8000 feat(cataloger): add a terraform provider cataloger by ghouscht · Pull Request #3378 · anchore/syft · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

feat(cataloger): add a terraform provider cataloger #3378

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Jan 21, 2025
Merged

feat(cataloger): add a terraform provider cataloger #3378

merged 10 commits into from
Jan 21, 2025

Conversation

ghouscht
Copy link
Contributor
@ghouscht ghouscht commented Oct 24, 2024
edited
Loading

Description

I came across #2402 because of a recent discussion on reddit here and now made an implementation so syft is able to discover terraform provider dependencies.

I added a new cataloger, which reads terraform's lock file(s) and returns the gathered information on used providers to the overal SBOM.

I'm new to syft and this is my first contribution here so I might need some additional guidance how to continue from here.

Type of change

  • New feature (non-breaking change which adds functionality)

Checklist:

  • I have added unit tests that cover changed behavior
  • I have tested my code in common scenarios and confirmed there are no regressions
  • I have added comments to my code, particularly in hard-to-understand sections

@ghouscht
Copy link
Contributor Author
ghouscht commented Oct 24, 2024
edited
Loading

The changes from this PR seem to work quite well for me. Below is the output of running syft against a directory with an initialized terraform workspace that depends on the gcp and aws terraform providers:

syft output 
➜  syft git:(terraform-cataloger) go run ./cmd/syft/... scan file:../tf/.terraform.lock.hcl
 ✔ Indexed file system                                                                                       ../tf-sbom
 ✔ Cataloged contents                                  dcdf16c165b58a86bb407ab8aa1c11edfd2a545b5ccc58fe60c82964f6f4d573
   ├── ✔ Packages                        [458 packages]  
   ├── ✔ File digests                    [8 files]  
   ├── ✔ File metadata                   [8 locations]  
   └── ✔ Executables                     [2 executables]  
[0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which 
NAME                                                                              VERSION                               TYPE                               
actions/checkout                                                                  v4                                    github-action       (+1 duplicate)  
actions/stale                                                                     v9                                    github-action                       
amannn/action-semantic-pull-request                                               v5.5.3                                github-action                       
bitbucket.org/creachadair/stringset                                               v0.0.8                                go-module                           
cel.dev/expr                                                                      v0.15.0                               go-module                           
cloud.google.com/go                                                               v0.115.1                              go-module                           
cloud.google.com/go/auth                                                          v0.9.0                                go-module                           
cloud.google.com/go/auth/oauth2adapt                                              v0.2.4                                go-module                           
cloud.google.com/go/bigtable                                                      v1.30.0                               go-module                           
cloud.google.com/go/compute/metadata                                              v0.5.0                                go-module                           
cloud.google.com/go/iam                                                           v1.1.13                               go-module                           
cloud.google.com/go/longrunning                                                   v0.5.12                               go-module                           
cloud.google.com/go/monitoring                                                    v1.20.4                               go-module                           
clowdhaus/terraform-composite-actions/directories                                 v1.9.0                                github-action                       
clowdhaus/terraform-composite-actions/pre-commit                                  v1.11.1                               github-action                       
clowdhaus/terraform-min-max                                                       v1.3.1                                github-action                       
cycjimmy/semantic-release-action                                                  v4                                    github-action                       
dessant/lock-threads                                                              v5                                    github-action                       
github.com/GoogleCloudPlatform/declarative-resource-client-library                v1.74.0                               go-module                           
github.com/ProtonMail/go-crypto                                                   v1.1.0-alpha.2                        go-module                           
github.com/ProtonMail/go-crypto                                                   v1.1.0-beta.0-proton                  go-module                           
github.com/YakDriver/go-version                                                   v0.1.0                                go-module                           
github.com/YakDriver/regexache                                                    v0.24.0                               go-module                           
github.com/agext/levenshtein                                                      v1.2.2                                go-module                           
github.com/agext/levenshtein                                                      v1.2.3                                go-module                           
github.com/apparentlymart/go-cidr                                                 v1.1.0                                go-module                           
github.com/apparentlymart/go-textseg/v15                                          v15.0.0                               go-module           (+1 duplicate)  
github.com/aws/aws-sdk-go                                                         v1.55.5                               go-module                           
github.com/aws/aws-sdk-go-v2                                                      v1.32.2                               go-module                           
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream                             v1.6.6                                go-module                           
github.com/aws/aws-sdk-go-v2/config                                               v1.27.43                              go-module                           
github.com/aws/aws-sdk-go-v2/credentials                                          v1.17.41                              go-module                           
github.com/aws/aws-sdk-go-v2/feature/ec2/imds                                     v1.16.17                              go-module                           
github.com/aws/aws-sdk-go-v2/feature/s3/manager                                   v1.17.32                              go-module                           
github.com/aws/aws-sdk-go-v2/internal/configsources                               v1.3.21                               go-module                           
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2                                v2.6.21                               go-module                           
github.com/aws/aws-sdk-go-v2/internal/ini                                         v1.8.1                                go-module                           
github.com/aws/aws-sdk-go-v2/internal/v4a                                         v1.3.21                               go-module                           
github.com/aws/aws-sdk-go-v2/service/accessanalyzer                               v1.34.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/account                                      v1.21.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/acm                                          v1.30.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/acmpca                                       v1.37.3                               go-module                           
github.com/aws/aws-sdk-go-v2/service/amp                                          v1.29.3                               go-module                           
github.com/aws/aws-sdk-go-v2/service/amplify                                      v1.27.0                               go-module                           
github.com/aws/aws-sdk-go-v2/service/apigateway                                   v1.27.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/apigatewayv2                                 v1.24.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/appconfig                                    v1.34.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/appfabric                                    v1.11.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/appflow                                      v1.45.3                               go-module                           
github.com/aws/aws-sdk-go-v2/service/appintegrations                              v1.30.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/applicationautoscaling                       v1.33.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/applicationinsights                          v1.28.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/applicationsignals                           v1.6.2                                go-module                           
github.com/aws/aws-sdk-go-v2/service/appmesh                                      v1.29.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/apprunner                                    v1.32.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/appstream                                    v1.41.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/appsync                                      v1.38.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/athena                                       v1.47.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/auditmanager                                 v1.37.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/autoscaling                                  v1.45.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/autoscalingplans                             v1.24.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/backup                                       v1.39.3                               go-module                           
github.com/aws/aws-sdk-go-v2/service/batch                                        v1.46.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/bcmdataexports                               v1.7.2                                go-module                           
github.com/aws/aws-sdk-go-v2/service/bedrock                                      v1.20.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/bedrockagent                                 v1.23.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/budgets                                      v1.28.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/chatbot                                      v1.8.2                                go-module                           
github.com/aws/aws-sdk-go-v2/service/chime                                        v1.34.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/chimesdkmediapipelines                       v1.20.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/chimesdkvoice                                v1.19.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/cleanrooms                                   v1.18.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/cloud9                                       v1.28.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/cloudcontrol                                 v1.22.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/cloudformation                               v1.55.3                               go-module                           
github.com/aws/aws-sdk-go-v2/service/cloudfront                                   v1.40.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/cloudfrontkeyvaluestore                      v1.8.2                                go-module                           
github.com/aws/aws-sdk-go-v2/service/cloudhsmv2                                   v1.27.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/cloudsearch                                  v1.26.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/cloudtrail                                   v1.44.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/cloudwatch                                   v1.42.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs                               v1.41.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/codeartifact                                 v1.33.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/codebuild                                    v1.46.0                               go-module                           
github.com/aws/aws-sdk-go-v2/service/codecatalyst                                 v1.17.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/codecommit                                   v1.27.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/codeconnections                              v1.5.2                                go-module                           
github.com/aws/aws-sdk-go-v2/service/codedeploy                                   v1.29.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/codeguruprofiler                             v1.24.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/codegurureviewer                             v1.29.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/codepipeline                                 v1.36.0                               go-module                           
