grype

mirror of https://github.com/anchore/grype synced 2024-11-10 06:34:13 +00:00

Author	SHA1	Message	Date
cpendery	64277bf6f4	docs: update php listing to be more clear that the `.json` file isn't indexed (#808 )	2022-06-27 10:26:49 -04:00
Christopher Angelo Phillips	bbe933204a	remove oss meetup message (#799 )	2022-06-23 18:03:38 +00:00
cpendery	335f744b9b	docs: update to include php (#793 )	2022-06-17 19:14:47 +00:00
cpendery	11cf09222b	fix: add golang to documentation (#788 )	2022-06-16 15:59:32 -04:00
Jonas Xavier	d6fa674edc	add db staleness check (#785 ) * add db staleness check Signed-off-by: Jonas Xavier <jonasx@anchore.com> * less config fields Signed-off-by: Jonas Xavier <jonasx@anchore.com> * fix import order Signed-off-by: Jonas Xavier <jonasx@anchore.com> * warn even when set to not error on staleness Signed-off-by: Jonas Xavier <jonasx@anchore.com> * nits Signed-off-by: Jonas Xavier <jonasx@anchore.com> * nits Signed-off-by: Jonas Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Xavier <jonasx@anchore.com> * lint fix Signed-off-by: Jonas Xavier <jonasx@anchore.com> * fix test Signed-off-by: Jonas Xavier <jonasx@anchore.com> * consistent log message Signed-off-by: Jonas Xavier <jonasx@anchore.com> * consistent new version message Signed-off-by: Jonas Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Xavier <jonasx@anchore.com> * human friendly time durations Signed-off-by: Jonas Xavier <jonasx@anchore.com> * fix typo Signed-off-by: Jonas Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Xavier <jonasx@anchore.com> * cleaner tests and default db value Signed-off-by: Jonas Xavier <jonasx@anchore.com>	2022-06-15 12:48:10 -04:00
Weston Steimel	736117e0d9	Support namespace and language as additional criteria for ignoring vulnerability matches (#780 ) * support filtering matches based on Namespace Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * support filtering matches based on package language Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * add tests for filtering matches on Namespace and Language Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * update README for new ignore rule criteria Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * fix linting errors Signed-off-by: Weston Steimel <weston.steimel@anchore.com>	2022-06-10 18:15:58 +01:00
briankoe741	30f0aa7051	Add announcement for Anchore OSS Meetup (#775 )	2022-06-06 16:51:34 -04:00
Sean Killeen	55b63a9fb8	Add reference to logrus logging levels (#758 )	2022-05-25 15:06:17 -04:00
Herby Gillot	e6fc3e67d8	README: add MacPorts install info (#759 ) Signed-off-by: Herby Gillot <herby.gillot@gmail.com>	2022-05-25 11:06:42 -07:00
Christian Kotzbauer	731abaab72	Add syft v0.46.0 Dotnet support (#747 )	2022-05-13 12:46:31 -04:00
SALES	7fc4ca7646	Add reference to Grype-based GitHub Action (#710 ) Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2022-05-01 20:03:19 +00:00
Jonas Xavier	523f5ce9c0	Consume attestation files (#706 ) * add key flag to attest validation Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * mvp: verify sig and extract sbom Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip read attestation without scheme Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * mvp consuming attestations - needs unit tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove prototype file Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * drop local syft from go.mod Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix order of sbom parsing strategies Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * handle implicit attestation input Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add test for invalid attestation key Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * rebase and go-mod-tidy Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * consume attestation via stdin Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * attestation test for stdin Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * validate input and content for attestation Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add stdin test Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix config tags Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add int test to ignore attestation validation Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix cycloneDX attestation fixture Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add tampered att test Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add tampered predicate type test Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * improve docs/help on atttestation Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * upgrade to latest syft Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fall through when guessing between sbom and att Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix butter finger rebase Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * drop default key value Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * assert error messages Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * better test/cli coverage Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix stdin decode test Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix goimports Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * tui - verified attestation and feedback changes Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * better naming Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add attestation section to config file Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * emit event for skipped verification Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * use public key name Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * nit Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>	2022-04-21 11:52:42 -07:00
