Merge branch '69-syft-packages-is-now-deprecated' into 'master'

Resolve "Syft packages is now deprecated" Closes #69 and #70 See merge request to-be-continuous/docker!103

Merge branch '69-syft-packages-is-now-deprecated' into 'master'
90064d7b · Cédric OLIVIER · 663806d0 · 63a98503 · 90064d7b · 90064d7b
Commit 90064d7b authored 1 year ago by Cédric OLIVIER
--- a/README.md
+++ b/README.md
@@ -398,7 +398,7 @@ It is bound to the `package-test` stage, and uses the following variables:
 | --------------------- | -------------------------------------- | ----------------- |
 | `DOCKER_SBOM_DISABLED` | Set to `true` to disable this job | _none_ |
 | `DOCKER_SBOM_IMAGE` | The docker image used to emit SBOM | `registry.hub.docker.com/anchore/syft:debug` |
-| `DOCKER_SBOM_OPTS` | Options for syft used for SBOM analysis | `--catalogers rpm-db-cataloger,alpm-db-cataloger,apk-db-cataloger,dpkg-db-cataloger,portage-cataloger,alpmdb-cataloger,apkdb-cataloger,dpkgdb-cataloger` |
+| `DOCKER_SBOM_OPTS` | Options for syft used for SBOM analysis | `--override-default-catalogers rpm-db-cataloger,alpm-db-cataloger,apk-db-cataloger,dpkg-db-cataloger,portage-cataloger` |
 ### `docker-publish` job

--- a/kicker.json
+++ b/kicker.json
@@ -210,7 +210,7 @@
        {
          "name": "DOCKER_SBOM_OPTS",
          "description": "Options for syft used for SBOM analysis",
-          "default": "--catalogers rpm-db-cataloger,alpm-db-cataloger,apk-db-cataloger,dpkg-db-cataloger,portage-cataloger,alpmdb-cataloger,apkdb-cataloger,dpkgdb-cataloger",
+          "default": "--override-default-catalogers rpm-db-cataloger,alpm-db-cataloger,apk-db-cataloger,dpkg-db-cataloger,portage-cataloger",
          "advanced": true
        }
      ]

--- a/templates/gitlab-ci-docker.yml
+++ b/templates/gitlab-ci-docker.yml
@@ -86,7 +86,7 @@ variables:
  # SBOM genenration image and arguments
  DOCKER_SBOM_IMAGE: "registry.hub.docker.com/anchore/syft:debug"
-  DOCKER_SBOM_OPTS: "--catalogers rpm-db-cataloger,alpm-db-cataloger,apk-db-cataloger,dpkg-db-cataloger,portage-cataloger,alpmdb-cataloger,apkdb-cataloger,dpkgdb-cataloger"
+  DOCKER_SBOM_OPTS: "--override-default-catalogers rpm-db-cataloger,alpm-db-cataloger,apk-db-cataloger,dpkg-db-cataloger,portage-cataloger"
  # default: one-click publish
  DOCKER_PROD_PUBLISH_STRATEGY: manual
@@ -803,7 +803,7 @@ docker-sbom:
  script:
    - mkdir -p -m 777 reports
    - basename=$(echo "${DOCKER_SNAPSHOT_IMAGE}" | sed 's|[/:]|_|g')
-    - /syft packages ${TRACE+-vv} $DOCKER_SNAPSHOT_IMAGE $DOCKER_SBOM_OPTS -o cyclonedx-json=reports/docker-sbom-${basename}.cyclonedx.json
+    - /syft scan ${TRACE+-vv} $DOCKER_SNAPSHOT_IMAGE $DOCKER_SBOM_OPTS -o cyclonedx-json=reports/docker-sbom-${basename}.cyclonedx.json
    - chmod a+r reports/docker-sbom-${basename}.cyclonedx.json
  artifacts:
    name: "SBOM for docker from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"