update config name to not stutter

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
anchore · Apr 13, 2022 · dab92ea · dab92ea
1 parent 5522623
commit dab92ea
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -165,6 +165,20 @@ will be resolved _relative to the specified scan directory_. Keep in mind, your
 may attempt to expand wildcards, so put those parameters in single quotes, like:
 `'**/*.json'`.
 
+### External Sources
+
+Grype can be configured to incorporate external data sources for added fidelity in vulnerability matching. This 
+feature is currently disabled by default. To enable this feature add the following to the grype config:
+```yaml
+external-sources:
+  enable: true
+  maven:
+    search-upstream-by-sha1: true
+    base-url: https://search.maven.org/solrsearch/select
+```
+
+You can also configure the base-url if you're using another registry as your maven endpoint.
+
 ### Output formats
 
 The output format for Grype is configurable as well:
@@ -504,6 +518,12 @@ add-cpes-if-none: false
 # Explicitly specify a linux distribution to use as <distro>:<version> like alpine:3.10
 distro:
 
+external-sources:
+  enable: false
+  maven:
+    search-upstream-by-sha1: true
+    base-url: https://search.maven.org/solrsearch/select
+
 db:
   # check for database updates on execution
   # same as GRYPE_DB_AUTO_UPDATE env var

diff --git a/internal/config/application.go b/internal/config/application.go
@@ -44,7 +44,7 @@ type Application struct {
 	Ignore              []match.IgnoreRule      `yaml:"ignore" json:"ignore" mapstructure:"ignore"`
 	Exclusions          []string                `yaml:"exclude" json:"exclude" mapstructure:"exclude"`
 	DB                  database                `yaml:"db" json:"db" mapstructure:"db"`
-	ExternalSources     externalSources         `yaml:"external-sources" json:"external-sources" mapstructure:"external-sources"`
+	ExternalSources     externalSources         `yaml:"external-sources" json:"externalSources" mapstructure:"external-sources"`
 	Dev                 development             `yaml:"dev" json:"dev" mapstructure:"dev"`
 	FailOn              string                  `yaml:"fail-on-severity" json:"fail-on-severity" mapstructure:"fail-on-severity"`
 	FailOnSeverity      *vulnerability.Severity `yaml:"-" json:"-"`

diff --git a/internal/config/datasources.go b/internal/config/datasources.go
@@ -16,19 +16,19 @@ type externalSources struct {
 }
 
 type maven struct {
-	SearchMavenUpstream bool   `yaml:"search-maven-upstream" json:"search_maven_upstream" mapstructure:"search-maven-upstream"`
-	BaseURL             string `yaml:"base-url" json:"base-url" mapstructure:"base-url"`
+	SearchUpstreamBySha1 bool   `yaml:"search-upstream" json:"searchUpstreamBySha1" mapstructure:"search-maven-upstream"`
+	BaseURL              string `yaml:"base-url" json:"baseUrl" mapstructure:"base-url"`
 }
 
 func (cfg externalSources) loadDefaultValues(v *viper.Viper) {
 	v.SetDefault("external-sources.enable", false)
-	v.SetDefault("external-sources.maven.search-maven-upstream", false)
+	v.SetDefault("external-sources.maven.search-maven-upstream", true)
 	v.SetDefault("external-sources.maven.base-url", defaultMavenBaseURL)
 }
 
 func (cfg externalSources) ToJavaMatcherConfig() java.MatcherConfig {
 	// always respect if global config is disabled
-	smu := cfg.Maven.SearchMavenUpstream
+	smu := cfg.Maven.SearchUpstreamBySha1
 	if !cfg.Enable {
 		smu = cfg.Enable
 	}