Christopher Angelo Phillips	95f68b4c33	Add java.Matcher configuration to includes maven upstream sha1 query (#714 )	2022-04-13 13:01:22 -04:00
briankoe741	67eacff3e2	Remove announcement for OSS Meetup (#691 ) Proposing changes to remove our 3/23 meetup Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2022-03-25 00:12:07 +00:00
Jonas Xavier	7555342be0	add podman to readme and examples (#677 ) Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-03-17 12:31:01 -07:00
Keith Zantow	a605d55ec0	Update register link text (#668 )	2022-03-15 16:57:26 +00:00
Alex Goodman	cc8e7836f3	Add platform selection (#666 )	2022-03-15 13:13:05 +00:00
briankoe741	8614a67ac5	Add announcement for Anchore OSS Meetup (#665 )	2022-03-14 17:35:04 -04:00
Keith Zantow	fc8e13f5b8	Support for SBOMs with incomplete linux distribution or CPE information (#606 )	2022-03-03 16:31:46 -05:00
Fabrice Jammes	cfc4f8b6f1	Add clarifying message to install command (#608 ) Signed-off-by: Dan Luhring <dan+github@luhrings.com> Co-authored-by: Dan Luhring <dan+github@luhrings.com>	2022-02-25 21:19:42 +00:00
Dan Nurmi	0ce1c43d40	Add list of public data feeds that are sourced when populating grype's vulnerability database (#618 )	2022-02-01 02:32:34 +00:00
Sambhav Kothari	346df07df5	Add sprig templating functions for grype output (#610 ) Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net>	2022-01-28 11:27:27 -05:00
Alex Goodman	c88ee0e8f5	add expose minimal search configuration (#579 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-01-09 06:14:57 -05:00
Christopher Angelo Phillips	9f44aa89b0	Add basic vulnerability summary documentation (#574 ) * add basic vulnerability summary to README Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>	2022-01-04 09:45:37 -05:00
Richard Mayes	75bb4ce9e3	fix(docs): fix issue with template command example (#540 ) Signed-off-by: Richard Mayes <richard.mayes@watchfinder.co.uk> Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-12-22 16:25:52 -05:00
Keith Zantow	647d6fb770	Add --exclude flag (#551 )	2021-12-21 12:52:07 -05:00
Dan Luhring	4bb841e97d	Add section for community meetings (#521 ) Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2021-12-06 12:18:30 -05:00
Alex Goodman	86b7d165e2	Add db list command (#506 ) * add db list command Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add stderr print helper Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update docs to with details about listing files and DB curation Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-12-03 16:43:50 +00:00
Dan Luhring	2867dc0118	Remove webinar announcement (#513 ) Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2021-12-01 19:05:14 +00:00
Dan Luhring	1e35cbf20b	Announce meetup on 2021-12-01 (#505 ) Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2021-11-22 10:13:55 -05:00
Christopher Angelo Phillips	00aa7d4523	Add private registry authorization section to README (#488 ) * update registry auth section for readme Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>	2021-11-04 14:37:07 +00:00
Dan Luhring	e4bc82f305	Readme improvements (#469 ) * Remove webinar announcement Signed-off-by: Dan Luhring <dan.luhring@anchore.com> * Document only-fixed feature Signed-off-by: Dan Luhring <dan.luhring@anchore.com> * Expand docs for Grype database Signed-off-by: Dan Luhring <dan.luhring@anchore.com> * List out allowed values for fix-state Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-10-22 12:07:06 +00:00
Dan Luhring	e544dff368	Announce upcoming webinar (#457 ) Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-10-15 16:21:26 +00:00
Dan Luhring	438c4f899f	Add Grype logo (#451 ) Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-10-11 21:15:19 +00:00
Alex Goodman	cd3b414e59	Add option to output vulnerability report to a file (#442 ) * add --file CLI option Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * tidy go sum Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-10-05 15:57:36 -04:00
Dan Luhring	84189278a3	Improve documentation (#441 ) * Make installation methods more obvious Signed-off-by: Dan Luhring <dan.luhring@anchore.com> * Add badge for joining Slack Signed-off-by: Dan Luhring <dan.luhring@anchore.com> * Document requirement for signed commits Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-10-04 09:29:41 -04:00
Dan Luhring	f86fd7eb38	Feature: Specifying ignore rules for vulnerability matches (#430 ) * Preliminary implementation of ignore rules Signed-off-by: Dan Luhring <dan.luhring@anchore.com> * Support ignoring matches by package type Signed-off-by: Dan Luhring <dan.luhring@anchore.com> * Add tests for ignore functionality Signed-off-by: Dan Luhring <dan.luhring@anchore.com> * Add documentation for ignore rules and clean up README Signed-off-by: Dan Luhring <dan.luhring@anchore.com> * Add test for glob location matching Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-09-29 15:44:36 -04:00
Dan Luhring	2c79261c01	Add announcement for KubeCon meetup (#428 ) * Add announcement for KubeCon meetup Signed-off-by: Dan Luhring <dan.luhring@anchore.com> * Remove warning about zsh completion Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-09-24 15:50:57 +00:00
Alex Goodman	0ca54448d4	Revert "Add announcement for upcoming OSS meetup (#402 )" (#405 ) This reverts commit `c6529822fa`. Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-09-02 10:59:21 -04:00
Dan Luhring	c6529822fa	Add announcement for upcoming OSS meetup (#402 ) Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-08-25 14:35:57 -04:00
