Skip to content

Commit

Permalink
refactor: update syft to v1 (#3021)
Browse files Browse the repository at this point in the history
Signed-off-by: Austin Abro <AustinAbro321@gmail.com>
  • Loading branch information
AustinAbro321 authored Sep 24, 2024
1 parent 5d4fc4b commit 6be4e96
Show file tree
Hide file tree
Showing 11 changed files with 446 additions and 270 deletions.
126 changes: 66 additions & 60 deletions go.mod

Large diffs are not rendered by default.

295 changes: 156 additions & 139 deletions go.sum

Large diffs are not rendered by default.

33 changes: 18 additions & 15 deletions site/src/content/docs/commands/zarf_tools_sbom.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,21 +21,22 @@ zarf tools sbom [flags]
### Options

```
--base-path string base directory for scanning, no links will be followed above this directory, and all paths will be reported relative to this directory
--catalogers stringArray enable one or more package catalogers
-c, --config string syft configuration file
--exclude stringArray exclude paths from being scanned using a glob expression
--file string file to write the default report output to (default is STDOUT) (DEPRECATED: use: output)
-h, --help help for sbom
--name string set the name of the target being analyzed (DEPRECATED: use: source-name)
-o, --output stringArray report output format (<format>=<file> to output to a file), formats=[cyclonedx-json cyclonedx-xml github-json spdx-json spdx-tag-value syft-json syft-table syft-text template] (default [syft-table])
--platform string an optional platform specifier for container image sources (e.g. 'linux/arm64', 'linux/arm64/v8', 'arm64', 'linux')
-q, --quiet suppress all logging output
-s, --scope string selection of layers to catalog, options=[squashed all-layers]
--source-name string set the name of the target being analyzed
--source-version string set the version of the target being analyzed
-t, --template string specify the path to a Go template file
-v, --verbose count increase verbosity (-v = info, -vv = debug)
--base-path string base directory for scanning, no links will be followed above this directory, and all paths will be reported relative to this directory
-c, --config string syft configuration file
--exclude stringArray exclude paths from being scanned using a glob expression
--file string file to write the default report output to (default is STDOUT) (DEPRECATED: use: output)
--from stringArray specify the source behavior to use (e.g. docker, registry, oci-dir, ...)
-h, --help help for sbom
-o, --output stringArray report output format (<format>=<file> to output to a file), formats=[cyclonedx-json cyclonedx-xml github-json spdx-json spdx-tag-value syft-json syft-table syft-text template] (default [syft-table])
--override-default-catalogers stringArray set the base set of catalogers to use (defaults to 'image' or 'directory' depending on the scan source)
--platform string an optional platform specifier for container image sources (e.g. 'linux/arm64', 'linux/arm64/v8', 'arm64', 'linux')
-q, --quiet suppress all logging output
-s, --scope string selection of layers to catalog, options=[squashed all-layers]
--select-catalogers stringArray add, remove, and filter the catalogers to be used
--source-name string set the name of the target being analyzed
--source-version string set the version of the target being analyzed
-t, --template string specify the path to a Go template file
-v, --verbose count increase verbosity (-v = info, -vv = debug)
```

