From 0c4b99c1c25bad096de834d24c531d1b0ba5054e Mon Sep 17 00:00:00 2001 From: patrikbeno Date: Wed, 16 Nov 2022 20:11:45 +0100 Subject: [PATCH] SBOM cataloger (#1029) * SBOM cataloger Signed-off-by: Patrik Beno * sbom-cataloger: turn off by default and add integration test Signed-off-by: Patrik Beno * SBOM cataloger Signed-off-by: Patrik Beno * SBOM cataloger (optimize) Signed-off-by: Patrik Beno * SBOM cataloger (fix) Signed-off-by: Patrik Beno * SBOM cataloger (fix imports #1172) Signed-off-by: Patrik Beno * SBOM cataloger (fix: support group attribute in CDX SBOMs) Signed-off-by: Patrik Beno * port to generic cataloger and add relationship to original file Signed-off-by: Alex Goodman * generalize parser for all format globs Signed-off-by: Alex Goodman Signed-off-by: Patrik Beno Signed-off-by: Alex Goodman Co-authored-by: Tom Fay Co-authored-by: Alex Goodman --- cmd/syft/cli/options/format.go | 25 +- syft/artifact/relationship.go | 3 + syft/encode_decode.go | 28 +- syft/formats.go | 83 +- .../formats/common/spdxhelpers/source_info.go | 3 + syft/formats/formats.go | 124 + syft/{ => formats}/formats_test.go | 10 +- .../test-fixtures/alpine-syft.json | 0 syft/pkg/cataloger/cataloger.go | 4 + .../internal/pkgtest/test_generic_parser.go | 5 + syft/pkg/cataloger/sbom/cataloger.go | 62 + syft/pkg/cataloger/sbom/cataloger_test.go | 291 ++ .../alpine/syft-json/sbom.syft.json | 3242 +++++++++++++++++ test/integration/sbom_cataloger_test.go | 34 + .../image-sbom-cataloger/Dockerfile | 3 + .../test-fixtures/image-sbom-cataloger/go.mod | 8 + .../image-sbom-cataloger/test.spdx.json | 39 + 17 files changed, 3855 insertions(+), 109 deletions(-) create mode 100644 syft/formats/formats.go rename syft/{ => formats}/formats_test.go (95%) rename syft/{ => formats}/test-fixtures/alpine-syft.json (100%) create mode 100644 syft/pkg/cataloger/sbom/cataloger.go create mode 100644 syft/pkg/cataloger/sbom/cataloger_test.go create mode 100644 syft/pkg/cataloger/sbom/test-fixtures/alpine/syft-json/sbom.syft.json create mode 100644 test/integration/sbom_cataloger_test.go create mode 100644 test/integration/test-fixtures/image-sbom-cataloger/Dockerfile create mode 100644 test/integration/test-fixtures/image-sbom-cataloger/go.mod create mode 100644 test/integration/test-fixtures/image-sbom-cataloger/test.spdx.json diff --git a/cmd/syft/cli/options/format.go b/cmd/syft/cli/options/format.go index 8ccdf44c65a..602b71e382d 100644 --- a/cmd/syft/cli/options/format.go +++ b/cmd/syft/cli/options/format.go @@ -1,28 +1,35 @@ package options import ( - "github.com/anchore/syft/syft" + "github.com/anchore/syft/syft/formats/cyclonedxjson" + "github.com/anchore/syft/syft/formats/cyclonedxxml" + "github.com/anchore/syft/syft/formats/github" + "github.com/anchore/syft/syft/formats/spdx22json" + "github.com/anchore/syft/syft/formats/spdx22tagvalue" + "github.com/anchore/syft/syft/formats/syftjson" + "github.com/anchore/syft/syft/formats/table" + "github.com/anchore/syft/syft/formats/text" "github.com/anchore/syft/syft/sbom" ) func FormatAliases(ids ...sbom.FormatID) (aliases []string) { for _, id := range ids { switch id { - case syft.JSONFormatID: + case syftjson.ID: aliases = append(aliases, "syft-json") - case syft.TextFormatID: + case text.ID: aliases = append(aliases, "text") - case syft.TableFormatID: + case table.ID: aliases = append(aliases, "table") - case syft.SPDXJSONFormatID: + case spdx22json.ID: aliases = append(aliases, "spdx-json") - case syft.SPDXTagValueFormatID: + case spdx22tagvalue.ID: aliases = append(aliases, "spdx-tag-value") - case syft.CycloneDxXMLFormatID: + case cyclonedxxml.ID: aliases = append(aliases, "cyclonedx-xml") - case syft.CycloneDxJSONFormatID: + case cyclonedxjson.ID: aliases = append(aliases, "cyclonedx-json") - case syft.GitHubID: + case github.ID: aliases = append(aliases, "github", "github-json") default: aliases = append(aliases, string(id)) diff --git a/syft/artifact/relationship.go b/syft/artifact/relationship.go index 4e2d308fd90..1ee73a5596e 100644 --- a/syft/artifact/relationship.go +++ b/syft/artifact/relationship.go @@ -12,6 +12,9 @@ const ( // DependencyOfRelationship is a proxy for the SPDX 2.2.1 DEPENDENCY_OF relationship. DependencyOfRelationship RelationshipType = "dependency-of" + + // DescribedByRelationship is a proxy for the SPDX 2.2.2 DESCRIBED_BY relationship. + DescribedByRelationship RelationshipType = "described-by" ) type RelationshipType string diff --git a/syft/encode_decode.go b/syft/encode_decode.go index 0b54a5d568c..b06fb801eb5 100644 --- a/syft/encode_decode.go +++ b/syft/encode_decode.go @@ -1,36 +1,18 @@ package syft import ( - "bytes" - "fmt" "io" + "github.com/anchore/syft/syft/formats" "github.com/anchore/syft/syft/sbom" ) -// Encode takes all SBOM elements and a format option and encodes an SBOM document. +// TODO: deprecated, moved to syft/formats/formats.go. will be removed in v1.0.0 func Encode(s sbom.SBOM, f sbom.Format) ([]byte, error) { - buff := bytes.Buffer{} - - if err := f.Encode(&buff, s); err != nil { - return nil, fmt.Errorf("unable to encode sbom: %w", err) - } - - return buff.Bytes(), nil + return formats.Encode(s, f) } -// Decode takes a reader for an SBOM and generates all internal SBOM elements. +// TODO: deprecated, moved to syft/formats/formats.go. will be removed in v1.0.0 func Decode(reader io.Reader) (*sbom.SBOM, sbom.Format, error) { - by, err := io.ReadAll(reader) - if err != nil { - return nil, nil, fmt.Errorf("unable to read sbom: %w", err) - } - - f := IdentifyFormat(by) - if f == nil { - return nil, nil, fmt.Errorf("unable to identify format") - } - - s, err := f.Decode(bytes.NewReader(by)) - return s, f, err + return formats.Decode(reader) } diff --git a/syft/formats.go b/syft/formats.go index 1e606136a9b..37b3b0bd73b 100644 --- a/syft/formats.go +++ b/syft/formats.go @@ -1,9 +1,7 @@ package syft import ( - "bytes" - "strings" - + "github.com/anchore/syft/syft/formats" "github.com/anchore/syft/syft/formats/cyclonedxjson" "github.com/anchore/syft/syft/formats/cyclonedxxml" "github.com/anchore/syft/syft/formats/github" @@ -17,94 +15,35 @@ import ( ) // these have been exported for the benefit of API users +// TODO: deprecated: now that the formats package has been moved to syft/formats, will be removed in v1.0.0 const ( JSONFormatID = syftjson.ID TextFormatID = text.ID TableFormatID = table.ID CycloneDxXMLFormatID = cyclonedxxml.ID CycloneDxJSONFormatID = cyclonedxjson.ID - GitHubID = github.ID + GitHubFormatID = github.ID SPDXTagValueFormatID = spdx22tagvalue.ID SPDXJSONFormatID = spdx22json.ID TemplateFormatID = template.ID ) -var formats []sbom.Format - -func init() { - formats = []sbom.Format{ - syftjson.Format(), - cyclonedxxml.Format(), - cyclonedxjson.Format(), - github.Format(), - spdx22tagvalue.Format(), - spdx22json.Format(), - table.Format(), - text.Format(), - template.Format(), - } -} - +// TODO: deprecated, moved to syft/formats/formats.go. will be removed in v1.0.0 func FormatIDs() (ids []sbom.FormatID) { - for _, f := range formats { - ids = append(ids, f.ID()) - } - return ids + return formats.IDs() } +// TODO: deprecated, moved to syft/formats/formats.go. will be removed in v1.0.0 func FormatByID(id sbom.FormatID) sbom.Format { - for _, f := range formats { - if f.ID() == id { - return f - } - } - return nil + return formats.ByID(id) } +// TODO: deprecated, moved to syft/formats/formats.go. will be removed in v1.0.0 func FormatByName(name string) sbom.Format { - cleanName := cleanFormatName(name) - for _, f := range formats { - if cleanFormatName(string(f.ID())) == cleanName { - return f - } - } - - // handle any aliases for any supported format - switch cleanName { - case "json", "syftjson": - return FormatByID(syftjson.ID) - case "cyclonedx", "cyclone", "cyclonedxxml": - return FormatByID(cyclonedxxml.ID) - case "cyclonedxjson": - return FormatByID(cyclonedxjson.ID) - case "github", "githubjson": - return FormatByID(github.ID) - case "spdx", "spdxtv", "spdxtagvalue": - return FormatByID(spdx22tagvalue.ID) - case "spdxjson": - return FormatByID(spdx22json.ID) - case "table": - return FormatByID(table.ID) - case "text": - return FormatByID(text.ID) - case "template": - FormatByID(template.ID) - } - - return nil -} - -func cleanFormatName(name string) string { - r := strings.NewReplacer("-", "", "_", "") - return strings.ToLower(r.Replace(name)) + return formats.ByName(name) } +// TODO: deprecated, moved to syft/formats/formats.go. will be removed in v1.0.0 func IdentifyFormat(by []byte) sbom.Format { - for _, f := range formats { - if err := f.Validate(bytes.NewReader(by)); err != nil { - continue - } - return f - } - return nil + return formats.Identify(by) } diff --git a/syft/formats/common/spdxhelpers/source_info.go b/syft/formats/common/spdxhelpers/source_info.go index a9fb7962868..0e5391f7afe 100644 --- a/syft/formats/common/spdxhelpers/source_info.go +++ b/syft/formats/common/spdxhelpers/source_info.go @@ -46,6 +46,9 @@ func SourceInfo(p pkg.Package) string { default: answer = "acquired package info from the following paths" } + if p.FoundBy == "sbom-cataloger" { + answer = "acquired package info from SBOM" + } var paths []string for _, l := range p.Locations.ToSlice() { paths = append(paths, l.RealPath) diff --git a/syft/formats/formats.go b/syft/formats/formats.go new file mode 100644 index 00000000000..f755f02c7ab --- /dev/null +++ b/syft/formats/formats.go @@ -0,0 +1,124 @@ +package formats + +import ( + "bytes" + "fmt" + "io" + "strings" + + "github.com/anchore/syft/syft/formats/cyclonedxjson" + "github.com/anchore/syft/syft/formats/cyclonedxxml" + "github.com/anchore/syft/syft/formats/github" + "github.com/anchore/syft/syft/formats/spdx22json" + "github.com/anchore/syft/syft/formats/spdx22tagvalue" + "github.com/anchore/syft/syft/formats/syftjson" + "github.com/anchore/syft/syft/formats/table" + "github.com/anchore/syft/syft/formats/template" + "github.com/anchore/syft/syft/formats/text" + "github.com/anchore/syft/syft/sbom" +) + +func Formats() []sbom.Format { + return []sbom.Format{ + syftjson.Format(), + cyclonedxxml.Format(), + cyclonedxjson.Format(), + github.Format(), + spdx22tagvalue.Format(), + spdx22json.Format(), + table.Format(), + text.Format(), + template.Format(), + } +} + +func Identify(by []byte) sbom.Format { + for _, f := range Formats() { + if err := f.Validate(bytes.NewReader(by)); err != nil { + continue + } + return f + } + return nil +} + +func ByName(name string) sbom.Format { + cleanName := cleanFormatName(name) + for _, f := range Formats() { + if cleanFormatName(string(f.ID())) == cleanName { + return f + } + } + + // handle any aliases for any supported format + switch cleanName { + case "json", "syftjson": + return ByID(syftjson.ID) + case "cyclonedx", "cyclone", "cyclonedxxml": + return ByID(cyclonedxxml.ID) + case "cyclonedxjson": + return ByID(cyclonedxjson.ID) + case "github", "githubjson": + return ByID(github.ID) + case "spdx", "spdxtv", "spdxtagvalue": + return ByID(spdx22tagvalue.ID) + case "spdxjson": + return ByID(spdx22json.ID) + case "table": + return ByID(table.ID) + case "text": + return ByID(text.ID) + case "template": + ByID(template.ID) + } + + return nil +} + +func IDs() (ids []sbom.FormatID) { + for _, f := range Formats() { + ids = append(ids, f.ID()) + } + return ids +} + +func ByID(id sbom.FormatID) sbom.Format { + for _, f := range Formats() { + if f.ID() == id { + return f + } + } + return nil +} + +func cleanFormatName(name string) string { + r := strings.NewReplacer("-", "", "_", "") + return strings.ToLower(r.Replace(name)) +} + +// Encode takes all SBOM elements and a format option and encodes an SBOM document. +func Encode(s sbom.SBOM, f sbom.Format) ([]byte, error) { + buff := bytes.Buffer{} + + if err := f.Encode(&buff, s); err != nil { + return nil, fmt.Errorf("unable to encode sbom: %w", err) + } + + return buff.Bytes(), nil +} + +// Decode takes a reader for an SBOM and generates all internal SBOM elements. +func Decode(reader io.Reader) (*sbom.SBOM, sbom.Format, error) { + by, err := io.ReadAll(reader) + if err != nil { + return nil, nil, fmt.Errorf("unable to read sbom: %w", err) + } + + f := Identify(by) + if f == nil { + return nil, nil, fmt.Errorf("unable to identify format") + } + + s, err := f.Decode(bytes.NewReader(by)) + return s, f, err +} diff --git a/syft/formats_test.go b/syft/formats/formats_test.go similarity index 95% rename from syft/formats_test.go rename to syft/formats/formats_test.go index 36b1d1dd991..86211f12427 100644 --- a/syft/formats_test.go +++ b/syft/formats/formats_test.go @@ -1,4 +1,4 @@ -package syft +package formats import ( "bytes" @@ -37,7 +37,7 @@ func TestIdentify(t *testing.T) { assert.NoError(t, err) by, err := io.ReadAll(f) assert.NoError(t, err) - frmt := IdentifyFormat(by) + frmt := Identify(by) assert.NotNil(t, frmt) assert.Equal(t, test.expected, frmt.ID()) }) @@ -45,7 +45,7 @@ func TestIdentify(t *testing.T) { } func TestFormats_EmptyInput(t *testing.T) { - for _, format := range formats { + for _, format := range Formats() { t.Run(format.ID().String(), func(t *testing.T) { t.Run("format.Decode", func(t *testing.T) { input := bytes.NewReader(nil) @@ -69,7 +69,7 @@ func TestFormats_EmptyInput(t *testing.T) { } } -func TestFormatByName(t *testing.T) { +func TestByName(t *testing.T) { tests := []struct { name string @@ -190,7 +190,7 @@ func TestFormatByName(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - f := FormatByName(tt.name) + f := ByName(tt.name) if tt.want == "" { require.Nil(t, f) return diff --git a/syft/test-fixtures/alpine-syft.json b/syft/formats/test-fixtures/alpine-syft.json similarity index 100% rename from syft/test-fixtures/alpine-syft.json rename to syft/formats/test-fixtures/alpine-syft.json diff --git a/syft/pkg/cataloger/cataloger.go b/syft/pkg/cataloger/cataloger.go index f9d9108dbc5..907058b7767 100644 --- a/syft/pkg/cataloger/cataloger.go +++ b/syft/pkg/cataloger/cataloger.go @@ -26,6 +26,7 @@ import ( "github.com/anchore/syft/syft/pkg/cataloger/rpm" "github.com/anchore/syft/syft/pkg/cataloger/ruby" "github.com/anchore/syft/syft/pkg/cataloger/rust" + "github.com/anchore/syft/syft/pkg/cataloger/sbom" "github.com/anchore/syft/syft/pkg/cataloger/swift" ) @@ -47,6 +48,7 @@ func ImageCatalogers(cfg Config) []pkg.Cataloger { golang.NewGoModuleBinaryCataloger(), dotnet.NewDotnetDepsCataloger(), portage.NewPortageCataloger(), + sbom.NewSBOMCataloger(), }, cfg.Catalogers) } @@ -75,6 +77,7 @@ func DirectoryCatalogers(cfg Config) []pkg.Cataloger { cpp.NewConanCataloger(), portage.NewPortageCataloger(), haskell.NewHackageCataloger(), + sbom.NewSBOMCataloger(), }, cfg.Catalogers) } @@ -107,6 +110,7 @@ func AllCatalogers(cfg Config) []pkg.Cataloger { cpp.NewConanCataloger(), portage.NewPortageCataloger(), haskell.NewHackageCataloger(), + sbom.NewSBOMCataloger(), }, cfg.Catalogers) } diff --git a/syft/pkg/cataloger/internal/pkgtest/test_generic_parser.go b/syft/pkg/cataloger/internal/pkgtest/test_generic_parser.go index 70b0e6e5d8d..59a5d2d52bd 100644 --- a/syft/pkg/cataloger/internal/pkgtest/test_generic_parser.go +++ b/syft/pkg/cataloger/internal/pkgtest/test_generic_parser.go @@ -124,6 +124,11 @@ func (p *CatalogTester) IgnoreLocationLayer() *CatalogTester { return p } +func (p *CatalogTester) IgnorePackageFields(fields ...string) *CatalogTester { + p.compareOptions = append(p.compareOptions, cmpopts.IgnoreFields(pkg.Package{}, fields...)) + return p +} + func (p *CatalogTester) Expects(pkgs []pkg.Package, relationships []artifact.Relationship) *CatalogTester { p.expectedPkgs = pkgs p.expectedRelationships = relationships diff --git a/syft/pkg/cataloger/sbom/cataloger.go b/syft/pkg/cataloger/sbom/cataloger.go new file mode 100644 index 00000000000..0c82f452ebd --- /dev/null +++ b/syft/pkg/cataloger/sbom/cataloger.go @@ -0,0 +1,62 @@ +package sbom + +import ( + "github.com/anchore/syft/internal/log" + "github.com/anchore/syft/syft/artifact" + "github.com/anchore/syft/syft/formats" + "github.com/anchore/syft/syft/pkg" + "github.com/anchore/syft/syft/pkg/cataloger/generic" + "github.com/anchore/syft/syft/source" +) + +const catalogerName = "sbom-cataloger" + +// NewSBOMCataloger returns a new SBOM cataloger object loaded from saved SBOM JSON. +func NewSBOMCataloger() *generic.Cataloger { + return generic.NewCataloger(catalogerName). + WithParserByGlobs(parseSBOM, + "**/*.syft.json", + "**/*.bom.*", + "**/*.bom", + "**/bom", + "**/*.sbom.*", + "**/*.sbom", + "**/sbom", + "**/*.cdx.*", + "**/*.cdx", + "**/*.spdx.*", + "**/*.spdx", + ) +} + +func parseSBOM(_ source.FileResolver, _ *generic.Environment, reader source.LocationReadCloser) ([]pkg.Package, []artifact.Relationship, error) { + s, _, err := formats.Decode(reader) + if err != nil { + return nil, nil, err + } + + if s == nil { + log.WithFields("path", reader.Location.RealPath).Trace("file is not an SBOM") + return nil, nil, nil + } + + var pkgs []pkg.Package + var relationships []artifact.Relationship + for _, p := range s.Artifacts.PackageCatalog.Sorted() { + // replace all locations on the package with the location of the SBOM file. + // Why not keep the original list of locations? Since the "locations" field is meant to capture + // where there is evidence of this file, and the catalogers have not run against any file other than, + // the SBOM, this is the only location that is relevant for this cataloger. + p.Locations = source.NewLocationSet(reader.Location) + p.FoundBy = catalogerName + + pkgs = append(pkgs, p) + relationships = append(relationships, artifact.Relationship{ + From: p, + To: reader.Location.Coordinates, + Type: artifact.DescribedByRelationship, + }) + } + + return pkgs, relationships, nil +} diff --git a/syft/pkg/cataloger/sbom/cataloger_test.go b/syft/pkg/cataloger/sbom/cataloger_test.go new file mode 100644 index 00000000000..3918cbf7875 --- /dev/null +++ b/syft/pkg/cataloger/sbom/cataloger_test.go @@ -0,0 +1,291 @@ +package sbom + +import ( + "testing" + + "github.com/stretchr/testify/require" + + "github.com/anchore/syft/syft/artifact" + "github.com/anchore/syft/syft/formats/syftjson" + "github.com/anchore/syft/syft/pkg" + "github.com/anchore/syft/syft/pkg/cataloger/internal/pkgtest" + "github.com/anchore/syft/syft/sbom" + "github.com/anchore/syft/syft/source" +) + +func mustCPEs(s ...string) (c []pkg.CPE) { + for _, i := range s { + c = append(c, mustCPE(i)) + } + return +} + +func mustCPE(c string) pkg.CPE { + return must(pkg.NewCPE(c)) +} +func must(c pkg.CPE, e error) pkg.CPE { + if e != nil { + panic(e) + } + return c +} + +func Test_parseSBOM(t *testing.T) { + + expectedPkgs := []pkg.Package{ + { + Name: "alpine-baselayout", + Version: "3.2.0-r23", + Type: "apk", + Locations: source.NewLocationSet(source.NewLocation("sbom.syft.json")), + Licenses: []string{"GPL-2.0-only"}, + FoundBy: "sbom-cataloger", + PURL: "pkg:alpine/alpine-baselayout@3.2.0-r23?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.16.3", + CPEs: mustCPEs( + "cpe:2.3:a:alpine-baselayout:alpine-baselayout:3.2.0-r23:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine-baselayout:alpine_baselayout:3.2.0-r23:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine_baselayout:alpine-baselayout:3.2.0-r23:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine_baselayout:alpine_baselayout:3.2.0-r23:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine:alpine-baselayout:3.2.0-r23:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine:alpine_baselayout:3.2.0-r23:*:*:*:*:*:*:*", + ), + }, + { + Name: "alpine-baselayout-data", + Version: "3.2.0-r23", + Type: "apk", + Locations: source.NewLocationSet(source.NewLocation("sbom.syft.json")), + Licenses: []string{"GPL-2.0-only"}, + FoundBy: "sbom-cataloger", + PURL: "pkg:alpine/alpine-baselayout-data@3.2.0-r23?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.16.3", + CPEs: mustCPEs( + "cpe:2.3:a:alpine-baselayout-data:alpine-baselayout-data:3.2.0-r23:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine-baselayout-data:alpine_baselayout_data:3.2.0-r23:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine_baselayout_data:alpine-baselayout-data:3.2.0-r23:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine_baselayout_data:alpine_baselayout_data:3.2.0-r23:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine-baselayout:alpine-baselayout-data:3.2.0-r23:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine-baselayout:alpine_baselayout_data:3.2.0-r23:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine_baselayout:alpine-baselayout-data:3.2.0-r23:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine_baselayout:alpine_baselayout_data:3.2.0-r23:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine:alpine-baselayout-data:3.2.0-r23:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine:alpine_baselayout_data:3.2.0-r23:*:*:*:*:*:*:*", + ), + }, + { + Name: "alpine-keys", + Version: "2.4-r1", + Type: "apk", + Locations: source.NewLocationSet(source.NewLocation("sbom.syft.json")), + Licenses: []string{"MIT"}, + FoundBy: "sbom-cataloger", + PURL: "pkg:alpine/alpine-keys@2.4-r1?arch=x86_64&upstream=alpine-keys&distro=alpine-3.16.3", + CPEs: mustCPEs( + "cpe:2.3:a:alpine-keys:alpine-keys:2.4-r1:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine-keys:alpine_keys:2.4-r1:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine_keys:alpine-keys:2.4-r1:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine_keys:alpine_keys:2.4-r1:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine:alpine-keys:2.4-r1:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine:alpine_keys:2.4-r1:*:*:*:*:*:*:*", + ), + }, + { + Name: "apk-tools", + Version: "2.12.9-r3", + Type: "apk", + Locations: source.NewLocationSet(source.NewLocation("sbom.syft.json")), + Licenses: []string{"GPL-2.0-only"}, + FoundBy: "sbom-cataloger", + PURL: "pkg:alpine/apk-tools@2.12.9-r3?arch=x86_64&upstream=apk-tools&distro=alpine-3.16.3", + CPEs: mustCPEs( + "cpe:2.3:a:apk-tools:apk-tools:2.12.9-r3:*:*:*:*:*:*:*", + "cpe:2.3:a:apk-tools:apk_tools:2.12.9-r3:*:*:*:*:*:*:*", + "cpe:2.3:a:apk_tools:apk-tools:2.12.9-r3:*:*:*:*:*:*:*", + "cpe:2.3:a:apk_tools:apk_tools:2.12.9-r3:*:*:*:*:*:*:*", + "cpe:2.3:a:apk:apk-tools:2.12.9-r3:*:*:*:*:*:*:*", + "cpe:2.3:a:apk:apk_tools:2.12.9-r3:*:*:*:*:*:*:*", + ), + }, + { + Name: "busybox", + Version: "1.35.0-r17", + Type: "apk", + Locations: source.NewLocationSet(source.NewLocation("sbom.syft.json")), + Licenses: []string{"GPL-2.0-only"}, + FoundBy: "sbom-cataloger", + PURL: "pkg:alpine/busybox@1.35.0-r17?arch=x86_64&upstream=busybox&distro=alpine-3.16.3", + CPEs: mustCPEs( + "cpe:2.3:a:busybox:busybox:1.35.0-r17:*:*:*:*:*:*:*", + ), + }, + { + Name: "ca-certificates-bundle", + Version: "20220614-r0", + Type: "apk", + Locations: source.NewLocationSet(source.NewLocation("sbom.syft.json")), + Licenses: []string{"MPL-2.0", "AND", "MIT"}, + FoundBy: "sbom-cataloger", + PURL: "pkg:alpine/ca-certificates-bundle@20220614-r0?arch=x86_64&upstream=ca-certificates&distro=alpine-3.16.3", + CPEs: mustCPEs( + "cpe:2.3:a:ca-certificates-bundle:ca-certificates-bundle:20220614-r0:*:*:*:*:*:*:*", + "cpe:2.3:a:ca-certificates-bundle:ca_certificates_bundle:20220614-r0:*:*:*:*:*:*:*", + "cpe:2.3:a:ca_certificates_bundle:ca-certificates-bundle:20220614-r0:*:*:*:*:*:*:*", + "cpe:2.3:a:ca_certificates_bundle:ca_certificates_bundle:20220614-r0:*:*:*:*:*:*:*", + "cpe:2.3:a:ca-certificates:ca-certificates-bundle:20220614-r0:*:*:*:*:*:*:*", + "cpe:2.3:a:ca-certificates:ca_certificates_bundle:20220614-r0:*:*:*:*:*:*:*", + "cpe:2.3:a:ca_certificates:ca-certificates-bundle:20220614-r0:*:*:*:*:*:*:*", + "cpe:2.3:a:ca_certificates:ca_certificates_bundle:20220614-r0:*:*:*:*:*:*:*", + "cpe:2.3:a:ca:ca-certificates-bundle:20220614-r0:*:*:*:*:*:*:*", + "cpe:2.3:a:ca:ca_certificates_bundle:20220614-r0:*:*:*:*:*:*:*", + ), + }, + { + Name: "libc-utils", + Version: "0.7.2-r3", + Type: "apk", + Locations: source.NewLocationSet(source.NewLocation("sbom.syft.json")), + Licenses: []string{"BSD-2-Clause", "AND", "BSD-3-Clause"}, + FoundBy: "sbom-cataloger", + PURL: "pkg:alpine/libc-utils@0.7.2-r3?arch=x86_64&upstream=libc-dev&distro=alpine-3.16.3", + CPEs: mustCPEs( + "cpe:2.3:a:libc-utils:libc-utils:0.7.2-r3:*:*:*:*:*:*:*", + "cpe:2.3:a:libc-utils:libc_utils:0.7.2-r3:*:*:*:*:*:*:*", + "cpe:2.3:a:libc_utils:libc-utils:0.7.2-r3:*:*:*:*:*:*:*", + "cpe:2.3:a:libc_utils:libc_utils:0.7.2-r3:*:*:*:*:*:*:*", + "cpe:2.3:a:libc:libc-utils:0.7.2-r3:*:*:*:*:*:*:*", + "cpe:2.3:a:libc:libc_utils:0.7.2-r3:*:*:*:*:*:*:*", + ), + }, + { + Name: "libcrypto1.1", + Version: "1.1.1s-r0", + Type: "apk", + Locations: source.NewLocationSet(source.NewLocation("sbom.syft.json")), + Licenses: []string{"OpenSSL"}, + FoundBy: "sbom-cataloger", + PURL: "pkg:alpine/libcrypto1.1@1.1.1s-r0?arch=x86_64&upstream=openssl&distro=alpine-3.16.3", + CPEs: mustCPEs( + "cpe:2.3:a:libcrypto1.1:libcrypto1.1:1.1.1s-r0:*:*:*:*:*:*:*", + ), + }, + { + Name: "libssl1.1", + Version: "1.1.1s-r0", + Type: "apk", + Locations: source.NewLocationSet(source.NewLocation("sbom.syft.json")), + Licenses: []string{"OpenSSL"}, + FoundBy: "sbom-cataloger", + PURL: "pkg:alpine/libssl1.1@1.1.1s-r0?arch=x86_64&upstream=openssl&distro=alpine-3.16.3", + CPEs: mustCPEs( + "cpe:2.3:a:libssl1.1:libssl1.1:1.1.1s-r0:*:*:*:*:*:*:*", + ), + }, + { + Name: "musl", + Version: "1.2.3-r1", + Type: "apk", + Locations: source.NewLocationSet(source.NewLocation("sbom.syft.json")), + Licenses: []string{"MIT"}, + FoundBy: "sbom-cataloger", + PURL: "pkg:alpine/musl@1.2.3-r1?arch=x86_64&upstream=musl&distro=alpine-3.16.3", + CPEs: mustCPEs( + "cpe:2.3:a:musl:musl:1.2.3-r1:*:*:*:*:*:*:*", + ), + }, + { + Name: "musl-utils", + Version: "1.2.3-r1", + Type: "apk", + Locations: source.NewLocationSet(source.NewLocation("sbom.syft.json")), + Licenses: []string{"MIT", "BSD", "GPL2+"}, + FoundBy: "sbom-cataloger", + PURL: "pkg:alpine/musl-utils@1.2.3-r1?arch=x86_64&upstream=musl&distro=alpine-3.16.3", + CPEs: mustCPEs( + "cpe:2.3:a:musl-utils:musl-utils:1.2.3-r1:*:*:*:*:*:*:*", + "cpe:2.3:a:musl-utils:musl_utils:1.2.3-r1:*:*:*:*:*:*:*", + "cpe:2.3:a:musl_utils:musl-utils:1.2.3-r1:*:*:*:*:*:*:*", + "cpe:2.3:a:musl_utils:musl_utils:1.2.3-r1:*:*:*:*:*:*:*", + "cpe:2.3:a:musl:musl-utils:1.2.3-r1:*:*:*:*:*:*:*", + "cpe:2.3:a:musl:musl_utils:1.2.3-r1:*:*:*:*:*:*:*", + ), + }, + { + Name: "scanelf", + Version: "1.3.4-r0", + Type: "apk", + Locations: source.NewLocationSet(source.NewLocation("sbom.syft.json")), + Licenses: []string{"GPL-2.0-only"}, + FoundBy: "sbom-cataloger", + PURL: "pkg:alpine/scanelf@1.3.4-r0?arch=x86_64&upstream=pax-utils&distro=alpine-3.16.3", + CPEs: mustCPEs( + "cpe:2.3:a:scanelf:scanelf:1.3.4-r0:*:*:*:*:*:*:*", + ), + }, + { + Name: "ssl_client", + Version: "1.35.0-r17", + Type: "apk", + Locations: source.NewLocationSet(source.NewLocation("sbom.syft.json")), + Licenses: []string{"GPL-2.0-only"}, + FoundBy: "sbom-cataloger", + PURL: "pkg:alpine/ssl_client@1.35.0-r17?arch=x86_64&upstream=busybox&distro=alpine-3.16.3", + CPEs: mustCPEs( + "cpe:2.3:a:ssl-client:ssl-client:1.35.0-r17:*:*:*:*:*:*:*", + "cpe:2.3:a:ssl-client:ssl_client:1.35.0-r17:*:*:*:*:*:*:*", + "cpe:2.3:a:ssl_client:ssl-client:1.35.0-r17:*:*:*:*:*:*:*", + "cpe:2.3:a:ssl_client:ssl_client:1.35.0-r17:*:*:*:*:*:*:*", + "cpe:2.3:a:ssl:ssl-client:1.35.0-r17:*:*:*:*:*:*:*", + "cpe:2.3:a:ssl:ssl_client:1.35.0-r17:*:*:*:*:*:*:*", + ), + }, + { + Name: "zlib", + Version: "1.2.12-r3", + Type: "apk", + Locations: source.NewLocationSet(source.NewLocation("sbom.syft.json")), + Licenses: []string{"Zlib"}, + FoundBy: "sbom-cataloger", + PURL: "pkg:alpine/zlib@1.2.12-r3?arch=x86_64&upstream=zlib&distro=alpine-3.16.3", + CPEs: mustCPEs( + "cpe:2.3:a:zlib:zlib:1.2.12-r3:*:*:*:*:*:*:*", + ), + }, + } + + var expectedRelationships []artifact.Relationship + + for _, p := range expectedPkgs { + expectedRelationships = append(expectedRelationships, artifact.Relationship{ + From: p, + To: source.Coordinates{ + RealPath: "sbom.syft.json", + }, + Type: artifact.DescribedByRelationship, + }) + } + + tests := []struct { + name string + format sbom.Format + fixture string + wantPkgs []pkg.Package + wantRelationships []artifact.Relationship + wantErr require.ErrorAssertionFunc + }{ + { + name: "parse syft JSON", + format: syftjson.Format(), + fixture: "test-fixtures/alpine/syft-json", + wantPkgs: expectedPkgs, + wantRelationships: expectedRelationships, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + pkgtest.NewCatalogTester(). + FromDirectory(t, tt.fixture). + IgnorePackageFields("Metadata", "MetadataType"). + Expects(tt.wantPkgs, tt.wantRelationships). + TestCataloger(t, NewSBOMCataloger()) + }) + } +} diff --git a/syft/pkg/cataloger/sbom/test-fixtures/alpine/syft-json/sbom.syft.json b/syft/pkg/cataloger/sbom/test-fixtures/alpine/syft-json/sbom.syft.json new file mode 100644 index 00000000000..2f7c7f1bdab --- /dev/null +++ b/syft/pkg/cataloger/sbom/test-fixtures/alpine/syft-json/sbom.syft.json @@ -0,0 +1,3242 @@ +{ + "artifacts": [ + { + "id": "61eac5ce8105d394", + "name": "alpine-baselayout", + "version": "3.2.0-r23", + "type": "apk", + "foundBy": "apkdb-cataloger", + "locations": [ + { + "path": "/lib/apk/db/installed", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + ], + "licenses": [ + "GPL-2.0-only" + ], + "language": "", + "cpes": [ + "cpe:2.3:a:alpine-baselayout:alpine-baselayout:3.2.0-r23:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine-baselayout:alpine_baselayout:3.2.0-r23:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine_baselayout:alpine-baselayout:3.2.0-r23:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine_baselayout:alpine_baselayout:3.2.0-r23:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine:alpine-baselayout:3.2.0-r23:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine:alpine_baselayout:3.2.0-r23:*:*:*:*:*:*:*" + ], + "purl": "pkg:alpine/alpine-baselayout@3.2.0-r23?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.16.3", + "metadataType": "ApkMetadata", + "metadata": { + "package": "alpine-baselayout", + "originPackage": "alpine-baselayout", + "maintainer": "Natanael Copa ", + "version": "3.2.0-r23", + "license": "GPL-2.0-only", + "architecture": "x86_64", + "url": "https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout", + "description": "Alpine base dir structure and init scripts", + "size": 11136, + "installedSize": 348160, + "pullDependencies": [ + "alpine-baselayout-data=3.2.0-r23", + "/bin/sh", + "so:libc.musl-x86_64.so.1" + ], + "provides": [ + "cmd:mkmntdirs=3.2.0-r23" + ], + "pullChecksum": "Q19UI7UxyiUywG6aew9c3lCBPshsE=", + "gitCommitOfApkPort": "348653a9ba0701e8e968b3344e72313a9ef334e4", + "files": [ + { + "path": "/dev" + }, + { + "path": "/dev/pts" + }, + { + "path": "/dev/shm" + }, + { + "path": "/etc" + }, + { + "path": "/etc/motd", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1XmduVVNURHQ27TvYp1Lr5TMtFcA=" + } + }, + { + "path": "/etc/apk" + }, + { + "path": "/etc/conf.d" + }, + { + "path": "/etc/crontabs" + }, + { + "path": "/etc/crontabs/root", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "600", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1vfk1apUWI4yLJGhhNRd0kJixfvY=" + } + }, + { + "path": "/etc/init.d" + }, + { + "path": "/etc/modprobe.d" + }, + { + "path": "/etc/modprobe.d/aliases.conf", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1WUbh6TBYNVK7e4Y+uUvLs/7viqk=" + } + }, + { + "path": "/etc/modprobe.d/blacklist.conf", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q14TdgFHkTdt3uQC+NBtrntOnm9n4=" + } + }, + { + "path": "/etc/modprobe.d/i386.conf", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1pnay/njn6ol9cCssL7KiZZ8etlc=" + } + }, + { + "path": "/etc/modprobe.d/kms.conf", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1ynbLn3GYDpvajba/ldp1niayeog=" + } + }, + { + "path": "/etc/modules-load.d" + }, + { + "path": "/etc/network" + }, + { + "path": "/etc/network/if-down.d" + }, + { + "path": "/etc/network/if-post-down.d" + }, + { + "path": "/etc/network/if-pre-up.d" + }, + { + "path": "/etc/network/if-up.d" + }, + { + "path": "/etc/opt" + }, + { + "path": "/etc/periodic" + }, + { + "path": "/etc/periodic/15min" + }, + { + "path": "/etc/periodic/daily" + }, + { + "path": "/etc/periodic/hourly" + }, + { + "path": "/etc/periodic/monthly" + }, + { + "path": "/etc/periodic/weekly" + }, + { + "path": "/etc/profile.d" + }, + { + "path": "/etc/profile.d/README", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q135OWsCzzvnB2fmFx62kbqm1Ax1k=" + } + }, + { + "path": "/etc/profile.d/color_prompt.sh.disabled", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q11XM9mde1Z29tWMGaOkeovD/m4uU=" + } + }, + { + "path": "/etc/profile.d/locale.sh", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1S8j+WW71mWxfVy8ythqU7HUVoBw=" + } + }, + { + "path": "/etc/sysctl.d" + }, + { + "path": "/home" + }, + { + "path": "/lib" + }, + { + "path": "/lib/firmware" + }, + { + "path": "/lib/mdev" + }, + { + "path": "/lib/modules-load.d" + }, + { + "path": "/lib/sysctl.d" + }, + { + "path": "/lib/sysctl.d/00-alpine.conf", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1HpElzW1xEgmKfERtTy7oommnq6c=" + } + }, + { + "path": "/media" + }, + { + "path": "/media/cdrom" + }, + { + "path": "/media/floppy" + }, + { + "path": "/media/usb" + }, + { + "path": "/mnt" + }, + { + "path": "/opt" + }, + { + "path": "/proc" + }, + { + "path": "/root", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "700" + }, + { + "path": "/run" + }, + { + "path": "/sbin" + }, + { + "path": "/sbin/mkmntdirs", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "755", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1+f8Hjd+dkHS03O6ZZaIw7mb8nLM=" + } + }, + { + "path": "/srv" + }, + { + "path": "/sys" + }, + { + "path": "/tmp", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "1777" + }, + { + "path": "/usr" + }, + { + "path": "/usr/lib" + }, + { + "path": "/usr/lib/modules-load.d" + }, + { + "path": "/usr/local" + }, + { + "path": "/usr/local/bin" + }, + { + "path": "/usr/local/lib" + }, + { + "path": "/usr/local/share" + }, + { + "path": "/usr/sbin" + }, + { + "path": "/usr/share" + }, + { + "path": "/usr/share/man" + }, + { + "path": "/usr/share/misc" + }, + { + "path": "/var" + }, + { + "path": "/var/run", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "777", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q11/SNZz/8cK2dSKK+cJpVrZIuF4Q=" + } + }, + { + "path": "/var/cache" + }, + { + "path": "/var/cache/misc" + }, + { + "path": "/var/empty", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "555" + }, + { + "path": "/var/lib" + }, + { + "path": "/var/lib/misc" + }, + { + "path": "/var/local" + }, + { + "path": "/var/lock" + }, + { + "path": "/var/lock/subsys" + }, + { + "path": "/var/log" + }, + { + "path": "/var/mail" + }, + { + "path": "/var/opt" + }, + { + "path": "/var/spool" + }, + { + "path": "/var/spool/mail", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "777", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1dzbdazYZA2nTzSIG3YyNw7d4Juc=" + } + }, + { + "path": "/var/spool/cron" + }, + { + "path": "/var/spool/cron/crontabs", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "777", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1OFZt+ZMp7j0Gny0rqSKuWJyqYmA=" + } + }, + { + "path": "/var/tmp", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "1777" + } + ] + } + }, + { + "id": "e8c6fcc3a282ed4f", + "name": "alpine-baselayout-data", + "version": "3.2.0-r23", + "type": "apk", + "foundBy": "apkdb-cataloger", + "locations": [ + { + "path": "/lib/apk/db/installed", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + ], + "licenses": [ + "GPL-2.0-only" + ], + "language": "", + "cpes": [ + "cpe:2.3:a:alpine-baselayout-data:alpine-baselayout-data:3.2.0-r23:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine-baselayout-data:alpine_baselayout_data:3.2.0-r23:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine_baselayout_data:alpine-baselayout-data:3.2.0-r23:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine_baselayout_data:alpine_baselayout_data:3.2.0-r23:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine-baselayout:alpine-baselayout-data:3.2.0-r23:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine-baselayout:alpine_baselayout_data:3.2.0-r23:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine_baselayout:alpine-baselayout-data:3.2.0-r23:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine_baselayout:alpine_baselayout_data:3.2.0-r23:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine:alpine-baselayout-data:3.2.0-r23:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine:alpine_baselayout_data:3.2.0-r23:*:*:*:*:*:*:*" + ], + "purl": "pkg:alpine/alpine-baselayout-data@3.2.0-r23?