Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions cmd/ossprey/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"fmt"
"os"
"os/exec"
"runtime/debug"

"github.com/spf13/cobra"

Expand All @@ -21,6 +22,13 @@ var version = "0.0.0-dev"
const defaultAPIURL = "https://api.ossprey.com"

func main() {
defer func() {
if r := recover(); r != nil {
fmt.Fprintf(os.Stderr, "ossprey: fatal: %v\n%s\n", r, debug.Stack())
os.Exit(2)
}
}()

root := &cobra.Command{
Use: "ossprey",
Short: "Ossprey supply-chain scanner",
Expand Down
10 changes: 10 additions & 0 deletions internal/catalog/cataloger.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package catalog
import (
"fmt"
"path/filepath"
"strings"

"github.com/anchore/syft/syft/file"
"github.com/anchore/syft/syft/pkg"
Expand All @@ -11,6 +12,11 @@ import (
// fileParser converts one matched manifest into syft packages.
type fileParser func(absPath string, loc file.Location) ([]pkg.Package, error)

// isVendoredPath reports whether p sits inside a vendored dependency tree.
func isVendoredPath(p string) bool {
return strings.Contains(p, "node_modules/")
}

// catalogByGlob runs parse against every file matching glob under the
// resolver's root, dedup'd by (name, version). Shared by every ossprey-*
// cataloger — they differ only by glob + parse.
Expand All @@ -22,6 +28,10 @@ func catalogByGlob(resolver file.Resolver, root, glob, label string, parse fileP
seen := make(map[string]struct{})
var out []pkg.Package
for _, loc := range locs {
// Skip vendored dependencies.
if isVendoredPath(loc.RealPath) {
continue
}
pkgs, err := parse(filepath.Join(root, loc.RealPath), loc)
if err != nil || len(pkgs) == 0 {
continue
Expand Down
Loading