Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Add Rekor file cataloger #1291

Closed
wants to merge 10 commits into from
Closed

Add Rekor file cataloger #1291

wants to merge 10 commits into from

Conversation

spiffcs
Copy link
Contributor

@spiffcs spiffcs commented Oct 25, 2022

No description provided.

mdeicas and others added 8 commits October 25, 2022 14:34
@mdeicas @spiffcs
Add SBOM Discovery with Rekor (#1157)
6d87b7f 
This PR adds the ability to discover build-time SBOMs from binaries with the Rekor transparency log.
It does this by creating external document references for them in SPDX JSON.

Explained in more detail in syft issue #1159

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
@mdeicas @spiffcs
improvements to rekor cataloger code (#1175)
05d7111 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
@mdeicas @spiffcs
External sources configuration (#1158)
a64a47c 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
@lumjjb @spiffcs
Add rekor-cataloger parsing JSON SPDX document (#1235)
a655e74 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
@spiffcs
chore: rebase kubecon commits for merge
a5b6c74 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
@spiffcs
test: update cataloger test to remove old es
4b2177b 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
@spiffcs
test: failing unit tests
3878d6b 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
@spiffcs
tests: add correct fixtures for utils_test
e95bd5b 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
@github-actions
Copy link

github-actions bot commented Oct 25, 2022
edited
Loading

Benchmark Test Results

Benchmark results from the latest changes vs base branch 
name                                                       old time/op    new time/op    delta
ImagePackageCatalogers/alpmdb-cataloger-2                    14.2ms ± 5%    14.3ms ± 1%     ~     (p=0.690 n=5+5)
ImagePackageCatalogers/ruby-gemspec-cataloger-2              1.64ms ± 3%    1.73ms ± 9%     ~     (p=0.151 n=5+5)
ImagePackageCatalogers/python-package-cataloger-2            4.32ms ±22%    4.08ms ± 6%     ~     (p=0.841 n=5+5)
ImagePackageCatalogers/php-composer-installed-cataloger-2    1.37ms ± 6%    1.34ms ± 1%     ~     (p=0.548 n=5+5)
ImagePackageCatalogers/javascript-package-cataloger-2         935µs ± 4%     948µs ± 1%     ~     (p=0.421 n=5+5)
ImagePackageCatalogers/dpkgdb-cataloger-2                    1.11ms ± 2%    1.11ms ± 0%     ~     (p=1.000 n=5+5)
ImagePackageCatalogers/rpm-db-cataloger-2                    1.57ms ± 2%    1.58ms ± 1%     ~     (p=0.548 n=5+5)
ImagePackageCatalogers/java-cataloger-2                      17.7ms ± 4%    17.6ms ± 3%     ~     (p=0.690 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                     1.59ms ± 3%    1.53ms ± 2%   -3.70%  (p=0.032 n=5+5)
ImagePackageCatalogers/go-module-binary-cataloger-2          8.47µs ± 2%    7.62µs ± 2%  -10.02%  (p=0.008 n=5+5)
ImagePackageCatalogers/dotnet-deps-cataloger-2               1.83ms ± 1%    1.75ms ± 0%   -4.32%  (p=0.008 n=5+5)
ImagePackageCatalogers/portage-cataloger-2                    911µs ± 3%     896µs ± 1%     ~     (p=0.548 n=5+5)

