8000 feat: Support skipping archive extraction with file source by adammcclenaghan · Pull Request #3795 · anchore/syft · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

feat: Support skipping archive extraction with file source #3795

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 24, 2025
Merged

feat: Support skipping archive extraction with file source #3795

merged 1 commit into from
Apr 24, 2025
+36 −17

Conversation

adammcclenaghan
Copy link
Contributor

Description

Currently when an archive file is scanned with a file source, the archive is extracted before scanning

This is different from the default behavior when an archive file is encountered via directory source, in that case archives are only extracted when deemed necessary by catalogers (ie the java archive cataloguer)

As a Syft library user, when scanning with file source I would like the option to skip extracting archives and instead allow cataloguers decide whether to extract them.

I've added SkipExtractArchive to the filesource Config here, and by default it will be false so all existing users will be unaffected.

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (please discuss with the team first; Syft is 1.0 software and we won't accept breaking changes without going to 2.0)
  • Documentation (updates the documentation)
  • Chore (improve the developer experience, fix a test flake, etc, without changing the visible behavior of Syft)
  • Performance (make Syft run faster or use less memory, without changing visible behavior much)

Checklist:

  • I have added unit tests that cover changed behavior
  • I have tested my code in common scenarios and confirmed there are no regressions
  • I have added comments to my code, particularly in hard-to-understand sections

@adammcclenaghan
(feat): support skipping archive extraction with file source
4b20c63 
Signed-off-by: Adam McClenaghan <adam@mcclenaghan.co.uk>
wagoodman
wagoodman approved these changes Apr 24, 2025
View reviewed changes
Copy link
Contributor
@wagoodman wagoodman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🙌

@wagoodman wagoodman merged commit 61a3d17 into anchore:main Apr 24, 2025
13 checks passed
@wagoodman wagoodman added the enhancement New feature or request label Apr 24, 2025
@wagoodman wagoodman changed the title (feat): support skipping archive extraction with file source feat: support skipping archive extraction with file source Apr 24, 2025
@wagoodman wagoodman changed the title feat: support skipping archive extraction with file source feat: Support skipping archive extraction with file source Apr 24, 2025
spiffcs added a commit that referenced this pull request Apr 29, 2025
@spiffcs
Merge branch 'main' into 3088-full-text
b3f335e 
* main: (150 commits)
  fix the fluent-bit regex detection pattern (#3817)
  chore(deps): bump anchore/sbom-action from 0.18.0 to 0.19.0 (#3832)
  chore(deps): update tools to latest versions (#3830)
  Resolve owned file paths when searching for overlaps (#3828)
  chore(deps): update anchore dependencies (#3827)
  fix: Make the fileresolver Support Prefix Match of Files (#3820)
  Add support for detecting javascript assets in .NET projects using libman (#3825)
  chore(deps): update tools to latest versions (#3823)
  (feat): support skipping archive extraction with file source (#3795)
  Consider DLL claims for dependencies of .NET packages from deps.json (#3822)
  PE cataloger should consider compile target paths from deps.json (#3821)
  Perf: skip license scanner injection (#3796)
  chore(deps): bump sigstore/cosign-installer from 3.8.1 to 3.8.2 (#3818)
  chore(deps): bump github/codeql-action from 3.28.15 to 3.28.16 (#3819)
  chore(deps): update tools to latest versions (#3815)
  docs: document test commands (#3816)
  Support detection of Chrome binaries (#3136)
  fix:allow golang tip image detection regex pattern (#3757)
  fix:Make the parse of the replace part in ```go.mod``` more compliant and traceable (#3812)
  (fix): delete collection name/type key entries when empty (#3797)
  ...

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
spiffcs added a commit that referenced this pull request May 1, 2025
@spiffcs
Merge branch 'main' into 1961-add-suport-package-supplier
d428ff3 
* main: (142 commits)
  feat: detect when full license text has been provided and preserve as separate field (#3450)
  chore(deps): bump github.com/Masterminds/semver/v3 from 3.3.0 to 3.3.1 (#3843)
  chore(deps): update tools to latest versions (#3841)
  Update github.com/Masterminds/semver to v3 (#3836)
  Add support for PHP Pear (#2775)
  fix: Improve detection of erlang binary in alpine Linux (#3839)
  fix:Resolve ancestral symlinks correctly (#3783)
  chore(deps): update CPE dictionary index (#3834)
  chore(deps): update tools to latest versions (#3835)
  chore(deps): bump github.com/charmbracelet/bubbletea from 1.3.4 to 1.3.5 (#3838)
  fix the fluent-bit regex detection pattern (#3817)
  chore(deps): bump anchore/sbom-action from 0.18.0 to 0.19.0 (#3832)
  chore(deps): update tools to latest versions (#3830)
  Resolve owned file paths when searching for overlaps (#3828)
  chore(deps): update anchore dependencies (#3827)
  fix: Make the fileresolver Support Prefix Match of Files (#3820)
  Add support for detecting javascript assets in .NET projects using libman (#3825)
  chore(deps): update tools to latest versions (#3823)
  (feat): support skipping archive extraction with file source (#3795)
  Consider DLL claims for dependencies of .NET packages from deps.json (#3822)
  ...

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wagoodman wagoodman wagoodman approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@adammcclenaghan @wagoodman
0