github.com/anchore/syft@v1.4.2-0.20240516191711-1bec1fc5d397/internal/relationship/finalize.go

github.com/anchore/syft@v1.4.2-0.20240516191711-1bec1fc5d397/internal/relationship/finalize.go (about)

     1  package relationship
     2  
     3  import (
     4  	"github.com/anchore/syft/internal/relationship/binary"
     5  	"github.com/anchore/syft/internal/sbomsync"
     6  	"github.com/anchore/syft/syft/artifact"
     7  	"github.com/anchore/syft/syft/cataloging"
     8  	"github.com/anchore/syft/syft/file"
     9  	"github.com/anchore/syft/syft/sbom"
    10  )
    11  
    12  func Finalize(resolver file.Resolver, builder sbomsync.Builder, cfg cataloging.RelationshipsConfig, src artifact.Identifiable) {
    13  	accessor := builder.(sbomsync.Accessor)
    14  
    15  	// remove ELF packages and Binary packages that are already
    16  	// represented by a source package (e.g. a package that is evident by some package manager)
    17  	builder.DeletePackages(binary.PackagesToRemove(resolver, accessor)...)
    18  
    19  	// add relationships showing packages that are evident by a file which is owned by another package (package-to-package)
    20  	if cfg.PackageFileOwnershipOverlap {
    21  		byFileOwnershipOverlapWorker(accessor)
    22  	}
    23  
    24  	// conditionally remove binary packages based on file ownership overlap relationships found
    25  	// https://github.com/anchore/syft/issues/931
    26  	if cfg.ExcludeBinaryPackagesWithFileOwnershipOverlap {
    27  		excludeBinariesByFileOwnershipOverlap(accessor)
    28  	}
    29  
    30  	// add the new relationships for executables to the SBOM
    31  	newBinaryRelationships := binary.NewDependencyRelationships(resolver, accessor)
    32  	accessor.WriteToSBOM(func(s *sbom.SBOM) {
    33  		s.Relationships = append(s.Relationships, newBinaryRelationships...)
    34  	})
    35  	builder.AddRelationships(newBinaryRelationships...)
    36  	// add source "contains package" relationship (source-to-package)
    37  	var sourceRelationships []artifact.Relationship
    38  	accessor.ReadFromSBOM(func(s *sbom.SBOM) {
    39  		sourceRelationships = toSource(src, s.Artifacts.Packages)
    40  	})
    41  	builder.AddRelationships(sourceRelationships...)
    42  
    43  	// add evident-by relationships (package-to-file)
    44  	var evidentByRelationships []artifact.Relationship
    45  	accessor.ReadFromSBOM(func(s *sbom.SBOM) {
    46  		evidentByRelationships = evidentBy(s.Artifacts.Packages)
    47  	})
    48  
    49  	builder.AddRelationships(evidentByRelationships...)
    50  }