search

anchore / syft

CLI tool and library for generating a Software Bill of Materials from container images and filesystems
Apache License 2.0
6.21k stars 573 forks source link

Identify `bash.preinst` #3191

Closed kzantow closed 1 month ago

kzantow commented 2 months ago

What would you like to be added: Syft does not appear to identify bash.preinst, which is present on many of the official Docker images.

Why is this needed: Syft should be able to identify common executables at least as expected/known rather than unknown.

Additional context: In the official docker images, as of this writing, there are 33 instances of this at /var/lib/dpkg/info/bash.preinst, which do not appear to be associated to any of the package-manager installed packages. From some basic web search, it looks like this may be a one-time script to associate /bin/sh with /bin/bash in some manner, but more investigation is needed where it comes from and why it doesn't get removed for proper classification.

wagoodman commented 1 month ago

I think this would be the way to go https://github.com/anchore/syft/pull/3228