New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Identify native code for Python modules and associate with appropriate Python module #3193

Open

kzantow opened this issue Sep 4, 2024 · 0 comments

Labels

enhancement unknowns

Contributor

kzantow commented Sep 4, 2024

What would you like to be added:
Associate executable files found under known python directories with the appropriate Syft Package.

Why is this needed:
When scanning the official Docker images, there are ~700 instances of executable files under python paths, such as:

/usr/local/lib/python2.7/lib-dynload/_struct.so
/usr/local/lib/python2.7/site-packages/setproctitle.so
/usr/local/lib/python3.12/lib-dynload/_gdbm.cpython-312-x86_64-linux-gnu.so
/usr/lib64/python2.7/lib-dynload/_hashlib.so
/plone/buildout-cache/eggs/cp38/perfmetrics-3.3.0-py3.8-linux-x86_64.egg/perfmetrics/_metric.cpython-38-x86_64-linux-gnu.so
/usr/local/lib/python3.4/distutils/command/wininst-6.0.exe

How do these files get included? Can we read some Python files to determine when additional libraries are part of the Python Packages we surface?

The text was updated successfully, but these errors were encountered:

kzantow added the enhancement label

anchoretoolsops added this to OSS

kzantow added the unknowns label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment