Scan Agent Plugins
The following enhancement is now available for one or more of the Code Insight scan-agent plugins.
Syft Integration in the Dockers Images Plugin
Syft, an open-source scanning tool, is now integrated in the Code Insight Docker Images plugin. This tool generates a Software Bill of Materials (SBOM) from the discovery of packages and libraries in container images, file systems, archives, and other artifacts. Its integration with the Docker Images plugin enables the plugin to report findings from Docker images containing Alpine, RPM, and Debian Linux distribution packages that reside in RedHat Enterprise Linux, Ubuntu, and CentOS Linux operating systems. See the following sections for more details:
| • | Supported for Package Forges |
| • | Inventory Detection Notes |
Also see the Scan Agent Plugins section in these Release Notes for known issues related to the Syft integration in the Docker Images plugin.
For instructions on using the Docker Images plugin, see “Docker Images Plugin” in the Code Insight Plugins Guide.
The following table shows the supported forges (by package type) for inventory detected by Syft.
|
Package |
Forge Support for Inventory |
||||||||||||||||||
|
RPM |
Inventory items are associated with components from the following forges:
If the component is not found in any of these forges, a custom component is created for the inventory item. |
||||||||||||||||||
|
Alpine |
Inventories are associated with components from the following forges:
If the component is not found in any of these forges, a custom component is created for the inventory item. |
||||||||||||||||||
|
Debian |
Library collection is currently not available for Debian packages. All inventories detected in this package type are associated with a custom component. |
* Support for the Alpine forge is planned to begin with the Code Insight Electronic Update in November 2022.
An inventory item discovered by the Syft detection process shows the following system-generated content in the Notes field for the inventory item:
Detected By: SyftParser
Attributes:
Source: Syft parser attribute
This item is created as per scan data from Syft
The Notes field can include other Syft parser attributes as well, as shown in this example:
