deps: update module github.com/anchore/syft to v0.54.0 (#155)

* deps: update module github.com/anchore/syft to v0.54.0 * test: update test-fixtures Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de> Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Christian Kotzbauer <git@ckotzbauer.de>
ckotzbauer · Aug 20, 2022 · e6cef8a · e6cef8a
1 parent 8214b08
commit e6cef8a
Show file tree

Hide file tree

Showing 11 changed files with 6,818 additions and 117 deletions.
diff --git a/go.mod b/go.mod
@@ -3,7 +3,7 @@ module github.com/ckotzbauer/sbom-operator
 go 1.19
 
 require (
-	github.com/anchore/syft v0.53.4
+	github.com/anchore/syft v0.54.0
 	github.com/ckotzbauer/libk8soci v0.0.0-20220801045234-0c88accfdf59
 	github.com/ckotzbauer/libstandard v0.0.0-20220801044619-e3c9900286ea
 	github.com/novln/docker-parser v1.0.0
@@ -27,7 +27,7 @@ require (
 	github.com/acomagu/bufpipe v1.0.3 // indirect
 	github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb // indirect
 	github.com/anchore/packageurl-go v0.1.1-0.20220428202044-a072fa3cb6d7 // indirect
-	github.com/anchore/stereoscope v0.0.0-20220803153229-c55b13fee7e4 // indirect
+	github.com/anchore/stereoscope v0.0.0-20220808115346-84004345484e // indirect
 	github.com/andybalholm/brotli v1.0.4 // indirect
 	github.com/bmatcuk/doublestar/v4 v4.0.2 // indirect
 	github.com/containerd/containerd v1.6.6 // indirect
@@ -150,7 +150,7 @@ require (
 	golang.org/x/text v0.3.7 // indirect
 	golang.org/x/time v0.0.0-20220411224347-583f2d630306 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/protobuf v1.28.0 // indirect
+	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect

diff --git a/go.sum b/go.sum
@@ -147,8 +147,12 @@ github.com/anchore/packageurl-go v0.1.1-0.20220428202044-a072fa3cb6d7 h1:kDrYkTS
 github.com/anchore/packageurl-go v0.1.1-0.20220428202044-a072fa3cb6d7/go.mod h1:Blo6OgJNiYF41ufcgHKkbCKF2MDOMlrqhXv/ij6ocR4=
 github.com/anchore/stereoscope v0.0.0-20220803153229-c55b13fee7e4 h1:OMc0B7MxfjfqagdgboPFVJzsDJbFk7J7NXhgTTnhvuo=
 github.com/anchore/stereoscope v0.0.0-20220803153229-c55b13fee7e4/go.mod h1:90tB0wMdDe2V8fB52tPf1xjg/ieLoWayRu8YJNd9c7w=
+github.com/anchore/stereoscope v0.0.0-20220808115346-84004345484e h1:W13WKIHqgENdcIg49GsG2GJx2BnIg5rpI/gE2Bp/IRQ=
+github.com/anchore/stereoscope v0.0.0-20220808115346-84004345484e/go.mod h1:90tB0wMdDe2V8fB52tPf1xjg/ieLoWayRu8YJNd9c7w=
 github.com/anchore/syft v0.53.4 h1:tRiKa8ZL2FpDzzrcBHms4E6lgsmOkVbITrlcM35aKc0=
 github.com/anchore/syft v0.53.4/go.mod h1:Ms14EskPVOazbPO1j38sxR8kki0uL13xzV5fcuoQDBY=
+github.com/anchore/syft v0.54.0 h1:PNG6KHsO/KIGEivZgWTgAVgwISK/TfrRzocCEwK8WCQ=
+github.com/anchore/syft v0.54.0/go.mod h1:T+cDACkaFFl+ARWxLUS2Iri5agi4017wBRQUq5ZAAmE=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
 github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y=
 github.com/andybalholm/brotli v1.0.2/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y=
@@ -1905,6 +1909,8 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
 google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
+google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