github.com/aws/aws-sdk-go-v2/service/codestarconnections                          v1.29.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/codestarnotifications                        v1.26.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/cognitoidentity                              v1.27.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider                      v1.46.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/comprehend                                   v1.35.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/computeoptimizer                             v1.39.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/configservice                                v1.50.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/connect                                      v1.113.2                              go-module                           
github.com/aws/aws-sdk-go-v2/service/connectcases                                 v1.21.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/controltower                                 v1.18.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/costandusagereportservice                    v1.28.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/costexplorer                                 v1.43.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/costoptimizationhub                          v1.10.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/customerprofiles                             v1.42.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/databasemigrationservice                     v1.43.0                               go-module                           
github.com/aws/aws-sdk-go-v2/service/databrew                                     v1.33.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/dataexchange                                 v1.32.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/datapipeline                                 v1.25.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/datasync                                     v1.42.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/datazone                                     v1.22.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/dax                                          v1.23.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/detective                                    v1.31.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/devicefarm                                   v1.28.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/devopsguru                                   v1.34.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/directconnect                                v1.29.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/directoryservice                             v1.30.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/dlm                                          v1.28.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/docdb                                        v1.39.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/docdbelastic                                 v1.13.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/drs                                          v1.30.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/dynamodb                                     v1.36.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/ec2                                          v1.182.0                              go-module                           
github.com/aws/aws-sdk-go-v2/service/ecr                                          v1.36.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/ecrpublic                                    v1.27.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/ecs                                          v1.47.3                               go-module                           
github.com/aws/aws-sdk-go-v2/service/efs                                          v1.33.2                               go-module                           
github.com/aws/aws-s
8000
dk-go-v2/service/eks                                          v1.50.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/elasticache                                  v1.43.0                               go-module                           
github.com/aws/aws-sdk-go-v2/service/elasticbeanstalk                             v1.28.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing                         v1.28.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2                       v1.40.0                               go-module                           
github.com/aws/aws-sdk-go-v2/service/elasticsearchservice                         v1.32.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/elastictranscoder                            v1.27.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/emr                                          v1.46.0                               go-module                           
github.com/aws/aws-sdk-go-v2/service/emrcontainers                                v1.33.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/emrserverless                                v1.26.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/eventbridge                                  v1.35.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/evidently                                    v1.23.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/finspace                                     v1.28.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/firehose                                     v1.34.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/fis                                          v1.30.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/fms                                          v1.37.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/fsx                                          v1.49.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/gamelift                                     v1.36.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/glacier                                      v1.26.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/globalaccelerator                            v1.29.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/glue                                         v1.100.2                              go-module                           
github.com/aws/aws-sdk-go-v2/service/grafana                                      v1.26.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/greengrass                                   v1.27.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/groundstation                                v1.31.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/guardduty                                    v1.50.0                               go-module                           
github.com/aws/aws-sdk-go-v2/service/healthlake                                   v1.28.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/iam                                          v1.37.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/identitystore                                v1.27.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/inspector                                    v1.25.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/inspector2                                   v1.32.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding                     v1.12.0                               go-module                           
github.com/aws/aws-sdk-go-v2/service/internal/checksum                            v1.4.2                                go-module                           
github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery                  v1.10.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url                       v1.12.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/internal/s3shared                            v1.18.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/internetmonitor                              v1.19.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/iot                                          v1.59.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/iotanalytics                                 v1.26.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/iotevents                                    v1.27.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/ivs                                          v1.41.0                               go-module                           
github.com/aws/aws-sdk-go-v2/service/ivschat                                      v1.16.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/kafka                                        v1.38.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/kafkaconnect                                 v1.21.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/kendra                                       v1.54.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/keyspaces                                    v1.14.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/kinesis                                      v1.32.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/kinesisanalytics                             v1.25.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/kinesisanalyticsv2                           v1.31.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/kinesisvideo                                 v1.27.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/kms                                          v1.37.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/lakeformation                                v1.37.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/lambda                                       v1.63.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/launchwizard                                 v1.8.2                                go-module                           
github.com/aws/aws-sdk-go-v2/service/lexmodelbuildingservice                      v1.28.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/lexmodelsv2                                  v1.49.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/licensemanager                               v1.29.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/lightsail                                    v1.42.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/location                                     v1.42.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/lookoutmetrics                               v1.31.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/m2                                           v1.17.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/macie2                                       v1.43.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/mediaconnect                                 v1.35.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/mediaconvert                                 v1.61.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/medialive                                    v1.62.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/mediapackage                                 v1.34.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/mediapackagev2                               v1.18.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/mediastore                                   v1.24.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/memorydb                                     v1.24.0                               go-module                           
github.com/aws/aws-sdk-go-v2/service/mq                                           v1.27.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/mwaa                                         v1.31.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/neptune                                      v1.35.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/neptunegraph                                 v1.14.0                               go-module                           
github.com/aws/aws-sdk-go-v2/service/networkfirewall                              v1.43.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/networkmanager                               v1.31.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/networkmonitor                               v1.7.2                                go-module                           
github.com/aws/aws-sdk-go-v2/service/oam                                          v1.15.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/opensearch                                   v1.41.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/opensearchserverless                         v1.16.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/opsworks                                     v1.26.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/organizations                                v1.34.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/osis                                         v1.14.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/outposts                                     v1.45.0                               go-module                           
github.com/aws/aws-sdk-go-v2/service/paymentcryptography                          v1.14.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/pcaconnectorad                               v1.9.2                                go-module                           
github.com/aws/aws-sdk-go-v2/service/pcs                                          v1.2.2                                go-module                           
github.com/aws/aws-sdk-go-v2/service/pinpoint                                     v1.34.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/pinpointsmsvoicev2                           v1.15.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/pipes                                        v1.17.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/polly                                        v1.45.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/pricing                                      v1.32.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/qbusiness                                    v1.14.0                               go-module                           
github.com/aws/aws-sdk-go-v2/service/qldb                                         v1.25.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/quicksight                                   v1.76.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/ram                                          v1.29.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/rbin                                         v1.20.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/rds                                          v1.87.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/redshift                                     v1.50.0                               go-module                           
github.com/aws/aws-sdk-go-v2/service/redshiftdata                                 v1.30.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/redshiftserverless                           v1.23.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/rekognition                                  v1.45.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/resiliencehub                                v1.27.0                               go-module                           
github.com/aws/aws-sdk-go-v2/service/resourceexplorer2                            v1.15.3                               go-module                           
github.com/aws/aws-sdk-go-v2/service/resourcegroups                               v1.27.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi                     v1.25.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/rolesanywhere                                v1.16.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/route53                                      v1.45.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/route53domains                               v1.27.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/route53profiles                              v1.4.2                                go-module                           
github.com/aws/aws-sdk-go-v2/service/route53recoverycontrolconfig                 v1.25.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/route53recoveryreadiness                     v1.21.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/route53resolver                              v1.33.0                               go-module                           
github.com/aws/aws-sdk-go-v2/service/rum                                          v1.21.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/s3                                           v1.65.3                               go-module                           
github.com/aws/aws-sdk-go-v2/service/s3control                                    v1.49.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/s3outposts                                   v1.28.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/sagemaker                                    v1.163.2                              go-module                           
github.com/aws/aws-sdk-go-v2/service/scheduler                                    v1.12.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/schemas                                      v1.28.3                               go-module                           
github.com/aws/aws-sdk-go-v2/service/secretsmanager                               v1.34.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/securityhub                                  v1.54.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/securitylake                                 v1.19.0                               go-module                           
github.com/aws/aws-sdk-go-v2/service/serverlessapplicationrepository              v1.24.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/servicecatalog                               v1.32.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/servicecatalogappregistry                    v1.30.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/servicediscovery                             v1.33.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/servicequotas                                v1.25.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/ses                                          v1.28.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/sesv2                                        v1.37.0                               go-module                           
github.com/aws/aws-sdk-go-v2/service/sfn                                          v1.33.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/shield                                       v1.29.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/signer                                       v1.26.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/sns                                          v1.33.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/sqs                                          v1.36.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/ssm                                          v1.55.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/ssmcontacts                                  v1.26.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/ssmincidents                                 v1.34.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/ssmquicksetup                                v1.2.3                                go-module                           
github.com/aws/aws-sdk-go-v2/service/ssmsap                                       v1.18.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/sso                                          v1.24.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/ssoadmin                                     v1.29.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/ssooidc                                      v1.28.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/storagegateway                               v1.34.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/sts                                          v1.32.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/swf                                          v1.27.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/synthetics                                   v1.29.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/timestreaminfluxdb                           v1.6.2                                go-module                           
github.com/aws/aws-sdk-go-v2/service/timestreamwrite                              v1.29.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/transcribe                                   v1.41.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/transfer                                     v1.53.0                               go-module                           
github.com/aws/aws-sdk-go-v2/service/verifiedpermissions                          v1.19.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/vpclattice                                   v1.12.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/waf                                          v1.25.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/wafregional                                  v1.25.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/wafv2                                        v1.54.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/wellarchitected                              v1.34.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/worklink                                     v1.23.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/workspaces                                   v1.48.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/workspacesweb                                v1.24.2                               go-module                           
github.com/aws/aws-sdk-go-v2/service/xray                                         v1.29.2                               go-module                           
github.com/aws/smithy-go                                                          v1.22.0                               go-module                           
github.com/beevik/etree                                                           v1.4.1                                go-module                           
github.com/cedar-policy/cedar-go                                                  v0.1.0                                go-module                           
github.com/cenkalti/backoff                                                       v2.2.1+incompatible                   go-module                           
github.com/census-instrumentation/opencensus-proto                                v0.4.1                                go-module                           
github.com/cespare/xxhash/v2                                                      v2.3.0                                go-module                           
github.com/cloudflare/circl                                                       v1.3.7                                go-module                           
github.com/cloudflare/circl                                                       v1.4.0                                go-module                           
github.com/cncf/xds/go                                                            v0.0.0-20240423153145-555b57ec207b    go-module                           
github.com/davecgh/go-spew                                                        v1.1.1                                go-module           (+1 duplicate)  
github.com/envoyproxy/go-control-plane                                            v0.12.0                               go-module                           
github.com/envoyproxy/protoc-gen-validate                                         v1.0.4                                go-module                           
github.com/fatih/color                                                            v1.16.0                               go-module                           
github.com/fatih/color                                                            v1.17.0                               go-module                           
github.com/felixge/httpsnoop                                                      v1.0.4                                go-module                           
github.com/gammazero/deque                                                        v0.0.0-20180920172122-f6adf94963e4    go-module                           
github.com/gammazero/workerpool                                                   v0.0.0-20181230203049-86a96b5d5d92    go-module                           
github.com/gdavison/terraform-plugin-log                                          v0.0.0-20230928191232-6c653d8ef8fb    go-module                           
github.com/gertd/go-pluralize                                                     v0.2.1                                go-module                           
github.com/go-logr/logr                                                           v1.4.2                                go-module           (+1 duplicate)  
github.com/go-logr/stdr                                                           v1.2.2                                go-module           (+1 duplicate)  
github.com/golang/glog                                                            v1.2.1                                go-module                           
github.com/golang/groupcache                                                      v0.0.0-20210331224755-41bb18bfe9da    go-module                           
github.com/golang/protobuf                                                        v1.5.4                                go-module           (+1 duplicate)  
github.com/google/go-cmp                                                          v0.6.0                                go-module           (+1 duplicate)  
github.com/google/go-cpy                                                          v0.0.0-20211218193943-a9c933c06932    go-module                           
github.com/google/s2a-go                                                          v0.1.8                                go-module                           
github.com/google/uuid                                                            v1.6.0                                go-module           (+1 duplicate)  
github.com/googleapis/enterprise-certificate-proxy                                v0.3.2                                go-module                           
github.com/googleapis/gax-go/v2                                                   v2.13.0                               go-module                           
github.com/grpc-ecosystem/go-grpc-middleware                                      v1.3.0                                go-module                           
github.com/hashicorp/aws-cloudformation-resource-schema-sdk-go                    v0.23.0                               go-module                           
github.com/hashicorp/aws-sdk-go-base/v2                                           v2.0.0-beta.58                        go-module                           
github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2                              v2.0.0-beta.59                        go-module                           
github.com/hashicorp/awspolicyequivalence                                         v1.6.0                                go-module                           
github.com/hashicorp/errwrap                                                      v1.0.0                                go-module                           
github.com/hashicorp/errwrap                                                      v1.1.0                                go-module                           
github.com/hashicorp/go-checkpoint                                                v0.5.0                                go-module           (+1 duplicate)  
github.com/hashicorp/go-cleanhttp                                                 v0.5.2                                go-module           (+1 duplicate)  
github.com/hashicorp/go-cty                                                       v1.4.1-0.20200414143053-d3edf31b6320  go-module                           
github.com/hashicorp/go-cty                                                       v1.4.1-0.20200723130312-85980079f637  go-module                           
github.com/hashicorp/go-hclog                                                     v1.6.3                                go-module           (+1 duplicate)  
github.com/hashicorp/go-multierror                                                v1.1.1                                go-module           (+1 duplicate)  
github.com/hashicorp/go-plugin                                                    v1.6.0                                go-module                           
github.com/hashicorp/go-plugin                                                    v1.6.1                                go-module                           
github.com/hashicorp/go-retryablehttp                                             v0.7.7                                go-module                           
github.com/hashicorp/go-uuid                                                      v1.0.3                                go-module           (+1 duplicate)  
github.com/hashicorp/go-version                                                   v1.6.0                                go-module                           
github.com/hashicorp/go-version                                                   v1.7.0                                go-module                           
github.com/hashicorp/hc-install                                                   v0.6.4                                go-module   
8000
                        
