Feature: Add ffmpeg binary cataloger

[popey]

Description

Adds an ffmpeg binary cataloger. This is required to fix #3988.

Using 3rd-party built or self-built ffmpeg binaries within application deployments is common. This is often done to get a newer (less buggy or more featured, or patched) ffmpeg than ships with the distribution of choice.

• Fixes When scanning the FFmpeg binary with Syft, it fails to be recognized as a component. #3988

Type of change

• New feature (non-breaking change which adds functionality)

Checklist:

• I have added unit tests that cover changed behavior
• I have tested my code in common scenarios and confirmed there are no regressions
• I have added comments to my code, particularly in hard-to-understand sections

$ ls -l ~/Temp/ff 
-r-xr-xr-x@ 1 alan  staff  421968 11 Jun 10:59 ffmpeg
$ ~/Temp/ff/ffmpeg
ffmpeg version 7.1.1 Copyright (c) 2000-2025 the FFmpeg developers
$./snapshot/darwin-build_darwin_arm64_v8.0/syft ~/Temp/ff 
 ✔ Indexed file system /Users/alan/Temp/ff 
 ✔ Cataloged contents 787ed5b32c1139ad7b874180b8c8e0c418094e35d058c64a8c111e91f3b78e9d 
   ├── ✔ Packages                        [1 packages]  
   ├── ✔ Executables                     [1 executables]  
   ├── ✔ File digests                    [1 files]  
   └── ✔ File metadata                   [1 locations]  
[0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal)
NAME    VERSION  TYPE     
ffmpeg  7.1.1    binary  

[popey]

I tested this with a home-compiled version of ffmpeg, which happened to have version "6.0" which fouled my regex. Fixed that.

/Users/alan/Work/Anchore/syft/snapshot/darwin-build_darwin_arm64_v8.0/syft ~/Temp/ff
 ✔ Indexed file system /Users/alan/Temp/ff 
 ✔ Cataloged contents 787ed5b32c1139ad7b874180b8c8e0c418094e35d058c64a8c111e91f3b78e9d 
   ├── ✔ Packages                        [3 packages]  
   ├── ✔ Executables                     [3 executables]  
   ├── ✔ File digests                    [3 files]  
   └── ✔ File metadata                   [3 locations]  
[0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ide
NAME    VERSION  TYPE     
ffmpeg  6.0      binary    
ffmpeg  6.1.1    binary    
ffmpeg  7.1.1    binary

[willmurphyscode]

@popey maybe https://hub.docker.com/r/linuxserver/ffmpeg/tags would be a good source to find an image for a full fixture? Basically a full fixture is instructions that say, "to really test this binary matcher, grab file at <path> from <image>.

[popey]

Thanks @willmurphyscode - I saw your comment go by and couldn't find it, turns out I was looking in the wrong place. I'll take a look at this, cheers!

[popey]

Thanks @willmurphyscode - I've implemented the "full fixture" approach you suggested. I spent some time understanding the config.yaml format and how other binary catalogers use container images for comprehensive testing.

I created a test script that validates the ffmpeg binary cataloger against multiple versions from the linuxserver/ffmpeg Docker images. The script tests both ffmpeg 8.0 and 7.1.1 and confirms syft correctly identifies the versions:

Test script

#!/bin/bash

set -e

# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color

echo "Testing FFmpeg binary cataloger with various versions and architectures"
echo "======================================================================"

# Build syft first
echo -e "${YELLOW}Building syft...${NC}"
make bootstrap
make build

# Check if build succeeded
if [ ! -f "./snapshot/darwin-build_darwin_arm64_v8.0/syft" ]; then
    echo -e "${RED}Error: syft binary not found after build${NC}"
    exit 1
fi

SYFT_BINARY="./snapshot/darwin-build_darwin_arm64_v8.0/syft"

# Get some available tags from Docker Hub
echo -e "${YELLOW}Getting available tags...${NC}"
AVAILABLE_TAGS=$(curl -s "https://registry.hub.docker.com/v2/repositories/linuxserver/ffmpeg/tags/?page_size=20" | jq -r '.results[].name')

echo "Available tags:"
echo "$AVAILABLE_TAGS" | head -10

# Define test cases: tag:expected_version
declare -a TEST_CASES=(
    "version-8.0-cli:8.0"
    "7.1.1:7.1.1"
)

# Function to test a specific container
test_ffmpeg_container() {
    local tag="$1"
    local expected_version="$2"
    local image="docker.io/linuxserver/ffmpeg:${tag}"
    
    echo -e "${YELLOW}Testing $image (expecting version $expected_version)...${NC}"
    
    # Check if tag exists
    if ! echo "$AVAILABLE_TAGS" | grep -q "^${tag}$"; then
        echo -e "${RED}  ✗ Tag $tag not found in available tags${NC}"
        return 1
    fi
    
    echo "  Running syft on container..."
    
    # Run syft on the container image
    local output
    if output=$($SYFT_BINARY "$image" 2>/dev/null); then
        # Check if ffmpeg was detected with correct version
        if echo "$output" | grep -q "ffmpeg.*$expected_version.*binary"; then
            echo -e "${GREEN}  ✓ Success: Detected ffmpeg $expected_version${NC}"
            echo "    $(echo "$output" | grep "ffmpeg.*binary")"
            return 0
        else
            echo -e "${RED}  ✗ Failed: ffmpeg $expected_version not detected or wrong version${NC}"
            echo "    Lines containing 'ffmpeg':"
            echo "$output" | grep -i ffmpeg || echo "    (no ffmpeg found in output)"
            return 1
        fi
    else
        echo -e "${RED}  ✗ Failed: syft execution failed${NC}"
        return 1
    fi
}

# Counter for results
total_tests=0
passed_tests=0

# Test each case
for test_case in "${TEST_CASES[@]}"; do
    IFS=':' read -ra PARTS <<< "$test_case"
    tag="${PARTS[0]}"
    expected_version="${PARTS[1]}"
    
    total_tests=$((total_tests + 1))
    
    if test_ffmpeg_container "$tag" "$expected_version"; then
        passed_tests=$((passed_tests + 1))
    fi
    
    echo ""  # Add blank line between tests
done

# Summary
echo "======================================================================"
echo -e "Results: ${GREEN}$passed_tests${NC} passed, ${RED}$((total_tests - passed_tests))${NC} failed out of ${total_tests} total tests"

if [ $passed_tests -eq $total_tests ]; then
    echo -e "${GREEN}All tests passed! The ffmpeg binary cataloger is working correctly.${NC}"
    exit 0
else
    echo -e "${RED}Some tests failed. Please review the output above.${NC}"
    exit 1
fi

./snapshot/darwin-build_darwin_arm64_v8.0/syft docker.io/linuxserver/ffmpeg:version-8.0-cli | grep ffmpeg
ffmpeg                       8.0                                binary

I've also added proper full fixture entries to the config.yaml file with the linuxserver/ffmpeg images for versions 8.0 and 7.1.1, including both amd64 and arm64 platforms as you suggested. This should provide robust test coverage across different architectures.

Ready for another review when you have a moment. Cheers!