diff --git a/internal/syft/fixtures/alpine.cyclonedx b/internal/syft/fixtures/alpine.cyclonedx
@@ -1,12 +1,12 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:7c738566-06e6-4a4b-b95b-796b1e5c1ad9" version="1">
+<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:ed5ecb19-a529-40ad-a356-4b22400808af" version="1">
   <metadata>
-    <timestamp>2022-08-06T09:56:56+02:00</timestamp>
+    <timestamp>2022-08-20T11:57:46+02:00</timestamp>
     <tools>
       <tool>
         <vendor>anchore</vendor>
         <name>syft</name>
-        <version>0.53.4</version>
+        <version>0.54.0</version>
       </tool>
     </tools>
     <component bom-ref="27f24e002ab47c1b" type="container">

diff --git a/internal/syft/fixtures/alpine.json b/internal/syft/fixtures/alpine.json
@@ -2993,7 +2993,7 @@
  },
  "descriptor": {
   "name": "syft",
-  "version": "0.53.4",
+  "version": "0.54.0",
   "configuration": {
    "configPath": "",
    "verbosity": 0,
@@ -3087,7 +3087,7 @@
   }
  },
  "schema": {
-  "version": "3.3.1",
-  "url": "https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-3.3.1.json"
+  "version": "3.3.2",
+  "url": "https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-3.3.2.json"
  }
 }
diff --git a/internal/syft/fixtures/alpine.spdxjson b/internal/syft/fixtures/alpine.spdxjson
@@ -3,15 +3,15 @@
  "name": "alpine@sha256-21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300",
  "spdxVersion": "SPDX-2.2",
  "creationInfo": {
-  "created": "2022-08-06T07:56:59.307815806Z",
+  "created": "2022-08-20T09:57:49.785358019Z",
   "creators": [
    "Organization: Anchore, Inc",
-   "Tool: syft-0.53.4"
+   "Tool: syft-0.54.0"
   ],
-  "licenseListVersion": "3.17"
+  "licenseListVersion": "3.18"
  },
  "dataLicense": "CC0-1.0",
- "documentNamespace": "https://anchore.com/syft/image/alpine@sha256-21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300-f15b8f81-d8f8-4d6d-9b41-3de73fe0634c",
+ "documentNamespace": "https://anchore.com/syft/image/alpine@sha256-21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300-86e95a7d-c0f0-4a0d-8961-20ef8b2dce86",
  "packages": [
   {
    "SPDXID": "SPDXRef-9f527213f4d2a873",
@@ -57,6 +57,32 @@
     }
    ],
    "filesAnalyzed": false,
+   "hasFiles": [
+    "SPDXRef-2eaa15c5fc625ebe",
+    "SPDXRef-a53373020dfa8bb4",
+    "SPDXRef-2c0eaf2a7d7dbad",
+    "SPDXRef-f3ee626693308800",
+    "SPDXRef-38605c90f707fb90",
+    "SPDXRef-60fa740c32339374",
+    "SPDXRef-420fa6f3289d6ee6",
+    "SPDXRef-ae2cba512a3f4065",
+    "SPDXRef-24d0f8d913cd9906",
+    "SPDXRef-d41a5f82a774a6a1",
+    "SPDXRef-dc65dbf355556024",
+    "SPDXRef-b3a5f05adcd1cf82",
+    "SPDXRef-b499705c36475f74",
+    "SPDXRef-2e3613b244458b5a",
+    "SPDXRef-64b20ab568341372",
+    "SPDXRef-84fd54b3f2a2e825",
+    "SPDXRef-32701f6d1e056c29",
+    "SPDXRef-5e12c5188eeb9cb3",
+    "SPDXRef-9ab25fdcabefa4ac",
+    "SPDXRef-18d9a7fcef583aeb",
