argocd binary classifier

What would you like to be added:

binary classifiers for argocd, helm and kustomize.

Why is this needed:

argocd is widely used and is usually not installed with a package manager inside docker images.

pullCount : 100M+ from https://hub.docker.com/r/argoproj/argocd

Additional context: current ouput from syft 0.72.0

$ syft -q packages argoproj/argocd:v2.6.2 | grep -E 'argocd|helm|kustomize'
helm.sh/helm/v3                                                              v0.0.0-20221214143859-835b7334cfe2                 go-module  
sigs.k8s.io/kustomize/api                                                    v0.11.4                                            go-module  
sigs.k8s.io/kustomize/api                                                    v0.12.1                                            go-module  
sigs.k8s.io/kustomize/cmd/config                                             v0.10.9                                            go-module  
sigs.k8s.io/kustomize/kustomize/v4                                           v0.0.0-20220802162801-56d82a8378df                 go-module  
sigs.k8s.io/kustomize/kyaml                                                  v0.13.6                                            go-module  
sigs.k8s.io/kustomize/kyaml                                                  v0.13.9                                            go-module  

$ syft -q packages argoproj/argocd:v2.6.2 -o json | grep -E '2.3:a:[.]?argo|2.3:a:helm|2.3:a:kustomize'
    "cpe:2.3:a:argoproj:argo-cd\\/v2:v0.0.0-20230216145252-6e02f8b23201:*:*:*:*:*:*:*",
    "cpe:2.3:a:argoproj:argo_cd\\/v2:v0.0.0-20230216145252-6e02f8b23201:*:*:*:*:*:*:*"
    "cpe:2.3:a:argoproj:gitops-engine:v0.7.1-0.20221208230615-917f5a0f16d5:*:*:*:*:*:*:*",
    "cpe:2.3:a:argoproj:gitops_engine:v0.7.1-0.20221208230615-917f5a0f16d5:*:*:*:*:*:*:*"
    "cpe:2.3:a:argoproj:notifications-engine:v0.3.1-0.20221203221941-490d98afd1d6:*:*:*:*:*:*:*",
    "cpe:2.3:a:argoproj:notifications_engine:v0.3.1-0.20221203221941-490d98afd1d6:*:*:*:*:*:*:*"
    "cpe:2.3:a:argoproj:pkg:v0.13.7-0.20221221191914-44694015343d:*:*:*:*:*:*:*"
    "cpe:2.3:a:helm:v3:v0.0.0-20221214143859-835b7334cfe2:*:*:*:*:*:*:*"
    "cpe:2.3:a:kustomize:api:v0.11.4:*:*:*:*:*:*:*"
    "cpe:2.3:a:kustomize:api:v0.12.1:*:*:*:*:*:*:*"
    "cpe:2.3:a:kustomize:api:v0.12.1:*:*:*:*:*:*:*"
    "cpe:2.3:a:kustomize:cmd\\/config:v0.10.9:*:*:*:*:*:*:*"
    "cpe:2.3:a:kustomize:kustomize\\/v4:v0.0.0-20220802162801-56d82a8378df:*:*:*:*:*:*:*"
    "cpe:2.3:a:kustomize:kyaml:v0.13.6:*:*:*:*:*:*:*"
    "cpe:2.3:a:kustomize:kyaml:v0.13.9:*:*:*:*:*:*:*"
    "cpe:2.3:a:kustomize:kyaml:v0.13.9:*:*:*:*:*:*:*"

cpe used should be

$ go run cmd/syft/main.go argoproj/argocd:v2.6.2 | grep -E 'argocd|helm|kustomize'
argocd                                                                       2.6.2                                              binary     
helm                                                                         3.10.3                                             binary     
helm.sh/helm/v3                                                              v0.0.0-20221214143859-835b7334cfe2                 go-module  
kustomize                                                                    4.5.7                                              binary     
sigs.k8s.io/kustomize/api                                                    v0.11.4                                            go-module  
sigs.k8s.io/kustomize/api                                                    v0.12.1                                            go-module  
sigs.k8s.io/kustomize/cmd/config                                             v0.10.9                                            go-module  
sigs.k8s.io/kustomize/kustomize/v4                                           v0.0.0-20220802162801-56d82a8378df                 go-module  
sigs.k8s.io/kustomize/kyaml                                                  v0.13.6                                            go-module  
sigs.k8s.io/kustomize/kyaml                                                  v0.13.9                                            go-module 

$ go run cmd/syft/main.go argoproj/argocd:v2.6.2 -o json | grep -E '2.3:a:[.]?argo|2.3:a:helm|2.3:a:kustomize'
    "cpe:2.3:a:argoproj:argocd:2.6.2:*:*:*:*:*:*:*",
    "cpe:2.3:a:argocd:argocd:2.6.2:*:*:*:*:*:*:*"
    "cpe:2.3:a:argoproj:argo-cd\\/v2:v0.0.0-20230216145252-6e02f8b23201:*:*:*:*:*:*:*",
    "cpe:2.3:a:argoproj:argo_cd\\/v2:v0.0.0-20230216145252-6e02f8b23201:*:*:*:*:*:*:*"
    "cpe:2.3:a:argoproj:gitops-engine:v0.7.1-0.20221208230615-917f5a0f16d5:*:*:*:*:*:*:*",
    "cpe:2.3:a:argoproj:gitops_engine:v0.7.1-0.20221208230615-917f5a0f16d5:*:*:*:*:*:*:*"
    "cpe:2.3:a:argoproj:notifications-engine:v0.3.1-0.20221203221941-490d98afd1d6:*:*:*:*:*:*:*",
    "cpe:2.3:a:argoproj:notifications_engine:v0.3.1-0.20221203221941-490d98afd1d6:*:*:*:*:*:*:*"
    "cpe:2.3:a:argoproj:pkg:v0.13.7-0.20221221191914-44694015343d:*:*:*:*:*:*:*"
    "cpe:2.3:a:helm:helm:3.10.3:*:*:*:*:*:*:*",
    "cpe:2.3:a:helm:helm:3.10.3:*:*:*:*:*:*:*"
    "cpe:2.3:a:helm:v3:v0.0.0-20221214143859-835b7334cfe2:*:*:*:*:*:*:*"
    "cpe:2.3:a:kustomize:kustomize:4.5.7:*:*:*:*:*:*:*",
    "cpe:2.3:a:kustomize:kustomize:4.5.7:*:*:*:*:*:*:*"
    "cpe:2.3:a:kustomize:api:v0.11.4:*:*:*:*:*:*:*"
    "cpe:2.3:a:kustomize:api:v0.12.1:*:*:*:*:*:*:*"
    "cpe:2.3:a:kustomize:api:v0.12.1:*:*:*:*:*:*:*"
    "cpe:2.3:a:kustomize:cmd\\/config:v0.10.9:*:*:*:*:*:*:*"
    "cpe:2.3:a:kustomize:kustomize\\/v4:v0.0.0-20220802162801-56d82a8378df:*:*:*:*:*:*:*"
    "cpe:2.3:a:kustomize:kyaml:v0.13.6:*:*:*:*:*:*:*"
    "cpe:2.3:a:kustomize:kyaml:v0.13.9:*:*:*:*:*:*:*"
    "cpe:2.3:a:kustomize:kyaml:v0.13.9:*:*:*:*:*:*:*"

argoproj/argocd:v2.5.11 used for text fixtures

# https://hub.docker.com/r/argoproj/argocd/tags

TARGET_IMG=argoproj/argocd:v2.5.11
DEV_IMG=foo1234
docker build -t ${DEV_IMG} - <<EOF
FROM ${TARGET_IMG}
USER root
RUN apt-get update && apt-get install -y binutils
EOF

docker run -i --entrypoint=sh ${DEV_IMG} <<'EOF'
echo "===> argocd version"
/usr/local/bin/argocd version
echo "===> strings argocd"
strings /usr/local/bin/argocd | grep '2\.5\.11'
echo "===> helm version"
/usr/local/bin/helm version
echo "===> strings helm"
strings /usr/local/bin/helm | grep '3\.10\.3'
echo "===> kustomize version"
/usr/local/bin/kustomize version
echo "===> strings kustomize"
strings /usr/local/bin/kustomize | grep '4\.5\.7'
EOF