github.com/hashicorp/hc-install                                                   v0.8.0                                go-module                           
github.com/hashicorp/hcl/v2                                                       v2.20.1                               go-module                           
github.com/hashicorp/hcl/v2                                                       v2.22.0                               go-module                           
github.com/hashicorp/logutils                                                     v1.0.0                                go-module           (+1 duplicate)  
github.com/hashicorp/terraform-exec                                               v0.21.0                               go-module           (+1 duplicate)  
github.com/hashicorp/terraform-json                                               v0.22.1                               go-module           (+1 duplicate)  
github.com/hashicorp/terraform-plugin-framework                                   v1.12.0                               go-module                           
github.com/hashicorp/terraform-plugin-framework                                   v1.7.0                                go-module                           
github.com/hashicorp/terraform-plugin-framework-jsontypes                         v0.2.0                                go-module                           
github.com/hashicorp/terraform-plugin-framework-timeouts                          v0.4.1                                go-module                           
github.com/hashicorp/terraform-plugin-framework-timetypes                         v0.5.0                                go-module                           
github.com/hashicorp/terraform-plugin-framework-validators                        v0.13.0                               go-module                           
github.com/hashicorp/terraform-plugin-framework-validators                        v0.9.0                                go-module                           
github.com/hashicorp/terraform-plugin-go                                          v0.23.0                               go-module                           
github.com/hashicorp/terraform-plugin-go                                          v0.24.0                               go-module                           
github.com/hashicorp/terraform-plugin-log                                         v0.9.0                                go-module                           
github.com/hashicorp/terraform-plugin-mux                                         v0.15.0                               go-module                           
github.com/hashicorp/terraform-plugin-mux                                         v0.16.0                               go-module                           
github.com/hashicorp/terraform-plugin-sdk/v2                                      v2.33.0                               go-module                           
github.com/hashicorp/terraform-plugin-sdk/v2                                      v2.34.0                               go-module                           
github.com/hashicorp/terraform-plugin-testing                                     v1.10.0                               go-module                           
github.com/hashicorp/terraform-plugin-testing                                     v1.5.1                                go-module                           
github.com/hashicorp/terraform-provider-aws                                       v5.72.1                               go-module                           
github.com/hashicorp/terraform-provider-google                                    v6.8.0                                go-module                           
github.com/hashicorp/terraform-registry-address                                   v0.2.3                                go-module           (+1 duplicate)  
github.com/hashicorp/terraform-svchost                                            v0.1.1                                go-module           (+1 duplicate)  
github.com/hashicorp/yamux                                                        v0.1.1                                go-module           (+1 duplicate)  
github.com/jmespath/go-jmespath                                                   v0.4.0                                go-module                           
github.com/kylelemons/godebug                                                     v1.1.0                                go-module                           
github.com/mattbaird/jsonpatch                                                    v0.0.0-20240118010651-0ba75a80ca38    go-module                           
github.com/mattn/go-colorable                                                     v0.1.13                               go-module           (+1 duplicate)  
github.com/mattn/go-isatty                                                        v0.0.20                               go-module           (+1 duplicate)  
github.com/mitchellh/copystructure                                                v1.2.0                                go-module           (+1 duplicate)  
github.com/mitchellh/go-homedir                                                   v1.1.0                                go-module           (+1 duplicate)  
github.com/mitchellh/go-testing-interface                                         v1.14.1                               go-module           (+1 duplicate)  
github.com/mitchellh/go-wordwrap                                                  v1.0.0                                go-module                           
github.com/mitchellh/go-wordwrap                                                  v1.0.1                                go-module                           
github.com/mitchellh/hashstructure                                                v1.1.0                                go-module                           
github.com/mitchellh/mapstructure                                                 v1.5.0                                go-module           (+1 duplicate)  
github.com/mitchellh/reflectwalk                                                  v1.0.2                                go-module           (+1 duplicate)  
github.com/oklog/run                                                              v1.0.0                                go-module                           
github.com/oklog/run                                                              v1.1.0                                go-module                           
github.com/shopspring/decimal                                                     v1.4.0                                go-module                           
github.com/sirupsen/logrus                                                        v1.8.1                                go-module                           
github.com/vmihailenco/msgpack                                                    v4.0.4+incompatible                   go-module           (+1 duplicate)  
github.com/vmihailenco/msgpack/v5                                                 v5.4.1                                go-module           (+1 duplicate)  
github.com/vmihailenco/tagparser/v2                                               v2.0.0                                go-module           (+1 duplicate)  
github.com/xeipuuv/gojsonpointer                                                  v0.0.0-20190905194746-02993c407bfb    go-module                           
github.com/xeipuuv/gojsonreference                                                v0.0.0-20180127040603-bd5ef7bd5415    go-module                           
github.com/xeipuuv/gojsonschema                                                   v1.2.0                                go-module                           
github.com/zclconf/go-cty                                                         v1.14.4                               go-module                           
github.com/zclconf/go-cty                                                         v1.15.0                               go-module                           
go.opencensus.io                                                                  v0.24.0                               go-module                           
go.opentelemetry.io/contrib/instrumentation/github.com/aws/aws-sdk-go-v2/otelaws  v0.55.0                               go-module                           
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc       v0.52.0                               go-module                           
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp                     v0.53.0                               go-module                           
go.opentelemetry.io/otel                                                          v1.28.0                               go-module                           
go.opentelemetry.io/otel                                                          v1.30.0                               go-module                           
go.opentelemetry.io/otel/metric                                                   v1.28.0                               go-module                           
go.opentelemetry.io/otel/metric                                                   v1.30.0                               go-module                           
go.opentelemetry.io/otel/sdk                                                      v1.28.0                               go-module                           
go.opentelemetry.io/otel/sdk/metric                                               v1.28.0                               go-module                           
go.opentelemetry.io/otel/trace                                                    v1.28.0                               go-module                           
go.opentelemetry.io/otel/trace                                                    v1.30.0                               go-module                           
go4.org/netipx                                                                    v0.0.0-20231129151722-fdeea329fbba    go-module                           
golang.org/x/crypto                                                               v0.26.0                               go-module                           
golang.org/x/crypto                                                               v0.28.0                               go-module                           
golang.org/x/exp                                                                  v0.0.0-20240409090435-93d18d7e34b8    go-module                           
golang.org/x/mod                                                                  v0.17.0                               go-module                           
golang.org/x/mod                                                                  v0.21.0                               go-module                           
golang.org/x/net                                                                  v0.28.0                               go-module                           
golang.org/x/net                                                                  v0.30.0                               go-module                           
golang.org/x/oauth2                                                               v0.22.0                               go-module                           
golang.org/x/sync                                                                 v0.8.0                                go-module                           
golang.org/x/sys                                                                  v0.24.0                               go-module                           
golang.org/x/sys                                                                  v0.26.0                               go-module                           
golang.org/x/text                                                                 v0.17.0                               go-module                           
golang.org/x/text                                                                 v0.19.0                               go-module                           
golang.org/x/time                                                                 v0.6.0                                go-module                           
google.golang.org/api                                                             v0.193.0                              go-module                           
google.golang.org/genproto                                                        v0.0.0-20240814211410-ddb44dafa142    go-module                           
google.golang.org/genproto/googleapis/api                                         v0.0.0-20240814211410-ddb44dafa142    go-module                           
google.golang.org/genproto/googleapis/rpc                                         v0.0.0-20240814211410-ddb44dafa142    go-module                           
google.golang.org/genproto/googleapis/rpc                                         v0.0.0-20240827150818-7e3bb234dfed    go-module                           
google.golang.org/grpc                                                            v1.65.0                               go-module                           
google.golang.org/grpc                                                            v1.66.2                               go-module                           
google.golang.org/protobuf                                                        v1.34.2                               go-module           (+1 duplicate)  
gopkg.in/yaml.v2                                                                  v2.4.0                                go-module                           
registry.terraform.io/hashicorp/aws                                               5.72.1                                terraform                  
registry.terraform.io/hashicorp/google                                            6.8.0                                 terraform                  
stdlib                                                                            go1.21.13                             go-module                           
stdlib                                                                            go1.23.2                              go-module

Syft seems to correctly discover the go biniaries and the terraform provider dependencies.

@ghouscht ghouscht force-pushed the terraform-cataloger branch 3 times, most recently from c17b018 to 7db9704 Compare October 24, 2024 11:54
@ghouscht
Copy link
Contributor Author

Oh, looks like I messed up with the metadata thus the CLI tests are failing. Will have a look at this later.

@github-actions github-actions bot added the json-schema Changes the json schema label Oct 25, 2024
@spiffcs
Copy link
Contributor
spiffcs commented Oct 31, 2024

@ghouscht! This is excellent thank you so much for the contribution and sorry for the delay in responding here - I'm about to take a look at this today and should have comments ready or just 🍏 the PR and try to get it into our next release.

This is very well written and I am so grateful for the quality you put into it.

I think my outstanding questions is cc @wagoodman on if we want this to be enabled by default in the dir source scan, container source, both, or none

@ghouscht
Copy link
Contributor Author

This is very well written and I am so grateful for the quality you put into it.

Thank you for the reply! Don't worry about the delay, it is not an issue. I'll keep an eye on the PR and will handle comments/suggestions asap 🙂

wagoodman
wagoodman reviewed Nov 12, 2024
View reviewed changes
@wagoodman
Copy link
Contributor
wagoodman commented Nov 12, 2024
edited
Loading

[do] we want this to be enabled by default in the dir source scan, container source, both, or none?

my vote is both, but it will be most useful in directory scans I would suppose (but there is no harm in including it in both)

edit: actually, stepping back I'm changing my vote to stay only with directory scans as the lock file is not evidence of installed software, which is what we primarily search for in image scans.

wagoodman
wagoodman reviewed Nov 12, 2024
View reviewed changes
wagoodman
wagoodman reviewed Nov 12, 2024
View reviewed changes
@wagoodman
Copy link
Contributor

pushed some minor naming tweaks to the branch + rebased to account for merge conflicts

@ghouscht ghouscht force-pushed the terraform-cataloger branch from 8835e61 to 4483e79 Compare November 14, 2024 08:12
@wagoodman
Copy link
Contributor

just a heads up the latest commit is missing DCO signoff

wagoodman
wagoodman reviewed Nov 22, 2024
View reviewed changes
wagoodman
wagoodman reviewed Nov 22, 2024
View reviewed changes
wagoodman
wagoodman reviewed Nov 22, 2024
View reviewed changes
Copy link
Contributor
@wagoodman wagoodman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is just about ready to cross the finish line! Had a couple comments above, but all fairly small -- I didn't want to push those changes in case I'm wrong in my comments.

@ghouscht ghouscht force-pushed the terraform-cataloger branch from 4483e79 to e6845c2 Compare November 29, 2024 07:38
ghouscht and others added 6 commits November 29, 2024 09:12
@ghouscht
feat(cataloger): add a terraform provider cataloger
661502f 
Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>
@ghouscht
docs(README): add terraform to supported ecosystems
1e5a810 
Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>
@ghouscht
build: fix integration test and lint errors
2549250 
Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>
@ghouscht
fix: update JSON schema with TerraformLockEntry
f39a956 
Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>
@wagoodman @ghouscht
minor review adjustments
9ee78af 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
@ghouscht
resolve language/CPE TODOs
38f064d 
Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>
@ghouscht ghouscht force-pushed the terraform-cataloger branch from 51c7ded to 1c802e1 Compare November 29, 2024 08:25
@ghouscht
chore: rename of types
ed79d31 
Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>
@ghouscht ghouscht force-pushed the terraform-cataloger branch from 1c802e1 to ed79d31 Compare November 29, 2024 08:35
@willmurphyscode willmurphyscode self-assigned this Dec 16, 2024
@spiffcs
fix: remove PURL from package terraform until response from spec
88b850d 
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
@github-actions GitHub Actions

This comment was marked as outdated.

Sign in to view
@spiffcs
Merge branch 'main' into terraform-cataloger
ef1a137 
Signed-off-by: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com>
@spiffcs
chore: bump schema from 16.0.19 -> 16.0.20
ebacf8a 
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
spiffcs
spiffcs reviewed Jan 21, 2025
View reviewed changes
@spiffcs
Copy link
Contributor
spiffcs commented Jan 21, 2025

Warning

Detected modification or removal of existing json schemas:

  • schema/json/schema-16.0.19.json

This was a line ending change that came from doing a merge through the git API.

@spiffcs spiffcs merged commit c10e904 into anchore:main Jan 21, 2025
12 checks passed
@ghouscht
Copy link
Contributor Author

Thank you for taking care of this @spiffcs. I was a bit busy lately and didn't find the time to finish the PR, sorry about that.

@spiffcs
Copy link
Contributor
spiffcs commented Jan 22, 2025

No worries @ghouscht!

Thanks again for all the effort and gettin it 99% of the way there.
We really appreciate everything you did and know how busy it can get.

It's landed in the latest release so check it out and I've marked this to get back to as soon as we hear from the PURL folks on the correct way to get those generated for this kind of package.

@spiffcs spiffcs mentioned this pull request Jan 23, 2025
Open
spiffcs added a commit to HeyeOpenSource/syft that referenced this pull request Jan 28, 2025
@spiffcs
Merge branch 'main' into Custom_Licenses
77db223 
* main: (54 commits)
  chore(deps): update CPE dictionary index (anchore#3620)
  chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.8.0 to 4.8.1 (anchore#3621)
  chore(deps): bump github/codeql-action from 3.28.4 to 3.28.5 (anchore#3622)
  chore(deps): bump github/codeql-action from 3.28.3 to 3.28.4 (anchore#3618)
  chore(deps): bump anchore/sbom-action from 0.17.9 to 0.18.0 (anchore#3619)
  chore(deps): update tools to latest versions (anchore#3607)
  chore(deps): bump github/codeql-action from 3.28.2 to 3.28.3 (anchore#3608)
  chore(deps): bump github.com/go-git/go-git/v5 from 5.13.1 to 5.13.2 (anchore#3609)
  chore(deps): bump github.com/docker/docker (anchore#3610)
  chore(deps): bump actions/setup-go in /.github/actions/bootstrap (anchore#3612)
  chore(deps): bump actions/cache in /.github/actions/bootstrap (anchore#3613)
  chore(ci): fix composite GitHub action path in dependabot config (anchore#3611)
  chore(deps): update tools to latest versions (anchore#3602)
  chore(deps): bump github/codeql-action from 3.28.1 to 3.28.2 (anchore#3604)
  chore(deps): bump github.com/hashicorp/hcl/v2 from 2.22.0 to 2.23.0 (anchore#3605)
  chore(deps): bump github.com/aquasecurity/go-pep440-version (anchore#3606)
  chore: bump stereoscope to v0.0.13 (anchore#3601)
  feat(cataloger): add a terraform provider cataloger (anchore#3378)
  chore(deps): update tools to latest versions (anchore#3597)
  chore(deps): update CPE dictionary index (anchore#3599)
  ...

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
spiffcs added a commit that referenced this pull request Apr 29, 2025
@spiffcs
Merge branch 'main' into 3088-full-text
baf3c36 
* main: (117 commits)
  chore(deps): update CPE dictionary index (#3620)
  chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.8.0 to 4.8.1 (#3621)
  chore(deps): bump github/codeql-action from 3.28.4 to 3.28.5 (#3622)
  chore(deps): bump github/codeql-action from 3.28.3 to 3.28.4 (#3618)
  chore(deps): bump anchore/sbom-action from 0.17.9 to 0.18.0 (#3619)
  chore(deps): update tools to latest versions (#3607)
  chore(deps): bump github/codeql-action from 3.28.2 to 3.28.3 (#3608)
  chore(deps): bump github.com/go-git/go-git/v5 from 5.13.1 to 5.13.2 (#3609)
  chore(deps): bump github.com/docker/docker (#3610)
  chore(deps): bump actions/setup-go in /.github/actions/bootstrap (#3612)
  chore(deps): bump actions/cache in /.github/actions/bootstrap (#3613)
  chore(ci): fix composite GitHub action path in dependabot config (#3611)
  chore(deps): update tools to latest versions (#3602)
  chore(deps): bump github/codeql-action from 3.28.1 to 3.28.2 (#3604)
  chore(deps): bump github.com/hashicorp/hcl/v2 from 2.22.0 to 2.23.0 (#3605)
  chore(deps): bump github.com/aquasecurity/go-pep440-version (#3606)
  chore: bump stereoscope to v0.0.13 (#3601)
  feat(cataloger): add a terraform provider cataloger (#3378)
  chore(deps): update tools to latest versions (#3597)
  chore(deps): update CPE dictionary index (#3599)
  ...

