Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Collect Mariner/Azurelinux packages in container scan #1156

Closed
1 task
pombredanne opened this issue Mar 29, 2024 · 4 comments
Closed
1 task

Collect Mariner/Azurelinux packages in container scan #1156

pombredanne opened this issue Mar 29, 2024 · 4 comments
Assignees

Comments

@pombredanne
Copy link
Member

pombredanne commented Mar 29, 2024

See https://packages.microsoft.com/cbl-mariner/2.0/prod/base/x86_64/Packages/
(And https://packages.microsoft.com/cbl-mariner/)

This is an RPM distro mostly used in containers @ Azure. We are already finding installed packages in SCIO container scans.

See also these related issues:

@pombredanne pombredanne transferred this issue from aboutcode-org/purldb Apr 8, 2024
@pombredanne pombredanne changed the title Collect Mariner/Azurelinux packages Collect Mariner/Azurelinux packages in container scan Apr 8, 2024
@pombredanne
Copy link
Member Author

pombredanne commented Apr 8, 2024

These are distroless-like images with minimal package metadata:

@pombredanne
Copy link
Member Author

@AyanSinhaMahapatra
Copy link
Member

AyanSinhaMahapatra commented Apr 9, 2024

There are two kinds of mariner:

It seems only the distroless one here has the properties mentioned in #1156 (comment), otherwise the base images have a /var/lib/rpm/rpmdb.sqlite and we can create packages out of it once mariner is included in the list of accepted distros. But we do not assign resources to packages correctly here btw.

Note that the /usr/share/licenses directory is present for both.

AyanSinhaMahapatra added a commit to aboutcode-org/scancode-toolkit that referenced this issue Apr 10, 2024
AyanSinhaMahapatra added a commit that referenced this issue Apr 10, 2024
Reference: aboutcode-org/scancode-toolkit#3734
Reference: #1156

Signed-off-by: Ayan Sinha Mahapatra <[email protected]>
AyanSinhaMahapatra added a commit to aboutcode-org/scancode-toolkit that referenced this issue Apr 10, 2024
AyanSinhaMahapatra added a commit to aboutcode-org/scancode-toolkit that referenced this issue Apr 10, 2024
AyanSinhaMahapatra added a commit that referenced this issue May 8, 2024
Reference: aboutcode-org/scancode-toolkit#3734
Reference: #1156

Signed-off-by: Ayan Sinha Mahapatra <[email protected]>
AyanSinhaMahapatra added a commit that referenced this issue Jul 18, 2024
Reference: aboutcode-org/scancode-toolkit#3734
Reference: #1156

Signed-off-by: Ayan Sinha Mahapatra <[email protected]>
tdruez pushed a commit that referenced this issue Jul 19, 2024
Reference: aboutcode-org/scancode-toolkit#3734
Reference: #1156

Signed-off-by: Ayan Sinha Mahapatra <[email protected]>
@AyanSinhaMahapatra
Copy link
Member

This was completed by #1161, closing!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants