Add support for dnf packages

Question

Add support for dnf packages

fmenezes opened this issue 2 months ago · comments

Filipe Constantinov Menezes commented 2 months ago

What would you like to be added:
Cataloging of dnf packages (similar to dpkg or rpm catalogers)

Why is this needed:
We are missing OS level packages for dnf systems (like redhat)

Additional context:
I've published this Dockerfile into mongodb/apix_test:sbomtest

FROM redhat/ubi9
RUN echo -e '[mongodb-org-7.0]\n\
name=MongoDB Repository\n\
baseurl=https://repo.mongodb.org/yum/redhat/9/mongodb-org/7.0/$basearch/\n\
gpgcheck=1\n\
enabled=1\n\
gpgkey=https://pgp.mongodb.com/server-7.0.asc\n' > /etc/yum.repos.d/mongodb-org-7.0.repo && mkdir -p /data/db && dnf update -y && dnf install -y mongodb-org-server-7.0.8 && dnf clean all
CMD mongod

if I run syft mongodb/apix_test:sbomtest I see no mention of mongodb-org-server-7.0.8 package or mongod binary in the report.

Filipe Constantinov Menezes · Answer 1 · Tue Apr 09 2024 01:00:41 GMT+0800 (China Standard Time)

Looks like this is indeed working.

There is a difference in version between docker sbom mongodb/apix_test:sbomtest and syft mongodb/apix_test:sbomtest, the syft version seems old in docker cli.

Apologies for the noise.