github.com/anchore/syft@v1.38.2/syft/pkg/cataloger/alpine/package.go (about) 1 package alpine 2 3 import ( 4 "context" 5 "strings" 6 7 "github.com/anchore/packageurl-go" 8 "github.com/anchore/syft/syft/file" 9 "github.com/anchore/syft/syft/license" 10 "github.com/anchore/syft/syft/linux" 11 "github.com/anchore/syft/syft/pkg" 12 ) 13 14 func newPackage(ctx context.Context, d parsedData, release *linux.Release, dbLocation file.Location) pkg.Package { 15 // check if license is a valid spdx expression before splitting 16 licenseStrings := []string{d.License} 17 _, err := license.ParseExpression(d.License) 18 if err != nil { 19 // invalid so update to split on space 20 licenseStrings = strings.Split(d.License, " ") 21 } 22 23 p := pkg.Package{ 24 Name: d.Package, 25 Version: d.Version, 26 Locations: file.NewLocationSet(dbLocation.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation)), 27 Licenses: pkg.NewLicenseSet(pkg.NewLicensesFromLocationWithContext(ctx, dbLocation, licenseStrings...)...), 28 PURL: packageURL(d.ApkDBEntry, release), 29 Type: pkg.ApkPkg, 30 Metadata: d.ApkDBEntry, 31 } 32 33 p.SetID() 34 35 return p 36 } 37 38 // packageURL returns the PURL for the specific Alpine package (see https://github.com/package-url/purl-spec) 39 func packageURL(m pkg.ApkDBEntry, distro *linux.Release) string { 40 if distro == nil { 41 return "" 42 } 43 44 qualifiers := map[string]string{ 45 pkg.PURLQualifierArch: m.Architecture, 46 } 47 48 if m.OriginPackage != m.Package { 49 qualifiers[pkg.PURLQualifierUpstream] = m.OriginPackage 50 } 51 52 return packageurl.NewPackageURL( 53 packageurl.TypeAlpine, 54 strings.ToLower(distro.ID), 55 m.Package, 56 m.Version, 57 pkg.PURLQualifiers( 58 qualifiers, 59 distro, 60 ), 61 "", 62 ).ToString() 63 }