Image tag not contain all specified catalogers
yogevhenig89 opened this issue · comments
What happened:
Using syft latest version 0.105.0, when running syft catalogers list I get the table and there are 19 catalogers containing the image tag
alpm-db-cataloger
binary-cataloger
cargo-auditable-binary-cataloger
conan-info-cataloger
dotnet-portable-executable-cataloger
dpkg-db-cataloger
go-module-binary-cataloger
graalvm-native-image-cataloger
java-archive-cataloger
javascript-package-cataloger
linux-kernel-cataloger
nix-store-cataloger
php-composer-installed-cataloger
portage-cataloger
python-installed-package-cataloger
r-package-cataloger
rpm-db-cataloger
ruby-installed-gemspec-cataloger
wordpress-plugins-cataloger
But when trying to use the tag with the following command on some random folder
./syft dir:~/Desktop/test -vv --select-catalogers image
I only get that 14 catalogers were used:
alpm-db-cataloger
apk-db-cataloger
dpkg-db-cataloger
portage-cataloger
rpm-db-cataloger
dotnet-portable-executable-cataloger
python-installed-package-cataloger
go-module-binary-cataloger
java-archive-cataloger
graalvm-native-image-cataloger
nix-store-cataloger
binary-cataloger
linux-kernel-cataloger
wordpress-plugins-cataloger
What you expected to happen:
Syft use all the catalogers with the image tag
Steps to reproduce the issue:
Anything else we need to know?:
Environment:
- Output of
syft version
: 0.105.0 - OS (e.g:
cat /etc/os-release
or similar): MacOs
Hi @yogevhenig89, the option you want to use is: --override-default-catalogers
. The --select-catalogers
flag filters the default set of catalogers when specifying tags (or removes based on tag/name when prefixed with -
and adds individually named catalogers when prefixed with +
).
$ syft --override-default-catalogers image dir:. -o json | jq '.descriptor.configuration.catalogers.used'
[
"alpm-db-cataloger",
"apk-db-cataloger",
"binary-cataloger",
"cargo-auditable-binary-cataloger",
"conan-info-cataloger",
"dotnet-portable-executable-cataloger",
"dpkg-db-cataloger",
"go-module-binary-cataloger",
"graalvm-native-image-cataloger",
"java-archive-cataloger",
"javascript-package-cataloger",
"linux-kernel-cataloger",
"nix-store-cataloger",
"php-composer-installed-cataloger",
"portage-cataloger",
"python-installed-package-cataloger",
"r-package-cataloger",
"rpm-db-cataloger",
"ruby-installed-gemspec-cataloger",
"wordpress-plugins-cataloger"
]
$ syft cataloger list --select-catalogers image
Default selections:
- "all"
Selected by expressions:
- "image"
┌──────────────────────────────────────┬───────────────────────────────────────────────────────────────────────────┐
│ CATALOGER │ TAGS │
├──────────────────────────────────────┼───────────────────────────────────────────────────────────────────────────┤
│ alpm-db-cataloger │ alpm, archlinux, directory, image, installed, linux, os, package │
│ apk-db-cataloger │ alpine, apk, directory, image, installed, linux, os, package │
│ binary-cataloger │ binary, declared, directory, image, installed, package │
│ cargo-auditable-binary-cataloger │ binary, image, installed, language, package, rust │
│ conan-info-cataloger │ conan, cpp, image, installed, language, package │
│ dotnet-portable-executable-cataloger │ binary, c#, directory, dotnet, image, installed, language, package │
│ dpkg-db-cataloger │ debian, directory, dpkg, image, installed, linux, os, package │
│ go-module-binary-cataloger │ binary, directory, go, golang, gomod, image, installed, language, package │
│ graalvm-native-image-cataloger │ directory, image, installed, java, language, package │
│ java-archive-cataloger │ directory, image, installed, java, language, maven, package │
│ javascript-package-cataloger │ image, installed, javascript, language, node, package │
│ linux-kernel-cataloger │ declared, directory, image, installed, kernel, linux, package │
│ nix-store-cataloger │ directory, image, installed, language, nix, package │
│ php-composer-installed-cataloger │ composer, image, installed, language, package, php │
│ portage-cataloger │ directory, gentoo, image, installed, linux, os, package, portage │
│ python-installed-package-cataloger │ directory, image, installed, language, package, python │
│ r-package-cataloger │ image, installed, language, package, r │
│ rpm-db-cataloger │ directory, image, installed, linux, os, package, redhat, rpm │
│ ruby-installed-gemspec-cataloger │ gem, gemspec, image, installed, language, package, ruby │
│ wordpress-plugins-cataloger │ directory, image, package, wordpress │
└──────────────────────────────────────┴───────────────────────────────────────────────────────────────────────────┘
The reason for this is there are different default sets of catalogers depending if you run an image scan or a directory scan. Generally speaking, things like selecting the "javascript" catalogers based on the default set rather than all catalogers is the more correct thing to do. The --override-default-catalogers
flag allows the default set to be altered, which I believe is what you are looking to do. Does this help?
We'll go ahead and close this issue, but please let us know if you need anything else.