feat(cataloger): add a terraform provider cataloger #3378
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The changes from this PR seem to work quite well for me. Below is the output of running syft output➜ syft git:(terraform-cataloger) go run ./cmd/syft/... scan file:../tf/.terraform.lock.hcl
✔ Indexed file system ../tf-sbom
✔ Cataloged contents dcdf16c165b58a86bb407ab8aa1c11edfd2a545b5ccc58fe60c82964f6f4d573
├── ✔ Packages [458 packages]
├── ✔ File digests [8 files]
├── ✔ File metadata [8 locations]
└── ✔ Executables [2 executables]
[0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which
NAME VERSION TYPE
actions/checkout v4 github-action (+1 duplicate)
actions/stale v9 github-action
amannn/action-semantic-pull-request v5.5.3 github-action
bitbucket.org/creachadair/stringset v0.0.8 go-module
cel.dev/expr v0.15.0 go-module
cloud.google.com/go v0.115.1 go-module
cloud.google.com/go/auth v0.9.0 go-module
cloud.google.com/go/auth/oauth2adapt v0.2.4 go-module
cloud.google.com/go/bigtable v1.30.0 go-module
cloud.google.com/go/compute/metadata v0.5.0 go-module
cloud.google.com/go/iam v1.1.13 go-module
cloud.google.com/go/longrunning v0.5.12 go-module
cloud.google.com/go/monitoring v1.20.4 go-module
clowdhaus/terraform-composite-actions/directories v1.9.0 github-action
clowdhaus/terraform-composite-actions/pre-commit v1.11.1 github-action
clowdhaus/terraform-min-max v1.3.1 github-action
cycjimmy/semantic-release-action v4 github-action
dessant/lock-threads v5 github-action
github.com/GoogleCloudPlatform/declarative-resource-client-library v1.74.0 go-module
github.com/ProtonMail/go-crypto v1.1.0-alpha.2 go-module
github.com/ProtonMail/go-crypto v1.1.0-beta.0-proton go-module
github.com/YakDriver/go-version v0.1.0 go-module
github.com/YakDriver/regexache v0.24.0 go-module
github.com/agext/levenshtein v1.2.2 go-module
github.com/agext/levenshtein v1.2.3 go-module
github.com/apparentlymart/go-cidr v1.1.0 go-module
github.com/apparentlymart/go-textseg/v15 v15.0.0 go-module (+1 duplicate)
github.com/aws/aws-sdk-go v1.55.5 go-module
github.com/aws/aws-sdk-go-v2 v1.32.2 go-module
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.6 go-module
github.com/aws/aws-sdk-go-v2/config v1.27.43 go-module
github.com/aws/aws-sdk-go-v2/credentials v1.17.41 go-module
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.17 go-module
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.32 go-module
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.21 go-module
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.21 go-module
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 go-module
github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.21 go-module
github.com/aws/aws-sdk-go-v2/service/accessanalyzer v1.34.2 go-module
github.com/aws/aws-sdk-go-v2/service/account v1.21.2 go-module
github.com/aws/aws-sdk-go-v2/service/acm v1.30.2 go-module
github.com/aws/aws-sdk-go-v2/service/acmpca v1.37.3 go-module
github.com/aws/aws-sdk-go-v2/service/amp v1.29.3 go-module
github.com/aws/aws-sdk-go-v2/service/amplify v1.27.0 go-module
github.com/aws/aws-sdk-go-v2/service/apigateway v1.27.2 go-module
github.com/aws/aws-sdk-go-v2/service/apigatewayv2 v1.24.2 go-module
github.com/aws/aws-sdk-go-v2/service/appconfig v1.34.2 go-module
github.com/aws/aws-sdk-go-v2/service/appfabric v1.11.2 go-module
github.com/aws/aws-sdk-go-v2/service/appflow v1.45.3 go-module
github.com/aws/aws-sdk-go-v2/service/appintegrations v1.30.2 go-module
github.com/aws/aws-sdk-go-v2/service/applicationautoscaling v1.33.2 go-module
github.com/aws/aws-sdk-go-v2/service/applicationinsights v1.28.2 go-module
github.com/aws/aws-sdk-go-v2/service/applicationsignals v1.6.2 go-module
github.com/aws/aws-sdk-go-v2/service/appmesh v1.29.2 go-module
github.com/aws/aws-sdk-go-v2/service/apprunner v1.32.2 go-module
github.com/aws/aws-sdk-go-v2/service/appstream v1.41.2 go-module
github.com/aws/aws-sdk-go-v2/service/appsync v1.38.2 go-module
github.com/aws/aws-sdk-go-v2/service/athena v1.47.2 go-module
