* feat: add `grype db providers` command
- currently reads content of `provider-metadata.json` file
- added flag `-o`/`--output` flags which accept `json` and `table`
- update method `getDBProviders()` and type `dbProviderMetadata` for db schema `v6`
Signed-off-by: Adnan Gulegulzar <gulegulzaradnan@gmail.com>
* chore: update readme for `grype db providers`
Signed-off-by: Adnan Gulegulzar <gulegulzaradnan@gmail.com>
* chore: update lint
Signed-off-by: Adnan Gulegulzar <gulegulzaradnan@gmail.com>
* chore: add cli test for `grype db providers`
Signed-off-by: Adnan Gulegulzar <gulegulzaradnan@gmail.com>
* fix: review changes
- updated table as the default output format
- updated tablewriter settings
- added unit test for the components of db providers command
- added dummy "provider-metadata.json" to aid unit tests
- added table and json assertion to cli test
Signed-off-by: Adnan Gulegulzar <gulegulzaradnan@gmail.com>
* chore: removes changes to `db diff`, `db serach` and `db list` commands
Signed-off-by: Adnan Gulegulzar <gulegulzaradnan@gmail.com>
* chore: remove unused constants
Signed-off-by: Adnan Gulegulzar <gulegulzaradnan@gmail.com>
* chore: move constants to scope where used
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
---------
Signed-off-by: Adnan Gulegulzar <gulegulzaradnan@gmail.com>
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
Co-authored-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* Add --ignore-states flag for ignoring findings with by fix state
Signed-off-by: James Hebden <jhebden@gitlab.com>
* ignore options checked before scan, fail on invalid ignore states, ignore states comma-separated
Signed-off-by: James Hebden <jhebden@gitlab.com>
* Add CLI tests for new --ignore-states flag
Signed-off-by: Will Murphy <will.murphy@anchore.com>
---------
Signed-off-by: James Hebden <jhebden@gitlab.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Co-authored-by: Will Murphy <will.murphy@anchore.com>
* add metadata extraction from pURLs
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* extract upstream packages before matching
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* put pkg.UpstreamPackages under test
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove pURL related processing
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* pull in syft spdx decoding
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* allow for more flexible GHSA namespace and source extraction
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add matching parity integration tests for all supported formats
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* bump syft to get spdx tv fix
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* use named pipe bit on stdin as indicator for piped input
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* ensure stdin is ignored when the CLI hints are present
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add CLI test to cover subprocess integration behavior
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* added test case for java regression
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove extra line in makefile
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* Silence usage and errors on root command
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* show help when no args are given
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove comments
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add cli test for help behavior
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