+    "SPDXRef-93b858998f2c7034",
+    "SPDXRef-fb021b79aa9cd553",
+    "SPDXRef-82fda88ae28dd50",
+    "SPDXRef-13d6d27618d264f7"
+   ],
    "licenseDeclared": "GPL-2.0-only",
    "originator": "Person: Natanael Copa <ncopa@alpinelinux.org>",
    "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed",
@@ -106,6 +132,49 @@
     }
    ],
    "filesAnalyzed": false,
+   "hasFiles": [
+    "SPDXRef-8ec9dcf9b3d1d7ce",
+    "SPDXRef-39dcc03ca17480ca",
+    "SPDXRef-4d646d694b6380fc",
+    "SPDXRef-395f72182f48f77c",
+    "SPDXRef-496698ff67ca49fc",
+    "SPDXRef-66756a275982c586",
+    "SPDXRef-187efc434122356a",
+    "SPDXRef-add734ec170033bd",
+    "SPDXRef-59d943ecba7b9db1",
+    "SPDXRef-27d8de5355fdb7ba",
+    "SPDXRef-ff0560ee36b984a7",
+    "SPDXRef-66756a275982c586",
+    "SPDXRef-2c8a8c151837aa6e",
+    "SPDXRef-79cc1d44454e11b9",
+    "SPDXRef-abfd85d1b45289dc",
+    "SPDXRef-56080e31fd12fe67",
+    "SPDXRef-7803dc5a1a496765",
+    "SPDXRef-ccc2b3e76affde68",
+    "SPDXRef-3562d93285c5a3c5",
+    "SPDXRef-57149f915867bf12",
+    "SPDXRef-2363acec0a71a382",
+    "SPDXRef-2dac0f0b0463195c",
+    "SPDXRef-187efc434122356a",
+    "SPDXRef-f059a81847acaad9",
+    "SPDXRef-27d8de5355fdb7ba",
+    "SPDXRef-3562d93285c5a3c5",
+    "SPDXRef-27d8de5355fdb7ba",
+    "SPDXRef-2dac0f0b0463195c",
+    "SPDXRef-abfd85d1b45289dc",
+    "SPDXRef-2c8a8c151837aa6e",
+    "SPDXRef-57149f915867bf12",
+    "SPDXRef-56080e31fd12fe67",
+    "SPDXRef-f059a81847acaad9",
+    "SPDXRef-79cc1d44454e11b9",
+    "SPDXRef-2363acec0a71a382",
+    "SPDXRef-add734ec170033bd",
+    "SPDXRef-59d943ecba7b9db1",
+    "SPDXRef-ccc2b3e76affde68",
+    "SPDXRef-add734ec170033bd",
+    "SPDXRef-ff0560ee36b984a7",
+    "SPDXRef-7803dc5a1a496765"
+   ],
    "licenseDeclared": "MIT",
    "originator": "Person: Natanael Copa <ncopa@alpinelinux.org>",
    "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed",
@@ -155,6 +224,10 @@
     }
    ],
    "filesAnalyzed": false,
+   "hasFiles": [
+    "SPDXRef-5f14b5421fba85af",
+    "SPDXRef-d72447617fa2b70c"
+   ],
    "licenseDeclared": "GPL-2.0-only",
    "originator": "Person: Natanael Copa <ncopa@alpinelinux.org>",
    "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed",
@@ -179,6 +252,15 @@
     }
    ],
    "filesAnalyzed": false,
+   "hasFiles": [
+    "SPDXRef-988a54d89f5c4c09",
+    "SPDXRef-988a54d89f5c4c09",
+    "SPDXRef-cd1c702a19149d7d",
+    "SPDXRef-be5355441673f6dc",
+    "SPDXRef-e7d6b30bf31f933a",
+    "SPDXRef-e6d162458c0b30b0",
+    "SPDXRef-d5ee1ce0839cb21a"
+   ],
    "licenseDeclared": "GPL-2.0-only",
    "originator": "Person: Natanael Copa <ncopa@alpinelinux.org>",
    "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed",
@@ -248,6 +330,10 @@
     }
    ],
    "filesAnalyzed": false,
+   "hasFiles": [
+    "SPDXRef-b7cfa7f53a05225f",
+    "SPDXRef-b7cfa7f53a05225f"
+   ],
    "licenseDeclared": "MPL-2.0 AND MIT",
