Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Add distro information to JSON presenter #250

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 9, 2020
Merged

Add distro information to JSON presenter #250

merged 2 commits into from
Nov 9, 2020

Conversation

@alfredodeza
Copy link
Contributor

@alfredodeza alfredodeza commented Nov 5, 2020
edited
Loading

Includes distro information that gets parsed in the very beginning of the scanning process down to the JSON presenter for images.

Closes #169

Sample output (adds distro within target):

$ go run main.go -o json busybox:latest
 ✔ Loaded image
 ✔ Parsed image
 ✔ Cataloged image      [0 packages]

{
 "artifacts": [],
 "source": {
  "type": "image",
  "target": {
   "layers": [
    {
     "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
     "digest": "sha256:d2421964bad195c959ba147ad21626ccddc73a4f2638664ad1c07bd9df48a675",
     "size": 1231733
    }
   ],
   "size": 1231733,
   "digest": "sha256:f0b02e9d092d905d0d87a8455a1ae3e9bb47b4aa3dc125125ca5cd10d6441c9f",
   "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
   "tags": [
    "busybox:latest"
   ],
   "distro": {
    "name": "busybox",
    "version": "1.32.0"
   }
  }
 }
}

@alfredodeza
Copy link
Contributor Author

I was fully expecting the JSON schema to bark at me and that didn't happen... going through the syft/schema/README.md it appears that this is because the schema gets automatically generated?

Toure
Toure reviewed Nov 9, 2020
View reviewed changes
syft/presenter/json/image.go Outdated
}

func NewImage(src scope.ImageSource) *Image {
type Distro struct {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a nit, but would architecture information be a useful include field?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is not available information from the current parsers that provide distro information. In most cases it is looking into /etc/os-release which doesn't provide that. For example, this is Debian 8:

PRETTY_NAME="Debian GNU/Linux 8 (jessie)"
NAME="Debian GNU/Linux"
VERSION_ID="8"
VERSION="8 (jessie)"
ID=debian
HOME_URL="http://www.debian.org/"
SUPPORT_URL="http://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ack.

wagoodman
wagoodman reviewed Nov 9, 2020
View reviewed changes
Copy link
Contributor

@wagoodman wagoodman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems like the distro information belongs as a separate top-level item instead of being nested under "source":

{
  "artifacts": [],
  "distro": {
    "name": "busybox",
    "version": "1.32.0"
   },
  "source": {}
}

That is, "source" is all about in a raw sense what the image that was cataloged is, outside of any detections made. The other sections are about what was detected from analyzing the contents (in "artifacts").

@alfredodeza
Copy link
Contributor Author

@wagoodman with the latest changes, this is how this looks now:

{
 "artifacts": [],
 "source": {
  "type": "image",
  "target": {
   "layers": [
    {
     "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
     "digest": "sha256:d2421964bad195c959ba147ad21626ccddc73a4f2638664ad1c07bd9df48a675",
     "size": 1231733
    }
   ],
   "size": 1231733,
   "digest": "sha256:f0b02e9d092d905d0d87a8455a1ae3e9bb47b4aa3dc125125ca5cd10d6441c9f",
   "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
   "tags": [
    "busybox:latest"
   ]
  }
 },
 "distro": {
  "name": "busybox",
  "version": "1.32.0"
 }
}

wagoodman
wagoodman approved these changes Nov 9, 2020
View reviewed changes
Copy link
Contributor

@wagoodman wagoodman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great!

@alfredodeza alfredodeza merged commit b3098f3 into main Nov 9, 2020
@alfredodeza alfredodeza deleted the issue-169 branch November 9, 2020 19:18
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
Merge pull request anchore#250 from anchore/issue-169
e837762 
Add distro information to JSON presenter
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wagoodman wagoodman wagoodman approved these changes

@luhring luhring Awaiting requested review from luhring

+1 more reviewer

@Toure Toure Toure left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add identified distro and version to output for JSON presenter

4 participants

@alfredodeza @Toure @wagoodman