github.com/lineaje-labs/syft@v0.98.1-0.20231227153149-9e393f60ff1b/syft/pkg/cataloger/alpine/package.go (about) 1 package alpine 2 3 import ( 4 "strings" 5 6 "github.com/anchore/packageurl-go" 7 "github.com/anchore/syft/syft/file" 8 "github.com/anchore/syft/syft/license" 9 "github.com/anchore/syft/syft/linux" 10 "github.com/anchore/syft/syft/pkg" 11 ) 12 13 func newPackage(d parsedData, release *linux.Release, dbLocation file.Location) pkg.Package { 14 // check if license is a valid spdx expression before splitting 15 licenseStrings := []string{d.License} 16 _, err := license.ParseExpression(d.License) 17 if err != nil { 18 // invalid so update to split on space 19 licenseStrings = strings.Split(d.License, " ") 20 } 21 22 p := pkg.Package{ 23 Name: d.Package, 24 Version: d.Version, 25 Locations: file.NewLocationSet(dbLocation.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation)), 26 Licenses: pkg.NewLicenseSet(pkg.NewLicensesFromLocation(dbLocation, licenseStrings...)...), 27 PURL: packageURL(d.ApkDBEntry, release), 28 Type: pkg.ApkPkg, 29 Metadata: d.ApkDBEntry, 30 } 31 32 p.SetID() 33 34 return p 35 } 36 37 // packageURL returns the PURL for the specific Alpine package (see https://github.com/package-url/purl-spec) 38 func packageURL(m pkg.ApkDBEntry, distro *linux.Release) string { 39 if distro == nil { 40 return "" 41 } 42 43 qualifiers := map[string]string{ 44 pkg.PURLQualifierArch: m.Architecture, 45 } 46 47 if m.OriginPackage != m.Package { 48 qualifiers[pkg.PURLQualifierUpstream] = m.OriginPackage 49 } 50 51 return packageurl.NewPackageURL( 52 packageurl.TypeAlpine, 53 strings.ToLower(distro.ID), 54 m.Package, 55 m.Version, 56 pkg.PURLQualifiers( 57 qualifiers, 58 distro, 59 ), 60 "", 61 ).ToString() 62 }