    "originator": "Person: Natanael Copa <ncopa@alpinelinux.org>",
    "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed",
@@ -321,6 +407,17 @@
     }
    ],
    "filesAnalyzed": false,
+   "hasFiles": [
+    "SPDXRef-b7cfa7f53a05225f",
+    "SPDXRef-d1029b42eed49dbe",
+    "SPDXRef-5f7354d1f6e1cdce",
+    "SPDXRef-1a7b85af7f458360",
+    "SPDXRef-a00e69b6cf4b0ef0",
+    "SPDXRef-4862e08252039e5",
+    "SPDXRef-f57c06db35618298",
+    "SPDXRef-ba1b2107c3063563",
+    "SPDXRef-a00e69b6cf4b0ef0"
+   ],
    "licenseDeclared": "OpenSSL",
    "originator": "Person: Timo Teras <timo.teras@iki.fi>",
    "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed",
@@ -345,6 +442,10 @@
     }
    ],
    "filesAnalyzed": false,
+   "hasFiles": [
+    "SPDXRef-81250f1630c1a804",
+    "SPDXRef-81250f1630c1a804"
+   ],
    "licenseDeclared": "ISC",
    "originator": "Person: Ariadne Conill <ariadne@dereferenced.org>",
    "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed",
@@ -369,6 +470,10 @@
     }
    ],
    "filesAnalyzed": false,
+   "hasFiles": [
+    "SPDXRef-a64a40d78e73f3bd",
+    "SPDXRef-a64a40d78e73f3bd"
+   ],
    "licenseDeclared": "OpenSSL",
    "originator": "Person: Timo Teras <timo.teras@iki.fi>",
    "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed",
@@ -393,6 +498,10 @@
     }
    ],
    "filesAnalyzed": false,
+   "hasFiles": [
+    "SPDXRef-e322847d6485c76d",
+    "SPDXRef-e322847d6485c76d"
+   ],
    "licenseDeclared": "MIT",
    "originator": "Person: Timo Teräs <timo.teras@iki.fi>",
    "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed",
@@ -442,6 +551,13 @@
     }
    ],
    "filesAnalyzed": false,
+   "hasFiles": [
+    "SPDXRef-d59e19c68624688f",
+    "SPDXRef-757b30be1d3baa0b",
+    "SPDXRef-780fcf6f56cca2e0",
+    "SPDXRef-ab2d028a906db5df",
+    "SPDXRef-8e69e89855b5ae0f"
+   ],
    "licenseDeclared": "MIT",
    "originator": "Person: Timo Teräs <timo.teras@iki.fi>",
    "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed",
@@ -466,6 +582,9 @@
     }
    ],
    "filesAnalyzed": false,
+   "hasFiles": [
+    "SPDXRef-7516f5d905deb6db"
+   ],
    "licenseDeclared": "GPL-2.0-only",
    "originator": "Person: Natanael Copa <ncopa@alpinelinux.org>",
    "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed",
@@ -515,6 +634,9 @@
     }
    ],
    "filesAnalyzed": false,
+   "hasFiles": [
+    "SPDXRef-711694a1725d661e"
+   ],
    "licenseDeclared": "GPL-2.0-only",
    "originator": "Person: Natanael Copa <ncopa@alpinelinux.org>",
    "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed",
@@ -539,6 +661,10 @@
     }
    ],
    "filesAnalyzed": false,
+   "hasFiles": [
+    "SPDXRef-bfd3d0235da50adb",
+    "SPDXRef-bfd3d0235da50adb"
+   ],
    "licenseDeclared": "Zlib",
    "originator": "Person: Natanael Copa <ncopa@alpinelinux.org>",
    "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed",