This PR enhances the executable cataloger to extract symbol names and toolchain information from binaries (EL, Mach-O, and PE formats). This capability enables deeper analysis of what code is embedded in executables, which is particularly useful for vulnerability detection in Go binaries where symbols provide insight into which functions are actually compiled into the binary.

This ultimately supports anchore/grype#2960 in order to be able to use the go vulnerability dataset to prune vulnerabilities by symbols present.

There are two main enhancements:

• detecting the toolchain that was used (e.g. golang, gcc, etc)
• extracting symbols

Toolchain Detection

The executable cataloger now identifies the compiler/toolchain used to build binaries:

• Go: Detected via debug/buildinfo, extracts the Go version (e.g., go1.21.5)
• GCC: Detected via ELF .comment section (e.g., gcc 13.2.0)
• Clang: Detected via ELF .comment section (e.g., clang 17.0.6)

Toolchain information is surfaced in the SBOM under the files[].executable.toolchains section:

{
  "toolchains": [
    { "name": "go", "version": "go1.21.5", "kind": "compiler" }
  ]
}

This is primarily necessary to detect and only extract symbols for golang binaries and not other binaries, however, we can expand the toolchains implementations detected (e.g. rust audit binaries) as well as kinds detected (such as linkers and runtimes).

Symbol Extraction

Symbols can be extracted from the binary's symbol table (using the same norms as the standard nm output) and filtered based on configuration. Symbol extraction is disabled by default and must be explicitly enabled via configuration.

These are configurable to the user via the following syft.yaml configurations:

file:
  executable:
    symbols:
      capture:
        - golang                 # scopes: "golang" (default: [] disabled)
      types: [T, t]              # nm-style symbol types (default: ["T", "t"])
      go:
        standard-library: true
        extended-standard-library: true
        third-party-modules: true

• symbols.capture: Which binaries to extract symbols from. Currently only golang is supported. Default is empty (disabled).
• symbols.types: Which nm-style symbol types to capture (T, t, R, r, D, d, B, b, C, U). Default: ["T", "t"].
• symbols.go.standard-library: Include Go stdlib symbols. Default: true.
• symbols.go.extended-standard-library: Include golang.org/x/* symbols. Default: true.
• symbols.go.third-party-modules: Include third-party module symbols. Default: true.

The Go API (executable.Config) exposes additional fine-grained controls not available via CLI:

• Symbols.Go.NormalizeVendoredModules: Strip vendor/ prefix from module paths. Default: true.
• Symbols.Go.ExportedSymbols: Include exported (public) symbols. Default: true.
• Symbols.Go.UnexportedSymbols: Include unexported (private) symbols. Default: false.
• Symbols.Go.TypeEqualityFunctions: Include compiler-generated type:.eq.* functions. Default: false.
• Symbols.Go.GCShapeStencils: Include GC shape stencil functions for generics. Default: false.