From 63a98503e02103672991de314b30ee987a81b729 Mon Sep 17 00:00:00 2001 From: Bertrand Goareguer <bertrand.goareguer@gmail.com> Date: Thu, 18 Jan 2024 08:45:47 +0000 Subject: [PATCH] fix: Resolve "Syft packages is now deprecated" --- README.md | 2 +- kicker.json | 2 +- templates/gitlab-ci-docker.yml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 3a1acc1..ad46285 100644 --- a/README.md +++ b/README.md @@ -398,7 +398,7 @@ It is bound to the `package-test` stage, and uses the following variables: | --------------------- | -------------------------------------- | ----------------- | | `DOCKER_SBOM_DISABLED` | Set to `true` to disable this job | _none_ | | `DOCKER_SBOM_IMAGE` | The docker image used to emit SBOM | `registry.hub.docker.com/anchore/syft:debug` | -| `DOCKER_SBOM_OPTS` | Options for syft used for SBOM analysis | `--catalogers rpm-db-cataloger,alpm-db-cataloger,apk-db-cataloger,dpkg-db-cataloger,portage-cataloger,alpmdb-cataloger,apkdb-cataloger,dpkgdb-cataloger` | +| `DOCKER_SBOM_OPTS` | Options for syft used for SBOM analysis | `--override-default-catalogers rpm-db-cataloger,alpm-db-cataloger,apk-db-cataloger,dpkg-db-cataloger,portage-cataloger` | ### `docker-publish` job diff --git a/kicker.json b/kicker.json index 3f43e30..39dccad 100644 --- a/kicker.json +++ b/kicker.json @@ -210,7 +210,7 @@ { "name": "DOCKER_SBOM_OPTS", "description": "Options for syft used for SBOM analysis", - "default": "--catalogers rpm-db-cataloger,alpm-db-cataloger,apk-db-cataloger,dpkg-db-cataloger,portage-cataloger,alpmdb-cataloger,apkdb-cataloger,dpkgdb-cataloger", + "default": "--override-default-catalogers rpm-db-cataloger,alpm-db-cataloger,apk-db-cataloger,dpkg-db-cataloger,portage-cataloger", "advanced": true } ] diff --git a/templates/gitlab-ci-docker.yml b/templates/gitlab-ci-docker.yml index a8c762f..fb0990f 100644 --- a/templates/gitlab-ci-docker.yml +++ b/templates/gitlab-ci-docker.yml @@ -86,7 +86,7 @@ variables: # SBOM genenration image and arguments DOCKER_SBOM_IMAGE: "registry.hub.docker.com/anchore/syft:debug" - DOCKER_SBOM_OPTS: "--catalogers rpm-db-cataloger,alpm-db-cataloger,apk-db-cataloger,dpkg-db-cataloger,portage-cataloger,alpmdb-cataloger,apkdb-cataloger,dpkgdb-cataloger" + DOCKER_SBOM_OPTS: "--override-default-catalogers rpm-db-cataloger,alpm-db-cataloger,apk-db-cataloger,dpkg-db-cataloger,portage-cataloger" # default: one-click publish DOCKER_PROD_PUBLISH_STRATEGY: manual @@ -803,7 +803,7 @@ docker-sbom: script: - mkdir -p -m 777 reports - basename=$(echo "${DOCKER_SNAPSHOT_IMAGE}" | sed 's|[/:]|_|g') - - /syft packages ${TRACE+-vv} $DOCKER_SNAPSHOT_IMAGE $DOCKER_SBOM_OPTS -o cyclonedx-json=reports/docker-sbom-${basename}.cyclonedx.json + - /syft scan ${TRACE+-vv} $DOCKER_SNAPSHOT_IMAGE $DOCKER_SBOM_OPTS -o cyclonedx-json=reports/docker-sbom-${basename}.cyclonedx.json - chmod a+r reports/docker-sbom-${basename}.cyclonedx.json artifacts: name: "SBOM for docker from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" -- GitLab