github.com/aws/aws-sdk-go-v2/service/auditmanager v1.37.2 go-module
github.com/aws/aws-sdk-go-v2/service/autoscaling v1.45.2 go-module
github.com/aws/aws-sdk-go-v2/service/autoscalingplans v1.24.2 go-module
github.com/aws/aws-sdk-go-v2/service/backup v1.39.3 go-module
github.com/aws/aws-sdk-go-v2/service/batch v1.46.2 go-module
github.com/aws/aws-sdk-go-v2/service/bcmdataexports v1.7.2 go-module
github.com/aws/aws-sdk-go-v2/service/bedrock v1.20.2 go-module
github.com/aws/aws-sdk-go-v2/service/bedrockagent v1.23.2 go-module
github.com/aws/aws-sdk-go-v2/service/budgets v1.28.2 go-module
github.com/aws/aws-sdk-go-v2/service/chatbot v1.8.2 go-module
github.com/aws/aws-sdk-go-v2/service/chime v1.34.2 go-module
github.com/aws/aws-sdk-go-v2/service/chimesdkmediapipelines v1.20.2 go-module
github.com/aws/aws-sdk-go-v2/service/chimesdkvoice v1.19.2 go-module
github.com/aws/aws-sdk-go-v2/service/cleanrooms v1.18.2 go-module
github.com/aws/aws-sdk-go-v2/service/cloud9 v1.28.2 go-module
github.com/aws/aws-sdk-go-v2/service/cloudcontrol v1.22.2 go-module
github.com/aws/aws-sdk-go-v2/service/cloudformation v1.55.3 go-module
github.com/aws/aws-sdk-go-v2/service/cloudfront v1.40.2 go-module
github.com/aws/aws-sdk-go-v2/service/cloudfrontkeyvaluestore v1.8.2 go-module
github.com/aws/aws-sdk-go-v2/service/cloudhsmv2 v1.27.2 go-module
github.com/aws/aws-sdk-go-v2/service/cloudsearch v1.26.2 go-module
github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.44.2 go-module
github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.42.2 go-module
github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.41.2 go-module
github.com/aws/aws-sdk-go-v2/service/codeartifact v1.33.2 go-module
github.com/aws/aws-sdk-go-v2/service/codebuild v1.46.0 go-module
github.com/aws/aws-sdk-go-v2/service/codecatalyst v1.17.2 go-module
github.com/aws/aws-sdk-go-v2/service/codecommit v1.27.2 go-module
github.com/aws/aws-sdk-go-v2/service/codeconnections v1.5.2 go-module
github.com/aws/aws-sdk-go-v2/service/codedeploy v1.29.2 go-module
github.com/aws/aws-sdk-go-v2/service/codeguruprofiler v1.24.2 go-module
github.com/aws/aws-sdk-go-v2/service/codegurureviewer v1.29.2 go-module
github.com/aws/aws-sdk-go-v2/service/codepipeline v1.36.0 go-module
github.com/aws/aws-sdk-go-v2/service/codestarconnections v1.29.2 go-module
github.com/aws/aws-sdk-go-v2/service/codestarnotifications v1.26.2 go-module
github.com/aws/aws-sdk-go-v2/service/cognitoidentity v1.27.2 go-module
github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.46.2 go-module
github.com/aws/aws-sdk-go-v2/service/comprehend v1.35.2 go-module
github.com/aws/aws-sdk-go-v2/service/computeoptimizer v1.39.2 go-module
github.com/aws/aws-sdk-go-v2/service/configservice v1.50.2 go-module
github.com/aws/aws-sdk-go-v2/service/connect v1.113.2 go-module
github.com/aws/aws-sdk-go-v2/service/connectcases v1.21.2 go-module
github.com/aws/aws-sdk-go-v2/service/controltower v1.18.2 go-module
github.com/aws/aws-sdk-go-v2/service/costandusagereportservice v1.28.2 go-module
github.com/aws/aws-sdk-go-v2/service/costexplorer v1.43.2 go-module
github.com/aws/aws-sdk-go-v2/service/costoptimizationhub v1.10.2 go-module
github.com/aws/aws-sdk-go-v2/service/customerprofiles v1.42.2 go-module
github.com/aws/aws-sdk-go-v2/service/databasemigrationservice v1.43.0 go-module
github.com/aws/aws-sdk-go-v2/service/databrew v1.33.2 go-module
github.com/aws/aws-sdk-go-v2/service/dataexchange v1.32.2 go-module
github.com/aws/aws-sdk-go-v2/service/datapipeline v1.25.2 go-module
github.com/aws/aws-sdk-go-v2/service/datasync v1.42.2 go-module
github.com/aws/aws-sdk-go-v2/service/datazone v1.22.2 go-module
github.com/aws/aws-sdk-go-v2/service/dax v1.23.2 go-module
github.com/aws/aws-sdk-go-v2/service/detective v1.31.2 go-module
github.com/aws/aws-sdk-go-v2/service/devicefarm v1.28.2 go-module
github.com/aws/aws-sdk-go-v2/service/devopsguru v1.34.2 go-module
github.com/aws/aws-sdk-go-v2/service/directconnect v1.29.2 go-module
