*sourceInput, nil, nil)
    58 58   t.Cleanup(cleanupSource)
    skipped 20 lines
Please wait...
Page is in error, reload to recover