Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Add java/npm to inline comparison #235

Merged
merged 4 commits into from
Oct 27, 2020
Merged

Add java/npm to inline comparison #235

merged 4 commits into from
Oct 27, 2020

Conversation

wagoodman
Copy link
Contributor

@wagoodman wagoodman commented Oct 23, 2020
edited
Loading

  • Adds java and npm package comparison
  • Adds probable matching of extra packages syft found and missing packages that syft did not find (but inline did). This way there is a section of output that fuzzy-matches the package names to get a better sense of "real" problems (actual missing packages) vs slightly mismatched metadata during troubleshooting.
  • Adds a set or probable missing packages to the report based on the probable matches (again, to aid in troubleshooting)
  • Fixes image reference clean function to support references with registries
  • Only shows metadata differences when the package was found by both inline and syft
  • Splits the inline-compare code into more manageable pieces

@wagoodman
add java/npm to inline-compare; show probable matches
042869a 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
@wagoodman
add section to inline compare to show probable missing packages
26a0cc7 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
@wagoodman wagoodman added the enhancement New feature or request label Oct 23, 2020
@wagoodman wagoodman requested a review from a team October 23, 2020 11:24
@wagoodman wagoodman self-assigned this Oct 23, 2020
@wagoodman
only show mismatched metadata for existing packages
1aa5ee6 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
@wagoodman
split inline-compare script into more manageable pieces
995dd74 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
@wagoodman wagoodman force-pushed the enhance-inline-compare branch from dbb6cf4 to 995dd74 Compare October 27, 2020 17:27
@wagoodman wagoodman merged commit f9407d0 into main Oct 27, 2020
@wagoodman wagoodman deleted the enhance-inline-compare branch October 27, 2020 17:43
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@wagoodman
Add java/npm to inline comparison (anchore#235)
acdc7db 
* Adds java and npm package comparison
* Adds probable matching of extra packages syft found and missing packages that syft did not find (but inline did). This way there is a section of output that fuzzy-matches the package names to get a better sense of "real" problems (actual missing packages) vs slightly mismatched metadata during troubleshooting.
* Adds a set or probable missing packages to the report based on the probable matches (again, to aid in troubleshooting)
* Fixes image reference clean function to support references with registries
* Only shows metadata differences when the package was found by both inline and syft
* Splits the inline-compare code into more manageable pieces

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees

@wagoodman wagoodman

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wagoodman @luhring