forked from Max3kkk/repo-context-analyzer
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsyft_check.py
50 lines (43 loc) · 1.75 KB
/
syft_check.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
import json
import subprocess
import tqdm
def load_images(image_file):
with open(image_file, 'r') as file:
return json.load(file)
def run_syft(image):
result = subprocess.run(['syft', image, '-o', 'json'], capture_output=True, text=True, check=True)
return result.stdout.strip()
def run_syft_on_directory():
result = subprocess.run(['syft', 'dir:.', '-o', 'json'], capture_output=True, text=True, check=True)
return result.stdout.strip()
def write_output(output, output_file):
with open(output_file, 'w') as file:
file.write(output)
def run_syft_on_images(image_file):
images = load_images(image_file)
print(f"images: {images}")
for image in tqdm.tqdm(images, desc="Obtaining image dependencies"):
image_name = image.replace('/', '_').replace(':', '_')
output_file = f'data/docker_dependency_{image_name}.json'
try:
output = run_syft(image)
if output:
write_output(output, output_file)
else:
print(f"No output from Syft for {image}")
except subprocess.CalledProcessError as e:
print(f"Failed to run Syft on {image}: {str(e)}")
def run_syft_on_project():
output_file = 'data/project_dependencies.json'
try:
output = run_syft_on_directory()
if output:
write_output(output, output_file)
# print(f"Syft analysis complete for current directory, results saved to {output_file}")
else:
print(f"No output from Syft for current directory")
except subprocess.CalledProcessError as e:
print(f"Failed to run Syft on current directory: {str(e)}")
if __name__ == "__main__":
# run_syft_on_images('data/docker_images.json')
run_syft_on_project()