update syft

vinted · Aug 20, 2024 · 5974368 · 5974368
1 parent 8b80794
commit 5974368
Showing 1 changed file with 22 additions and 13 deletions.
diff --git a/pkg/collectors/syft.go b/pkg/collectors/syft.go
@@ -1,15 +1,14 @@
 package collectors
 
 import (
+	"bytes"
 	"context"
 	"fmt"
-
+	"github.com/anchore/syft/syft/format/cyclonedxjson"
 	log "github.com/sirupsen/logrus"
 
 	cdx "github.com/CycloneDX/cyclonedx-go"
 	"github.com/anchore/syft/syft"
-	"github.com/anchore/syft/syft/format"
-	"github.com/anchore/syft/syft/format/syftjson"
 	"github.com/anchore/syft/syft/sbom"
 	"github.com/anchore/syft/syft/source"
 	"github.com/vinted/sbomsftw/pkg/bomtools"
@@ -29,15 +28,13 @@ func (s Syft) generateBOMInternal(ctx context.Context, repositoryPath string, re
 	if err != nil {
 		log.WithError(err).Errorf("can't get source %s", err)
 	}
-
 	// catalog the given source and return a SBOM
 	sbom, err := getSBOM(src)
 	if err != nil {
 		log.WithError(err).Errorf("can't get sbom %s", err)
 	}
-
 	// take the SBOM object and encode it into the syft-json representation
-	bytes, err := formatSBOM(sbom)
+	sbomBytes, err := formatSBOM(sbom)
 	if err != nil {
 		log.WithError(err).Errorf("can't format to bytes %s", err)
 	}
@@ -46,7 +43,7 @@ func (s Syft) generateBOMInternal(ctx context.Context, repositoryPath string, re
 	case <-ctx.Done():
 		return
 	default:
-		finalSBOM, err := bomtools.StringToCDX(bytes)
+		finalSBOM, err := bomtools.StringToCDX(sbomBytes)
 		result <- sbomCollectionResult{sbom: finalSBOM, err: err}
 	}
 }
@@ -78,18 +75,30 @@ func getSource(input string) (source.Source, error) {
 }
 
 func getSBOM(src source.Source) (*sbom.SBOM, error) {
-	sbom, err := syft.CreateSBOM(context.Background(), src, nil)
+	bomConfig := syft.DefaultCreateSBOMConfig()
+	syftSbom, err := syft.CreateSBOM(context.Background(), src, bomConfig)
 	if err != nil {
 		return nil, fmt.Errorf("can't create CycloneDX SBOM: %w", err)
 	}
-
-	return sbom, err
+	artifacts := sbom.Artifacts{
+		Packages:          syftSbom.Artifacts.Packages,
+		LinuxDistribution: syftSbom.Artifacts.LinuxDistribution,
+	}
+	sbomFinal := &sbom.SBOM{
+		Artifacts:     artifacts,
+		Relationships: syftSbom.Relationships,
+		Source:        src.Describe(),
+	}
+	return sbomFinal, err
 }
 
 func formatSBOM(s *sbom.SBOM) ([]byte, error) {
-	bytes, err := format.Encode(*s, syftjson.NewFormatEncoder())
+	formatEncoderConfig := cyclonedxjson.DefaultEncoderConfig()
+	encoder, _ := cyclonedxjson.NewFormatEncoderWithConfig(formatEncoderConfig)
+	var buffer bytes.Buffer
+	err := encoder.Encode(&buffer, *s)
 	if err != nil {
-		return nil, fmt.Errorf("can't json to bytes: %w", err)
+		return nil, err
 	}
-	return bytes, nil
+	return buffer.Bytes(), nil
 }