External sources configuration #1158
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Marco Deicas <mdeicas@google.com>
mdeicas
force-pushed
the
external-sources-config
branch
from
b94c603 to
6de5946
Compare
spiffcs
approved these changes
Aug 22, 2022
|
Brilliant! I'll get this one merged in first. Thanks a million! |
wagoodman
reviewed
Aug 22, 2022
| import "github.com/spf13/viper" | ||
|
|
||
| type ExternalSources struct { | ||
| ExternalSourcesEnabled bool `yaml:"external-sources-enabled" json:"external-sources-enabled" mapstructure:"external-sources-enabled"` |
There was a problem hiding this comment.
Suggested change
| ExternalSourcesEnabled bool `yaml:"external-sources-enabled" json:"external-sources-enabled" mapstructure:"external-sources-enabled"` | |
| Enabled bool `yaml:"enabled" json:"enabled" mapstructure:"enabled"` |
| } | ||
|
|
||
| func (e ExternalSources) loadDefaultValues(v *viper.Viper) { | ||
| v.SetDefault("external-sources-enabled", false) |
There was a problem hiding this comment.
Suggested change
| v.SetDefault("external-sources-enabled", false) | |
| v.SetDefault("external-sources.enabled", false) |
| @@ -41,6 +41,8 @@ type Cataloger interface { | |||
| Name() string | |||
| // Catalog is given an object to resolve file references and content, this function returns any discovered Packages after analyzing the catalog source. | |||
| Catalog(resolver source.FileResolver) ([]pkg.Package, []artifact.Relationship, error) | |||
| // UsesExternalSources returns if the cataloger uses external sources, such as querying a database | |||
| UsesExternalSources() bool | |||
There was a problem hiding this comment.
I don't think we want to make this part of the cataloger interface, instead we should be passing in indication of this configuration to cataloger constructors, and constructors that return nil instances and nil error are discarded from the list of package catalogers.
spiffcs
added a commit
to scothis/syft
that referenced
this pull request
Aug 24, 2022
* main: Update syft bootstrap tools to latest versions. (anchore#1171) Fix update-bootstrap-tools workflow (anchore#1170) workflow to create automated PRs to update bootstrap tools (anchore#1167) feat: add support for licenses in package-lock json v2 (anchore#1164) External sources configuration (anchore#1158) feat: add support for pnpm (anchore#1166) Prevent symlinks causing duplicate package-file relationships (anchore#1168) Associate node package licenses from node_modules (anchore#1152) Give the contributing guide a substantial rework (anchore#1155) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
spiffcs
added a commit
that referenced
this pull request
Aug 25, 2022
* main: Update syft bootstrap tools to latest versions. (#1176) enhance development support on macOS ARM (#1163) Capture if a node module is private (#1161) Find version numbers from jars with different naming conventions (#1174) Update syft bootstrap tools to latest versions. (#1171) Fix update-bootstrap-tools workflow (#1170) workflow to create automated PRs to update bootstrap tools (#1167) feat: add support for licenses in package-lock json v2 (#1164) External sources configuration (#1158) feat: add support for pnpm (#1166) Prevent symlinks causing duplicate package-file relationships (#1168) Associate node package licenses from node_modules (#1152)
spiffcs
added a commit
that referenced
this pull request
Sep 1, 2022
This reverts commit 1329688. Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
spiffcs
added a commit
that referenced
this pull request
Sep 1, 2022
cpendery
pushed a commit
to cpendery/syft
that referenced
this pull request
Sep 11, 2022
reverted as functionality is to be merged with dev branch of kubecon draft
spiffcs
added a commit
that referenced
this pull request
Sep 19, 2022
aiwantaozi
pushed a commit
to aiwantaozi/syft
that referenced
this pull request
Oct 20, 2022
aiwantaozi
pushed a commit
to aiwantaozi/syft
that referenced
this pull request
Oct 20, 2022
reverted as functionality is to be merged with dev branch of kubecon draft
spiffcs
added a commit
that referenced
this pull request
Oct 21, 2022
spiffcs
added a commit
that referenced
this pull request
Oct 21, 2022
spiffcs
pushed a commit
that referenced
this pull request
Oct 25, 2022
spiffcs
pushed a commit
that referenced
this pull request
Oct 25, 2022
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
GijsCalis
pushed a commit
to GijsCalis/syft
that referenced
this pull request
Feb 19, 2024
GijsCalis
pushed a commit
to GijsCalis/syft
that referenced
this pull request
Feb 19, 2024
reverted as functionality is to be merged with dev branch of kubecon draft
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The use of external sources is new to Syft, and they must be managed thoughtfully (i.e. configurability, clear to users what has been used and how). This PR proposes a way to do so. It is motivated by #1159 and #1115.
It adds a new external sources configuration, an additional function that catalogers must implement, and a cli flag to shut off the use of external sources. This approach assumes that external sources will only come into Syft through catalogers.
When catalogers are implemented that use external sources, they must add their own configuration options to the application-wide external sources configuration created here.