github.com/lineaje-labs/syft@v0.98.1-0.20231227153149-9e393f60ff1b/syft/pkg/cataloger/nix/package.go (about) 1 package nix 2 3 import ( 4 "github.com/anchore/packageurl-go" 5 "github.com/anchore/syft/syft/file" 6 "github.com/anchore/syft/syft/pkg" 7 ) 8 9 func newNixStorePackage(storePath nixStorePath, locations ...file.Location) pkg.Package { 10 p := pkg.Package{ 11 Name: storePath.name, 12 Version: storePath.version, 13 FoundBy: catalogerName, 14 Locations: file.NewLocationSet(locations...), 15 Type: pkg.NixPkg, 16 PURL: packageURL(storePath), 17 Metadata: pkg.NixStoreEntry{ 18 OutputHash: storePath.outputHash, 19 Output: storePath.output, 20 }, 21 } 22 23 p.SetID() 24 25 return p 26 } 27 28 func packageURL(storePath nixStorePath) string { 29 var qualifiers packageurl.Qualifiers 30 if storePath.output != "" { 31 // since there is no nix pURL type yet, this is a guess, however, it is reasonable to assume that 32 // if only a single output is installed the pURL should be able to express this. 33 qualifiers = append(qualifiers, 34 packageurl.Qualifier{ 35 Key: "output", 36 Value: storePath.output, 37 }, 38 ) 39 } 40 if storePath.outputHash != "" { 41 // it's not immediately clear if the hash found in the store path should be encoded in the pURL 42 qualifiers = append(qualifiers, 43 packageurl.Qualifier{ 44 Key: "outputhash", 45 Value: storePath.outputHash, 46 }, 47 ) 48 } 49 pURL := packageurl.NewPackageURL( 50 // TODO: nix pURL type has not been accepted yet (only proposed at this time) 51 "nix", 52 "", 53 storePath.name, 54 storePath.version, 55 qualifiers, 56 "") 57 return pURL.ToString() 58 }