text fixtures

===> argocd version
argocd: v2.5.11+6dd7989
  BuildDate: 2023-02-16T15:06:40Z
  GitCommit: 6dd79895e248cc0980bcaf6c6bafdc9afbbf80cb
  GitTreeState: clean
  GoVersion: go1.18.10
  Compiler: gc
  Platform: linux/amd64
time="2023-02-23T04:07:38Z" level=fatal msg="Argo CD server address unspecified"
===> strings argocd
2.5.11
build   -ldflags="-X github.com/argoproj/argo-cd/v2/common.version=2.5.11 -X github.com/argoproj/argo-cd/v2/common.buildDate=2023-02-16T15:06:40Z -X github.com/argoproj/argo-cd/v2/common.gitCommit=6dd79895e248cc0980bcaf6c6bafdc9afbbf80cb -X github.com/argoproj/argo-cd/v2/common.gitTreeState=clean -X github.com/argoproj/argo-cd/v2/common.kubectlVersion=v0.24.2 -extldflags \"-static\""
build   -ldflags="-X github.com/argoproj/argo-cd/v2/common.version=2.5.11 -X github.com/argoproj/argo-cd/v2/common.buildDate=2023-02-16T15:06:40Z -X github.com/argoproj/argo-cd/v2/common.gitCommit=6dd79895e248cc0980bcaf6c6bafdc9afbbf80cb -X github.com/argoproj/argo-cd/v2/common.gitTreeState=clean -X github.com/argoproj/argo-cd/v2/common.kubectlVersion=v0.24.2 -extldflags \"-static\""
===> helm version
version.BuildInfo{Version:"v3.10.3", GitCommit:"835b7334cfe2e5e27870ab3ed4135f136eecc704", GitTreeState:"clean", GoVersion:"go1.18.9"}
===> strings helm
v3.10.3
===> kustomize version
{Version:kustomize/v4.5.7 GitCommit:56d82a8378dfc8dc3b3b1085e5a6e67b82966bd7 BuildDate:2022-08-02T16:35:54Z GoOs:linux GoArch:amd64}
===> strings kustomize
kustomize/v4.5.7
build   -ldflags="-s -X sigs.k8s.io/kustomize/api/provenance.version=kustomize/v4.5.7 -X sigs.k8s.io/kustomize/api/provenance.gitCommit=56d82a8378dfc8dc3b3b1085e5a6e67b82966bd7 -X sigs.k8s.io/kustomize/api/provenance.buildDate=2022-08-02T16:35:54Z "
build   -ldflags="-s -X sigs.k8s.io/kustomize/api/provenance.version=kustomize/v4.5.7 -X sigs.k8s.io/kustomize/api/provenance.gitCommit=56d82a8378dfc8dc3b3b1085e5a6e67b82966bd7 -X sigs.k8s.io/kustomize/api/provenance.buildDate=2022-08-02T16:35:54Z "

git diff

--- a/syft/pkg/cataloger/binary/default_classifiers.go
+++ b/syft/pkg/cataloger/binary/default_classifiers.go
@@ -175,6 +175,96 @@ var defaultClassifiers = []classifier{
        Package: "traefik",
        PURL:    mustPURL("pkg:generic/traefik@version"),
    },
+   {
+       Class:    "argocd",
+       FileGlob: "**/argocd",
+       EvidenceMatcher: fileContentsVersionMatcher(
+           `(?m)common\.version=(?P<version>[0-9]+\.[0-9]+\.[0-9]+)`),
+       Package: "argocd",
+       PURL:    mustPURL("pkg:generic/argocd@version"),
+       CPEs:    singleCPE("cpe:2.3:a:argoproj:argocd:*:*:*:*:*:*:*"),
+   },
+   {
+       Class:    "helm",
+       FileGlob: "**/helm",
+       EvidenceMatcher: fileContentsVersionMatcher(
+           `(?m)\x00v(?P<version>[0-9]+\.[0-9]+\.[0-9]+)\x00`),
+       Package: "helm",
+       PURL:    mustPURL("pkg:generic/helm@version"),
+       CPEs:    singleCPE("cpe:2.3:a:helm:helm:*:*:*:*:*:*:*"),
+   },
+   {
+       Class:    "kustomize",
+       FileGlob: "**/kustomize",
+       EvidenceMatcher: fileContentsVersionMatcher(
+           `(?m)version=kustomize/v(?P<version>[0-9]+\.[0-9]+\.[0-9]+)`),
+       Package: "kustomize",
+       PURL:    mustPURL("pkg:generic/kustomize@version"),
+       CPEs:    singleCPE("cpe:2.3:a:kustomize:kustomize:*:*:*:*:*:*:*"),
+   },
    {
        Class:    "postgresql-binary",
        FileGlob: "**/postgres",

anchore / syft

argocd binary classifier #1606