Documentation
¶
Overview ¶
Package extractor provides the common interface for standalone and filesystem extractors.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Annotation ¶ added in v0.1.3
type Annotation int64
Annotation are additional information about the package. TODO(b/400910349): Remove once integrators switch to PackageExploitabilitySignal.
const ( // Unknown is the default value for the annotation. Unknown Annotation = iota // Transitional packages just point to other packages without having actual code in them. This // happens for example when packages are renamed. Transitional // InsideOSPackage is set for packages that are found inside an OS package. InsideOSPackage // InsideCacheDir is set for packages that are found inside a cache directory. InsideCacheDir )
type BaseImageDetails ¶ added in v0.3.5
type BaseImageDetails struct {
// Repository is the name of the image. (e.g. `debian`, `circleci/node`)
Repository string
// Registry is the name of the registry. (e.g. `docker.io`, `ghcr.io`)
Registry string
// Plugin name of the plugin used to extract the base image.
Plugin string
// ChainID used to query this layer. This is calculated including empty layers, so will not correspond
// to the ChainID of any layer in the inventory.
ChainID digest.Digest
}
BaseImageDetails stores details about a base image.
type ContainerImageMetadata ¶ added in v0.3.5
type ContainerImageMetadata struct {
// Index of the container image in the full inventory.
Index int
// OSInfo is the key value map from /etc/os-release.
OSInfo map[string]string
// LayerMetadata stores metadata about the layers in the container image.
// Currently this does not store any empty layers.
LayerMetadata []*LayerMetadata
// BaseImages stores metadata about the base images that the container image is based on.
// The first element is always empty.
BaseImages [][]*BaseImageDetails
}
ContainerImageMetadata stores metadata about a container image.
type LayerMetadata ¶ added in v0.3.5
type LayerMetadata struct {
ParentContainer *ContainerImageMetadata
// Index of the layer in the ParentContainer image.
Index int
DiffID digest.Digest
ChainID digest.Digest
Command string
IsEmpty bool
// Index of the base image match in the ParentContainer image. 0 means no match.
BaseImageIndex int
}
LayerMetadata stores metadata about a layer in a container image.
type Package ¶ added in v0.2.0
type Package struct {
// A human-readable name representation of the package. Note that this field
// should only be used for things like logging as different packages can have
// multiple different types of names (e.g. .deb packages have a source name
// and a binary name), in which case we arbitrarily pick one of them to use here.
// In cases when the exact name type used is important (e.g. when matching
// against vuln feeds) you should use the specific name field from the Metadata.
Name string
// The version of this package.
Version string
// Source code level package identifiers.
SourceCode *SourceCodeIdentifier
// Paths or source of files related to the package.
Locations []string
// The PURL type of this package, e.g. "pypi". Used for purl generation.
PURLType string
// The names of the Plugins that found this software instance. Set by the core library.
Plugins []string
// Deprecated - use ExploitabilitySignals instead
// TODO(b/400910349): Remove once integrators stop using this.
AnnotationsDeprecated []Annotation
// Signals to indicate that specific vulnerabilities are not applicable to this package.
ExploitabilitySignals []*vex.PackageExploitabilitySignal
// Details about the layer that the package was attributed to.
LayerMetadata *LayerMetadata
// The additional data found in the package.
Metadata any
// Licenses information of this package
Licenses []string
}
Package is an instance of a software package or library found by the extractor. TODO(b/400910349): Currently package is also used to store non-package data like open ports. Move these into their own dedicated types. TODO(b/400910349): Move from extractor into a separate package such as inventory.
func (*Package) Ecosystem ¶ added in v0.2.0
func (p *Package) Ecosystem() osvecosystem.Parsed
Ecosystem returns the Ecosystem of the package. For software packages this corresponds to an OSV ecosystem value, e.g. PyPI.
func (*Package) PURL ¶ added in v0.2.0
func (p *Package) PURL() *purl.PackageURL
PURL returns the Package URL of this package.
type SourceCodeIdentifier ¶ added in v0.1.3
SourceCodeIdentifier lists additional identifiers for source code software packages (e.g. NPM).
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package filesystem provides the interface for inventory extraction plugins.
|
Package filesystem provides the interface for inventory extraction plugins. |
|
containers/containerd
Package containerd extracts container package from containerd metadb database.
|
Package containerd extracts container package from containerd metadb database. |
|
containers/dockerbaseimage
Package dockerbaseimage extracts base image urls from Dockerfiles.
|
Package dockerbaseimage extracts base image urls from Dockerfiles. |
|
containers/dockercomposeimage
Package dockercomposeimage extracts image URLs from Docker Compose files.
|
Package dockercomposeimage extracts image URLs from Docker Compose files. |
|
containers/k8simage
Package k8simage extracts container image references from Kubernetes YAML files.
|
Package k8simage extracts container image references from Kubernetes YAML files. |
|
containers/podman
Package podman extracts container inventory from podman database.
|
Package podman extracts container inventory from podman database. |
|
embeddedfs/archive
Package archive provides an extractor for extracting software inventories from archives
|
Package archive provides an extractor for extracting software inventories from archives |
|
embeddedfs/common
Package common provides common utilities for embedded filesystem extractors.
|
Package common provides common utilities for embedded filesystem extractors. |
|
embeddedfs/ova
Package ova provides an extractor for extracting software inventories from OVA archives
|
Package ova provides an extractor for extracting software inventories from OVA archives |
|
embeddedfs/vdi
Package vdi provides an extractor for extracting software inventories from VirtualBox's VDI disk images
|
Package vdi provides an extractor for extracting software inventories from VirtualBox's VDI disk images |
|
embeddedfs/vmdk
Package vmdk provides an extractor for extracting software inventories from VMDK disk images
|
Package vmdk provides an extractor for extracting software inventories from VMDK disk images |
|
ffa/unknownbinariesextr
Package unknownbinariesextr identifies binary files on the filesystem and adds them as packages.
|
Package unknownbinariesextr identifies binary files on the filesystem and adds them as packages. |
|
internal
Package internal contains miscellaneous functions and objects useful within Scalibr
|
Package internal contains miscellaneous functions and objects useful within Scalibr |
|
internal/units
Package units provides constants for common units.
|
Package units provides constants for common units. |
|
language/cpp/conanlock
Package conanlock extracts conan.lock files.
|
Package conanlock extracts conan.lock files. |
|
language/dart/pubspec
Package pubspec extracts Dart pubspec.lock files.
|
Package pubspec extracts Dart pubspec.lock files. |
|
language/dotnet/depsjson
Package depsjson extracts packages from .NET deps.json files.
|
Package depsjson extracts packages from .NET deps.json files. |
|
language/dotnet/dotnetpe
Package dotnetpe extracts packages from .NET PE files.
|
Package dotnetpe extracts packages from .NET PE files. |
|
language/dotnet/packagesconfig
Package packagesconfig extracts packages from .NET packages.config files.
|
Package packagesconfig extracts packages from .NET packages.config files. |
|
language/dotnet/packageslockjson
Package packageslockjson extracts packages.lock.json files.
|
Package packageslockjson extracts packages.lock.json files. |
|
language/elixir/mixlock
Package mixlock extracts elixir mix.lock files.
|
Package mixlock extracts elixir mix.lock files. |
|
language/erlang/mixlock
Package mixlock extracts erlang mix.lock files.
|
Package mixlock extracts erlang mix.lock files. |
|
language/erlang/mixlock/mixlockutils
Package mixlockutils provides common functions for parsing Mix.lock lockfiles.
|
Package mixlockutils provides common functions for parsing Mix.lock lockfiles. |
|
language/erlang/mixlock/purl
Package purl converts mixlock package details into a mixlock PackageURL.
|
Package purl converts mixlock package details into a mixlock PackageURL. |
|
language/golang/gobinary
Package gobinary extracts packages from buildinfo inside go binaries files.
|
Package gobinary extracts packages from buildinfo inside go binaries files. |
|
language/golang/gomod
Package gomod extracts go.mod files.
|
Package gomod extracts go.mod files. |
|
language/golang/purl
Package purl converts Go package details into a Go PackageURL.
|
Package purl converts Go package details into a Go PackageURL. |
|
language/haskell/cabal
Package cabal extracts cabal.project.freeze files from haskell projects.
|
Package cabal extracts cabal.project.freeze files from haskell projects. |
|
language/haskell/stacklock
Package stacklock extracts stack.yaml.lock files from haskell projects.
|
Package stacklock extracts stack.yaml.lock files from haskell projects. |
|
language/java/archive
Package archive extracts Java archive files.
|
Package archive extracts Java archive files. |
|
language/java/archive/metadata
Package metadata defines a Metadata struct for Java archives.
|
Package metadata defines a Metadata struct for Java archives. |
|
language/java/gradlelockfile
Package gradlelockfile extracts pom.xml files.
|
Package gradlelockfile extracts pom.xml files. |
|
language/java/gradleverificationmetadataxml
Package gradleverificationmetadataxml extracts Gradle files.
|
Package gradleverificationmetadataxml extracts Gradle files. |
|
language/java/groupid
Package groupid provides functionality for retrieving the group ID of a Java package.
|
Package groupid provides functionality for retrieving the group ID of a Java package. |
|
language/java/javalockfile
Package javalockfile provides shared structures for Java extractors.
|
Package javalockfile provides shared structures for Java extractors. |
|
language/java/pomxml
Package pomxml extracts pom.xml files.
|
Package pomxml extracts pom.xml files. |
|
language/java/pomxmlnet
Package pomxmlnet extracts Maven's pom.xml format with transitive dependency resolution.
|
Package pomxmlnet extracts Maven's pom.xml format with transitive dependency resolution. |
|
language/java/purl
Package purl converts a package to a Maven type PackageURL.
|
Package purl converts a package to a Maven type PackageURL. |
|
language/javascript/bunlock
Package bunlock extracts bun.lock files
|
Package bunlock extracts bun.lock files |
|
language/javascript/internal/commitextractor
Package commitextractor provides a function to extract commit hash from the full git URL
|
Package commitextractor provides a function to extract commit hash from the full git URL |
|
language/javascript/packagejson
Package packagejson extracts package.json files.
|
Package packagejson extracts package.json files. |
|
language/javascript/packagejson/metadata
Package metadata defines a metadata struct for Javascript packages.
|
Package metadata defines a metadata struct for Javascript packages. |
|
language/javascript/packagelockjson
Package packagelockjson extracts package-lock.json files.
|
Package packagelockjson extracts package-lock.json files. |
|
language/javascript/pnpmlock
Package pnpmlock extracts pnpm-lock.yaml files.
|
Package pnpmlock extracts pnpm-lock.yaml files. |
|
language/javascript/purl
Package purl converts NPM package details into an NPM PackageURL.
|
Package purl converts NPM package details into an NPM PackageURL. |
|
language/javascript/yarnlock
Package yarnlock extracts NPC yarn.lock files.
|
Package yarnlock extracts NPC yarn.lock files. |
|
language/lua/luarocks
Package luarocks extracts .rockspec files from Lua modules.
|
Package luarocks extracts .rockspec files from Lua modules. |
|
language/nim/nimble
Package nimble extracts .nimble files from installed nimble packages.
|
Package nimble extracts .nimble files from installed nimble packages. |
|
language/php/composerlock
Package composerlock extracts composer.lock files.
|
Package composerlock extracts composer.lock files. |
|
language/python/condameta
Package condameta extracts Conda package metadata from conda-meta JSON files.
|
Package condameta extracts Conda package metadata from conda-meta JSON files. |
|
language/python/pdmlock
Package pdmlock extracts pdm.lock files.
|
Package pdmlock extracts pdm.lock files. |
|
language/python/pipfilelock
Package pipfilelock extracts Pipfile.lock files.
|
Package pipfilelock extracts Pipfile.lock files. |
|
language/python/poetrylock
Package poetrylock extracts poetry.lock files.
|
Package poetrylock extracts poetry.lock files. |
|
language/python/pylock
Package pylock extracts pylock.toml files
|
Package pylock extracts pylock.toml files |
|
language/python/pypipurl
Package pypipurl converts a package to a PyPI type PackageURL.
|
Package pypipurl converts a package to a PyPI type PackageURL. |
|
language/python/requirements
Package requirements extracts requirements files.
|
Package requirements extracts requirements files. |
|
language/python/requirementsnet
Package requirementsnet extracts requirements files with .