Keith Zantow	096bc6e970	docs: wrong environment variable: SYFT_ (#387 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2021-08-18 16:41:10 -04:00
Keith Zantow	7b044b1154	Add option to enable http registry connections #334 (#380 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2021-08-17 12:52:08 -04:00
Alex Goodman	05ade7bbbf	Revert "Add callout for OSS meetup (#346 )" (#361 ) This reverts commit `3f4efcaf9a`. Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2021-07-02 14:32:24 +00:00
Dan Luhring	3f4efcaf9a	Add callout for OSS meetup (#346 ) Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-06-24 11:44:29 -04:00
Dan Luhring	fcdf6c58ec	Update README with latest capabilities (#335 ) Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-06-11 17:50:18 +00:00
Dan Luhring	be81dbb746	Expand out SBOM acronym Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-05-06 14:35:32 -04:00
Dan Luhring	8e153c9120	Include references back to Syft Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-05-06 14:20:03 -04:00
Alex Goodman	6ad5e94674	bump go.mod minimum required go version Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-16 08:55:03 -04:00
Alex Goodman	c3e5280aaa	update docs with registry config and source options Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-13 16:13:48 -04:00
Dan Luhring	326a79da2a	Address PR comments Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-04-09 16:31:13 -04:00
Dan Luhring	eb74835a1a	Add template presenter Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-04-09 09:34:58 -04:00
Dan Luhring	9f9f396da6	Update README to account for change in macOS release Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2020-11-06 12:19:38 -05:00
Dan Luhring	5f14775920	Fix errors in README (#188 ) Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2020-10-19 10:01:33 -04:00
Alex Goodman	e7ee54a81a	update install script arguments for proper argument processing (#181 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-10-09 11:08:26 -04:00
Graham Siener	4ca218733b	Edit typo in readme (#179 ) Signed-off-by: Graham Siener <siener@gmail.com>	2020-10-09 10:10:10 -04:00
Alfredo Deza	7f20e538cf	docs: update the readme to remove pre-release note Signed-off-by: Alfredo Deza <adeza@anchore.com>	2020-10-08 15:33:47 -04:00
Alex Goodman	326afa3c41	Add OCI support + use URI schemes (#160 ) * add oci support + update image schemes Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update to oci-dir Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump upstream stereoscope, testutils, and syft pins Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix malformed go.sum Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * pull in upstream syft json presenter updates Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-09-25 14:18:03 -04:00
Alex Goodman	b2715ffdba	Update high level docs (#162 ) * move dev section to separate doc; generally update readme Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove line breaks from docs Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-09-25 14:06:10 -04:00
Sam Dacanay	293368e25e	Shell completion via Cobra utility (#149 ) * Add completion script, ValidArgsFunction to root command to list docker images using docker go sdk, and update README Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com> Remove support for zsh and powershell completion, as it doesnt work out of the box, and currently dont have a way to test powershell. Reported an issue with Cobra ZSH completion script generation as there are 2 bugs in it AFIACT Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com> * add zsh with cobra master branch Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2020-09-14 09:06:29 -07:00
Zach Hill	be6a7ea4f5	Update README.md to highlight supported distros and languages (#135 ) * Update README.md to highlight supported distros and languages Same content, just bullet points instead of a single item for each type. Just visually easier to identify if you're looking for this info. Signed-off-by: Zach Hill <zach@anchore.com> * incorporated README feature comments Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2020-08-24 12:27:07 -04:00
Alex Goodman	3836626031	add demo gif (#134 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-08-14 15:03:29 -04:00
Neil Levine	f2ce94b614	Replaced stray syft entries with grype Signed-off-by: Neil Levine <levine@yoyo.org>	2020-08-11 10:10:24 -07:00
Alfredo Deza	2caa0d2fe5	docs: emphasize installation methods before features and getting started Signed-off-by: Alfredo Deza <adeza@anchore.com>	2020-08-11 10:54:06 -04:00
Ross Turk	12b2296374	Add future ideas + beta warning to README (#114 ) Signed-off-by: Ross Turk <ross@rossturk.com>	2020-08-11 07:07:44 -04:00
Dan Luhring	8052fa644d	Update installation method (#117 ) Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2020-08-10 19:29:35 -04:00
Dan Luhring	457cd297ec	Add badges (#115 ) Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2020-08-10 16:46:02 -04:00
Ross Turk	c1fdaba363	Adding additional detail to README (#103 ) * Adding additional detail to README Signed-off-by: Ross Turk <ross@rossturk.com> * Addressing comments in #103 Signed-off-by: Ross Turk <ross@rossturk.com> * remove profiling from config options Signed-off-by: Ross Turk <ross@rossturk.com>	2020-08-07 15:56:55 -04:00
Alfredo Deza	57d73a53b3	docs: update README with sections and DB information Signed-off-by: Alfredo Deza <adeza@anchore.com>	2020-08-06 07:59:35 -04:00
Alex Goodman	b74b647e1f	update readme description	2020-07-23 21:45:22 -04:00
Alex Goodman	564fffec6d	rename to grype	2020-07-23 21:29:05 -04:00
Alex Goodman	3c6ae01619	initial project structure	2020-05-26 10:41:23 -04:00

1 2 3

121 commits