Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

fix: suppress some known incorrect vendor candidates for npm CPEs #1659

Merged
merged 1 commit into from
Mar 7, 2023
Merged

fix: suppress some known incorrect vendor candidates for npm CPEs #1659

merged 1 commit into from
Mar 7, 2023

Conversation

westonsteimel
Copy link
Contributor

No description provided.

@westonsteimel
fix: suppress some known incorrect vendor candidates for npm CPEs
93cb933 
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
@westonsteimel westonsteimel requested a review from a team March 7, 2023 14:31
@github-actions
Copy link

github-actions bot commented Mar 7, 2023

Benchmark Test Results

Benchmark results from the latest changes vs base branch 
goos: linux
goarch: amd64
pkg: github.com/anchore/syft/test/integration
cpu: Intel(R) Xeon(R) Platinum 8370C CPU @ 2.80GHz
                                                          │ ./.tmp/benchmark-0c21453.txt │
                                                          │            sec/op            │
ImagePackageCatalogers/alpmdb-cataloger-2                                   11.76m ± 20%
ImagePackageCatalogers/ruby-gemspec-cataloger-2                             812.6µ ±  3%
ImagePackageCatalogers/python-package-cataloger-2                           3.031m ±  2%
ImagePackageCatalogers/php-composer-installed-cataloger-2                   652.6µ ±  1%
ImagePackageCatalogers/javascript-package-cataloger-2                       377.9µ ±  2%
ImagePackageCatalogers/dpkgdb-cataloger-2                                   466.7µ ±  1%
ImagePackageCatalogers/rpm-db-cataloger-2                                   438.9µ ±  1%
ImagePackageCatalogers/java-cataloger-2                                     10.51m ±  1%
ImagePackageCatalogers/graalvm-native-image-cataloger-2                     8.101µ ±  2%
ImagePackageCatalogers/apkdb-cataloger-2                                    503.9µ ±  1%
ImagePackageCatalogers/go-module-binary-cataloger-2                         18.09µ ±  0%
ImagePackageCatalogers/dotnet-deps-cataloger-2                              952.1µ ±  1%
ImagePackageCatalogers/portage-cataloger-2                                  286.5µ ±  1%
ImagePackageCatalogers/sbom-cataloger-2                                     104.6µ ±  1%
ImagePackageCatalogers/binary-cataloger-2                                   181.8µ ±  1%
geomean                                                                     448.1µ

                                                          │ ./.tmp/benchmark-0c21453.txt │
                                                          │             B/op             │
ImagePackageCatalogers/alpmdb-cataloger-2                                   5.060Mi ± 0%
ImagePackageCatalogers/ruby-gemspec-cataloger-2                             123.9Ki ± 0%
ImagePackageCatalogers/python-package-cataloger-2                           947.6Ki ± 0%
ImagePackageCatalogers/php-composer-installed-cataloger-2                   155.8Ki ± 0%
ImagePackageCatalogers/javascript-package-cataloger-2                       98.39Ki ± 0%
ImagePackageCatalogers/dpkgdb-cataloger-2                                   144.7Ki ± 0%
ImagePackageCatalogers/rpm-db-cataloger-2                                   170.8Ki ± 0%
ImagePackageCatalogers/java-cataloger-2                                     2.723Mi ± 0%
ImagePackageCatalogers/graalvm-native-image-cataloger-2                     1.555Ki ± 0%
ImagePackageCatalogers/apkdb-cataloger-2                                    129.3Ki ± 0%
ImagePackageCatalogers/go-module-binary-cataloger-2                         3.133Ki ± 0%
ImagePackageCatalogers/dotnet-deps-cataloger-2                              314.2Ki ± 0%
ImagePackageCatalogers/portage-cataloger-2                                  75.57Ki ± 0%
ImagePackageCatalogers/sbom-cataloger-2                                     13.09Ki ± 0%
ImagePackageCatalogers/binary-cataloger-2                                   26.97Ki ± 0%
geomean                                                                     108.5Ki

                                                          │ ./.tmp/benchmark-0c21453.txt │
                                                          │          allocs/op           │
ImagePackageCatalogers/alpmdb-cataloger-2                                    86.71k ± 0%
ImagePackageCatalogers/ruby-gemspec-cataloger-2                              2.049k ± 0%
ImagePackageCatalogers/python-package-cataloger-2                            15.49k ± 0%
ImagePackageCatalogers/php-composer-installed-cataloger-2                    3.457k ± 0%
ImagePackageCatalogers/javascript-package-cataloger-2                        1.381k ± 0%
ImagePackageCatalogers/dpkgdb-cataloger-2                                    2.646k ± 0%
ImagePackageCatalogers/rpm-db-cataloger-2                                    3.759k ± 0%
ImagePackageCatalogers/java-cataloger-2                                      38.27k ± 0%
ImagePackageCatalogers/graalvm-native-image-cataloger-2                       40.00 ± 0%
ImagePackageCatalogers/apkdb-cataloger-2                                     3.437k ± 0%
ImagePackageCatalogers/go-module-binary-cataloger-2                           101.0 ± 0%
ImagePackageCatalogers/dotnet-deps-cataloger-2                               5.010k ± 0%
ImagePackageCatalogers/portage-cataloger-2                                   1.487k ± 0%
ImagePackageCatalogers/sbom-cataloger-2                                       392.0 ± 0%
ImagePackageCatalogers/binary-cataloger-2                                     772.0 ± 0%
geomean                                                                      2.220k

@westonsteimel westonsteimel enabled auto-merge (squash) March 7, 2023 14:40
kzantow
kzantow approved these changes Mar 7, 2023
View reviewed changes
Copy link
Contributor

@kzantow kzantow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@westonsteimel westonsteimel merged commit 096d2b7 into main Mar 7, 2023
@westonsteimel westonsteimel deleted the squash-npm-cpe-fps branch March 7, 2023 15:18
@westonsteimel westonsteimel added the changelog-ignore Don't include this issue in the release changelog label Mar 8, 2023
spiffcs added a commit to deitch/syft that referenced this pull request Mar 21, 2023
@spiffcs
Merge branch 'main' into proper-license-expression
fef61e1 
* main: (47 commits)
  Deprecate config.yaml as valid config source; Add unit regression for correct config paths (anchore#1640)
  chore: Update syft bootstrap tools to latest versions. (anchore#1682)
  Update documentation: (anchore#1680)
  chore: Update Stereoscope to 7928713c391e20abaede6a029f4ce37b628a4c8b (anchore#1681)
  fix: reduce logging for bad dpkg lines (anchore#1675)
  fix ruby classifier (anchore#1678)
  feat: add shared dir for easier cleanup (anchore#1676)
  chore(deps): bump github.com/google/go-containerregistry (anchore#1672)
  chore(deps): bump actions/setup-go from 3 to 4 (anchore#1671)
  fix: move defer after error to protect panic case (anchore#1670)
  feat: add argocd, helm, kustomize and kubectl binary classifiers (anchore#1663)
  defer closing file (anchore#1668)
  fix: remove author contributing to javascript CPEs (anchore#1669)
  fix: more python matching support (anchore#1667)
  Update syft bootstrap tools to latest versions. (anchore#1666)
  feat: add ruby classifier (anchore#1665)
  Update syft bootstrap tools to latest versions. (anchore#1658)
  fix: improved Python binary detection (anchore#1648)
  fix: suppress some known incorrect vendor candidates for npm CPEs (anchore#1659)
  fix: sanitize SPDX LicenseRefs (anchore#1657)
  ...

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@westonsteimel
fix: suppress some known incorrect vendor candidates for npm CPEs (an…
49ac4a5 
…chore#1659)

Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@kzantow kzantow kzantow approved these changes

Assignees
No one assigned
Labels
changelog-ignore Don't include this issue in the release changelog
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@westonsteimel @kzantow