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.16.3", + "metadataType": "ApkMetadata", + "metadata": { + "package": "alpine-baselayout-data", + "originPackage": "alpine-baselayout", + "maintainer": "Natanael Copa ", + "version": "3.2.0-r23", + "license": "GPL-2.0-only", + "architecture": "x86_64", + "url": "https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout", + "description": "Alpine base dir structure and init scripts", + "size": 11655, + "installedSize": 77824, + "pullDependencies": [], + "provides": [], + "pullChecksum": "Q1d4HQ/Gyfw7NRD1qRvOgS6IzT2sI=", + "gitCommitOfApkPort": "348653a9ba0701e8e968b3344e72313a9ef334e4", + "files": [ + { + "path": "/etc" + }, + { + "path": "/etc/fstab", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q11Q7hNe8QpDS531guqCdrXBzoA/o=" + } + }, + { + "path": "/etc/group", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q13K+olJg5ayzHSVNUkggZJXuB+9Y=" + } + }, + { + "path": "/etc/hostname", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q16nVwYVXP/tChvUPdukVD2ifXOmc=" + } + }, + { + "path": "/etc/hosts", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1BD6zJKZTRWyqGnPi4tSfd3krsMU=" + } + }, + { + "path": "/etc/inittab", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1TsthbhW7QzWRe1E/NKwTOuD4pHc=" + } + }, + { + "path": "/etc/modules", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1toogjUipHGcMgECgPJX64SwUT1M=" + } + }, + { + "path": "/etc/mtab", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "777", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1kiljhXXH1LlQroHsEJIkPZg2eiw=" + } + }, + { + "path": "/etc/nsswitch.conf", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q19DBsMnv0R2fajaTjoTv0C91NOqo=" + } + }, + { + "path": "/etc/passwd", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1TchuuLUfur0izvfZQZxgN/LJhB8=" + } + }, + { + "path": "/etc/profile", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1F3DgXUP+jNZDknmQPPb5t9FSfDg=" + } + }, + { + "path": "/etc/protocols", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1omKlp3vgGq2ZqYzyD/KHNdo8rDc=" + } + }, + { + "path": "/etc/services", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q19WLCv5ItKg4MH7RWfNRh1I7byQc=" + } + }, + { + "path": "/etc/shadow", + "ownerUid": "0", + "ownerGid": "42", + "permissions": "640", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1ltrPIAW2zHeDiajsex2Bdmq3uqA=" + } + }, + { + "path": "/etc/shells", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1ojm2YdpCJ6B/apGDaZ/Sdb2xJkA=" + } + }, + { + "path": "/etc/sysctl.conf", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q14upz3tfnNxZkIEsUhWn7Xoiw96g=" + } + } + ] + } + }, + { + "id": "82d183eb300978cc", + "name": "alpine-keys", + "version": "2.4-r1", + "type": "apk", + "foundBy": "apkdb-cataloger", + "locations": [ + { + "path": "/lib/apk/db/installed", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + ], + "licenses": [ + "MIT" + ], + "language": "", + "cpes": [ + "cpe:2.3:a:alpine-keys:alpine-keys:2.4-r1:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine-keys:alpine_keys:2.4-r1:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine_keys:alpine-keys:2.4-r1:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine_keys:alpine_keys:2.4-r1:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine:alpine-keys:2.4-r1:*:*:*:*:*:*:*", + "cpe:2.3:a:alpine:alpine_keys:2.4-r1:*:*:*:*:*:*:*" + ], + "purl": "pkg:alpine/alpine-keys@2.4-r1?arch=x86_64&upstream=alpine-keys&distro=alpine-3.16.3", + "metadataType": "ApkMetadata", + "metadata": { + "package": "alpine-keys", + "originPackage": "alpine-keys", + "maintainer": "Natanael Copa ", + "version": "2.4-r1", + "license": "MIT", + "architecture": "x86_64", + "url": "https://alpinelinux.org", + "description": "Public keys for Alpine Linux packages", + "size": 13359, + "installedSize": 159744, + "pullDependencies": [], + "provides": [], + "pullChecksum": "Q1FBfIjtsEmvuqoNXpShXDcm/mjzE=", + "gitCommitOfApkPort": "aab68f8c9ab434a46710de8e12fb3206e2930a59", + "files": [ + { + "path": "/etc" + }, + { + "path": "/etc/apk" + }, + { + "path": "/etc/apk/keys" + }, + { + "path": "/etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1OvCFSO94z97c80mIDCxqGkh2Og4=" + } + }, + { + "path": "/etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1v7YWZYzAWoclaLDI45jEguI7YN0=" + } + }, + { + "path": "/etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1NnGuDsdQOx4ZNYfB3N97eLyGPkI=" + } + }, + { + "path": "/etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1lZlTESNrelWTNkL/oQzmAU8a99A=" + } + }, + { + "path": "/etc/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1WNW6Sy87HpJ3IdemQy8pju33Kms=" + } + }, + { + "path": "/usr" + }, + { + "path": "/usr/share" + }, + { + "path": "/usr/share/apk" + }, + { + "path": "/usr/share/apk/keys" + }, + { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1OvCFSO94z97c80mIDCxqGkh2Og4=" + } + }, + { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1v7YWZYzAWoclaLDI45jEguI7YN0=" + } + }, + { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1BTqS+H/UUyhQuzHwiBl47+BTKuU=" + } + }, + { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1NnGuDsdQOx4ZNYfB3N97eLyGPkI=" + } + }, + { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1Oaxdcsa6AYoPdLi0U4lO3J2we18=" + } + }, + { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1yPq+su65ksNox3uXB+DR7P18+QU=" + } + }, + { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1MpZDNX0LeLHvSOwVUyXiXx11NN0=" + } + }, + { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1glCQ/eJbvA5xqcswdjFrWv5Fnk0=" + } + }, + { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1XUdDEoNTtjlvrS+iunk6ziFgIpU=" + } + }, + { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1lZlTESNrelWTNkL/oQzmAU8a99A=" + } + }, + { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1WNW6Sy87HpJ3IdemQy8pju33Kms=" + } + }, + { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1I9Dy6hryacL2YWXg+KlE6WvwEd4=" + } + }, + { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1NSnsgmcMbU4g7j5JaNs0tVHpHVA=" + } + }, + { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1VaMBBk4Rxv6boPLKF+I085Q8y2E=" + } + }, + { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q13hJBMHAUquPbp5jpAPFjQI2Y1vQ=" + } + }, + { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1V/a5P9pKRJb6tihE3e8O6xaPgLU=" + } + }, + { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q13wLJrcKQajql5a1p9Q45U+ZXENA=" + } + }, + { + "path": "/usr/share/apk/keys/aarch64" + }, + { + "path": "/usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "777", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q17j9nWJkQ+wfIuVQzIFrmFZ7fSOc=" + } + }, + { + "path": "/usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "777", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1snr+Q1UbfHyCr/cmmtVvMIS7SGs=" + } + }, + { + "path": "/usr/share/apk/keys/armhf" + }, + { + "path": "/usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "777", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1U9QtsdN+rYZ9Zh76EfXy00JZHMg=" + } + }, + { + "path": "/usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "777", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1bC+AdQ0qWBTmefXiI0PvmYOJoVQ=" + } + }, + { + "path": "/usr/share/apk/keys/armv7" + }, + { + "path": "/usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "777", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1U9QtsdN+rYZ9Zh76EfXy00JZHMg=" + } + }, + { + "path": "/usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "777", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1xbIVu7ScwqGHxXGwI22aSe5OdUY=" + } + }, + { + "path": "/usr/share/apk/keys/mips64" + }, + { + "path": "/usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "777", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1hCZdFx+LvzbLtPs753je78gEEBQ=" + } + }, + { + "path": "/usr/share/apk/keys/ppc64le" + }, + { + "path": "/usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "777", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1t21dhCLbTJmAHXSCeOMq/2vfSgo=" + } + }, + { + "path": "/usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "777", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1PS9zNIPJanC8qcsc5qarEWqhV5Q=" + } + }, + { + "path": "/usr/share/apk/keys/riscv64" + }, + { + "path": "/usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "777", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1NVPbZavaXpsItFwQYDWbpor7yYE=" + } + }, + { + "path": "/usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "777", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1U6tfuKRy5J8C6iaKPMZaT/e8tbA=" + } + }, + { + "path": "/usr/share/apk/keys/s390x" + }, + { + "path": "/usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "777", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1sjbV2r2w0Ih2vwdzC4Jq6UI7cMQ=" + } + }, + { + "path": "/usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "777", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1l09xa7RnbOIC1dI9FqbaCfS/GXY=" + } + }, + { + "path": "/usr/share/apk/keys/x86" + }, + { + "path": "/usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "777", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1Ii51i7Nrc4uft14HhqugaUqdH64=" + } + }, + { + "path": "/usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "777", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1Y49eVxhpvftbQ3yAdvlLfcrPLTU=" + } + }, + { + "path": "/usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "777", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1HjdvcVkpBZzr1aSe3p7oQfAtm/E=" + } + }, + { + "path": "/usr/share/apk/keys/x86_64" + }, + { + "path": "/usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "777", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1Ii51i7Nrc4uft14HhqugaUqdH64=" + } + }, + { + "path": "/usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "777", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1AUFY+fwSBTcrYetjT7NHvafrSQc=" + } + }, + { + "path": "/usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "777", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1qKA23VzMUDle+Dqnrr5Kz+Xvty4=" + } + } + ] + } + }, + { + "id": "42d502b764a37310", + "name": "apk-tools", + "version": "2.12.9-r3", + "type": "apk", + "foundBy": "apkdb-cataloger", + "locations": [ + { + "path": "/lib/apk/db/installed", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + ], + "licenses": [ + "GPL-2.0-only" + ], + "language": "", + "cpes": [ + "cpe:2.3:a:apk-tools:apk-tools:2.12.9-r3:*:*:*:*:*:*:*", + "cpe:2.3:a:apk-tools:apk_tools:2.12.9-r3:*:*:*:*:*:*:*", + "cpe:2.3:a:apk_tools:apk-tools:2.12.9-r3:*:*:*:*:*:*:*", + "cpe:2.3:a:apk_tools:apk_tools:2.12.9-r3:*:*:*:*:*:*:*", + "cpe:2.3:a:apk:apk-tools:2.12.9-r3:*:*:*:*:*:*:*", + "cpe:2.3:a:apk:apk_tools:2.12.9-r3:*:*:*:*:*:*:*" + ], + "purl": "pkg:alpine/apk-tools@2.12.9-r3?arch=x86_64&upstream=apk-tools&distro=alpine-3.16.3", + "metadataType": "ApkMetadata", + "metadata": { + "package": "apk-tools", + "originPackage": "apk-tools", + "maintainer": "Natanael Copa ", + "version": "2.12.9-r3", + "license": "GPL-2.0-only", + "architecture": "x86_64", + "url": "https://gitlab.alpinelinux.org/alpine/apk-tools", + "description": "Alpine Package Keeper - package manager for alpine", + "size": 120745, + "installedSize": 307200, + "pullDependencies": [ + "musl>=1.2", + "ca-certificates-bundle", + "so:libc.musl-x86_64.so.1", + "so:libcrypto.so.1.1", + "so:libssl.so.1.1", + "so:libz.so.1" + ], + "provides": [ + "so:libapk.so.3.12.0=3.12.0", + "cmd:apk=2.12.9-r3" + ], + "pullChecksum": "Q1VFFFWMKjB9aRkehIATc5kwgAhlU=", + "gitCommitOfApkPort": "34d90ac8388e88126893f5d27ea35d304e65e5ab", + "files": [ + { + "path": "/etc" + }, + { + "path": "/etc/apk" + }, + { + "path": "/etc/apk/keys" + }, + { + "path": "/etc/apk/protected_paths.d" + }, + { + "path": "/lib" + }, + { + "path": "/lib/libapk.so.3.12.0", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "755", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1kVeagJvcGMIKp8ijGOxaZD08ONs=" + } + }, + { + "path": "/sbin" + }, + { + "path": "/sbin/apk", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "755", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1P1oUBG/VMMhnndf2fBXsZXBjHVE=" + } + }, + { + "path": "/var" + }, + { + "path": "/var/cache" + }, + { + "path": "/var/cache/misc" + }, + { + "path": "/var/lib" + }, + { + "path": "/var/lib/apk" + } + ] + } + }, + { + "id": "4b48ef6f6b983526", + "name": "busybox", + "version": "1.35.0-r17", + "type": "apk", + "foundBy": "apkdb-cataloger", + "locations": [ + { + "path": "/lib/apk/db/installed", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + ], + "licenses": [ + "GPL-2.0-only" + ], + "language": "", + "cpes": [ + "cpe:2.3:a:busybox:busybox:1.35.0-r17:*:*:*:*:*:*:*" + ], + "purl": "pkg:alpine/busybox@1.35.0-r17?arch=x86_64&upstream=busybox&distro=alpine-3.16.3", + "metadataType": "ApkMetadata", + "metadata": { + "package": "busybox", + "originPackage": "busybox", + "maintainer": "Sören Tempel ", + "version": "1.35.0-r17", + "license": "GPL-2.0-only", + "architecture": "x86_64", + "url": "https://busybox.net/", + "description": "Size optimized toolbox of many common UNIX utilities", + "size": 507831, + "installedSize": 962560, + "pullDependencies": [ + "so:libc.musl-x86_64.so.1" + ], + "provides": [ + "/bin/sh", + "cmd:busybox=1.35.0-r17", + "cmd:sh=1.35.0-r17" + ], + "pullChecksum": "Q1iZ+C2JJdBlm2KKtAOkSkM7zZegY=", + "gitCommitOfApkPort": "2bf6ec48e526113f87216683cd341a78af5f0b3f", + "files": [ + { + "path": "/bin" + }, + { + "path": "/bin/busybox", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "755", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1WUwBY0eOGgzgVxTZxJBZPyQUicI=" + } + }, + { + "path": "/bin/sh", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "777", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1pcfTfDNEbNKQc2s1tia7da05M8Q=" + } + }, + { + "path": "/etc" + }, + { + "path": "/etc/securetty", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1mB95Hq2NUTZ599RDiSsj9w5FrOU=" + } + }, + { + "path": "/etc/udhcpd.conf", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1EgLFjj67ou3eMqp4m3r2ZjnQ7QU=" + } + }, + { + "path": "/etc/logrotate.d" + }, + { + "path": "/etc/logrotate.d/acpid", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1TylyCINVmnS+A/Tead4vZhE7Bks=" + } + }, + { + "path": "/etc/network" + }, + { + "path": "/etc/network/if-down.d" + }, + { + "path": "/etc/network/if-post-down.d" + }, + { + "path": "/etc/network/if-post-up.d" + }, + { + "path": "/etc/network/if-pre-down.d" + }, + { + "path": "/etc/network/if-pre-up.d" + }, + { + "path": "/etc/network/if-up.d" + }, + { + "path": "/etc/network/if-up.d/dad", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "775", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1ORf+lPRKuYgdkBBcKoevR1t60Q4=" + } + }, + { + "path": "/sbin" + }, + { + "path": "/tmp", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "1777" + }, + { + "path": "/usr" + }, + { + "path": "/usr/sbin" + }, + { + "path": "/usr/share" + }, + { + "path": "/usr/share/udhcpc" + }, + { + "path": "/usr/share/udhcpc/default.script", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "755", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1t9vir/ZrX3nbSIYT9BDLWZenkVQ=" + } + }, + { + "path": "/var" + }, + { + "path": "/var/cache" + }, + { + "path": "/var/cache/misc" + }, + { + "path": "/var/lib" + }, + { + "path": "/var/lib/udhcpd" + } + ] + } + }, + { + "id": "30622a1848b22bca", + "name": "ca-certificates-bundle", + "version": "20220614-r0", + "type": "apk", + "foundBy": "apkdb-cataloger", + "locations": [ + { + "path": "/lib/apk/db/installed", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + ], + "licenses": [ + "MPL-2.0", + "AND", + "MIT" + ], + "language": "", + "cpes": [ + "cpe:2.3:a:ca-certificates-bundle:ca-certificates-bundle:20220614-r0:*:*:*:*:*:*:*", + "cpe:2.3:a:ca-certificates-bundle:ca_certificates_bundle:20220614-r0:*:*:*:*:*:*:*", + "cpe:2.3:a:ca_certificates_bundle:ca-certificates-bundle:20220614-r0:*:*:*:*:*:*:*", + "cpe:2.3:a:ca_certificates_bundle:ca_certificates_bundle:20220614-r0:*:*:*:*:*:*:*", + "cpe:2.3:a:ca-certificates:ca-certificates-bundle:20220614-r0:*:*:*:*:*:*:*", + "cpe:2.3:a:ca-certificates:ca_certificates_bundle:20220614-r0:*:*:*:*:*:*:*", + "cpe:2.3:a:ca_certificates:ca-certificates-bundle:20220614-r0:*:*:*:*:*:*:*", + "cpe:2.3:a:ca_certificates:ca_certificates_bundle:20220614-r0:*:*:*:*:*:*:*", + "cpe:2.3:a:ca:ca-certificates-bundle:20220614-r0:*:*:*:*:*:*:*", + "cpe:2.3:a:ca:ca_certificates_bundle:20220614-r0:*:*:*:*:*:*:*" + ], + "purl": "pkg:alpine/ca-certificates-bundle@20220614-r0?arch=x86_64&upstream=ca-certificates&distro=alpine-3.16.3", + "metadataType": "ApkMetadata", + "metadata": { + "package": "ca-certificates-bundle", + "originPackage": "ca-certificates", + "maintainer": "Natanael Copa ", + "version": "20220614-r0", + "license": "MPL-2.0 AND MIT", + "architecture": "x86_64", + "url": "https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/", + "description": "Pre generated bundle of Mozilla certificates", + "size": 125920, + "installedSize": 233472, + "pullDependencies": [], + "provides": [ + "ca-certificates-cacert=20220614-r0" + ], + "pullChecksum": "Q1huqjigIP7ZNHBueDUmNnT6PpToI=", + "gitCommitOfApkPort": "bb51fa7743320ac61f76e181cca84daa9977573e", + "files": [ + { + "path": "/etc" + }, + { + "path": "/etc/ssl" + }, + { + "path": "/etc/ssl/cert.pem", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "777", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1Nj6gTBdkZpTFW/obJGdpfvK0StA=" + } + }, + { + "path": "/etc/ssl/certs" + }, + { + "path": "/etc/ssl/certs/ca-certificates.crt", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1D8ljYj7pXsRq4d/eHGNYB0GY1+I=" + } + } + ] + } + }, + { + "id": "2abd3b45f6fa4702", + "name": "libc-utils", + "version": "0.7.2-r3", + "type": "apk", + "foundBy": "apkdb-cataloger", + "locations": [ + { + "path": "/lib/apk/db/installed", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + ], + "licenses": [ + "BSD-2-Clause", + "AND", + "BSD-3-Clause" + ], + "language": "", + "cpes": [ + "cpe:2.3:a:libc-utils:libc-utils:0.7.2-r3:*:*:*:*:*:*:*", + "cpe:2.3:a:libc-utils:libc_utils:0.7.2-r3:*:*:*:*:*:*:*", + "cpe:2.3:a:libc_utils:libc-utils:0.7.2-r3:*:*:*:*:*:*:*", + "cpe:2.3:a:libc_utils:libc_utils:0.7.2-r3:*:*:*:*:*:*:*", + "cpe:2.3:a:libc:libc-utils:0.7.2-r3:*:*:*:*:*:*:*", + "cpe:2.3:a:libc:libc_utils:0.7.2-r3:*:*:*:*:*:*:*" + ], + "purl": "pkg:alpine/libc-utils@0.7.2-r3?arch=x86_64&upstream=libc-dev&distro=alpine-3.16.3", + "metadataType": "ApkMetadata", + "metadata": { + "package": "libc-utils", + "originPackage": "libc-dev", + "maintainer": "Natanael Copa ", + "version": "0.7.2-r3", + "license": "BSD-2-Clause AND BSD-3-Clause", + "architecture": "x86_64", + "url": "https://alpinelinux.org", + "description": "Meta package to pull in correct libc", + "size": 1480, + "installedSize": 4096, + "pullDependencies": [ + "musl-utils" + ], + "provides": [], + "pullChecksum": "Q1O4GFJRvHz95tPjO84qpEvkNVwDw=", + "gitCommitOfApkPort": "60424133be2e79bbfeff3d58147a22886f817ce2", + "files": [] + } + }, + { + "id": "8184c2647c8f0bf1", + "name": "libcrypto1.1", + "version": "1.1.1s-r0", + "type": "apk", + "foundBy": "apkdb-cataloger", + "locations": [ + { + "path": "/lib/apk/db/installed", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + ], + "licenses": [ + "OpenSSL" + ], + "language": "", + "cpes": [ + "cpe:2.3:a:libcrypto1.1:libcrypto1.1:1.1.1s-r0:*:*:*:*:*:*:*" + ], + "purl": "pkg:alpine/libcrypto1.1@1.1.1s-r0?arch=x86_64&upstream=openssl&distro=alpine-3.16.3", + "metadataType": "ApkMetadata", + "metadata": { + "package": "libcrypto1.1", + "originPackage": "openssl", + "maintainer": "Timo Teras ", + "version": "1.1.1s-r0", + "license": "OpenSSL", + "architecture": "x86_64", + "url": "https://www.openssl.org/", + "description": "Crypto library from openssl", + "size": 1212869, + "installedSize": 2772992, + "pullDependencies": [ + "so:libc.musl-x86_64.so.1" + ], + "provides": [ + "so:libcrypto.so.1.1=1.1" + ], + "pullChecksum": "Q1sntUdrpKbXw81vASa482yLXNEp8=", + "gitCommitOfApkPort": "46b66114372a5b408ec19d3a0a0faf4aa111a36f", + "files": [ + { + "path": "/etc" + }, + { + "path": "/etc/ssl" + }, + { + "path": "/etc/ssl/ct_log_list.cnf", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1olh8TpdAi2QnTl4FK3TjdUiSwTo=" + } + }, + { + "path": "/etc/ssl/ct_log_list.cnf.dist", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1olh8TpdAi2QnTl4FK3TjdUiSwTo=" + } + }, + { + "path": "/etc/ssl/openssl.cnf", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1wGuxVEOK9iGLj1i8D3BSBnT7MJA=" + } + }, + { + "path": "/etc/ssl/openssl.cnf.dist", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1wGuxVEOK9iGLj1i8D3BSBnT7MJA=" + } + }, + { + "path": "/etc/ssl/certs" + }, + { + "path": "/etc/ssl/misc" + }, + { + "path": "/etc/ssl/misc/CA.pl", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "755", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1IACevKhK93GYBHp96Ie26jgZ17s=" + } + }, + { + "path": "/etc/ssl/misc/tsget", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "777", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q13NVgfr7dQUuGYxur0tNalH6EIjU=" + } + }, + { + "path": "/etc/ssl/misc/tsget.pl", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "755", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1B4a6x5Xv8BnIXP9fafuqopvrtD0=" + } + }, + { + "path": "/etc/ssl/private" + }, + { + "path": "/lib" + }, + { + "path": "/lib/libcrypto.so.1.1", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "755", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1lYfJOxQT2Pc/ktEQt5eG4f3FLGQ=" + } + }, + { + "path": "/usr" + }, + { + "path": "/usr/lib" + }, + { + "path": "/usr/lib/libcrypto.so.1.1", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "777", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1T2si+c7ts7sgDxQYve4B3i1Dgo0=" + } + }, + { + "path": "/usr/lib/engines-1.1" + }, + { + "path": "/usr/lib/engines-1.1/afalg.so", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "755", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q11UvSn9HY0EtbzWGYm8LNatQrK/Y=" + } + }, + { + "path": "/usr/lib/engines-1.1/capi.so", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "755", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1Z+cQuXE87JZm1iQYBohJtw6fjbs=" + } + }, + { + "path": "/usr/lib/engines-1.1/padlock.so", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "755", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1ojt69UgLTXJSYj4gNJH/AMTeUQ8=" + } + } + ] + } + }, + { + "id": "1455a8342bbb31ff", + "name": "libssl1.1", + "version": "1.1.1s-r0", + "type": "apk", + "foundBy": "apkdb-cataloger", + "locations": [ + { + "path": "/lib/apk/db/installed", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + ], + "licenses": [ + "OpenSSL" + ], + "language": "", + "cpes": [ + "cpe:2.3:a:libssl1.1:libssl1.1:1.1.1s-r0:*:*:*:*:*:*:*" + ], + "purl": "pkg:alpine/libssl1.1@1.1.1s-r0?arch=x86_64&upstream=openssl&distro=alpine-3.16.3", + "metadataType": "ApkMetadata", + "metadata": { + "package": "libssl1.1", + "originPackage": "openssl", + "maintainer": "Timo Teras ", + "version": "1.1.1s-r0", + "license": "OpenSSL", + "architecture": "x86_64", + "url": "https://www.openssl.org/", + "description": "SSL shared libraries", + "size": 213470, + "installedSize": 540672, + "pullDependencies": [ + "so:libc.musl-x86_64.so.1", + "so:libcrypto.so.1.1" + ], + "provides": [ + "so:libssl.so.1.1=1.1" + ], + "pullChecksum": "Q1dA1xCFDqKI3z/84yu4S77VxAU6g=", + "gitCommitOfApkPort": "46b66114372a5b408ec19d3a0a0faf4aa111a36f", + "files": [ + { + "path": "/lib" + }, + { + "path": "/lib/libssl.so.1.1", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "755", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q18j7n4cIb/ge1J3ty4Y8OtFzxGJ0=" + } + }, + { + "path": "/usr" + }, + { + "path": "/usr/lib" + }, + { + "path": "/usr/lib/libssl.so.1.1", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "777", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q18j35pe3yp6HOgMih1wlGP1/mm2c=" + } + } + ] + } + }, + { + "id": "64efc8a629f13d02", + "name": "musl", + "version": "1.2.3-r1", + "type": "apk", + "foundBy": "apkdb-cataloger", + "locations": [ + { + "path": "/lib/apk/db/installed", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + ], + "licenses": [ + "MIT" + ], + "language": "", + "cpes": [ + "cpe:2.3:a:musl:musl:1.2.3-r1:*:*:*:*:*:*:*" + ], + "purl": "pkg:alpine/musl@1.2.3-r1?arch=x86_64&upstream=musl&distro=alpine-3.16.3", + "metadataType": "ApkMetadata", + "metadata": { + "package": "musl", + "originPackage": "musl", + "maintainer": "Timo Teräs ", + "version": "1.2.3-r1", + "license": "MIT", + "architecture": "x86_64", + "url": "https://musl.libc.org/", + "description": "the musl c library (libc) implementation", + "size": 383459, + "installedSize": 622592, + "pullDependencies": [], + "provides": [ + "so:libc.musl-x86_64.so.1=1" + ], + "pullChecksum": "Q14QhfC7ADTZ++cSoCC18jO47qnhQ=", + "gitCommitOfApkPort": "6711e7bdc190b184ec2db78d8ab5ebf06917ae78", + "files": [ + { + "path": "/lib" + }, + { + "path": "/lib/ld-musl-x86_64.so.1", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "755", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1qyxQz8gx3d2xv+3X9qfj8jvK/Y0=" + } + }, + { + "path": "/lib/libc.musl-x86_64.so.1", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "777", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q17yJ3JFNypA4mxhJJr0ou6CzsJVI=" + } + } + ] + } + }, + { + "id": "716efe160a925698", + "name": "musl-utils", + "version": "1.2.3-r1", + "type": "apk", + "foundBy": "apkdb-cataloger", + "locations": [ + { + "path": "/lib/apk/db/installed", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + ], + "licenses": [ + "MIT", + "BSD", + "GPL2+" + ], + "language": "", + "cpes": [ + "cpe:2.3:a:musl-utils:musl-utils:1.2.3-r1:*:*:*:*:*:*:*", + "cpe:2.3:a:musl-utils:musl_utils:1.2.3-r1:*:*:*:*:*:*:*", + "cpe:2.3:a:musl_utils:musl-utils:1.2.3-r1:*:*:*:*:*:*:*", + "cpe:2.3:a:musl_utils:musl_utils:1.2.3-r1:*:*:*:*:*:*:*", + "cpe:2.3:a:musl:musl-utils:1.2.3-r1:*:*:*:*:*:*:*", + "cpe:2.3:a:musl:musl_utils:1.2.3-r1:*:*:*:*:*:*:*" + ], + "purl": "pkg:alpine/musl-utils@1.2.3-r1?arch=x86_64&upstream=musl&distro=alpine-3.16.3", + "metadataType": "ApkMetadata", + "metadata": { + "package": "musl-utils", + "originPackage": "musl", + "maintainer": "Timo Teräs ", + "version": "1.2.3-r1", + "license": "MIT BSD GPL2+", + "architecture": "x86_64", + "url": "https://musl.libc.org/", + "description": "the musl c library (libc) implementation", + "size": 36959, + "installedSize": 135168, + "pullDependencies": [ + "scanelf", + "so:libc.musl-x86_64.so.1" + ], + "provides": [ + "cmd:getconf=1.2.3-r1", + "cmd:getent=1.2.3-r1", + "cmd:iconv=1.2.3-r1", + "cmd:ldconfig=1.2.3-r1", + "cmd:ldd=1.2.3-r1" + ], + "pullChecksum": "Q1Avw82bzBMrlEuyKE1i1UEPK0V2Q=", + "gitCommitOfApkPort": "6711e7bdc190b184ec2db78d8ab5ebf06917ae78", + "files": [ + { + "path": "/sbin" + }, + { + "path": "/sbin/ldconfig", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "755", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1Kja2+POZKxEkUOZqwSjC6kmaED4=" + } + }, + { + "path": "/usr" + }, + { + "path": "/usr/bin" + }, + { + "path": "/usr/bin/getconf", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "755", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1vGW6zqxwLuUVOBx6Uzf8N/hproQ=" + } + }, + { + "path": "/usr/bin/getent", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "755", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1zszN2Pw+TEbY4SmfOguLKmmIazA=" + } + }, + { + "path": "/usr/bin/iconv", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "755", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1UrvY/MROqlTgaScif5n9GLw9Rt8=" + } + }, + { + "path": "/usr/bin/ldd", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "755", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1yFAhGggmL7ERgbIA7KQxyTzf3ks=" + } + } + ] + } + }, + { + "id": "206fdb47b3e980eb", + "name": "scanelf", + "version": "1.3.4-r0", + "type": "apk", + "foundBy": "apkdb-cataloger", + "locations": [ + { + "path": "/lib/apk/db/installed", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + ], + "licenses": [ + "GPL-2.0-only" + ], + "language": "", + "cpes": [ + "cpe:2.3:a:scanelf:scanelf:1.3.4-r0:*:*:*:*:*:*:*" + ], + "purl": "pkg:alpine/scanelf@1.3.4-r0?arch=x86_64&upstream=pax-utils&distro=alpine-3.16.3", + "metadataType": "ApkMetadata", + "metadata": { + "package": "scanelf", + "originPackage": "pax-utils", + "maintainer": "Natanael Copa ", + "version": "1.3.4-r0", + "license": "GPL-2.0-only", + "architecture": "x86_64", + "url": "https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities", + "description": "Scan ELF binaries for stuff", + "size": 36745, + "installedSize": 94208, + "pullDependencies": [ + "so:libc.musl-x86_64.so.1" + ], + "provides": [ + "cmd:scanelf=1.3.4-r0" + ], + "pullChecksum": "Q1Gcqe+ND8DFOlhM3R0o5KyZjR2oE=", + "gitCommitOfApkPort": "d7ae612a3cc5f827289d915783b4cbf8c7207947", + "files": [ + { + "path": "/usr" + }, + { + "path": "/usr/bin" + }, + { + "path": "/usr/bin/scanelf", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "755", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1YPb72qHJJvTH6mJkN9DuExFQQh8=" + } + } + ] + } + }, + { + "id": "674d1e2fba4d633a", + "name": "ssl_client", + "version": "1.35.0-r17", + "type": "apk", + "foundBy": "apkdb-cataloger", + "locations": [ + { + "path": "/lib/apk/db/installed", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + ], + "licenses": [ + "GPL-2.0-only" + ], + "language": "", + "cpes": [ + "cpe:2.3:a:ssl-client:ssl-client:1.35.0-r17:*:*:*:*:*:*:*", + "cpe:2.3:a:ssl-client:ssl_client:1.35.0-r17:*:*:*:*:*:*:*", + "cpe:2.3:a:ssl_client:ssl-client:1.35.0-r17:*:*:*:*:*:*:*", + "cpe:2.3:a:ssl_client:ssl_client:1.35.0-r17:*:*:*:*:*:*:*", + "cpe:2.3:a:ssl:ssl-client:1.35.0-r17:*:*:*:*:*:*:*", + "cpe:2.3:a:ssl:ssl_client:1.35.0-r17:*:*:*:*:*:*:*" + ], + "purl": "pkg:alpine/ssl_client@1.35.0-r17?arch=x86_64&upstream=busybox&distro=alpine-3.16.3", + "metadataType": "ApkMetadata", + "metadata": { + "package": "ssl_client", + "originPackage": "busybox", + "maintainer": "Sören Tempel ", + "version": "1.35.0-r17", + "license": "GPL-2.0-only", + "architecture": "x86_64", + "url": "https://busybox.net/", + "description": "EXternal ssl_client for busybox wget", + "size": 5004, + "installedSize": 28672, + "pullDependencies": [ + "so:libc.musl-x86_64.so.1", + "so:libcrypto.so.1.1", + "so:libssl.so.1.1" + ], + "provides": [ + "cmd:ssl_client=1.35.0-r17" + ], + "pullChecksum": "Q1KWJXawaNPiINHfdzCg/FrEmiAaU=", + "gitCommitOfApkPort": "2bf6ec48e526113f87216683cd341a78af5f0b3f", + "files": [ + { + "path": "/usr" + }, + { + "path": "/usr/bin" + }, + { + "path": "/usr/bin/ssl_client", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "755", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1C6qA8RFt5eagesbaqu4plc6Ctyc=" + } + } + ] + } + }, + { + "id": "75f0d92f695b4303", + "name": "zlib", + "version": "1.2.12-r3", + "type": "apk", + "foundBy": "apkdb-cataloger", + "locations": [ + { + "path": "/lib/apk/db/installed", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + ], + "licenses": [ + "Zlib" + ], + "language": "", + "cpes": [ + "cpe:2.3:a:zlib:zlib:1.2.12-r3:*:*:*:*:*:*:*" + ], + "purl": "pkg:alpine/zlib@1.2.12-r3?arch=x86_64&upstream=zlib&distro=alpine-3.16.3", + "metadataType": "ApkMetadata", + "metadata": { + "package": "zlib", + "originPackage": "zlib", + "maintainer": "Natanael Copa ", + "version": "1.2.12-r3", + "license": "Zlib", + "architecture": "x86_64", + "url": "https://zlib.net/", + "description": "A compression/decompression Library", + "size": 53346, + "installedSize": 110592, + "pullDependencies": [ + "so:libc.musl-x86_64.so.1" + ], + "provides": [ + "so:libz.so.1=1.2.12" + ], + "pullChecksum": "Q1Ekuqm/0CPywDCKEbEwhsPCw+z9E=", + "gitCommitOfApkPort": "57ce38bde7ce42964b664c137935cf2de803ac44", + "files": [ + { + "path": "/lib" + }, + { + "path": "/lib/libz.so.1", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "777", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1+aBjyJ7dmLatVkyqCNnAChlDZh8=" + } + }, + { + "path": "/lib/libz.so.1.2.12", + "ownerUid": "0", + "ownerGid": "0", + "permissions": "755", + "digest": { + "algorithm": "'Q1'+base64(sha1)", + "value": "Q1x/qx/7zlM20k7fLfVee7A4WLOC8=" + } + } + ] + } + } + ], + "artifactRelationships": [ + { + "parent": "1455a8342bbb31ff", + "child": "42d502b764a37310", + "type": "dependency-of" + }, + { + "parent": "1455a8342bbb31ff", + "child": "674d1e2fba4d633a", + "type": "dependency-of" + }, + { + "parent": "1455a8342bbb31ff", + "child": "bf6955e2941356b2", + "type": "contains" + }, + { + "parent": "206fdb47b3e980eb", + "child": "716efe160a925698", + "type": "dependency-of" + }, + { + "parent": "206fdb47b3e980eb", + "child": "ae378054cbd7ef90", + "type": "contains" + }, + { + "parent": "30622a1848b22bca", + "child": "42d502b764a37310", + "type": "dependency-of" + }, + { + "parent": "30622a1848b22bca", + "child": "f2d3dfa05f2554a0", + "type": "contains" + }, + { + "parent": "42d502b764a37310", + "child": "6a92934c972808b8", + "type": "contains" + }, + { + "parent": "42d502b764a37310", + "child": "b04bc3289bb54853", + "type": "contains" + }, + { + "parent": "4b48ef6f6b983526", + "child": "231e2b9b768a1fff", + "type": "contains" + }, + { + "parent": "4b48ef6f6b983526", + "child": "51a0badf3b704202", + "type": "contains" + }, + { + "parent": "4b48ef6f6b983526", + "child": "61eac5ce8105d394", + "type": "dependency-of" + }, + { + "parent": "4b48ef6f6b983526", + "child": "78bf055cad090d65", + "type": "contains" + }, + { + "parent": "4b48ef6f6b983526", + "child": "7b5d21b40bc7eee7", + "type": "contains" + }, + { + "parent": "4b48ef6f6b983526", + "child": "91817eca9cc4b5de", + "type": "contains" + }, + { + "parent": "4b48ef6f6b983526", + "child": "a2c9b7dd9588eed5", + "type": "contains" + }, + { + "parent": "61eac5ce8105d394", + "child": "2a20bd42108d699a", + "type": "contains" + }, + { + "parent": "61eac5ce8105d394", + "child": "3617fb189dce6482", + "type": "contains" + }, + { + "parent": "61eac5ce8105d394", + "child": "3b5675f91b90110", + "type": "contains" + }, + { + "parent": "61eac5ce8105d394", + "child": "6407d5cf424b18ad", + "type": "contains" + }, + { + "parent": "61eac5ce8105d394", + "child": "7e87ca025472176a", + "type": "contains" + }, + { + "parent": "61eac5ce8105d394", + "child": "84e95c181a3977e9", + "type": "contains" + }, + { + "parent": "61eac5ce8105d394", + "child": "9ce07ed49f8fb925", + "type": "contains" + }, + { + "parent": "61eac5ce8105d394", + "child": "b83f6a50a3bd4519", + "type": "contains" + }, + { + "parent": "61eac5ce8105d394", + "child": "c7d306fe1c6785c7", + "type": "contains" + }, + { + "parent": "61eac5ce8105d394", + "child": "c82217b71778b876", + "type": "contains" + }, + { + "parent": "61eac5ce8105d394", + "child": "e6b17bb11a720679", + "type": "contains" + }, + { + "parent": "64efc8a629f13d02", + "child": "1455a8342bbb31ff", + "type": "dependency-of" + }, + { + "parent": "64efc8a629f13d02", + "child": "206fdb47b3e980eb", + "type": "dependency-of" + }, + { + "parent": "64efc8a629f13d02", + "child": "42d502b764a37310", + "type": "dependency-of" + }, + { + "parent": "64efc8a629f13d02", + "child": "42d502b764a37310", + "type": "dependency-of" + }, + { + "parent": "64efc8a629f13d02", + "child": "4b48ef6f6b983526", + "type": "dependency-of" + }, + { + "parent": "64efc8a629f13d02", + "child": "4c909bab2f47ab6", + "type": "contains" + }, + { + "parent": "64efc8a629f13d02", + "child": "61eac5ce8105d394", + "type": "dependency-of" + }, + { + "parent": "64efc8a629f13d02", + "child": "674d1e2fba4d633a", + "type": "dependency-of" + }, + { + "parent": "64efc8a629f13d02", + "child": "716efe160a925698", + "type": "dependency-of" + }, + { + "parent": "64efc8a629f13d02", + "child": "75f0d92f695b4303", + "type": "dependency-of" + }, + { + "parent": "64efc8a629f13d02", + "child": "8184c2647c8f0bf1", + "type": "dependency-of" + }, + { + "parent": "674d1e2fba4d633a", + "child": "dfa8a561b5b9eed", + "type": "contains" + }, + { + "parent": "6b7f97b22b59a2c6bc62354f00df8dcafb8a32716bc958a788a7004e0a391232", + "child": "1455a8342bbb31ff", + "type": "contains" + }, + { + "parent": "6b7f97b22b59a2c6bc62354f00df8dcafb8a32716bc958a788a7004e0a391232", + "child": "206fdb47b3e980eb", + "type": "contains" + }, + { + "parent": "6b7f97b22b59a2c6bc62354f00df8dcafb