github.com/aws/aws-sdk-go-v2/service/directoryservice v1.30.2 go-module
github.com/aws/aws-sdk-go-v2/service/dlm v1.28.2 go-module
github.com/aws/aws-sdk-go-v2/service/docdb v1.39.2 go-module
github.com/aws/aws-sdk-go-v2/service/docdbelastic v1.13.2 go-module
github.com/aws/aws-sdk-go-v2/service/drs v1.30.2 go-module
github.com/aws/aws-sdk-go-v2/service/dynamodb v1.36.2 go-module
github.com/aws/aws-sdk-go-v2/service/ec2 v1.182.0 go-module
github.com/aws/aws-sdk-go-v2/service/ecr v1.36.2 go-module
github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.27.2 go-module
github.com/aws/aws-sdk-go-v2/service/ecs v1.47.3 go-module
github.com/aws/aws-sdk-go-v2/service/efs v1.33.2 go-module
github.com/aws/aws-sdk-go-v2/service/eks v1.50.2 go-module
github.com/aws/aws-sdk-go-v2/service/elasticache v1.43.0 go-module
github.com/aws/aws-sdk-go-v2/service/elasticbeanstalk v1.28.2 go-module
github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.28.2 go-module
github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.40.0 go-module
github.com/aws/aws-sdk-go-v2/service/elasticsearchservice v1.32.2 go-module
github.com/aws/aws-sdk-go-v2/service/elastictranscoder v1.27.2 go-module
github.com/aws/aws-sdk-go-v2/service/emr v1.46.0 go-module
github.com/aws/aws-sdk-go-v2/service/emrcontainers v1.33.2 go-module
github.com/aws/aws-sdk-go-v2/service/emrserverless v1.26.2 go-module
github.com/aws/aws-sdk-go-v2/service/eventbridge v1.35.2 go-module
github.com/aws/aws-sdk-go-v2/service/evidently v1.23.2 go-module
github.com/aws/aws-sdk-go-v2/service/finspace v1.28.2 go-module
github.com/aws/aws-sdk-go-v2/service/firehose v1.34.2 go-module
github.com/aws/aws-sdk-go-v2/service/fis v1.30.2 go-module
github.com/aws/aws-sdk-go-v2/service/fms v1.37.2 go-module
github.com/aws/aws-sdk-go-v2/service/fsx v1.49.2 go-module
github.com/aws/aws-sdk-go-v2/service/gamelift v1.36.2 go-module
github.com/aws/aws-sdk-go-v2/service/glacier v1.26.2 go-module
github.com/aws/aws-sdk-go-v2/service/globalaccelerator v1.29.2 go-module
github.com/aws/aws-sdk-go-v2/service/glue v1.100.2 go-module
github.com/aws/aws-sdk-go-v2/service/grafana v1.26.2 go-module
github.com/aws/aws-sdk-go-v2/service/greengrass v1.27.2 go-module
github.com/aws/aws-sdk-go-v2/service/groundstation v1.31.2 go-module
github.com/aws/aws-sdk-go-v2/service/guardduty v1.50.0 go-module
github.com/aws/aws-sdk-go-v2/service/healthlake v1.28.2 go-module
github.com/aws/aws-sdk-go-v2/service/iam v1.37.2 go-module
github.com/aws/aws-sdk-go-v2/service/identitystore v1.27.2 go-module
github.com/aws/aws-sdk-go-v2/service/inspector v1.25.2 go-module
github.com/aws/aws-sdk-go-v2/service/inspector2 v1.32.2 go-module
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 go-module
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.2 go-module
github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.2 go-module
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.2 go-module
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.2 go-module
github.com/aws/aws-sdk-go-v2/service/internetmonitor v1.19.2 go-module
github.com/aws/aws-sdk-go-v2/service/iot v1.59.2 go-module
github.com/aws/aws-sdk-go-v2/service/iotanalytics v1.26.2 go-module
github.com/aws/aws-sdk-go-v2/service/iotevents v1.27.2 go-module
github.com/aws/aws-sdk-go-v2/service/ivs v1.41.0 go-module
github.com/aws/aws-sdk-go-v2/service/ivschat v1.16.2 go-module
github.com/aws/aws-sdk-go-v2/service/kafka v1.38.2 go-module
github.com/aws/aws-sdk-go-v2/service/kafkaconnect v1.21.2 go-module
github.com/aws/aws-sdk-go-v2/service/kendra v1.54.2 go-module
github.com/aws/aws-sdk-go-v2/service/keyspaces v1.14.2 go-module
github.com/aws/aws-sdk-go-v2/service/kinesis v1.32.2 go-module
github.com/aws/aws-sdk-go-v2/service/kinesisanalytics v1.25.2 go-module
github.com/aws/aws-sdk-go-v2/service/kinesisanalyticsv2 v1.31.2 go-module
github.com/aws/aws-sdk-go-v2/service/kinesisvideo v1.27.2 go-module
github.com/aws/aws-sdk-go-v2/service/kms v1.37.2 go-module
