grype

mirror of https://github.com/anchore/grype synced 2024-11-10 14:44:12 +00:00

Author	SHA1	Message	Date
anchore-actions-token-generator[bot]	10c3604498	Update Syft to v0.46.3 (#761 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: jonasagx <jonasagx@users.noreply.github.com>	2022-05-26 10:14:28 -07:00
Sean Killeen	55b63a9fb8	Add reference to logrus logging levels (#758 )	2022-05-25 15:06:17 -04:00
Herby Gillot	e6fc3e67d8	README: add MacPorts install info (#759 ) Signed-off-by: Herby Gillot <herby.gillot@gmail.com>	2022-05-25 11:06:42 -07:00
Alex Goodman	06d28dad9f	bump to syft v0.46.2 (#755 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-05-23 13:47:21 +00:00
Jonas Xavier	c842fb9af5	bump stereoscope version to include source path fix (#752 )	2022-05-19 08:18:49 -07:00
anchore-actions-token-generator[bot]	5a5642cc0d	Update Syft to v0.46.1 (#751 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2022-05-18 14:10:39 -07:00
Christian Kotzbauer	731abaab72	Add syft v0.46.0 Dotnet support (#747 )	2022-05-13 12:46:31 -04:00
dependabot[bot]	d6196b6525	Bump github.com/hashicorp/go-getter from 1.5.9 to 1.5.11 (#742 ) Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.5.9 to 1.5.11. - [Release notes](https://github.com/hashicorp/go-getter/releases) - [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml) - [Commits](https://github.com/hashicorp/go-getter/compare/v1.5.9...v1.5.11) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-getter dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-05-04 16:33:28 +01:00
Dan Luhring	0df35f8d2c	address excessive warnings from multiple sources (#741 )	2022-05-03 14:05:50 +00:00
SALES	7fc4ca7646	Add reference to Grype-based GitHub Action (#710 ) Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2022-05-01 20:03:19 +00:00
Christopher Angelo Phillips	36f5150fa9	bump syft version (#738 )	2022-04-29 13:39:08 -04:00
Sambhav Kothari	9f70cdbf24	add initial support for embedded CycloneDX VEX documents (#678 )	2022-04-28 12:49:12 -04:00
Jonas Xavier	523f5ce9c0	Consume attestation files (#706 ) * add key flag to attest validation Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * mvp: verify sig and extract sbom Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip read attestation without scheme Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * mvp consuming attestations - needs unit tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove prototype file Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * drop local syft from go.mod Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix order of sbom parsing strategies Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * handle implicit attestation input Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add test for invalid attestation key Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * rebase and go-mod-tidy Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * consume attestation via stdin Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * attestation test for stdin Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * validate input and content for attestation Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add stdin test Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix config tags Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add int test to ignore attestation validation Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix cycloneDX attestation fixture Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add tampered att test Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add tampered predicate type test Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * improve docs/help on atttestation Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * upgrade to latest syft Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fall through when guessing between sbom and att Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix butter finger rebase Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * drop default key value Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * assert error messages Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * better test/cli coverage Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix stdin decode test Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix goimports Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * tui - verified attestation and feedback changes Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * better naming Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add attestation section to config file Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * emit event for skipped verification Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * use public key name Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * nit Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>	2022-04-21 11:52:42 -07:00
Alex Goodman	9cc1c72169	Preserve package IDs on Syft JSON SBOM decode (#731 )	2022-04-18 18:22:58 +00:00
Alex Goodman	359353c10e	Add matches helper (#730 )	2022-04-18 09:38:28 -04:00
Keith Zantow	4ed0704dcf	Auto-PR needs to run go mod tidy (#727 )	2022-04-13 16:30:53 -04:00
Christopher Angelo Phillips	fa524a491e	reduce log level for warning so not in default output for upstream matcher (#725 )	2022-04-13 17:18:02 +00:00
Keith Zantow	b1e7189a4a	Add workflow for automatic PR for new Syft releases (#722 )	2022-04-13 13:08:04 -04:00
Christopher Angelo Phillips	95f68b4c33	Add java.Matcher configuration to includes maven upstream sha1 query (#714 )	2022-04-13 13:01:22 -04:00
Tom Sparrow	e77a6c8d63	Include package type in table output (#694 ) * Include package type column in table output This helps avoid confusion between packages of the same name but different types. I've hit this on a number of occasions, some examples below: - `tar` could be either a node package or a linux apk/rpm/deb - `msgpack` is a node package but also a python package - `jsonpointer` is also a node and/or python package In each case when I saw the vuln reported I unluckily picked the "wrong" one and it took some digging to realise the issue or even that there was another type of package with the same name at all. The "type" is a succinct representation of _where_ Grype found this package which should make things a lot clearer. Signed-off-by: Tom Sparrow <793763+sparrowt@users.noreply.github.com> * Fix flag names Signed-off-by: Tom Sparrow <793763+sparrowt@users.noreply.github.com> * Move type column to be consistent with syft ...which does `name, version, type, ...` Signed-off-by: Tom Sparrow <793763+sparrowt@users.noreply.github.com>	2022-04-08 21:00:02 -04:00
Alex Goodman	c36e9df887	Use CGO-less sqlite GORM driver (#705 )	2022-04-04 18:40:29 +00:00
Jonas Xavier	182c86d11d	Migrate LocationSet and add Dart support (#703 )	2022-04-01 08:21:37 -07:00
Christopher Angelo Phillips	e00a25220e	Add byMatchName custom function for custom template users	2022-03-30 16:27:04 +00:00
briankoe741	67eacff3e2	Remove announcement for OSS Meetup (#691 ) Proposing changes to remove our 3/23 meetup Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2022-03-25 00:12:07 +00:00
Keith Zantow	44e676488e	Update syft to v0.42.4 (#697 )	2022-03-24 14:11:17 -04:00
Dan Luhring	1e020d7ea0	Detect when a user specifies an empty SBOM (#695 ) * Detect when the user specifies empty SBOM file Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Fix darwin cert verification failure from Go 1.18 Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2022-03-24 10:12:11 -04:00
Keith Zantow	d8e1c37cd1	Update syft to v0.42.3 (#690 )	2022-03-23 17:57:06 -04:00
Alex Goodman	9fc6fb8a32	Bump strset version to fix 386 builds (#689 )	2022-03-23 18:27:11 +00:00
Jonas Xavier	50a6a09c86	Upgrade CI to go1.18 (#687 ) * upgrade CI to Go1.18 Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove golanci-lint go1.17 job Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix error from gocritic (linter) Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-03-22 12:02:14 -07:00
Keith Zantow	75eb96fd6c	Update Syft to 0.42.1 (#688 )	2022-03-22 18:59:19 +00:00
Keith Zantow	b2e66d368b	Improve SARIF path handling and severity (#686 )	2022-03-22 10:48:44 -04:00
j-k	d40fb77c1a	Correct go.mod to enforce go 1.18 (#685 ) Since grype now depends on debug/buildinfo go 1.18 is required to build grype and as such go.mod needs updating Signed-off-by: 06kellyjac <jack@control-plane.io>	2022-03-22 09:33:35 -04:00
Keith Zantow	f004f7dee3	Update Syft to 0.42.1 (#683 )	2022-03-21 20:11:40 +00:00
Keith Zantow	78cd067cb9	Correct issue with SARIF dir scan relative paths (#682 )	2022-03-21 15:35:20 -04:00
Dan Luhring	778ce33f3a	Remove commit signing requirement (#680 ) Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2022-03-18 12:47:47 -04:00
Jonas Xavier	dae6411c5c	upgrade github workflows to go 1.18 (#649 ) * upgrade github workflows to go 1.18 Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * upgrade syft & set go1.18 for CI workflows Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add go1.17 static analysis Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix yaml comment Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-03-17 14:58:20 -07:00
Jonas Xavier	7555342be0	add podman to readme and examples (#677 ) Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-03-17 12:31:01 -07:00
Abhijeet Kasurde	5bf54f9a72	Misc typo fixes (#673 ) Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>	2022-03-17 11:35:16 -04:00
Keith Zantow	0161f95873	Fix nil pointer access in SARIF output (#671 )	2022-03-16 16:20:46 -04:00
Keith Zantow	60c2968953	Update Syft to v0.41.6 (#670 )	2022-03-16 12:48:42 -04:00
Keith Zantow	a605d55ec0	Update register link text (#668 )	2022-03-15 16:57:26 +00:00
Keith Zantow	0b76016235	Directly install gon (#667 )	2022-03-15 13:47:15 +00:00
Alex Goodman	cc8e7836f3	Add platform selection (#666 )	2022-03-15 13:13:05 +00:00
briankoe741	8614a67ac5	Add announcement for Anchore OSS Meetup (#665 )	2022-03-14 17:35:04 -04:00
Keith Zantow	cbdec2ae5e	Update to Syft v0.41.4 (#664 )	2022-03-14 17:15:09 -04:00
Keith Zantow	bc8f8414ca	Add SARIF presenter option (#654 )	2022-03-14 12:13:37 -04:00
Alex Goodman	4db0d1adf9	Add artifacthub owner (#659 )	2022-03-09 07:49:41 -05:00
Christopher Angelo Phillips	0cfbdaeb71	Change Decompress to Unarchive for Archiver (#658 ) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-03-08 12:37:56 -05:00
Alex Goodman	1368ea05cd	Add additional DB archive decompressors (#657 )	2022-03-07 11:44:43 -05:00
Keith Zantow	fc8e13f5b8	Support for SBOMs with incomplete linux distribution or CPE information (#606 )	2022-03-03 16:31:46 -05:00

1 2 3 4 5 ...

634 commits