quay
diff --git a/‎alpine/parser.go
Lines changed: 3 additions & 2 deletions b/‎alpine/parser.go
Lines changed: 3 additions & 2 deletions
diff --git a/‎alpine/secdb_test.go
Lines changed: 0 additions & 82 deletions b/‎alpine/secdb_test.go
Lines changed: 0 additions & 82 deletions
diff --git a/‎chainguard/distributionscanner.go
Lines changed: 93 additions & 0 deletions b/‎chainguard/distributionscanner.go
Lines changed: 93 additions & 0 deletions
diff --git a/‎chainguard/ecosystem.go
Lines changed: 27 additions & 0 deletions b/‎chainguard/ecosystem.go
Lines changed: 27 additions & 0 deletions
@@ -9,6 +9,7 @@ import (
 
 	"github.com/quay/claircore"
 	"github.com/quay/claircore/libvuln/driver"
+	"github.com/quay/claircore/updater/secdb"
 )
 
 const (
@@ -22,15 +23,15 @@ func (u *updater) Parse(ctx context.Context, r io.ReadCloser) ([]*claircore.Vuln
 	zlog.Info(ctx).Msg("starting parse")
 	defer r.Close()
 
-	var db SecurityDB
+	var db secdb.SecurityDB
 	if err := json.NewDecoder(r).Decode(&db); err != nil {
 		return nil, err
 	}
 	return u.parse(ctx, &db)
 }
 
 // parse parses the alpine SecurityDB
-func (u *updater) parse(ctx context.Context, sdb *SecurityDB) ([]*claircore.Vulnerability, error) {
+func (u *updater) parse(ctx context.Context, sdb *secdb.SecurityDB) ([]*claircore.Vulnerability, error) {
 	out := []*claircore.Vulnerability{}
 	for _, pkg := range sdb.Packages {
 		if err := ctx.Err(); err != nil {
 
@@ -0,0 +1,93 @@
+package chainguard
+
+import (
+	"bytes"
+	"context"
+	"errors"
+	"fmt"
+	"github.com/quay/zlog"
+	"io/fs"
+	"runtime/trace"
+
+	"github.com/quay/claircore"
+	"github.com/quay/claircore/indexer"
+	"github.com/quay/claircore/osrelease"
+)
+
+const (
+	scannerName    = "chainguard"
+	scannerVersion = "1"
+	scannerKind    = "distribution"
+
+	chainguard = `chainguard`
+	wolfi      = `wolfi`
+)
+
+var (
+	_ indexer.DistributionScanner = (*DistributionScanner)(nil)
+	_ indexer.VersionedScanner    = (*DistributionScanner)(nil)
+)
+
+// DistributionScanner attempts to discover if a layer
+// displays characteristics of a chainguard or wolfi distribution.
+type DistributionScanner struct{}
+
+// Name implements scanner.VersionedScanner.
+func (*DistributionScanner) Name() string { return scannerName }
+
+// Version implements scanner.VersionedScanner.
+func (*DistributionScanner) Version() string { return scannerVersion }
+
+// Kind implements scanner.VersionedScanner.
+func (*DistributionScanner) Kind() string { return scannerKind }
+
+// Scan will inspect the layer for an os-release
+// and determine if it represents a chainguard or wolfi release.
+//
+// If the file is not found, or the file does not represent a chainguard nor wolfi release,
+// (nil, nil) is returned.
+func (s *DistributionScanner) Scan(ctx context.Context, l *claircore.Layer) ([]*claircore.Distribution, error) {
+	defer trace.StartRegion(ctx, "Scanner.Scan").End()
+	ctx = zlog.ContextWithValues(ctx,
+		"component", "chainguard/DistributionScanner.Scan",
+		"version", s.Version(),
+		"layer", l.Hash.String())
+	zlog.Debug(ctx).Msg("start")
+	defer zlog.Debug(ctx).Msg("done")
+
+	sys, err := l.FS()
+	if err != nil {
+		return nil, fmt.Errorf("chainguard: unable to open layer: %w", err)
+	}
+
+	b, err := fs.ReadFile(sys, osrelease.Path)
+	switch {
+	case errors.Is(err, nil):
+		m, err := osrelease.Parse(ctx, bytes.NewReader(b))
+		if err != nil {
+			return nil, err
+		}
+
+		switch id := m[`ID`]; id {
+		case chainguard, wolfi:
+			return []*claircore.Distribution{
+				{
+					Name: m[`NAME`],
+					DID:  id,
+					// Neither chainguard nor wolfi images are considered to be "versioned".
+					// Explicitly set the version to the empty string for clarity.
+					Version:    "",
+					PrettyName: m[`PRETTY_NAME`],
+				},
+			}, nil
+		default:
+			// This is neither chainguard nor wolfi.
+			return nil, nil
+		}
+	case errors.Is(err, fs.ErrNotExist):
+		// os-release file must exist in chainguard and wolfi images.
+		return nil, nil
+	default:
+		return nil, err
+	}
+}
@@ -0,0 +1,27 @@
+package chainguard
+
+import (
+	"context"
+
+	"github.com/quay/claircore/apk"
+	"github.com/quay/claircore/indexer"
+	"github.com/quay/claircore/linux"
+)
+
+// NewEcosystem provides the set of scanners and coalescers for the chainguard ecosystem
+func NewEcosystem(_ context.Context) *indexer.Ecosystem {
+	return &indexer.Ecosystem{
+		PackageScanners: func(ctx context.Context) ([]indexer.PackageScanner, error) {
+			return []indexer.PackageScanner{&apk.Scanner{}}, nil
+		},
+		DistributionScanners: func(ctx context.Context) ([]indexer.DistributionScanner, error) {
+			return []indexer.DistributionScanner{&DistributionScanner{}}, nil
+		},
+		RepositoryScanners: func(ctx context.Context) ([]indexer.RepositoryScanner, error) {
+			return []indexer.RepositoryScanner{}, nil
+		},
+		Coalescer: func(ctx context.Context) (indexer.Coalescer, error) {
+			return linux.NewCoalescer(), nil
+		},
+	}
+}