github.com/aws/aws-sdk-go-v2/service/lakeformation v1.37.2 go-module
github.com/aws/aws-sdk-go-v2/service/lambda v1.63.2 go-module
github.com/aws/aws-sdk-go-v2/service/launchwizard v1.8.2 go-module
github.com/aws/aws-sdk-go-v2/service/lexmodelbuildingservice v1.28.2 go-module
github.com/aws/aws-sdk-go-v2/service/lexmodelsv2 v1.49.2 go-module
github.com/aws/aws-sdk-go-v2/service/licensemanager v1.29.2 go-module
github.com/aws/aws-sdk-go-v2/service/lightsail v1.42.2 go-module
github.com/aws/aws-sdk-go-v2/service/location v1.42.2 go-module
github.com/aws/aws-sdk-go-v2/service/lookoutmetrics v1.31.2 go-module
github.com/aws/aws-sdk-go-v2/service/m2 v1.17.2 go-module
github.com/aws/aws-sdk-go-v2/service/macie2 v1.43.2 go-module
github.com/aws/aws-sdk-go-v2/service/mediaconnect v1.35.2 go-module
github.com/aws/aws-sdk-go-v2/service/mediaconvert v1.61.2 go-module
github.com/aws/aws-sdk-go-v2/service/medialive v1.62.2 go-module
github.com/aws/aws-sdk-go-v2/service/mediapackage v1.34.2 go-module
github.com/aws/aws-sdk-go-v2/service/mediapackagev2 v1.18.2 go-module
github.com/aws/aws-sdk-go-v2/service/mediastore v1.24.2 go-module
github.com/aws/aws-sdk-go-v2/service/memorydb v1.24.0 go-module
github.com/aws/aws-sdk-go-v2/service/mq v1.27.2 go-module
github.com/aws/aws-sdk-go-v2/service/mwaa v1.31.2 go-module
github.com/aws/aws-sdk-go-v2/service/neptune v1.35.2 go-module
github.com/aws/aws-sdk-go-v2/service/neptunegraph v1.14.0 go-module
github.com/aws/aws-sdk-go-v2/service/networkfirewall v1.43.2 go-module
github.com/aws/aws-sdk-go-v2/service/networkmanager v1.31.2 go-module
github.com/aws/aws-sdk-go-v2/service/networkmonitor v1.7.2 go-module
github.com/aws/aws-sdk-go-v2/service/oam v1.15.2 go-module
github.com/aws/aws-sdk-go-v2/service/opensearch v1.41.2 go-module
github.com/aws/aws-sdk-go-v2/service/opensearchserverless v1.16.2 go-module
github.com/aws/aws-sdk-go-v2/service/opsworks v1.26.2 go-module
github.com/aws/aws-sdk-go-v2/service/organizations v1.34.2 go-module
github.com/aws/aws-sdk-go-v2/service/osis v1.14.2 go-module
github.com/aws/aws-sdk-go-v2/service/outposts v1.45.0 go-module
github.com/aws/aws-sdk-go-v2/service/paymentcryptography v1.14.2 go-module
github.com/aws/aws-sdk-go-v2/service/pcaconnectorad v1.9.2 go-module
github.com/aws/aws-sdk-go-v2/service/pcs v1.2.2 go-module
github.com/aws/aws-sdk-go-v2/service/pinpoint v1.34.2 go-module
github.com/aws/aws-sdk-go-v2/service/pinpointsmsvoicev2 v1.15.2 go-module
github.com/aws/aws-sdk-go-v2/service/pipes v1.17.2 go-module
github.com/aws/aws-sdk-go-v2/service/polly v1.45.2 go-module
github.com/aws/aws-sdk-go-v2/service/pricing v1.32.2 go-module
github.com/aws/aws-sdk-go-v2/service/qbusiness v1.14.0 go-module
github.com/aws/aws-sdk-go-v2/service/qldb v1.25.2 go-module
github.com/aws/aws-sdk-go-v2/service/quicksight v1.76.2 go-module
github.com/aws/aws-sdk-go-v2/service/ram v1.29.2 go-module
github.com/aws/aws-sdk-go-v2/service/rbin v1.20.2 go-module
github.com/aws/aws-sdk-go-v2/service/rds v1.87.2 go-module
github.com/aws/aws-sdk-go-v2/service/redshift v1.50.0 go-module
github.com/aws/aws-sdk-go-v2/service/redshiftdata v1.30.2 go-module
github.com/aws/aws-sdk-go-v2/service/redshiftserverless v1.23.2 go-module
github.com/aws/aws-sdk-go-v2/service/rekognition v1.45.2 go-module
github.com/aws/aws-sdk-go-v2/service/resiliencehub v1.27.0 go-module
github.com/aws/aws-sdk-go-v2/service/resourceexplorer2 v1.15.3 go-module
github.com/aws/aws-sdk-go-v2/service/resourcegroups v1.27.2 go-module
github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.25.2 go-module
github.com/aws/aws-sdk-go-v2/service/rolesanywhere v1.16.2 go-module
github.com/aws/aws-sdk-go-v2/service/route53 v1.45.2 go-module
github.com/aws/aws-sdk-go-v2/service/route53domains v1.27.2 go-module
github.com/aws/aws-sdk-go-v2/service/route53profiles v1.4.2 go-module
github.com/aws/aws-sdk-go-v2/service/route53recoverycontrolconfig v1.25.2 go-module
github.com/aws/aws-sdk-go-v2/service/route53recoveryreadiness v1.21.2 go-module
