syft icon indicating copy to clipboard operation
syft copied to clipboard
verified publisher icon anchore

Support cataloging R packages

Open westonsteimel opened this issue 4 years ago • 2 comments

What would you like to be added:

Support for cataloging R packages. The package metadata spec is at https://r-pkgs.org/description.html#description and the package url spec is at https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst#cran

Why is this needed:

Extends support for SBOM generation to the R ecosystem

westonsteimel avatar Jan 02 '22 08:01 westonsteimel

As an example, this is what the DESCRIPTION file looks like for the odbc package

Package: odbc
Title: Connect to ODBC Compatible Databases (using the DBI Interface)
Version: 1.3.3
Authors@R:
    c(person(given = "Jim",
             family = "Hester",
             role = "aut"),
      person(given = "Hadley",
             family = "Wickham",
             role = c("aut", "cre"),
             email = "[email protected]"),
      person(given = "Oliver", "Gjoneski", role = "ctb", comment = "detule"),
      person(given = "lexicalunit",
             role = "cph",
             comment = "nanodbc library"),
      person(given = "Google Inc.",
             role = "cph",
             comment = "cctz library"),
      person(given = "RStudio",
             role = c("cph", "fnd")))
Description: A DBI-compatible interface to ODBC databases.
License: MIT + file LICENSE
URL: https://github.com/r-dbi/odbc, https://db.rstudio.com
BugReports: https://github.com/r-dbi/odbc/issues
Depends: R (>= 3.2.0)
Imports: bit64, blob (>= 1.2.0), DBI (>= 1.0.0), hms, methods, rlang,
        Rcpp (>= 0.12.11)
Suggests: covr, DBItest, magrittr, RSQLite, testthat, tibble
LinkingTo: Rcpp
ByteCompile: true
Encoding: UTF-8
RoxygenNote: 7.1.2
SystemRequirements: C++11, GNU make, An ODBC3 driver manager and
        drivers.
Collate: 'odbc.R' 'Driver.R' 'Connection.R' 'DataTypes.R'
        'RcppExports.R' 'Result.R' 'Table.R' 'Viewer.R' 'db.R'
        'hidden.R' 'utils.R' 'zzz.R'
NeedsCompilation: yes
Packaged: 2021-11-29 20:57:53 UTC; jhester
Author: Jim Hester [aut],
  Hadley Wickham [aut, cre],
  Oliver Gjoneski [ctb] (detule),
  lexicalunit [cph] (nanodbc library),
  Google Inc. [cph] (cctz library),
  RStudio [cph, fnd]
Maintainer: Hadley Wickham <[email protected]>
Repository: RSPM
Date/Publication: 2021-11-30 09:10:02 UTC
Built: R 4.1.0; x86_64-pc-linux-gnu; 2021-12-01 11:02:45 UTC; unix

I used the following docker command to get a container with a cli R environment setup:

docker run --rm -it rocker/r-ver bash

Then within the container

# install odbc package to the default r library location at /usr/local/lib/R/site-library/
install2.r odbc

westonsteimel avatar Jan 02 '22 23:01 westonsteimel

It may be useful to be able to locate and parse up on renv.lock files

actualben avatar May 10 '22 18:05 actualben