* split and upgrade config processing
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* upgrade UI organization
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* expose logger writter
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add (unused) signal handler
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add (unused) event loop abstraction
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update aux commands to use Cobra RunE over Run
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* upgrade root command to use new event loop and signal handler
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update CLI test to account for config representation
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update dependencies + fix linting
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* decompose application config parse func + add missing config struct tags
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* restore unparam lint exclusion for registry config
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* Preliminary implementation of ignore rules
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* Support ignoring matches by package type
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* Add tests for ignore functionality
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* Add documentation for ignore rules and clean up README
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* Add test for glob location matching
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* update command to take in SYFT_VERSION
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* add dynamic input to build command for ci
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* bump untar file size threshold
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* adjust variable names and comments around copyWithLimits for tar processing
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* Allow registry auth config without authority value
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* Update CLI tests for new stereoscope log output
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* add --fail-on threshold support
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* rename fail-on support functions and variables
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove UK spelling of canceled
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* Add warn method to logging system
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* Move from error to warn for no matcher scenario
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* Commit just to share progress, needs to be squashed/fixed-up once working.
Signed-off-by: Zach Hill <zach@anchore.com>
* minor fixes
* add cpe obj
* add cpe matching
* report cpe in search key
* add verbose logging for matches; bump vulnscan-db ver
* add dev profiler option; tweak logging
* test support for CPE URI bindings
addresses https://github.com/anchore/vulnscan/pull/40#discussion_r455389937
* rename nvdv2 to nvd
* reduce scope of cpe matching to non-distro packages
* normalize nil constraint strings
Co-authored-by: Zach Hill <zach@anchore.com>