github.com/aws/aws-sdk-go-v2/service/route53resolver v1.33.0 go-module
github.com/aws/aws-sdk-go-v2/service/rum v1.21.2 go-module
github.com/aws/aws-sdk-go-v2/service/s3 v1.65.3 go-module
github.com/aws/aws-sdk-go-v2/service/s3control v1.49.2 go-module
github.com/aws/aws-sdk-go-v2/service/s3outposts v1.28.2 go-module
github.com/aws/aws-sdk-go-v2/service/sagemaker v1.163.2 go-module
github.com/aws/aws-sdk-go-v2/service/scheduler v1.12.2 go-module
github.com/aws/aws-sdk-go-v2/service/schemas v1.28.3 go-module
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.2 go-module
github.com/aws/aws-sdk-go-v2/service/securityhub v1.54.2 go-module
github.com/aws/aws-sdk-go-v2/service/securitylake v1.19.0 go-module
github.com/aws/aws-sdk-go-v2/service/serverlessapplicationrepository v1.24.2 go-module
github.com/aws/aws-sdk-go-v2/service/servicecatalog v1.32.2 go-module
github.com/aws/aws-sdk-go-v2/service/servicecatalogappregistry v1.30.2 go-module
github.com/aws/aws-sdk-go-v2/service/servicediscovery v1.33.2 go-module
github.com/aws/aws-sdk-go-v2/service/servicequotas v1.25.2 go-module
github.com/aws/aws-sdk-go-v2/service/ses v1.28.2 go-module
github.com/aws/aws-sdk-go-v2/service/sesv2 v1.37.0 go-module
github.com/aws/aws-sdk-go-v2/service/sfn v1.33.2 go-module
github.com/aws/aws-sdk-go-v2/service/shield v1.29.2 go-module
github.com/aws/aws-sdk-go-v2/service/signer v1.26.2 go-module
github.com/aws/aws-sdk-go-v2/service/sns v1.33.2 go-module
github.com/aws/aws-sdk-go-v2/service/sqs v1.36.2 go-module
github.com/aws/aws-sdk-go-v2/service/ssm v1.55.2 go-module
github.com/aws/aws-sdk-go-v2/service/ssmcontacts v1.26.2 go-module
github.com/aws/aws-sdk-go-v2/service/ssmincidents v1.34.2 go-module
github.com/aws/aws-sdk-go-v2/service/ssmquicksetup v1.2.3 go-module
github.com/aws/aws-sdk-go-v2/service/ssmsap v1.18.2 go-module
github.com/aws/aws-sdk-go-v2/service/sso v1.24.2 go-module
github.com/aws/aws-sdk-go-v2/service/ssoadmin v1.29.2 go-module
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.2 go-module
github.com/aws/aws-sdk-go-v2/service/storagegateway v1.34.2 go-module
github.com/aws/aws-sdk-go-v2/service/sts v1.32.2 go-module
github.com/aws/aws-sdk-go-v2/service/swf v1.27.2 go-module
github.com/aws/aws-sdk-go-v2/service/synthetics v1.29.2 go-module
github.com/aws/aws-sdk-go-v2/service/timestreaminfluxdb v1.6.2 go-module
github.com/aws/aws-sdk-go-v2/service/timestreamwrite v1.29.2 go-module
github.com/aws/aws-sdk-go-v2/service/transcribe v1.41.2 go-module
github.com/aws/aws-sdk-go-v2/service/transfer v1.53.0 go-module
github.com/aws/aws-sdk-go-v2/service/verifiedpermissions v1.19.2 go-module
github.com/aws/aws-sdk-go-v2/service/vpclattice v1.12.2 go-module
github.com/aws/aws-sdk-go-v2/service/waf v1.25.2 go-module
github.com/aws/aws-sdk-go-v2/service/wafregional v1.25.2 go-module
github.com/aws/aws-sdk-go-v2/service/wafv2 v1.54.2 go-module
github.com/aws/aws-sdk-go-v2/service/wellarchitected v1.34.2 go-module
github.com/aws/aws-sdk-go-v2/service/worklink v1.23.2 go-module
github.com/aws/aws-sdk-go-v2/service/workspaces v1.48.2 go-module
github.com/aws/aws-sdk-go-v2/service/workspacesweb v1.24.2 go-module
github.com/aws/aws-sdk-go-v2/service/xray v1.29.2 go-module
github.com/aws/smithy-go v1.22.0 go-module
github.com/beevik/etree v1.4.1 go-module
github.com/cedar-policy/cedar-go v0.1.0 go-module
github.com/cenkalti/backoff v2.2.1+incompatible go-module
github.com/census-instrumentation/opencensus-proto v0.4.1 go-module
github.com/cespare/xxhash/v2 v2.3.0 go-module
github.com/cloudflare/circl v1.3.7 go-module
github.com/cloudflare/circl v1.4.0 go-module
github.com/cncf/xds/go v0.0.0-20240423153145-555b57ec207b go-module
github.com/davecgh/go-spew v1.1.1 go-module (+1 duplicate)
github.com/envoyproxy/go-control-plane v0.12.0 go-module
github.com/envoyproxy/protoc-gen-validate v1.0.4 go-module
github.com/fatih/color v1.16.0 go-module
github.com/fatih/color v1.17.0 go-module
github.com/felixge/httpsnoop v1.0.4 go-module
github.com/gammazero/deque v0.0.0-20180920172122-f6adf94963e4 go-module
github.com/gammazero/workerpool v0.0.0-20181230203049-86a96b5d5d92 go-module
github.com/gdavison/terraform-plugin-log v0.0.0-20230928191232-6c653d8ef8fb go-module
github.com/gertd/go-pluralize v0.2.1 go-module
github.com/go-logr/logr v1.4.2 go-module (+1 duplicate)
github.com/go-logr/stdr v1.2.2 go-module (+1 duplicate)
github.com/golang/glog v1.2.1 go-module
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da go-module
github.com/golang/protobuf v1.5.4 go-module (+1 duplicate)
github.com/google/go-cmp v0.6.0 go-module (+1 duplicate)
github.com/google/go-cpy v0.0.0-20211218193943-a9c933c06932 go-module
github.com/google/s2a-go v0.1.8 go-module
github.com/google/uuid v1.6.0 go-module (+1 duplicate)
github.com/googleapis/enterprise-certificate-proxy v0.3.2 go-module
github.com/googleapis/gax-go/v2 v2.13.0 go-module
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 go-module
github.com/hashicorp/aws-cloudformation-resource-schema-sdk-go v0.23.0 go-module
github.com/hashicorp/aws-sdk-go-base/v2 v2.0.0-beta.58 go-module
github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2 v2.0.0-beta.59 go-module
github.com/hashicorp/awspolicyequivalence v1.6.0 go-module
github.com/hashicorp/errwrap v1.0.0 go-module
github.com/hashicorp/errwrap v1.1.0 go-module
github.com/hashicorp/go-checkpoint v0.5.0 go-module (+1 duplicate)
github.com/hashicorp/go-cleanhttp v0.5.2 go-module (+1 duplicate)
github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 go-module
github.com/hashicorp/go-cty v1.4.1-0.20200723130312-85980079f637 go-module
github.com/hashicorp/go-hclog v1.6.3 go-module (+1 duplicate)
github.com/hashicorp/go-multierror v1.1.1 go-module (+1 duplicate)
github.com/hashicorp/go-plugin v1.6.0 go-module
github.com/hashicorp/go-plugin v1.6.1 go-module
github.com/hashicorp/go-retryablehttp v0.7.7 go-module
github.com/hashicorp/go-uuid v1.0.3 go-module (+1 duplicate)
github.com/hashicorp/go-version v1.6.0 go-module
github.com/hashicorp/go-version v1.7.0 go-module
github.com/hashicorp/hc-install v0.6.4 go-module
github.com/hashicorp/hc-install v0.8.0 go-module
github.com/hashicorp/hcl/v2 v2.20.1 go-module
github.com/hashicorp/hcl/v2 v2.22.0 go-module
github.com/hashicorp/logutils v1.0.0 go-module (+1 duplicate)
github.com/hashicorp/terraform-exec v0.21.0 go-module (+1 duplicate)
github.com/hashicorp/terraform-json v0.22.1 go-module (+1 duplicate)
github.com/hashicorp/terraform-plugin-framework v1.12.0 go-module
github.com/hashicorp/terraform-plugin-framework v1.7.0 go-module
github.com/hashicorp/terraform-plugin-framework-jsontypes v0.2.0 go-module
github.com/hashicorp/terraform-plugin-framework-timeouts v0.4.1 go-module
github.com/hashicorp/terraform-plugin-framework-timetypes v0.5.0 go-module
github.com/hashicorp/terraform-plugin-framework-validators v0.13.0 go-module
github.com/hashicorp/terraform-plugin-framework-validators v0.9.0 go-module
github.com/hashicorp/terraform-plugin-go v0.23.0 go-module
github.com/hashicorp/terraform-plugin-go v0.24.0 go-module
github.com/hashicorp/terraform-plugin-log v0.9.0 go-module
github.com/hashicorp/terraform-plugin-mux v0.15.0 go-module
github.com/hashicorp/terraform-plugin-mux v0.16.0 go-module
github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0 go-module
github.com/hashicorp/terraform-plugin-sdk/v2 v2.34.0 go-module
github.com/hashicorp/terraform-plugin-testing v1.10.0 go-module
github.com/hashicorp/terraform-plugin-testing v1.5.1 go-module
github.com/hashicorp/terraform-provider-aws v5.72.1 go-module
github.com/hashicorp/terraform-provider-google v6.8.0 go-module
github.com/hashicorp/terraform-registry-address v0.2.3 go-module (+1 duplicate)
github.com/hashicorp/terraform-svchost v0.1.1 go-module (+1 duplicate)
github.com/hashicorp/yamux v0.1.1 go-module (+1 duplicate)
github.com/jmespath/go-jmespath v0.4.0 go-module
github.com/kylelemons/godebug v1.1.0 go-module
