Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add JVM cataloger #3217

Merged
merged 5 commits into from
Sep 23, 2024
Merged

Add JVM cataloger #3217

merged 5 commits into from
Sep 23, 2024

Conversation

wagoodman
Copy link
Contributor

@wagoodman wagoodman commented Sep 10, 2024

Implements a JVM cataloger, capable of detecting OpenJDK and Oracle JDK installations based off of release files:

IMPLEMENTOR="Oracle Corporation"
JAVA_RUNTIME_VERSION="22.0.2+9-70"
JAVA_VERSION="22.0.2"
JAVA_VERSION_DATE="2024-07-16"
LIBC="gnu"
MODULES="java.base java.compiler java.datatransfer ..."
OS_ARCH="aarch64"
OS_NAME="Linux"
SOURCE=".:git:5b97d5323482 open:git:8153097cea20"

No java/jre/jdk binary signatures have been removed, since it's possible that folks may still be installing a JDK and purging the release file, but in cases when both are found the binary signature package is dropped (in favor of the JVM binary package).

Closes #2422
Closes #3188
Closes #1426

@github-actions github-actions bot added the json-schema Changes the json schema label Sep 10, 2024
@wagoodman wagoodman added the ecosystem:java relating to the java ecosystem label Sep 10, 2024
@wagoodman wagoodman requested a review from a team September 10, 2024 13:12
@wagoodman wagoodman marked this pull request as draft September 10, 2024 13:22
@wagoodman wagoodman marked this pull request as ready for review September 11, 2024 15:33
@wagoodman wagoodman force-pushed the openjdk-cataloger branch 2 times, most recently from ecb230d to 0670351 Compare September 11, 2024 16:37
Signed-off-by: Alex Goodman <[email protected]>
Signed-off-by: Alex Goodman <[email protected]>
@wagoodman
Copy link
Contributor Author

Heads up: this is blocked from being merged until an appropriate grype matcher is implemented (working on that now)

@wagoodman wagoodman added the blocked Progress is being stopped by something label Sep 13, 2024
Copy link
Contributor

@kzantow kzantow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great -- it's been an ask for a while!

@wagoodman wagoodman merged commit 01de99b into main Sep 23, 2024
12 checks passed
@wagoodman wagoodman deleted the openjdk-cataloger branch September 23, 2024 21:21
spiffcs added a commit that referenced this pull request Oct 2, 2024
* main: (343 commits)
  feat: update haproxy classifier (#3277)
  chore(deps): update tools to latest versions (#3291)
  fix: don't use builtin scanner in licensecheck (#3290)
  chore(deps): update CPE dictionary index (#3288)
  chore(deps): bump github/codeql-action from 3.26.9 to 3.26.10 (#3289)
  update redis classifier (#3281)
  fix: improve node classifier version matching (#3284)
  fix: update ruby classifier for -rc, -dev, etc. versions (#3285)
  chore(deps): update CPE dictionary index (#3262)
  chore(deps): bump github.com/docker/docker (#3264)
  chore(deps): bump github/codeql-action from 3.26.8 to 3.26.9 (#3275)
  chore(deps): update stereoscope to dc10ea61fd18efa45b516eda4de8bc19d8322429 (#3280)
  chore(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#3283)
  add awaiting response management (#3272)
  fix: correct excluded mount point comparison to file paths (#3269)
  Add JVM cataloger (#3217)
  feat: classifier for Dart lang binaries (#3265)
  Add compliance policy for empty name and version (#3257)
  chore(deps): bump github.com/github/go-spdx/v2 from 2.3.1 to 2.3.2 (#3254)
  chore(deps): bump peter-evans/create-pull-request from 7.0.3 to 7.0.5 (#3255)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
blocked Progress is being stopped by something ecosystem:java relating to the java ecosystem json-schema Changes the json schema
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Catalog JDKs more completely OpenJDK CPEs Show richer information for JVM installations
2 participants