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
@sukh-234
Copy link
sukh-234 commented May 16, 2025
edited
Loading

Thanks for the good work on this, it would be really beneficial for me to use. Annoyingly it doesn't seem to work for me. I have ran something like

docker run --rm -v /src/path/to/file/.terraform.lock.hcl:/src -v anchore/syft:latest /src

but I get

No packages discovered.

I've definitely verified that the terraform .terraform.lock.hcl file exists and here is an example file

# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.

provider "registry.terraform.io/hashicorp/archive" {
  version = "2.7.0"
  hashes = [
    "h1:YkXq4JfcoAW0L4B9ghskZUxYbYAXIPlfSqqVFrAS06U=",
    "zh:04e23bebca7f665a19a032343aeecd230028a3822e546e6f618f24c47ff87f67",
  #   Edited out rest of hashes for brevity
  ]
}
#   Edited out rest of providers for brevity

I have also installed syft locally and ran

syft /src/path/to/file/.terraform.lock.hcl

and I get the following output

 ✔ Indexed file system                                                                                       /src/path/to/file/terraform.lock.hcl
 ✔ Cataloged contents                                                                                                    5bc69131492cde44103a7f843346ff25617ed22384f7bca27b0a6f95446c4cff
   ├── ✔ Packages                        [0 packages]
   └── ✔ Executables                     [0 executables]
No packages discovered

Any ideas why this is not working as expected?

@ghouscht
Copy link
Contributor Author

It does work for me:

$ syft ./.terraform.lock.hcl
 ✔ Indexed file system                                                                                                                                                                       .terraform.lock.hcl
 ✔ Cataloged contents                                                                                                                           c7696e3849f26107982469a36e302e4b3704b309958e647f5a0db5b80214e479
   ├── ✔ Packages                        [1 packages]
   ├── ✔ Executables                     [0 executables]
   ├── ✔ File digests                    [1 files]
   └── ✔ File metadata                   [1 locations]
NAME                          
CEB7
           VERSION  TYPE
registry.terraform.io/hashicorp/archive  2.7.1    terraform

Which version of syft are you running? Mine is:

$ syft version
Application: syft
Version:    1.26.0
BuildDate:  2025-05-20T19:56:08Z
GitCommit:  Homebrew
GitDescription: [not provided]
Platform:   darwin/arm64
GoVersion:  go1.24.3
Compiler:   gc

It does work with Docker too, but you must be careful with the mount:

$ docker run --rm -v $(pwd):/src anchore/syft:latest /src
[0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal)
NAME                                                        VERSION                             TYPE
github.com/bmatcuk/doublestar/v4                            v4.8.1                              go-module
github.com/fatih/color                                      v1.16.0                             go-module
github.com/golang/protobuf                                  v1.5.4                              go-module
github.com/hashicorp/go-hclog                               v1.6.3                              go-module
github.com/hashicorp/go-plugin                              v1.6.2                              go-module
github.com/hashicorp/go-uuid                                v1.0.3                              go-module
github.com/hashicorp/terraform-plugin-framework             v1.14.1                             go-module
github.com/hashicorp/terraform-plugin-framework-validators  v0.17.0                             go-module
github.com/hashicorp/terraform-plugin-go                    v0.26.0                             go-module
github.com/hashicorp/terraform-plugin-log                   v0.9.0                              go-module
github.com/hashicorp/terraform-provider-archive             UNKNOWN                             go-module
github.com/hashicorp/terraform-registry-address             v0.2.4                              go-module
github.com/hashicorp/terraform-svchost                      v0.1.1                              go-module
github.com/hashicorp/yamux                                  v0.1.1                              go-module
github.com/mattn/go-colorable                               v0.1.13                             go-module
github.com/mattn/go-isatty                                  v0.0.20                             go-module
github.com/mitchellh/go-testing-interface                   v1.14.1                             go-module
github.com/oklog/run                                        v1.0.0                              go-module
github.com/vmihailenco/msgpack/v5                           v5.4.1                              go-module
github.com/vmihailenco/tagparser/v2                         v2.0.0                              go-module
golang.org/x/net                                            v0.38.0                             go-module
golang.org/x/sys                                            v0.31.0                             go-module
golang.org/x/text                                           v0.23.0                             go-module
google.golang.org/genproto/googleapis/rpc                   v0.0.0-20241015192408-796eee8c2d53  go-module
google.golang.org/grpc                                      v1.69.4                             go-module
google.golang.org/protobuf                                  v1.36.3                             go-module
registry.terraform.io/hashicorp/archive                     2.7.1                               terraform
stdlib                                                      go1.23.7                            go-module

If you specify the mount like /path/to/dir/.terraform.lock.hcl:/src it will not work:

$ docker run --rm -v $(pwd)/.terraform.lock.hcl:/src anchore/syft:latest /src
No packages discovered

This is because in the given example Docker mounts the .terraform.lock.hcl into the container with the name /src and syft will then no longer be able to detect it as a Terraform lock file.

@sukh-234
Copy link
sukh-234 commented May 22, 2025
edited
Loading

I realised that my syft version was old, so I upgraded to the latest version, as below

$ syft version
Application: syft
Version:    1.26.0
BuildDate:  2025-05-20T21:27:29Z
GitCommit:  ac883f52edb8ca1f5a0a61d12c288d4b34ea3897
GitDescription: v1.26.0
Platform:   linux/amd64
GoVersion:  go1.24.3
Compiler:   gc

But I tried running again to no avail

$ syft ./.terraform.lock.hcl
 ✔ Indexed file system                                                              ./.terraform.lock.hcl
 ✔ Cataloged contents                    3d0a22c31720ad777cf138392b3e6dc53d14db967af1b4463c468252c8c79720
   ├── ✔ Packages                        [0 packages]
   └── ✔ Executables                     [0 executables]
No packages discovered

Thanks for pointing out Docker warning too, but I tried again using the full folder. It did pick up npm modules that were also contained with in that folder, but no terraform providers!

$ docker run --rm -v /src/personal:/src anchore/syft:latest /src
[0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal)
NAME                                       VERSION  TYPE
@aws-crypto/crc32                          3.0.0    npm
@aws-crypto/crc32c                         3.0.0    npm
@aws-crypto/ie11-detection                 3.0.0    npm
@aws-crypto/sha1-browser                   3.0.0    npm
# Further packages removed for brevity

I asked a colleague to also check it for me and he also could not get it working.

Is there any special config that we're missing? It's absolutely bizarre

@ghouscht
Copy link
Contributor Author
ghouscht commented May 22, 2025
edited by wagoodman
Loading

Is there any special config that we're missing? It's absolutely bizarre

No nothing special is needed. Do you mind sharing the full .terraform.lock.hcl here so I can look at it?

@ghouscht ghouscht deleted the terraform-cataloger branch May 22, 2025 15:20
@sukh-234
Copy link
sukh-234 commented May 23, 2025
edited
Loading

So I've just been using the below while I'm testing

# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.

provider "registry.terraform.io/hashicorp/archive" {
  version = "2.7.0"
  hashes = [
    "h1:YkXq4JfcoAW0L4B9ghskZUxYbYAXIPlfSqqVFrAS06U=",
    "zh:04e23bebca7f665a19a032343aeecd230028a3822e546e6f618f24c47ff87f67",
  #   Edited out rest of hashes for brevity
  ]
}
#   Edited out rest of providers for brevity

but my original one is

# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.

provider "registry.terraform.io/hashicorp/archive" {
  version = "2.7.0"
  hashes = [
    "h1:YkXq4JfcoAW0L4B9ghskZUxYbYAXIPlfSqqVFrAS06U=",
    "zh:04e23bebca7f665a19a032343aeecd230028a3822e546e6f618f24c47ff87f67",
    "zh:5bb38114238e25c45bf85f5c9f627a2d0c4b98fe44a0837e37d48574385f8dad",
    "zh:64584bc1db4c390abd81c76de438d93acf967c8a33e9b923d68da6ed749d55bd",
    "zh:697695ab9cce351adf91a1823bdd72ce6f0d219138f5124ef7645cedf8f59a1f",
    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
    "zh:7edefb1d1e2fead8fd155f7b50a2cb49f2f3fed154ac3ef5f991ccaff93d6120",
    "zh:807fb15b75910bf14795f2ad1a2d41b069f9ef52c242131b2964c8527312e235",
    "zh:821d9148d261df1d1a8e5a4812df2a6a3ffaf0d2070dad3c785382e489069239",
    "zh:a7d92251118fb723048c482154a6ac6368aad583d28d15fffc6f5dafd9507463",
    "zh:b627d4cef192b3c12ddaf9cb2c4f98c10d0129883c8c2a9c0049983f9de7030d",
    "zh:dfb70306fcc0ad1d512ab7c24765703783cc286062d4849de4fbe23526f5dc8e",
    "zh:f21de276f857b7e51fa2593d8fef05a7faafb0a7b62db14ac58a03ce1be7d881",
  ]
}

provider "registry.terraform.io/hashicorp/aws" {
  version     = "5.82.2"
  constraints = ">= 2.0.0, >= 3.0.0, >= 3.74.0, >= 4.9.0, >= 4.29.0, >= 4.38.0, >= 4.40.0, >= 4.52.0, >= 5.21.0, >= 5.27.0, >= 5.30.0, >= 5.32.0, >= 5.49.0, 5.82.2"
  hashes = [
    "h1:RuPaHbllUB8a2TGTyc149wJfoh6zhIEjUvFYKR6iP2E=",
    "zh:0262fc96012fb7e173e1b7beadd46dfc25b1dc7eaef95b90e936fc454724f1c8",
    "zh:397413613d27f4f54d16efcbf4f0a43c059bd8d827fe34287522ae182a992f9b",
    "zh:436c0c5d56e1da4f0a4c13129e12a0b519d12ab116aed52029b183f9806866f3",
    "zh:4d942d173a2553d8d532a333a0482a090f4e82a2238acf135578f163b6e68470",
    "zh:624aebc549bfbce06cc2ecfd8631932eb874ac7c10eb8466ce5b9a2fbdfdc724",
    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
    "zh:9e632dee2dfdf01b371cca7854b1ec63ceefa75790e619b0642b34d5514c6733",
    "zh:a07567acb115b60a3df8f6048d12735b9b3bcf85ec92a62f77852e13d5a3c096",
    "zh:ab7002df1a1be6432ac0eb1b9f6f0dd3db90973cd5b1b0b33d2dae54553dfbd7",
    "zh:bc1ff65e2016b018b3e84db7249b2cd0433cb5c81dc81f9f6158f2197d6b9fde",
    "zh:bcad84b1d767f87af6e1ba3dc97fdb8f2ad5de9224f192f1412b09aba798c0a8",
    "zh:cf917dceaa0f9d55d9ff181b5dcc4d1e10af21b6671811b315ae2a6eda866a2a",
    "zh:d8e90ecfb3216f3cc13ccde5a16da64307abb6e22453aed2ac3067bbf689313b",
    "zh:d9054e0e40705df729682ad34c20db8695d57f182c65963abd151c6aba1ab0d3",
    "zh:ecf3a4f3c57eb7e89f71b8559e2a71e4cdf94eea0118ec4f2cb37e4f4d71a069",
  ]
}

provider "registry.terraform.io/hashicorp/external" {
  version     = "2.3.5"
  constraints = ">= 1.0.0"
  hashes = [
    "h1:smKSos4zs57pJjQrNuvGBpSWth2el9SgePPbPHo0aps=",
    "zh:6e89509d056091266532fa64de8c06950010498adf9070bf6ff85bc485a82562",
    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
    "zh:86868aec05b58dc0aa1904646a2c26b9367d69b890c9ad70c33c0d3aa7b1485a",
    "zh:a2ce38fda83a62fa5fb5a70e6ca8453b168575feb3459fa39803f6f40bd42154",
    "zh:a6c72798f4a9a36d1d1433c0372006cc9b904e8cfd60a2ae03ac5b7d2abd2398",
    "zh:a8a3141d2fc71c86bf7f3c13b0b3be8a1b0f0144a47572a15af4dfafc051e28a",
    "zh:aa20a1242eb97445ad26ebcfb9babf2cd675bdb81cac5f989268ebefa4ef278c",
    "zh:b58a22445fb8804e933dcf835ab06c29a0f33148dce61316814783ee7f4e4332",
    "zh:cb5626a661ee761e0576defb2a2d75230a3244799d380864f3089c66e99d0dcc",
    "zh:d1acb00d20445f682c4e705c965e5220530209c95609194c2dc39324f3d4fcce",
    "zh:d91a254ba77b69a29d8eae8ed0e9367cbf0ea6ac1a85b58e190f8cb096a40871",
    "zh:f6592327673c9f85cdb6f20336faef240abae7621b834f189c4a62276ea5db41",
  ]
}

provider "registry.terraform.io/hashicorp/local" {
  version     = "2.5.3"
  constraints = ">= 1.0.0, >= 1.2.0"
  hashes = [
    "h1:1Nkh16jQJMp0EuDmvP/96f5Unnir0z12WyDuoR6HjMo=",
    "zh:284d4b5b572eacd456e605e94372f740f6de27b71b4e1fd49b63745d8ecd4927",
    "zh:40d9dfc9c549e406b5aab73c023aa485633c1b6b730c933d7bcc2fa67fd1ae6e",
    "zh:6243509bb208656eb9dc17d3c525c89acdd27f08def427a0dce22d5db90a4c8b",
    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
    "zh:885d85869f927853b6fe330e235cd03c337ac3b933b0d9ae827ec32fa1fdcdbf",
    "zh:bab66af51039bdfcccf85b25fe562cbba2f54f6b3812202f4873ade834ec201d",
    "zh:c505ff1bf9442a889ac7dca3ac05a8ee6f852e0118dd9a61796a2f6ff4837f09",
    "zh:d36c0b5770841ddb6eaf0499ba3de48e5d4fc99f4829b6ab66b0fab59b1aaf4f",
    "zh:ddb6a407c7f3ec63efb4dad5f948b54f7f4434ee1a2607a49680d494b1776fe1",
    "zh:e0dafdd4500bec23d3ff221e3a9b60621c5273e5df867bc59ef6b7e41f5c91f6",
    "zh:ece8742fd2882a8fc9d6efd20e2590010d43db386b920b2a9c220cfecc18de47",
    "zh:f4c6b3eb8f39105004cf720e202f04f57e3578441cfb76ca27611139bc116a82",
  ]
}

