RPM Package Manager: RPM package security scanning with Snyk

Snyk can detect various pieces of information about container images, including operating system distributions, software package managers, installed applications, and application dependencies. The RPM package manager is a common package manager in the Linux ecosystem, fully supported by Snyk. Snyk has recreated the functionality of reading RPM packages using an open source TypeScript library to overcome the challenges of working with the binary format used by RPM. The RPM database contains metadata about installed applications, including page headers and data entries that point to specific locations within the pages. Each entry in the index contains a tag, type, offset, and count, which can be used to extract package information from the payload header. By reading the binary blobs collected from the BerkeleyDB database, Snyk can construct a list of dependencies for container images.