|
Package requirementsnet extracts requirements files with . |
|
language/python/setup
Package setup extracts packages from setup.py.
|
Package setup extracts packages from setup.py. |
|
language/python/uvlock
Package uvlock extracts uv.lock files.
|
Package uvlock extracts uv.lock files. |
|
language/python/wheelegg
Package wheelegg extracts wheel and egg files.
|
Package wheelegg extracts wheel and egg files. |
|
language/r/renvlock
Package renvlock extracts renv.lock files.
|
Package renvlock extracts renv.lock files. |
|
language/ruby/gemfilelock
Package gemfilelock extracts Gemfile.lock files.
|
Package gemfilelock extracts Gemfile.lock files. |
|
language/ruby/gemspec
Package gemspec extracts *.gemspec files.
|
Package gemspec extracts *.gemspec files. |
|
language/rust/cargoauditable
Package cargoauditable extracts dependencies from cargo auditable inside rust binaries.
|
Package cargoauditable extracts dependencies from cargo auditable inside rust binaries. |
|
language/rust/cargolock
Package cargolock extracts Cargo.lock files for rust projects
|
Package cargolock extracts Cargo.lock files for rust projects |
|
language/rust/cargotoml
Package cargotoml extracts Cargo.toml files for rust projects
|
Package cargotoml extracts Cargo.toml files for rust projects |
|
language/swift/packageresolved
Package packageresolved extracts Package.resolved files
|
Package packageresolved extracts Package.resolved files |
|
language/swift/podfilelock
Package podfilelock extracts dependencies from Podfile.lock files.
|
Package podfilelock extracts dependencies from Podfile.lock files. |
|
language/swift/swiftutils
Package swiftutils provides utilities for parsing Swift podfiles.
|
Package swiftutils provides utilities for parsing Swift podfiles. |
|
list
Package list provides a public list of SCALIBR-internal extraction plugins.
|
Package list provides a public list of SCALIBR-internal extraction plugins. |
|
misc/chrome/extensions
Package extensions extracts chrome extensions.
|
Package extensions extracts chrome extensions. |
|
misc/vscodeextensions
Package vscodeextensions extracts vscode extensions.
|
Package vscodeextensions extracts vscode extensions. |
|
misc/wordpress/plugins
Package plugins extracts packages from installed Wordpress plugins.
|
Package plugins extracts packages from installed Wordpress plugins. |
|
os/apk
Package apk extracts packages from the APK database.
|
Package apk extracts packages from the APK database. |
|
os/apk/apkutil
Package apkutil provides utilities for reading APK package records.
|
Package apkutil provides utilities for reading APK package records. |
|
os/apk/metadata
Package metadata defines a Metadata struct for apk packages.
|
Package metadata defines a Metadata struct for apk packages. |
|
os/cos
Package cos extracts OS packages from Container Optimized OSes (go/cos).
|
Package cos extracts OS packages from Container Optimized OSes (go/cos). |
|
os/cos/metadata
Package metadata defines a metadata struct for COS packages.
|
Package metadata defines a metadata struct for COS packages. |
|
os/dpkg
Package dpkg extracts packages from dpkg database.
|
Package dpkg extracts packages from dpkg database. |
|
os/dpkg/metadata
Package metadata defined a Metadata struct for DPKG packages.
|
Package metadata defined a Metadata struct for DPKG packages. |
|
os/ecosystem
Package ecosystem converts OS package details into PackageURLs.
|
Package ecosystem converts OS package details into PackageURLs. |
|
os/flatpak
Package flatpak extracts packages from flatpak metainfo files.
|
Package flatpak extracts packages from flatpak metainfo files. |
|
os/flatpak/metadata
Package metadata defines a Metadata struct for flatpak packages.
|
Package metadata defines a Metadata struct for flatpak packages. |
|
os/homebrew
Package homebrew extracts package information from OSX homebrew INSTALL_RECEIPT.json files.
|
Package homebrew extracts package information from OSX homebrew INSTALL_RECEIPT.json files. |
|
os/kernel/module
Package module extracts .ko files from kernel modules.
|
Package module extracts .ko files from kernel modules. |
|
os/kernel/module/metadata
Package metadata defines a metadata struct for kernel modules.
|
Package metadata defines a metadata struct for kernel modules. |
|
os/kernel/vmlinuz
Package vmlinuz extracts information about vmlinuz compressed kernel images.
|
Package vmlinuz extracts information about vmlinuz compressed kernel images. |
|
os/kernel/vmlinuz/metadata
Package metadata defines a metadata struct for kernel vmlinuz files.
|
Package metadata defines a metadata struct for kernel vmlinuz files. |
|
os/macapps
Package macapps extracts applications data from Info.plist files of OS X devices.
|
Package macapps extracts applications data from Info.plist files of OS X devices. |
|
os/macports
Package macports extracts package information from OSX macports Portfile files.
|
Package macports extracts package information from OSX macports Portfile files. |
|
os/macports/metadata
Package metadata defines a metadata struct for Macports packages.
|
Package metadata defines a metadata struct for Macports packages. |
|
os/nix
Package nix extracts packages from the Nix store directory.
|
Package nix extracts packages from the Nix store directory. |
|
os/nix/metadata
Package metadata defines a metadata struct for nix packages.
|
Package metadata defines a metadata struct for nix packages. |
|
os/osrelease
Package osrelease parses the os-release file.
|
Package osrelease parses the os-release file. |
|
os/pacman
Package pacman extracts packages from archlinux desc file.
|
Package pacman extracts packages from archlinux desc file. |
|
os/pacman/metadata
Package metadata defines a metadata struct for arch packages.
|
Package metadata defines a metadata struct for arch packages. |
|
os/portage
Package portage extracts packages from portage database.
|
Package portage extracts packages from portage database. |
|
os/portage/metadata
Package metadata defines a metadata struct for portage packages.
|
Package metadata defines a metadata struct for portage packages. |
|
os/purl
Package purl converts OS package details into PackageURLs.
|
Package purl converts OS package details into PackageURLs. |
|
os/rpm
Package rpm extracts packages from rpm database.
|
Package rpm extracts packages from rpm database. |
|
os/rpm/metadata
Package metadata defines a metadata struct for rpm packages.
|
Package metadata defines a metadata struct for rpm packages. |
|
os/snap
Package snap extracts snap packages
|
Package snap extracts snap packages |
|
os/snap/metadata
Package metadata defines a metadata struct for SNAP packages.
|
Package metadata defines a metadata struct for SNAP packages. |
|
os/winget
Package winget extracts installed packages from Windows Package Manager (Winget) database.
|
Package winget extracts installed packages from Windows Package Manager (Winget) database. |
|
os/winget/metadata
Package metadata defines a Metadata struct for winget packages.
|
Package metadata defines a Metadata struct for winget packages. |
|
osv
Package osv defines OSV-specific fields for parsed source packages.
|
Package osv defines OSV-specific fields for parsed source packages. |
|
runtime/asdf
Package asdf extracts the installed language runtime names and versions from asdf .tool-version files.
|
Package asdf extracts the installed language runtime names and versions from asdf .tool-version files. |
|
runtime/asdf/metadata
Package metadata defines a metadata struct for Asdf Tools.
|
Package metadata defines a metadata struct for Asdf Tools. |
|
runtime/nodejs/nodeversion
Package nodeversion extracts the Node.js version from .node-version files.
|
Package nodeversion extracts the Node.js version from .node-version files. |
|
runtime/nodejs/nodeversion/metadata
Package metadata defines a metadata struct for Node.js versions.
|
Package metadata defines a metadata struct for Node.js versions. |
|
runtime/nodejs/nvm
Package nvm extracts the Node.js version from nvm .nvmrc files.
|
Package nvm extracts the Node.js version from nvm .nvmrc files. |
|
runtime/nodejs/nvm/metadata
Package metadata defines a metadata struct for NVM Node.js versions.
|
Package metadata defines a metadata struct for NVM Node.js versions. |
|
sbom/cdx
Package cdx extracts software dependencies from an CycloneDX SBOM.
|
Package cdx extracts software dependencies from an CycloneDX SBOM. |
|
sbom/cdx/metadata
Package metadata defines a Metadata struct for CDX packages.
|
Package metadata defines a Metadata struct for CDX packages. |
|
sbom/cdx/purl
Package purl extracts the PURL from a CDX package.
|
Package purl extracts the PURL from a CDX package. |
|
sbom/spdx
Package spdx extracts software dependencies from an SPDX SBOM.
|
Package spdx extracts software dependencies from an SPDX SBOM. |
|
sbom/spdx/metadata
Package metadata defines a Metadata struct for SPDX packages.
|
Package metadata defines a Metadata struct for SPDX packages. |
|
sbom/spdx/purl
Package purl extracts the PURL from an SPDX package.
|
Package purl extracts the PURL from an SPDX package. |
|
secrets
Package secrets contains a Scalibr filesystem Extractor that wraps the Veles secret scanning library to find secrets (i.e.
|
Package secrets contains a Scalibr filesystem Extractor that wraps the Veles secret scanning library to find secrets (i.e. |
|
secrets/convert
Package convert provides a utility function for converting Veles plugins (Detectors and Validators) to SCALIBR core plugins (FilesystemExtractors and Enrichers)
|
Package convert provides a utility function for converting Veles plugins (Detectors and Validators) to SCALIBR core plugins (FilesystemExtractors and Enrichers) |
|
secrets/onepasswordconnecttoken
Package onepasswordconnecttoken contains an extractor for OnePassword Connect Token files.
|
Package onepasswordconnecttoken contains an extractor for OnePassword Connect Token files. |
|
secrets/pgpass
Package pgpass provides an extractor for identifying secrets in .pgpass files.
|
Package pgpass provides an extractor for identifying secrets in .pgpass files. |
|
simplefileapi
Package simplefileapi provides a fake implementation of the filesystem.FileAPI interface.
|
Package simplefileapi provides a fake implementation of the filesystem.FileAPI interface. |
|
Package standalone provides a way to extract in a standalone mode (e.g.
|
Package standalone provides a way to extract in a standalone mode (e.g. |
|
containers/containerd
Package containerd extracts container inventory from containerd API.
|
Package containerd extracts container inventory from containerd API. |
|
containers/containerd/containerdmetadata
Package containerdmetadata defines the metadata for the containerd standalone extractor.
|
Package containerdmetadata defines the metadata for the containerd standalone extractor. |
|
containers/containerd/fakeclient
Package fakeclient contains a fake implementation of the containerd client for testing purposes.
|
Package fakeclient contains a fake implementation of the containerd client for testing purposes. |
|
containers/docker
Package docker extracts container inventory from docker API.
|
Package docker extracts container inventory from docker API. |
|
containers/docker/fakeclient
Package fakeclient contains a fake implementation of the docker client for testing purposes.
|
Package fakeclient contains a fake implementation of the docker client for testing purposes. |
|
list
Package list contains the list of all standalone extractors.
|
Package list contains the list of all standalone extractors. |
|
os/netports
Package netports extracts open ports on the system and maps them to running processes when possible.
|
Package netports extracts open ports on the system and maps them to running processes when possible. |
|
windows/common/metadata
Package metadata provides metadata structures to annotate Windows packages.
|
Package metadata provides metadata structures to annotate Windows packages. |
|
windows/common/purl
Package purl converts Windows application package details into a PackageURL.
|
Package purl converts Windows application package details into a PackageURL. |
|
windows/common/winproducts
Package winproducts contains information about Windows products.
|
Package winproducts contains information about Windows products. |
|
windows/dismpatch
Package dismpatch extract patch level from the DISM command line tool.
|
Package dismpatch extract patch level from the DISM command line tool. |
|
windows/dismpatch/dismparser
Package dismparser has methods that can be used to parse DISM output
|
Package dismparser has methods that can be used to parse DISM output |
|
windows/ospackages
Package ospackages extracts installed softwares on Windows.
|
Package ospackages extracts installed softwares on Windows. |
|
windows/regosversion
Package regosversion extracts the OS version (build, major, minor release) from the registry.
|
Package regosversion extracts the OS version (build, major, minor release) from the registry. |
|
windows/regpatchlevel
Package regpatchlevel extract patch level from the Windows registry.
|
Package regpatchlevel extract patch level from the Windows registry. |
Click to show internal directories.
Click to hide internal directories.