Catalog traefik binary #1460

witchcraze · 2023-01-14T10:39:40Z

What would you like to be added:

An additional file classifier which finds traefik binary.

Why is this needed:

traefik is widely used.

pullCount : 1B+
starCount : 2.8K+
from https://hub.docker.com/_/traefik

traefik will be installed without a package manger in container env with official image.
We want to be able to catalog this.

$ syft -q traefik:3.0 | grep traefik
github.com/traefik/paerser                                         v0.1.9                                 go-module
github.com/traefik/traefik/v2                                      v0.0.0-20221207162604-e54ee89330a8     go-module
github.com/traefik/yaegi                                           v0.14.3                                go-module
$ docker run -it --rm traefik:3.0 traefik version
Version:      3.0.0-beta2
Codename:     beaufort
Go version:   go1.19.4
Built:        2022-12-07T16:32:34Z
OS/Arch:      linux/amd64

Additional context:

cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:* is used in NVD
https://nvd.nist.gov/vuln/detail/CVE-2022-46153

EOL
Releases - Traefik

DOCKER OFFICIAL IMAGE : traefik:3.0

# which traefik
/usr/local/bin/traefik

# traefik version
Version:      3.0.0-beta2
Codename:     beaufort
Go version:   go1.19.4
Built:        2022-12-07T16:32:34Z
OS/Arch:      linux/amd64

# strings /usr/local/bin/traefik | grep '3\.0\.0'
[::1]:53[:word:][]Event{[]Lease{[]PodIP{[]Taint{[mapKey][signal "13.0.0""3:04PM""DELETE"
3.0.0-beta2
vendor/golang.org/x/text/unicode/bidi/tables13.0.0.go
vendor/golang.org/x/text/unicode/norm/tables13.0.0.go
vendor/golang.org/x/net/idna/tables13.0.0.go
golang.org/x/text@v0.5.0/unicode/bidi/tables13.0.0.go
golang.org/x/text@v0.5.0/unicode/norm/tables13.0.0.go
golang.org/x/net@v0.3.1-0.20221206200815-1e63c2f08a10/idna/tables13.0.0.go
golang.org/x/text@v0.5.0/cases/tables13.0.0.go

DOCKER OFFICIAL IMAGE : traefik:2.9

# which traefik
/usr/local/bin/traefik

# traefik version
Version:      2.9.6
Codename:     banon
Go version:   go1.19.4
Built:        2022-12-07T14:17:58Z
OS/Arch:      linux/amd64

# strings /usr/local/bin/traefik | grep '2\.9\.6'
2.9.6

DOCKER OFFICIAL IMAGE : traefik:1.7

$ ./traefik version
Version:      v1.7.34
Codename:     maroilles
Go version:   go1.16.12
Built:        2021-12-10_04:59:22PM
OS/Arch:      linux/amd64

$ strings traefik | grep '1\.7\.34'
v1.7.34

DOCKER OFFICIAL IMAGE : traefik:windowsservercore-1809
Sorry, I was not able to check this case...

The text was updated successfully, but these errors were encountered:

kzantow · 2023-01-17T15:32:35Z

Thanks @witchcraze -- added this to the backlog and of course, PRs are welcome!

witchcraze added the enhancement New feature or request label Jan 14, 2023

kzantow added this to OSS Jan 17, 2023

kzantow moved this to Backlog in OSS Jan 17, 2023

witchcraze mentioned this issue Jan 21, 2023

feat: add traefik classifier #1504

Merged

kzantow closed this as completed in #1504 Feb 2, 2023

github-project-automation bot moved this from Backlog to Done in OSS Feb 2, 2023

dependabot bot mentioned this issue Feb 21, 2023

Bump github.com/anchore/syft from 0.34.0 to 0.72.0 nvtkaszpir/chart-testing#83

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Catalog traefik binary #1460

Catalog traefik binary #1460

witchcraze commented Jan 14, 2023 •

edited

Loading

kzantow commented Jan 17, 2023

Catalog traefik binary #1460

Catalog traefik binary #1460

Comments

witchcraze commented Jan 14, 2023 • edited Loading

kzantow commented Jan 17, 2023

witchcraze commented Jan 14, 2023 •

edited

Loading