diff --git a/cmd/syft/cli/attest/attest.go b/cmd/syft/cli/attest/attest.go index 1d0dddf1c1c..758af670635 100644 --- a/cmd/syft/cli/attest/attest.go +++ b/cmd/syft/cli/attest/attest.go @@ -99,6 +99,7 @@ func buildSBOM(app *config.Application, userInput string, errs chan error) (*sbo Paths: app.Exclusions, }, DigestAlgorithms: hashers, + BasePath: app.BasePath, }, ) diff --git a/cmd/syft/cli/options/packages.go b/cmd/syft/cli/options/packages.go index bea013b6922..259a787811c 100644 --- a/cmd/syft/cli/options/packages.go +++ b/cmd/syft/cli/options/packages.go @@ -23,6 +23,7 @@ type PackagesOptions struct { Catalogers []string SourceName string SourceVersion string + BasePath string } var _ Interface = (*PackagesOptions)(nil) @@ -59,6 +60,9 @@ func (o *PackagesOptions) AddFlags(cmd *cobra.Command, v *viper.Viper) error { cmd.Flags().StringVarP(&o.SourceVersion, "source-version", "", "", "set the name of the target being analyzed") + cmd.Flags().StringVarP(&o.BasePath, "base-path", "", "", + "base directory for scanning, no links will be followed above this directory, and all paths will be reported relative to this directory") + return bindPackageConfigOptions(cmd.Flags(), v) } @@ -106,5 +110,9 @@ func bindPackageConfigOptions(flags *pflag.FlagSet, v *viper.Viper) error { return err } + if err := v.BindPFlag("base-path", flags.Lookup("base-path")); err != nil { + return err + } + return nil } diff --git a/cmd/syft/cli/packages/packages.go b/cmd/syft/cli/packages/packages.go index a84b3c09af1..a7c1d5521dc 100644 --- a/cmd/syft/cli/packages/packages.go +++ b/cmd/syft/cli/packages/packages.go @@ -97,6 +97,7 @@ func execWorker(app *config.Application, userInput string, writer sbom.Writer) < Paths: app.Exclusions, }, DigestAlgorithms: hashers, + BasePath: app.BasePath, }, ) diff --git a/cmd/syft/cli/poweruser/poweruser.go b/cmd/syft/cli/poweruser/poweruser.go index e9a251f3e26..cfc10e1bcc1 100644 --- a/cmd/syft/cli/poweruser/poweruser.go +++ b/cmd/syft/cli/poweruser/poweruser.go @@ -103,6 +103,7 @@ func execWorker(app *config.Application, userInput string, writer sbom.Writer) < Paths: app.Exclusions, }, DigestAlgorithms: nil, + BasePath: app.BasePath, }, ) diff --git a/internal/config/application.go b/internal/config/application.go index ea85410025f..e7c726134d8 100644 --- a/internal/config/application.go +++ b/internal/config/application.go @@ -64,6 +64,7 @@ type Application struct { Source sourceCfg `yaml:"source" json:"source" mapstructure:"source"` Parallelism int `yaml:"parallelism" json:"parallelism" mapstructure:"parallelism"` // the number of catalog workers to run in parallel DefaultImagePullSource string `yaml:"default-image-pull-source" json:"default-image-pull-source" mapstructure:"default-image-pull-source"` // specify default image pull source + BasePath string `yaml:"base-path" json:"base-path" mapstructure:"base-path"` // specify base path for all file paths } func (cfg Application) ToCatalogerConfig() cataloger.Config { diff --git a/syft/source/detection.go b/syft/source/detection.go index 3d301f14da5..f96dc0023f5 100644 --- a/syft/source/detection.go +++ b/syft/source/detection.go @@ -87,6 +87,7 @@ type DetectionSourceConfig struct { Platform *image.Platform Exclude ExcludeConfig DigestAlgorithms []crypto.Hash + BasePath string } func DefaultDetectionSourceConfig() DetectionSourceConfig { @@ -117,10 +118,14 @@ func (d Detection) NewSource(cfg DetectionSourceConfig) (Source, error) { }, ) case directoryType: + base := cfg.BasePath + if base == "" { + base = d.location + } src, err = NewFromDirectory( DirectoryConfig{ Path: d.location, - Base: d.location, + Base: base, Exclude: cfg.Exclude, Alias: cfg.Alias, },