### Options inherited from parent commands
Expand All @@ -49,6 +50,8 @@ zarf tools sbom [flags]

* [zarf tools](/commands/zarf_tools/) - Collection of additional tools to make airgap easier
* [zarf tools sbom attest](/commands/zarf_tools_sbom_attest/) - Generate an SBOM as an attestation for the given [SOURCE] container image
* [zarf tools sbom cataloger](/commands/zarf_tools_sbom_cataloger/) - Show available catalogers and configuration
* [zarf tools sbom config](/commands/zarf_tools_sbom_config/) - show the syft configuration
* [zarf tools sbom convert](/commands/zarf_tools_sbom_convert/) - Convert between SBOM formats
* [zarf tools sbom login](/commands/zarf_tools_sbom_login/) - Log in to a registry
* [zarf tools sbom scan](/commands/zarf_tools_sbom_scan/) - Generate an SBOM
Expand Down
22 changes: 12 additions & 10 deletions site/src/content/docs/commands/zarf_tools_sbom_attest.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,16 +21,18 @@ zarf tools sbom attest --output [FORMAT] <IMAGE> [flags]
### Options

```
--base-path string base directory for scanning, no links will be followed above this directory, and all paths will be reported relative to this directory
--catalogers stringArray enable one or more package catalogers
--exclude stringArray exclude paths from being scanned using a glob expression
-h, --help help for attest
--name string set the name of the target being analyzed (DEPRECATED: use: source-name)
-o, --output stringArray report output format (<format>=<file> to output to a file), formats=[cyclonedx-json cyclonedx-xml github-json spdx-json spdx-tag-value syft-json syft-table syft-text template] (default [syft-json])
--platform string an optional platform specifier for container image sources (e.g. 'linux/arm64', 'linux/arm64/v8', 'arm64', 'linux')
-s, --scope string selection of layers to catalog, options=[squashed all-layers]
--source-name string set the name of the target being analyzed
--source-version string set the version of the target being analyzed
--base-path string base directory for scanning, no links will be followed above this directory, and all paths will be reported relative to this directory
--exclude stringArray exclude paths from being scanned using a glob expression
--from stringArray specify the source behavior to use (e.g. docker, registry, oci-dir, ...)
-h, --help help for attest
-k, --key string the key to use for the attestation
-o, --output stringArray report output format (<format>=<file> to output to a file), formats=[cyclonedx-json cyclonedx-xml github-json spdx-json spdx-tag-value syft-json syft-table syft-text template] (default [syft-json])
--override-default-catalogers stringArray set the base set of catalogers to use (defaults to 'image' or 'directory' depending on the scan source)
--platform string an optional platform specifier for container image sources (e.g. 'linux/arm64', 'linux/arm64/v8', 'arm64', 'linux')
-s, --scope string selection of layers to catalog, options=[squashed all-layers]
--select-catalogers stringArray add, remove, and filter the catalogers to be used
--source-name string set the name of the target being analyzed
--source-version string set the version of the target being analyzed
```

### Options inherited from parent commands
Expand Down
33 changes: 33 additions & 0 deletions site/src/content/docs/commands/zarf_tools_sbom_cataloger.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
---
title: zarf tools sbom cataloger
description: Zarf CLI command reference for <code>zarf tools sbom cataloger</code>.
tableOfContents: false
---

<!-- Page generated by Zarf; DO NOT EDIT -->

## zarf tools sbom cataloger

Show available catalogers and configuration

### Options

```
-h, --help help for cataloger
```

### Options inherited from parent commands

```
-c, --config string syft configuration file
--insecure-skip-tls-verify Skip checking server's certificate for validity. This flag should only be used if you have a specific reason and accept the reduced security posture.
--plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture.
-q, --quiet suppress all logging output
-v, --verbose count increase verbosity (-v = info, -vv = debug)
```

### SEE ALSO

* [zarf tools sbom](/commands/zarf_tools_sbom/) - Generates a Software Bill of Materials (SBOM) for the given package
* [zarf tools sbom cataloger list](/commands/zarf_tools_sbom_cataloger_list/) - List available catalogers

40 changes: 40 additions & 0 deletions site/src/content/docs/commands/zarf_tools_sbom_cataloger_list.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
---
title: zarf tools sbom cataloger list
description: Zarf CLI command reference for <code>zarf tools sbom cataloger list</code>.
tableOfContents: false
---

<!-- Page generated by Zarf; DO NOT EDIT -->

## zarf tools sbom cataloger list

List available catalogers

```
zarf tools sbom cataloger list [OPTIONS] [flags]
```

### Options

```
-h, --help help for list
-o, --output string format to output the cataloger list (available: table, json)
--override-default-catalogers stringArray override the default catalogers with an expression (default [all])
--select-catalogers stringArray select catalogers with an expression
-s, --show-hidden show catalogers that have been de-selected
```

### Options inherited from parent commands

```
-c, --config string syft configuration file
--insecure-skip-tls-verify Skip checking server's certificate for validity. This flag should only be used if you have a specific reason and accept the reduced security posture.
--plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture.
-q, --quiet suppress all logging output
-v, --verbose count increase verbosity (-v = info, -vv = debug)
```

### SEE ALSO

* [zarf tools sbom cataloger](/commands/zarf_tools_sbom_cataloger/) - Show available catalogers and configuration

38 changes: 38 additions & 0 deletions site/src/content/docs/commands/zarf_tools_sbom_config.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
---
title: zarf tools sbom config
description: Zarf CLI command reference for <code>zarf tools sbom config</code>.
tableOfContents: false
---

<!-- Page generated by Zarf; DO NOT EDIT -->

## zarf tools sbom config

show the syft configuration

```
zarf tools sbom config [flags]
```

### Options

```
-h, --help help for config
--load load and validate the syft configuration
```

### Options inherited from parent commands

```
-c, --config string syft configuration file
--insecure-skip-tls-verify Skip checking server's certificate for validity. This flag should only be used if you have a specific reason and accept the reduced security posture.
--plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture.
-q, --quiet suppress all logging output
-v, --verbose count increase verbosity (-v = info, -vv = debug)
```

### SEE ALSO

* [zarf tools sbom](/commands/zarf_tools_sbom/) - Generates a Software Bill of Materials (SBOM) for the given package
* [zarf tools sbom config locations](/commands/zarf_tools_sbom_config_locations/) - shows all locations and the order in which syft will look for a configuration file

37 changes: 37 additions & 0 deletions site/src/content/docs/commands/zarf_tools_sbom_config_locations.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
---
title: zarf tools sbom config locations
description: Zarf CLI command reference for <code>zarf tools sbom config locations</code>.
tableOfContents: false
---

<!-- Page generated by Zarf; DO NOT EDIT -->

## zarf tools sbom config locations

shows all locations and the order in which syft will look for a configuration file

```
zarf tools sbom config locations [flags]
```

### Options

```
--all include every file extension supported
-h, --help help for locations
```

### Options inherited from parent commands

```
-c, --config string syft configuration file
--insecure-skip-tls-verify Skip checking server's certificate for validity. This flag should only be used if you have a specific reason and accept the reduced security posture.
--plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture.
-q, --quiet suppress all logging output
-v, --verbose count increase verbosity (-v = info, -vv = debug)
```

### SEE ALSO

* [zarf tools sbom config](/commands/zarf_tools_sbom_config/) - show the syft configuration

25 changes: 13 additions & 12 deletions site/src/content/docs/commands/zarf_tools_sbom_scan.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,18 +21,19 @@ zarf tools sbom scan [SOURCE] [flags]
### Options

```
--base-path string base directory for scanning, no links will be followed above this directory, and all paths will be reported relative to this directory
--catalogers stringArray enable one or more package catalogers
--exclude stringArray exclude paths from being scanned using a glob expression
--file string file to write the default report output to (default is STDOUT) (DEPRECATED: use: output)
-h, --help help for scan
--name string set the name of the target being analyzed (DEPRECATED: use: source-name)
-o, --output stringArray report output format (<format>=<file> to output to a file), formats=[cyclonedx-json cyclonedx-xml github-json spdx-json spdx-tag-value syft-json syft-table syft-text template] (default [syft-table])
--platform string an optional platform specifier for container image sources (e.g. 'linux/arm64', 'linux/arm64/v8', 'arm64', 'linux')
-s, --scope string selection of layers to catalog, options=[squashed all-layers]
--source-name string set the name of the target being analyzed
--source-version string set the version of the target being analyzed
-t, --template string specify the path to a Go template file
--base-path string base directory for scanning, no links will be followed above this directory, and all paths will be reported relative to this directory
--exclude stringArray exclude paths from being scanned using a glob expression
--file string file to write the default report output to (default is STDOUT) (DEPRECATED: use: output)
--from stringArray specify the source behavior to use (e.g. docker, registry, oci-dir, ...)
-h, --help help for scan
-o, --output stringArray report output format (<format>=<file> to output to a file), formats=[cyclonedx-json cyclonedx-xml github-json spdx-json spdx-tag-value syft-json syft-table syft-text template] (default [syft-table])
--override-default-catalogers stringArray set the base set of catalogers to use (defaults to 'image' or 'directory' depending on the scan source)
--platform string an optional platform specifier for container image sources (e.g. 'linux/arm64', 'linux/arm64/v8', 'arm64', 'linux')
-s, --scope string selection of layers to catalog, options=[squashed all-layers]
--select-catalogers stringArray add, remove, and filter the catalogers to be used
--source-name string set the name of the target being analyzed
--source-version string set the version of the target being analyzed
-t, --template string specify the path to a Go template file
```

### Options inherited from parent commands
Expand Down
Loading

0 comments on commit 6be4e96

Please sign in to comment.