provider "registry.terraform.io/hashicorp/null" {
  version     = "3.2.4"
  constraints = ">= 2.0.0"
  hashes = [
    "h1:hkf5w5B6q8e2A42ND2CjAvgvSN3puAosDmOJb3zCVQM=",
    "zh:59f6b52ab4ff35739647f9509ee6d93d7c032985d9f8c6237d1f8a59471bbbe2",
    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
    "zh:795c897119ff082133150121d39ff26cb5f89a730a2c8c26f3a9c1abf81a9c43",
    "zh:7b9c7b16f118fbc2b05a983817b8ce2f86df125857966ad356353baf4bff5c0a",
    "zh:85e33ab43e0e1726e5f97a874b8e24820b6565ff8076523cc2922ba671492991",
    "zh:9d32ac3619cfc93eb3c4f423492a8e0f79db05fec58e449dee9b2d5873d5f69f",
    "zh:9e15c3c9dd8e0d1e3731841d44c34571b6c97f5b95e8296a45318b94e5287a6e",
    "zh:b4c2ab35d1b7696c30b64bf2c0f3a62329107bd1a9121ce70683dec58af19615",
    "zh:c43723e8cc65bcdf5e0c92581dcbbdcbdcf18b8d2037406a5f2033b1e22de442",
    "zh:ceb5495d9c31bfb299d246ab333f08c7fb0d67a4f82681fbf47f2a21c3e11ab5",
    "zh:e171026b3659305c558d9804062762d168f50ba02b88b231d20ec99578a6233f",
    "zh:ed0fe2acdb61330b01841fa790be00ec6beaac91d41f311fb8254f74eb6a711f",
  ]
}

provider "registry.terraform.io/hashicorp/random" {
  version     = "3.7.2"
  constraints = ">= 2.2.0"
  hashes = [
    "h1:356j/3XnXEKr9nyicLUufzoF4Yr6hRy481KIxRVpK0c=",
    "zh:14829603a32e4bc4d05062f059e545a91e27ff033756b48afbae6b3c835f508f",
    "zh:1527fb07d9fea400d70e9e6eb4a2b918d5060d604749b6f1c361518e7da546dc",
    "zh:1e86bcd7ebec85ba336b423ba1db046aeaa3c0e5f921039b3f1a6fc2f978feab",
    "zh:24536dec8bde66753f4b4030b8f3ef43c196d69cccbea1c382d01b222478c7a3",
    "zh:29f1786486759fad9b0ce4fdfbbfece9343ad47cd50119045075e05afe49d212",
    "zh:4d701e978c2dd8604ba1ce962b047607701e65c078cb22e97171513e9e57491f",
    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
    "zh:7b8434212eef0f8c83f5a90c6d76feaf850f6502b61b53c329e85b3b281cba34",
    "zh:ac8a23c212258b7976e1621275e3af7099e7e4a3d4478cf8d5d2a27f3bc3e967",
    "zh:b516ca74431f3df4c6cf90ddcdb4042c626e026317a33c53f0b445a3d93b720d",
    "zh:dc76e4326aec2490c1600d6871a95e78f9050f9ce427c71707ea412a2f2f1a62",
    "zh:eac7b63e86c749c7d48f527671c7aee5b4e26c10be6ad7232d6860167f99dbb0",
  ]
}

provider "registry.terraform.io/hashicorp/time" {
  version     = "0.13.1"
  constraints = ">= 0.7.0"
  hashes = [
    "h1:+W+DMrVoVnoXo3f3M4W+OpZbkCrUn6PnqDF33D2Cuf0=",
    "zh:02cb9aab1002f0f2a94a4f85acec8893297dc75915f7404c165983f720a54b74",
    "zh:04429b2b31a492d19e5ecf999b116d396dac0b24bba0d0fb19ecaefe193fdb8f",
    "zh:26f8e51bb7c275c404ba6028c1b530312066009194db721a8427a7bc5cdbc83a",
    "zh:772ff8dbdbef968651ab3ae76d04afd355c32f8a868d03244db3f8496e462690",
    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
    "zh:898db5d2b6bd6ca5457dccb52eedbc7c5b1a71e4a4658381bcbb38cedbbda328",
    "zh:8de913bf09a3fa7bedc29fec18c47c571d0c7a3d0644322c46f3aa648cf30cd8",
    "zh:9402102c86a87bdfe7e501ffbb9c685c32bbcefcfcf897fd7d53df414c36877b",
    "zh:b18b9bb1726bb8cfbefc0a29cf3657c82578001f514bcf4c079839b6776c47f0",
    "zh:b9d31fdc4faecb909d7c5ce41d2479dd0536862a963df434be4b16e8e4edc94d",
    "zh:c951e9f39cca3446c060bd63933ebb89cedde9523904813973fbc3d11863ba75",
    "zh:e5b773c0d07e962291be0e9b413c7a22c044b8c7b58c76e8aa91d1659990dfb5",
  ]
}

Getting this output with both

$ syft /src/personal/.terraform.lock.hcl
 ✔ Indexed file system                                                  /src/personal/.terraform.lock.hcl
 ✔ Cataloged contents                    0c0006c24b7b744d7e6ed08f7569ad293c3b3d98bc2557122e36130bf1dd9bf3
   ├── ✔ Packages                        [0 packages]
   └── ✔ Executables                     [0 executables]
No packages discovered

Thank you again for investigating. Please let me know if you need any further information.

@ghouscht
Copy link
Contributor Author

That helped - thank you 🙂

I ran syft -v=10 .terraform.lock.hcl on your file and found this:

[0001] TRACE cataloger returned errors cataloger=terraform-lock-cataloger error=failed to decode terraform lock file: /.terraform.lock.hcl:4,52-52: Missing required argument; The argument "constraints" is required, but no definition was found. location=/.terraform.lock.hcl

Root cause is here, the constraints do not have the ,optional keyword in the hcl struct tag. I'll file a PR to fix this.

@ghouscht ghouscht mentioned this pull request May 23, 2025
Merged
4 tasks
@sukh-234
Copy link

Fantastic @ghouscht, good find. To test this, I manually removed the first entry without constraints in the provider, then reran syft. The output is shown below

syft /src/personal/.terraform.lock.hcl
 ✔ Indexed file system                                                  /src/personal/.terraform.lock.hcl
 ✔ Cataloged contents                    79026f482281cc271a90c8b088620ce31fdb667a6c63d338fabce709db96db94
   ├── ✔ Packages                        [6 packages]
   ├── ✔ File digests                    [1 files]
   ├── ✔ Executables                     [0 executables]
   └── ✔ File metadata                   [1 locations]
NAME                                      VERSION  TYPE
registry.terraform.io/hashicorp/aws       5.82.2   terraform
registry.terraform.io/hashicorp/external  2.3.5    terraform
registry.terraform.io/hashicorp/local     2.5.3    terraform
registry.terraform.io/hashicorp/null      3.2.4    terraform
registry.terraform.io/hashicorp/random    3.7.2    terraform
registry.terraform.io/hashicorp/time      0.13.1   terraform

As expected! So I can confirm that all should be working with your latest PR. Thanks again for sorting this out!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@willmurphyscode willmurphyscode willmurphyscode left review comments

@spiffcs spiffcs spiffcs left review comments

@wagoodman wagoodman wagoodman approved these changes

Assignees

@willmurphyscode willmurphyscode

Labels
json-schema Changes the json schema
Projects
OSS
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@ghouscht @spiffcs @wagoodman @sukh-234 @willmurphyscode
0