name                                                       old alloc/op   new alloc/op   delta
ImagePackageCatalogers/alpmdb-cataloger-2                    5.26MB ± 0%    5.26MB ± 0%     ~     (p=0.841 n=5+5)
ImagePackageCatalogers/ruby-gemspec-cataloger-2               202kB ± 0%     202kB ± 0%     ~     (p=0.841 n=5+5)
ImagePackageCatalogers/python-package-cataloger-2             945kB ± 0%     945kB ± 0%     ~     (p=0.841 n=5+5)
ImagePackageCatalogers/php-composer-installed-cataloger-2     214kB ± 0%     213kB ± 0%     ~     (p=0.587 n=5+5)
ImagePackageCatalogers/javascript-package-cataloger-2         158kB ± 0%     158kB ± 0%     ~     (p=0.516 n=5+5)
ImagePackageCatalogers/dpkgdb-cataloger-2                     199kB ± 0%     199kB ± 0%     ~     (p=0.095 n=5+5)
ImagePackageCatalogers/rpm-db-cataloger-2                     301kB ± 0%     301kB ± 0%   -0.12%  (p=0.008 n=5+5)
ImagePackageCatalogers/java-cataloger-2                      3.44MB ± 0%    3.44MB ± 0%     ~     (p=1.000 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                     1.25MB ± 0%    1.25MB ± 0%     ~     (p=0.690 n=5+5)
ImagePackageCatalogers/go-module-binary-cataloger-2          1.12kB ± 0%    1.12kB ± 0%     ~     (all equal)
ImagePackageCatalogers/dotnet-deps-cataloger-2                376kB ± 0%     377kB ± 0%     ~     (p=0.222 n=5+5)
ImagePackageCatalogers/portage-cataloger-2                    136kB ± 0%     136kB ± 0%     ~     (p=0.056 n=5+5)

name                                                       old allocs/op  new allocs/op  delta
ImagePackageCatalogers/alpmdb-cataloger-2                     85.7k ± 0%     85.7k ± 0%     ~     (p=1.000 n=5+5)
ImagePackageCatalogers/ruby-gemspec-cataloger-2               4.24k ± 0%     4.23k ± 0%     ~     (p=0.333 n=4+5)
ImagePackageCatalogers/python-package-cataloger-2             16.5k ± 0%     16.5k ± 0%     ~     (p=1.000 n=5+5)
ImagePackageCatalogers/php-composer-installed-cataloger-2     5.50k ± 0%     5.50k ± 0%     ~     (p=0.968 n=4+5)
ImagePackageCatalogers/javascript-package-cataloger-2         3.31k ± 0%     3.31k ± 0%     ~     (p=0.238 n=4+5)
ImagePackageCatalogers/dpkgdb-cataloger-2                     4.50k ± 0%     4.50k ± 0%     ~     (all equal)
ImagePackageCatalogers/rpm-db-cataloger-2                     8.11k ± 0%     8.11k ± 0%     ~     (all equal)
ImagePackageCatalogers/java-cataloger-2                       57.5k ± 0%     57.5k ± 0%     ~     (p=0.889 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                      5.39k ± 0%     5.39k ± 0%     ~     (p=0.333 n=4+5)
ImagePackageCatalogers/go-module-binary-cataloger-2            38.0 ± 0%      38.0 ± 0%     ~     (all equal)
ImagePackageCatalogers/dotnet-deps-cataloger-2                7.32k ± 0%     7.32k ± 0%     ~     (all equal)
ImagePackageCatalogers/portage-cataloger-2                    3.58k ± 0%     3.58k ± 0%     ~     (all equal)

@spiffcs
refactor: remove EXPERIMENTAL
ae54571 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
@spiffcs
lint: fix linter
dcf545a 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
@wagoodman wagoodman added WIP work in progress / do not merge blocked Progress is being stopped by something labels Jan 12, 2023
@wagoodman
Copy link
Contributor

@spiffcs I'm curious about the next steps with this branch to get it into main. Can you shout out what's needed and what is blocking this?

@wagoodman wagoodman changed the title WIP: 🚧 Rekor File Cataloger Rebased onto main 🚧 Add Rekor file cataloger Jan 12, 2023
@popey popey mentioned this pull request Jun 20, 2024
Closed
@wagoodman
Copy link
Contributor

This has a large layer of dust on it, I think there are a few things missing from this that would be critical to getting it merged. One is a trust model in place and the other making this opt in (on by default would not be safe). I'm going to close this for now, but we can always resurrect this if there is more interest in the future.

@wagoodman wagoodman closed this Jun 20, 2024
@spiffcs spiffcs deleted the kube-con-final branch November 17, 2024 19:20
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
blocked Progress is being stopped by something WIP work in progress / do not merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@spiffcs @wagoodman @mdeicas @lumjjb