8a32716bc958a788a7004e0a391232", + "child": "2abd3b45f6fa4702", + "type": "contains" + }, + { + "parent": "6b7f97b22b59a2c6bc62354f00df8dcafb8a32716bc958a788a7004e0a391232", + "child": "30622a1848b22bca", + "type": "contains" + }, + { + "parent": "6b7f97b22b59a2c6bc62354f00df8dcafb8a32716bc958a788a7004e0a391232", + "child": "42d502b764a37310", + "type": "contains" + }, + { + "parent": "6b7f97b22b59a2c6bc62354f00df8dcafb8a32716bc958a788a7004e0a391232", + "child": "4b48ef6f6b983526", + "type": "contains" + }, + { + "parent": "6b7f97b22b59a2c6bc62354f00df8dcafb8a32716bc958a788a7004e0a391232", + "child": "61eac5ce8105d394", + "type": "contains" + }, + { + "parent": "6b7f97b22b59a2c6bc62354f00df8dcafb8a32716bc958a788a7004e0a391232", + "child": "64efc8a629f13d02", + "type": "contains" + }, + { + "parent": "6b7f97b22b59a2c6bc62354f00df8dcafb8a32716bc958a788a7004e0a391232", + "child": "674d1e2fba4d633a", + "type": "contains" + }, + { + "parent": "6b7f97b22b59a2c6bc62354f00df8dcafb8a32716bc958a788a7004e0a391232", + "child": "716efe160a925698", + "type": "contains" + }, + { + "parent": "6b7f97b22b59a2c6bc62354f00df8dcafb8a32716bc958a788a7004e0a391232", + "child": "75f0d92f695b4303", + "type": "contains" + }, + { + "parent": "6b7f97b22b59a2c6bc62354f00df8dcafb8a32716bc958a788a7004e0a391232", + "child": "8184c2647c8f0bf1", + "type": "contains" + }, + { + "parent": "6b7f97b22b59a2c6bc62354f00df8dcafb8a32716bc958a788a7004e0a391232", + "child": "82d183eb300978cc", + "type": "contains" + }, + { + "parent": "6b7f97b22b59a2c6bc62354f00df8dcafb8a32716bc958a788a7004e0a391232", + "child": "e8c6fcc3a282ed4f", + "type": "contains" + }, + { + "parent": "716efe160a925698", + "child": "1b47e047a7a2d57c", + "type": "contains" + }, + { + "parent": "716efe160a925698", + "child": "2abd3b45f6fa4702", + "type": "dependency-of" + }, + { + "parent": "716efe160a925698", + "child": "72d84b54cc507273", + "type": "contains" + }, + { + "parent": "716efe160a925698", + "child": "88f42084360d15dc", + "type": "contains" + }, + { + "parent": "716efe160a925698", + "child": "e0f2d4db60a9b798", + "type": "contains" + }, + { + "parent": "716efe160a925698", + "child": "e4f8a4c0b073c8bc", + "type": "contains" + }, + { + "parent": "75f0d92f695b4303", + "child": "42d502b764a37310", + "type": "dependency-of" + }, + { + "parent": "75f0d92f695b4303", + "child": "52dc0abd8e7f5999", + "type": "contains" + }, + { + "parent": "8184c2647c8f0bf1", + "child": "1455a8342bbb31ff", + "type": "dependency-of" + }, + { + "parent": "8184c2647c8f0bf1", + "child": "287e44a117aa6396", + "type": "contains" + }, + { + "parent": "8184c2647c8f0bf1", + "child": "2ea8f53adecae6f3", + "type": "contains" + }, + { + "parent": "8184c2647c8f0bf1", + "child": "34a945b6fcfc9394", + "type": "contains" + }, + { + "parent": "8184c2647c8f0bf1", + "child": "42d502b764a37310", + "type": "dependency-of" + }, + { + "parent": "8184c2647c8f0bf1", + "child": "461f2cb164a4d9de", + "type": "contains" + }, + { + "parent": "8184c2647c8f0bf1", + "child": "5217fc877d4a56a3", + "type": "contains" + }, + { + "parent": "8184c2647c8f0bf1", + "child": "5b247851eb9d9920", + "type": "contains" + }, + { + "parent": "8184c2647c8f0bf1", + "child": "629d9b60ae1d9e52", + "type": "contains" + }, + { + "parent": "8184c2647c8f0bf1", + "child": "674d1e2fba4d633a", + "type": "dependency-of" + }, + { + "parent": "8184c2647c8f0bf1", + "child": "7c76c319483f88f8", + "type": "contains" + }, + { + "parent": "8184c2647c8f0bf1", + "child": "80d54a8d1cb02a6b", + "type": "contains" + }, + { + "parent": "8184c2647c8f0bf1", + "child": "e90735c3db4c5cc", + "type": "contains" + }, + { + "parent": "82d183eb300978cc", + "child": "202110ab27dcf973", + "type": "contains" + }, + { + "parent": "82d183eb300978cc", + "child": "3078ae894cd9cfbd", + "type": "contains" + }, + { + "parent": "82d183eb300978cc", + "child": "387bdef96b1af6e4", + "type": "contains" + }, + { + "parent": "82d183eb300978cc", + "child": "388b915e3caf5f8b", + "type": "contains" + }, + { + "parent": "82d183eb300978cc", + "child": "3d8ddf18e3124850", + "type": "contains" + }, + { + "parent": "82d183eb300978cc", + "child": "44900ed9ce94fa9e", + "type": "contains" + }, + { + "parent": "82d183eb300978cc", + "child": "487fe69baafa2d7e", + "type": "contains" + }, + { + "parent": "82d183eb300978cc", + "child": "5353cb0dc92ea4b", + "type": "contains" + }, + { + "parent": "82d183eb300978cc", + "child": "55708c7a7e686d62", + "type": "contains" + }, + { + "parent": "82d183eb300978cc", + "child": "55e20144d113e62d", + "type": "contains" + }, + { + "parent": "82d183eb300978cc", + "child": "59a8217f4f6c22a1", + "type": "contains" + }, + { + "parent": "82d183eb300978cc", + "child": "68769d7fd3919789", + "type": "contains" + }, + { + "parent": "82d183eb300978cc", + "child": "6a0ff9781347bfd9", + "type": "contains" + }, + { + "parent": "82d183eb300978cc", + "child": "6fbe3c2a939ebbd2", + "type": "contains" + }, + { + "parent": "82d183eb300978cc", + "child": "7e6812fc46b6a77", + "type": "contains" + }, + { + "parent": "82d183eb300978cc", + "child": "983be5c7034a6165", + "type": "contains" + }, + { + "parent": "82d183eb300978cc", + "child": "a01e0e5b23c3173d", + "type": "contains" + }, + { + "parent": "82d183eb300978cc", + "child": "af97d47465df73a7", + "type": "contains" + }, + { + "parent": "82d183eb300978cc", + "child": "c4944df811809487", + "type": "contains" + }, + { + "parent": "82d183eb300978cc", + "child": "e041389ecc1c5526", + "type": "contains" + }, + { + "parent": "82d183eb300978cc", + "child": "f02ff58080ad2795", + "type": "contains" + }, + { + "parent": "82d183eb300978cc", + "child": "f7de852c28002fea", + "type": "contains" + }, + { + "parent": "e8c6fcc3a282ed4f", + "child": "33b11b3a2ec70e8f", + "type": "contains" + }, + { + "parent": "e8c6fcc3a282ed4f", + "child": "3426822570585ca6", + "type": "contains" + }, + { + "parent": "e8c6fcc3a282ed4f", + "child": "37f2712bfdc05029", + "type": "contains" + }, + { + "parent": "e8c6fcc3a282ed4f", + "child": "61eac5ce8105d394", + "type": "dependency-of" + }, + { + "parent": "e8c6fcc3a282ed4f", + "child": "65ba00203fcb00b7", + "type": "contains" + }, + { + "parent": "e8c6fcc3a282ed4f", + "child": "98d3eb523b0b443b", + "type": "contains" + }, + { + "parent": "e8c6fcc3a282ed4f", + "child": "98fd433dcbda9dd8", + "type": "contains" + }, + { + "parent": "e8c6fcc3a282ed4f", + "child": "aa75789d9e818133", + "type": "contains" + }, + { + "parent": "e8c6fcc3a282ed4f", + "child": "aebdc91357768244", + "type": "contains" + }, + { + "parent": "e8c6fcc3a282ed4f", + "child": "c7479ec33c892d37", + "type": "contains" + }, + { + "parent": "e8c6fcc3a282ed4f", + "child": "de09f2147681af25", + "type": "contains" + }, + { + "parent": "e8c6fcc3a282ed4f", + "child": "e1ce65f920562037", + "type": "contains" + }, + { + "parent": "e8c6fcc3a282ed4f", + "child": "f68970af52c912d3", + "type": "contains" + }, + { + "parent": "e8c6fcc3a282ed4f", + "child": "fc7c614fbff1fe93", + "type": "contains" + }, + { + "parent": "e8c6fcc3a282ed4f", + "child": "ff4dbb6e8f3bb698", + "type": "contains" + } + ], + "files": [ + { + "id": "51a0badf3b704202", + "location": { + "path": "/bin/busybox", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "983be5c7034a6165", + "location": { + "path": "/etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "3078ae894cd9cfbd", + "location": { + "path": "/etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "388b915e3caf5f8b", + "location": { + "path": "/etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "af97d47465df73a7", + "location": { + "path": "/etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "7e6812fc46b6a77", + "location": { + "path": "/etc/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "6407d5cf424b18ad", + "location": { + "path": "/etc/crontabs/root", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "33b11b3a2ec70e8f", + "location": { + "path": "/etc/fstab", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "3426822570585ca6", + "location": { + "path": "/etc/group", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "c7479ec33c892d37", + "location": { + "path": "/etc/hostname", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "f68970af52c912d3", + "location": { + "path": "/etc/hosts", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "65ba00203fcb00b7", + "location": { + "path": "/etc/inittab", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "91817eca9cc4b5de", + "location": { + "path": "/etc/logrotate.d/acpid", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "b83f6a50a3bd4519", + "location": { + "path": "/etc/modprobe.d/aliases.conf", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "c82217b71778b876", + "location": { + "path": "/etc/modprobe.d/blacklist.conf", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "9ce07ed49f8fb925", + "location": { + "path": "/etc/modprobe.d/i386.conf", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "3617fb189dce6482", + "location": { + "path": "/etc/modprobe.d/kms.conf", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "fc7c614fbff1fe93", + "location": { + "path": "/etc/modules", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "84e95c181a3977e9", + "location": { + "path": "/etc/motd", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "7b5d21b40bc7eee7", + "location": { + "path": "/etc/network/if-up.d/dad", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "37f2712bfdc05029", + "location": { + "path": "/etc/nsswitch.conf", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "e1ce65f920562037", + "location": { + "path": "/etc/passwd", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "de09f2147681af25", + "location": { + "path": "/etc/profile", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "e6b17bb11a720679", + "location": { + "path": "/etc/profile.d/README", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "2a20bd42108d699a", + "location": { + "path": "/etc/profile.d/color_prompt.sh.disabled", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "7e87ca025472176a", + "location": { + "path": "/etc/profile.d/locale.sh", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "ff4dbb6e8f3bb698", + "location": { + "path": "/etc/protocols", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "78bf055cad090d65", + "location": { + "path": "/etc/securetty", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "aa75789d9e818133", + "location": { + "path": "/etc/services", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "98fd433dcbda9dd8", + "location": { + "path": "/etc/shadow", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "98d3eb523b0b443b", + "location": { + "path": "/etc/shells", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "f2d3dfa05f2554a0", + "location": { + "path": "/etc/ssl/certs/ca-certificates.crt", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "461f2cb164a4d9de", + "location": { + "path": "/etc/ssl/ct_log_list.cnf", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "e90735c3db4c5cc", + "location": { + "path": "/etc/ssl/ct_log_list.cnf.dist", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "2ea8f53adecae6f3", + "location": { + "path": "/etc/ssl/misc/CA.pl", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "5b247851eb9d9920", + "location": { + "path": "/etc/ssl/misc/tsget.pl", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "629d9b60ae1d9e52", + "location": { + "path": "/etc/ssl/openssl.cnf", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "34a945b6fcfc9394", + "location": { + "path": "/etc/ssl/openssl.cnf.dist", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "aebdc91357768244", + "location": { + "path": "/etc/sysctl.conf", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "231e2b9b768a1fff", + "location": { + "path": "/etc/udhcpd.conf", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "4c909bab2f47ab6", + "location": { + "path": "/lib/ld-musl-x86_64.so.1", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "6a92934c972808b8", + "location": { + "path": "/lib/libapk.so.3.12.0", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "5217fc877d4a56a3", + "location": { + "path": "/lib/libcrypto.so.1.1", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "bf6955e2941356b2", + "location": { + "path": "/lib/libssl.so.1.1", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "52dc0abd8e7f5999", + "location": { + "path": "/lib/libz.so.1.2.12", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "c7d306fe1c6785c7", + "location": { + "path": "/lib/sysctl.d/00-alpine.conf", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "b04bc3289bb54853", + "location": { + "path": "/sbin/apk", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "e0f2d4db60a9b798", + "location": { + "path": "/sbin/ldconfig", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "3b5675f91b90110", + "location": { + "path": "/sbin/mkmntdirs", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "88f42084360d15dc", + "location": { + "path": "/usr/bin/getconf", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "72d84b54cc507273", + "location": { + "path": "/usr/bin/getent", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "e4f8a4c0b073c8bc", + "location": { + "path": "/usr/bin/iconv", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "1b47e047a7a2d57c", + "location": { + "path": "/usr/bin/ldd", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "ae378054cbd7ef90", + "location": { + "path": "/usr/bin/scanelf", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "dfa8a561b5b9eed", + "location": { + "path": "/usr/bin/ssl_client", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "287e44a117aa6396", + "location": { + "path": "/usr/lib/engines-1.1/afalg.so", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "80d54a8d1cb02a6b", + "location": { + "path": "/usr/lib/engines-1.1/capi.so", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "7c76c319483f88f8", + "location": { + "path": "/usr/lib/engines-1.1/padlock.so", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "487fe69baafa2d7e", + "location": { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "6fbe3c2a939ebbd2", + "location": { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "68769d7fd3919789", + "location": { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "387bdef96b1af6e4", + "location": { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "a01e0e5b23c3173d", + "location": { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "6a0ff9781347bfd9", + "location": { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "f7de852c28002fea", + "location": { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "c4944df811809487", + "location": { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "3d8ddf18e3124850", + "location": { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "e041389ecc1c5526", + "location": { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "202110ab27dcf973", + "location": { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "55708c7a7e686d62", + "location": { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "f02ff58080ad2795", + "location": { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "59a8217f4f6c22a1", + "location": { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "5353cb0dc92ea4b", + "location": { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "55e20144d113e62d", + "location": { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "44900ed9ce94fa9e", + "location": { + "path": "/usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + }, + { + "id": "a2c9b7dd9588eed5", + "location": { + "path": "/usr/share/udhcpc/default.script", + "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" + } + } + ], + "source": { + "id": "6b7f97b22b59a2c6bc62354f00df8dcafb8a32716bc958a788a7004e0a391232", + "type": "image", + "target": { + "userInput": "alpine@sha256:b95359c2505145f16c6aa384f9cc74eeff78eb36d308ca4fd902eeeb0a0b161b", + "imageID": "sha256:bfe296a525011f7eb76075d688c681ca4feaad5afe3b142b36e30f1a171dc99a", + "manifestDigest": "sha256:6b7f97b22b59a2c6bc62354f00df8dcafb8a32716bc958a788a7004e0a391232", + "mediaType": "application/vnd.docker.distribution.manifest.v2+json", + "tags": [ + "alpine:latest" + ], + "imageSize": 5539603, + "layers": [ + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "digest": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd", + "size": 5539603 + } + ], + "manifest": "eyJzY2hlbWFWZXJzaW9uIjoyLCJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiY29uZmlnIjp7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuY29udGFpbmVyLmltYWdlLnYxK2pzb24iLCJzaXplIjoxNDcxLCJkaWdlc3QiOiJzaGEyNTY6YmZlMjk2YTUyNTAxMWY3ZWI3NjA3NWQ2ODhjNjgxY2E0ZmVhYWQ1YWZlM2IxNDJiMzZlMzBmMWExNzFkYzk5YSJ9LCJsYXllcnMiOlt7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjo1ODI3NTg0LCJkaWdlc3QiOiJzaGEyNTY6ZTVlMTNiMGM3N2NiYjc2OTU0ODA3NzE4OWMzZGEyZjBhNzY0Y2VjYTA2YWY0OWQ4ZDU1OGU3NTlmNWMyMzJiZCJ9XX0=", + "config": "eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImNvbmZpZyI6eyJIb3N0bmFtZSI6IiIsIkRvbWFpbm5hbWUiOiIiLCJVc2VyIjoiIiwiQXR0YWNoU3RkaW4iOmZhbHNlLCJBdHRhY2hTdGRvdXQiOmZhbHNlLCJBdHRhY2hTdGRlcnIiOmZhbHNlLCJUdHkiOmZhbHNlLCJPcGVuU3RkaW4iOmZhbHNlLCJTdGRpbk9uY2UiOmZhbHNlLCJFbnYiOlsiUEFUSD0vdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iXSwiQ21kIjpbIi9iaW4vc2giXSwiSW1hZ2UiOiJzaGEyNTY6MThmNDEyZTM1OWRlMDQyNjM0NGY0ZmUxMTUxNzk2ZTJkOWRjMTIxYjAxZDczN2U5NTNmMDQzYTEwNDY0ZDBiNyIsIlZvbHVtZXMiOm51bGwsIldvcmtpbmdEaXIiOiIiLCJFbnRyeXBvaW50IjpudWxsLCJPbkJ1aWxkIjpudWxsLCJMYWJlbHMiOm51bGx9LCJjb250YWluZXIiOiIzY2QyY2U2MTJiOTExOWJlOTY3Mzg2MDAyMjQyMGVlZTAyMGYwYTZkNDRlOTA3MmNhMjUxOTZmNGYwYTQ2MTNkIiwiY29udGFpbmVyX2NvbmZpZyI6eyJIb3N0bmFtZSI6IjNjZDJjZTYxMmI5MSIsIkRvbWFpbm5hbWUiOiIiLCJVc2VyIjoiIiwiQXR0YWNoU3RkaW4iOmZhbHNlLCJBdHRhY2hTdGRvdXQiOmZhbHNlLCJBdHRhY2hTdGRlcnIiOmZhbHNlLCJUdHkiOmZhbHNlLCJPcGVuU3RkaW4iOmZhbHNlLCJTdGRpbk9uY2UiOmZhbHNlLCJFbnYiOlsiUEFUSD0vdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iXSwiQ21kIjpbIi9iaW4vc2giLCItYyIsIiMobm9wKSAiLCJDTUQgW1wiL2Jpbi9zaFwiXSJdLCJJbWFnZSI6InNoYTI1NjoxOGY0MTJlMzU5ZGUwNDI2MzQ0ZjRmZTExNTE3OTZlMmQ5ZGMxMjFiMDFkNzM3ZTk1M2YwNDNhMTA0NjRkMGI3IiwiVm9sdW1lcyI6bnVsbCwiV29ya2luZ0RpciI6IiIsIkVudHJ5cG9pbnQiOm51bGwsIk9uQnVpbGQiOm51bGwsIkxhYmVscyI6e319LCJjcmVhdGVkIjoiMjAyMi0xMS0xMlQwNDoxOToyMy4xOTk3MTY1MzlaIiwiZG9ja2VyX3ZlcnNpb24iOiIyMC4xMC4xMiIsImhpc3RvcnkiOlt7ImNyZWF0ZWQiOiIyMDIyLTExLTEyVDA0OjE5OjIzLjA1MTU0MjA5WiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSBBREQgZmlsZTpjZWViNmU4NjMyZmFmYzY1NzExNmNiZjNhZmJkNTIyMTg1YTE2OTYzMjMwYjU3ODgxMDczZGFkMjJlYjBlMWEzIGluIC8gIn0seyJjcmVhdGVkIjoiMjAyMi0xMS0xMlQwNDoxOToyMy4xOTk3MTY1MzlaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApICBDTUQgW1wiL2Jpbi9zaFwiXSIsImVtcHR5X2xheWVyIjp0cnVlfV0sIm9zIjoibGludXgiLCJyb290ZnMiOnsidHlwZSI6ImxheWVycyIsImRpZmZfaWRzIjpbInNoYTI1NjplNWUxM2IwYzc3Y2JiNzY5NTQ4MDc3MTg5YzNkYTJmMGE3NjRjZWNhMDZhZjQ5ZDhkNTU4ZTc1OWY1YzIzMmJkIl19fQ==", + "repoDigests": [ + "alpine@sha256:b95359c2505145f16c6aa384f9cc74eeff78eb36d308ca4fd902eeeb0a0b161b" + ], + "architecture": "amd64", + "os": "linux" + } + }, + "distro": { + "prettyName": "Alpine Linux v3.16", + "name": "Alpine Linux", + "id": "alpine", + "versionID": "3.16.3", + "homeURL": "https://alpinelinux.org/", + "bugReportURL": "https://gitlab.alpinelinux.org/alpine/aports/-/issues" + }, + "descriptor": { + "name": "syft", + "version": "[not provided]", + "configuration": { + "configPath": "", + "verbosity": 0, + "quiet": false, + "output": [ + "json" + ], + "output-template-path": "", + "file": "", + "check-for-app-update": true, + "dev": { + "profile-cpu": false, + "profile-mem": false + }, + "log": { + "structured": false, + "level": "warn", + "file-location": "" + }, + "catalogers": null, + "package": { + "cataloger": { + "enabled": true, + "scope": "Squashed" + }, + "search-unindexed-archives": false, + "search-indexed-archives": true + }, + "file-metadata": { + "cataloger": { + "enabled": false, + "scope": "Squashed" + }, + "digests": [ + "sha256" + ] + }, + "file-classification": { + "cataloger": { + "enabled": false, + "scope": "Squashed" + } + }, + "file-contents": { + "cataloger": { + "enabled": false, + "scope": "Squashed" + }, + "skip-files-above-size": 1048576, + "globs": [] + }, + "secrets": { + "cataloger": { + "enabled": false, + "scope": "AllLayers" + }, + "additional-patterns": {}, + "exclude-pattern-names": [], + "reveal-values": false, + "skip-files-above-size": 1048576 + }, + "registry": { + "insecure-skip-tls-verify": false, + "insecure-use-http": false, + "auth": [] + }, + "exclude": [], + "attest": { + "key": "", + "cert": "", + "noUpload": false, + "force": false, + "recursive": false, + "replace": false, + "fulcioUrl": "https://fulcio.sigstore.dev", + "fulcio_identity_token": "", + "insecure_skip_verify": false, + "rekorUrl": "https://rekor.sigstore.dev", + "oidcIssuer": "https://oauth2.sigstore.dev/auth", + "oidcClientId": "sigstore", + "OIDCRedirectURL": "" + }, + "platform": "", + "name": "" + } + }, + "schema": { + "version": "6.0.0", + "url": "https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-6.0.0.json" + } +} diff --git a/test/integration/sbom_cataloger_test.go b/test/integration/sbom_cataloger_test.go new file mode 100644 index 00000000000..f7be5416431 --- /dev/null +++ b/test/integration/sbom_cataloger_test.go @@ -0,0 +1,34 @@ +package integration + +import ( + "testing" + + "github.com/anchore/syft/syft/pkg" + "github.com/anchore/syft/syft/source" +) + +func TestSbomCataloger(t *testing.T) { + // The image contains a go.mod file with 2 dependencies and an spdx json sbom. + // The go.mod file contains 2 dependencies, and the sbom includes a go dependency + // that overlaps with the go.mod + sbom, _ := catalogFixtureImage(t, "image-sbom-cataloger", source.SquashedScope, []string{"all"}) + + expectedSbomCatalogerPkgs := 1 + expectedGoModCatalogerPkgs := 2 + actualSbomPkgs := 0 + actualGoModPkgs := 0 + for pkg := range sbom.Artifacts.PackageCatalog.Enumerate(pkg.GoModulePkg) { + if pkg.FoundBy == "go-mod-file-cataloger" { + actualGoModPkgs += 1 + } else if pkg.FoundBy == "sbom-cataloger" { + actualSbomPkgs += 1 + } + } + + if actualGoModPkgs != expectedGoModCatalogerPkgs { + t.Errorf("unexpected number of packages from go mod cataloger: %d != %d", expectedGoModCatalogerPkgs, actualGoModPkgs) + } + if actualSbomPkgs != expectedSbomCatalogerPkgs { + t.Errorf("unexpected number of packages from sbom cataloger: %d != %d", expectedSbomCatalogerPkgs, actualSbomPkgs) + } +} diff --git a/test/integration/test-fixtures/image-sbom-cataloger/Dockerfile b/test/integration/test-fixtures/image-sbom-cataloger/Dockerfile new file mode 100644 index 00000000000..b32adc7f6a0 --- /dev/null +++ b/test/integration/test-fixtures/image-sbom-cataloger/Dockerfile @@ -0,0 +1,3 @@ +FROM scratch +COPY go.mod / +COPY test.spdx.json / diff --git a/test/integration/test-fixtures/image-sbom-cataloger/go.mod b/test/integration/test-fixtures/image-sbom-cataloger/go.mod new file mode 100644 index 00000000000..195dfd4acef --- /dev/null +++ b/test/integration/test-fixtures/image-sbom-cataloger/go.mod @@ -0,0 +1,8 @@ +module github.com/anchore/syft + +go 1.14 + +require ( + github.com/anchore/packageurl-go v0.1.1-0.20220428202044-a072fa3cb6d7 + github.com/bmatcuk/doublestar v1.3.1 +) diff --git a/test/integration/test-fixtures/image-sbom-cataloger/test.spdx.json b/test/integration/test-fixtures/image-sbom-cataloger/test.spdx.json new file mode 100644 index 00000000000..e200cb52449 --- /dev/null +++ b/test/integration/test-fixtures/image-sbom-cataloger/test.spdx.json @@ -0,0 +1,39 @@ +{ + "SPDXID": "SPDXRef-DOCUMENT", + "name": "test/integration/test-fixtures/image-sbom-cataloger", + "spdxVersion": "SPDX-2.2", + "creationInfo": { + "created": "2022-08-18T05:23:38.066146511Z", + "creators": [ + "Organization: Anchore, Inc", + "Tool: syft-0.53.0" + ], + "licenseListVersion": "3.17" + }, + "dataLicense": "CC0-1.0", + "documentNamespace": "https://anchore.com/syft/dir/test/integration/test-fixtures/image-sbom-cataloger-057e7aa2-332c-4b50-bbd1-a17dd62ddce4", + "packages": [ + { + "SPDXID": "SPDXRef-45209ca0cdcbafa", + "name": "github.com/bmatcuk/doublestar", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bmatcuk:doublestar:v1.3.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:golang/github.com/bmatcuk/doublestar@v1.3.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from go module information: go.mod", + "versionInfo": "v1.3.1" + } + ] +}