github.com/anchore/syft@v1.38.2/syft/pkg/cataloger/java/cataloger.go

github.com/anchore/syft@v1.38.2/syft/pkg/cataloger/java/cataloger.go (about)

     1  /*
     2  Package java provides a concrete Cataloger implementation for packages relating to the Java language ecosystem.
     3  */
     4  package java
     5  
     6  import (
     7  	"github.com/anchore/syft/syft/pkg"
     8  	"github.com/anchore/syft/syft/pkg/cataloger/generic"
     9  )
    10  
    11  // NewArchiveCataloger returns a new Java archive cataloger object for detecting packages with archives (jar, war, ear, par, sar, jpi, hpi, and native-image formats)
    12  func NewArchiveCataloger(cfg ArchiveCatalogerConfig) pkg.Cataloger {
    13  	gap := newGenericArchiveParserAdapter(cfg)
    14  
    15  	c := generic.NewCataloger("java-archive-cataloger").
    16  		WithParserByGlobs(gap.parseJavaArchive, archiveFormatGlobs...)
    17  
    18  	if cfg.IncludeIndexedArchives {
    19  		// java archives wrapped within zip files
    20  		gzp := newGenericZipWrappedJavaArchiveParser(cfg)
    21  		c.WithParserByGlobs(gzp.parseZipWrappedJavaArchive, genericZipGlobs...)
    22  	}
    23  
    24  	if cfg.IncludeUnindexedArchives {
    25  		// java archives wrapped within tar files
    26  		gtp := newGenericTarWrappedJavaArchiveParser(cfg)
    27  		c.WithParserByGlobs(gtp.parseTarWrappedJavaArchive, genericTarGlobs...)
    28  	}
    29  	return c
    30  }
    31  
    32  // NewPomCataloger returns a cataloger capable of parsing dependencies from a pom.xml file.
    33  // Pom files list dependencies that maybe not be locally installed yet.
    34  func NewPomCataloger(cfg ArchiveCatalogerConfig) pkg.Cataloger {
    35  	return pomXMLCataloger{
    36  		cfg: cfg,
    37  	}
    38  }
    39  
    40  // NewGradleLockfileCataloger returns a cataloger capable of parsing dependencies from a gradle.lockfile file.
    41  // Note: Older versions of lockfiles aren't supported yet
    42  func NewGradleLockfileCataloger() pkg.Cataloger {
    43  	return generic.NewCataloger("java-gradle-lockfile-cataloger").
    44  		WithParserByGlobs(parseGradleLockfile, "**/gradle.lockfile*")
    45  }
    46  
    47  // NewJvmDistributionCataloger returns packages representing JDK/JRE installations (of multiple distribution types).
    48  func NewJvmDistributionCataloger() pkg.Cataloger {
    49  	return generic.NewCataloger("java-jvm-cataloger").
    50  		// this is a very permissive glob that will match more than just the JVM release file.
    51  		// we started with "**/{java,jvm}/*/release", but this prevents scanning JVM archive contents (e.g. jdk8u402.zip).
    52  		// this approach lets us check more files for JVM release info, but be rather silent about errors.
    53  		WithParserByGlobs(parseJVMRelease, "**/release")
    54  }