Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add JVM cataloger #3217

Merged
merged 5 commits into from
Sep 23, 2024
Merged

Add JVM cataloger #3217

merged 5 commits into from
Sep 23, 2024

Conversation

wagoodman
Copy link
Contributor

@wagoodman wagoodman commented Sep 10, 2024
edited
Loading

Implements a JVM cataloger, capable of detecting OpenJDK and Oracle JDK installations based off of release files:

IMPLEMENTOR="Oracle Corporation"
JAVA_RUNTIME_VERSION="22.0.2+9-70"
JAVA_VERSION="22.0.2"
JAVA_VERSION_DATE="2024-07-16"
LIBC="gnu"
MODULES="java.base java.compiler java.datatransfer ..."
OS_ARCH="aarch64"
OS_NAME="Linux"
SOURCE=".:git:5b97d5323482 open:git:8153097cea20"

No java/jre/jdk binary signatures have been removed, since it's possible that folks may still be installing a JDK and purging the release file, but in cases when both are found the binary signature package is dropped (in favor of the JVM binary package).

Closes #2422
Closes #3188
Closes #1426

@github-actions github-actions bot added the json-schema Changes the json schema label Sep 10, 2024
@wagoodman wagoodman added the ecosystem:java relating to the java ecosystem label Sep 10, 2024
@wagoodman wagoodman requested a review from a team September 10, 2024 13:12
@wagoodman wagoodman marked this pull request as draft September 10, 2024 13:22
@wagoodman wagoodman marked this pull request as ready for review September 11, 2024 15:33
@wagoodman wagoodman force-pushed the openjdk-cataloger branch 2 times, most recently from ecb230d to 0670351 Compare September 11, 2024 16:37
@wagoodman
add jvm cataloger
1542f45 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
@gdams gdams mentioned this pull request Sep 12, 2024
Open
@wagoodman
simplify version selection
ac8f7e7 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
@wagoodman
Copy link
Contributor Author

Heads up: this is blocked from being merged until an appropriate grype matcher is implemented (working on that now)

@wagoodman wagoodman added the blocked Progress is being stopped by something label Sep 13, 2024
@wagoodman wagoodman mentioned this pull request Sep 13, 2024
Merged
kzantow
kzantow approved these changes Sep 16, 2024
View reviewed changes
Copy link
Contributor

@kzantow kzantow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great -- it's been an ask for a while!

internal/relationship/exclude_binaries_by_file_ownership_overlap.go Show resolved Hide resolved
internal/relationship/exclude_binaries_by_file_ownership_overlap.go Show resolved Hide resolved
syft/internal/fileresolver/chroot_context.go Show resolved Hide resolved
@wagoodman
CPEs from JVM cataloger should be declared
caf2d62 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
@wagoodman
ensure package overlap is enabled for sensitive use cases
7c617fd 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
@wagoodman
more permissive glob
1629043 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
@wagoodman wagoodman merged commit 01de99b into main Sep 23, 2024
12 checks passed
@wagoodman wagoodman deleted the openjdk-cataloger branch September 23, 2024 21:21
@wagoodman wagoodman mentioned this pull request Sep 24, 2024
Open
@BrewTestBot BrewTestBot mentioned this pull request Sep 24, 2024
Merged
spiffcs added a commit that referenced this pull request Oct 2, 2024
@spiffcs
Merge branch 'main' into fix-cpe-validation
7a6ea44 
* main: (343 commits)
  feat: update haproxy classifier (#3277)
  chore(deps): update tools to latest versions (#3291)
  fix: don't use builtin scanner in licensecheck (#3290)
  chore(deps): update CPE dictionary index (#3288)
  chore(deps): bump github/codeql-action from 3.26.9 to 3.26.10 (#3289)
  update redis classifier (#3281)
  fix: improve node classifier version matching (#3284)
  fix: update ruby classifier for -rc, -dev, etc. versions (#3285)
  chore(deps): update CPE dictionary index (#3262)
  chore(deps): bump github.com/docker/docker (#3264)
  chore(deps): bump github/codeql-action from 3.26.8 to 3.26.9 (#3275)
  chore(deps): update stereoscope to dc10ea61fd18efa45b516eda4de8bc19d8322429 (#3280)
  chore(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#3283)
  add awaiting response management (#3272)
  fix: correct excluded mount point comparison to file paths (#3269)
  Add JVM cataloger (#3217)
  feat: classifier for Dart lang binaries (#3265)
  Add compliance policy for empty name and version (#3257)
  chore(deps): bump github.com/github/go-spdx/v2 from 2.3.1 to 2.3.2 (#3254)
  chore(deps): bump peter-evans/create-pull-request from 7.0.3 to 7.0.5 (#3255)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kzantow kzantow kzantow approved these changes

@westonsteimel westonsteimel Awaiting requested review from westonsteimel

Assignees
No one assigned
Labels
blocked Progress is being stopped by something ecosystem:java relating to the java ecosystem json-schema Changes the json schema
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Catalog JDKs more completely OpenJDK CPEs Show richer information for JVM installations
2 participants
@wagoodman @kzantow