github.com/mattbaird/jsonpatch v0.0.0-20240118010651-0ba75a80ca38 go-module
github.com/mattn/go-colorable v0.1.13 go-module (+1 duplicate)
github.com/mattn/go-isatty v0.0.20 go-module (+1 duplicate)
github.com/mitchellh/copystructure v1.2.0 go-module (+1 duplicate)
github.com/mitchellh/go-homedir v1.1.0 go-module (+1 duplicate)
github.com/mitchellh/go-testing-interface v1.14.1 go-module (+1 duplicate)
github.com/mitchellh/go-wordwrap v1.0.0 go-module
github.com/mitchellh/go-wordwrap v1.0.1 go-module
github.com/mitchellh/hashstructure v1.1.0 go-module
github.com/mitchellh/mapstructure v1.5.0 go-module (+1 duplicate)
github.com/mitchellh/reflectwalk v1.0.2 go-module (+1 duplicate)
github.com/oklog/run v1.0.0 go-module
github.com/oklog/run v1.1.0 go-module
github.com/shopspring/decimal v1.4.0 go-module
github.com/sirupsen/logrus v1.8.1 go-module
github.com/vmihailenco/msgpack v4.0.4+incompatible go-module (+1 duplicate)
github.com/vmihailenco/msgpack/v5 v5.4.1 go-module (+1 duplicate)
github.com/vmihailenco/tagparser/v2 v2.0.0 go-module (+1 duplicate)
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb go-module
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 go-module
github.com/xeipuuv/gojsonschema v1.2.0 go-module
github.com/zclconf/go-cty v1.14.4 go-module
github.com/zclconf/go-cty v1.15.0 go-module
go.opencensus.io v0.24.0 go-module
go.opentelemetry.io/contrib/instrumentation/github.com/aws/aws-sdk-go-v2/otelaws v0.55.0 go-module
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 go-module
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 go-module
go.opentelemetry.io/otel v1.28.0 go-module
go.opentelemetry.io/otel v1.30.0 go-module
go.opentelemetry.io/otel/metric v1.28.0 go-module
go.opentelemetry.io/otel/metric v1.30.0 go-module
go.opentelemetry.io/otel/sdk v1.28.0 go-module
go.opentelemetry.io/otel/sdk/metric v1.28.0 go-module
go.opentelemetry.io/otel/trace v1.28.0 go-module
go.opentelemetry.io/otel/trace v1.30.0 go-module
go4.org/netipx v0.0.0-20231129151722-fdeea329fbba go-module
golang.org/x/crypto v0.26.0 go-module
golang.org/x/crypto v0.28.0 go-module
golang.org/x/exp v0.0.0-20240409090435-93d18d7e34b8 go-module
golang.org/x/mod v0.17.0 go-module
golang.org/x/mod v0.21.0 go-module
golang.org/x/net v0.28.0 go-module
golang.org/x/net v0.30.0 go-module
golang.org/x/oauth2 v0.22.0 go-module
golang.org/x/sync v0.8.0 go-module
golang.org/x/sys v0.24.0 go-module
golang.org/x/sys v0.26.0 go-module
golang.org/x/text v0.17.0 go-module
golang.org/x/text v0.19.0 go-module
golang.org/x/time v0.6.0 go-module
google.golang.org/api v0.193.0 go-module
google.golang.org/genproto v0.0.0-20240814211410-ddb44dafa142 go-module
google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142 go-module
google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 go-module
google.golang.org/genproto/googleapis/rpc v0.0.0-20240827150818-7e3bb234dfed go-module
google.golang.org/grpc v1.65.0 go-module
google.golang.org/grpc v1.66.2 go-module
google.golang.org/protobuf v1.34.2 go-module (+1 duplicate)
gopkg.in/yaml.v2 v2.4.0 go-module
registry.terraform.io/hashicorp/aws 5.72.1 terraform
registry.terraform.io/hashicorp/google 6.8.0 terraform
stdlib go1.21.13 go-module
stdlib go1.23.2 go-module Syft seems to correctly discover the go biniaries and the terraform provider dependencies. |
ghouscht
force-pushed
the
terraform-cataloger
branch
3 times, most recently
from
c17b018
to
7db9704
Compare
|
Oh, looks like I messed up with the metadata thus the CLI tests are failing. Will have a look at this later. |
|
@ghouscht! This is excellent thank you so much for the contribution and sorry for the delay in responding here - I'm about to take a look at this today and should have comments ready or just 🍏 the PR and try to get it into our next release. This is very well written and I am so grateful for the quality you put into it. I think my outstanding questions is cc @wagoodman on if we want this to be enabled by default in the dir source scan, container source, both, or none |
Thank you for the reply! Don't worry about the delay, it is not an issue. I'll keep an eye on the PR and will handle comments/suggestions asap 🙂 |
wagoodman
reviewed
Nov 12, 2024
| package pkg | ||
|
|
||
| // TerraformLockEntry represents a single entry in a Terraform dependency lock file (.terraform.lock.hcl). | ||
| type TerraformLockEntry struct { |
There was a problem hiding this comment.
is this intended to exclusively represent providers? or can it also describe modules? From the cataloger it seems like this would always be a provider, if so this should probably be TerraformProviderLockEntry or similar
There was a problem hiding this comment.
or another way to put it: does this lock file describe only providers? or can it describe other things too?
There was a problem hiding this comment.
The lock file describes two different kinds of external dependencies:
- providers
- modules
See https://developer.hashicorp.com/terraform/language/files/dependency-lock for details. However the site also states:
At present, the dependency lock file tracks only provider dependencies.
edit: actually, stepping back I'm changing my vote to stay only with directory scans as the lock file is not evidence of installed software, which is what we primarily search for in image scans. |
wagoodman
reviewed
Nov 12, 2024
| Licenses: pkg.NewLicenseSet(), // TODO: license could be found in .terraform/providers/${name}/${version}/${arch}/LICENSE.txt | ||
| // TODO: Language? | ||
| Type: pkg.TerraformPkg, | ||
| // TODO: CPEs? |
There was a problem hiding this comment.
I don't think we should generate CPEs for terraform providers quite yet, since it does not have a clear way to be paired up with NVD vulnerability data and that is the primary purpose for this. If there was an obviously correct way to make a bullet proof CPE from the terraform data then I'd say go for it now in this PR, but I don't think that's quite the case so I think the aforementioned point hints to leave it out for now.
wagoodman
reviewed
Nov 12, 2024
| FoundBy: "terraform-cataloger", | ||
| Locations: file.NewLocationSet(reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation)), | ||
| Licenses: pkg.NewLicenseSet(), // TODO: license could be found in .terraform/providers/${name}/${version}/${arch}/LICENSE.txt | ||
| // TODO: Language? |
There was a problem hiding this comment.
technically providers are written in go... is this just because it's easier to make a provider in go (since the SDK is provided officially only for go)? or are there unofficial non-go options available? I feel like this could use pkg.Golang that we have today, but curious for thoughts here.
There was a problem hiding this comment.
See also: https://developer.hashicorp.com/terraform/plugin/best-practices/provider-code#other-languages
TL;DR: It is possible to write providers in other languages but there is no official SDK or even effort from Hashicorp to support you doing so.
So I'd say it is safe to say the language is pkg.Golang
Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>
Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>
Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>
Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
wagoodman
force-pushed
the
terraform-cataloger
branch
from
cb54927
to
2c97d5d
Compare
|
pushed some minor naming tweaks to the branch + rebased to account for merge conflicts |
ghouscht
force-pushed
the
terraform-cataloger
branch
from
8835e61
to
4483e79
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
I came across #2402 because of a recent discussion on reddit here and now made an implementation so syft is able to discover terraform provider dependencies.
I added a new cataloger, which reads terraform's lock file(s) and returns the gathered information on used providers to the overal SBOM.
I'm new to syft and this is my first contribution here so I might need some additional guidance how to continue from here.
Type of change
Checklist: