grype

mirror of https://github.com/anchore/grype synced 2024-09-20 14:31:59 +00:00

Author	SHA1	Message	Date
anchore-actions-token-generator[bot]	10c3604498	Update Syft to v0.46.3 (#761 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: jonasagx <jonasagx@users.noreply.github.com>	2022-05-26 10:14:28 -07:00
Alex Goodman	06d28dad9f	bump to syft v0.46.2 (#755 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-05-23 13:47:21 +00:00
Jonas Xavier	c842fb9af5	bump stereoscope version to include source path fix (#752 )	2022-05-19 08:18:49 -07:00
anchore-actions-token-generator[bot]	5a5642cc0d	Update Syft to v0.46.1 (#751 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2022-05-18 14:10:39 -07:00
Christian Kotzbauer	731abaab72	Add syft v0.46.0 Dotnet support (#747 )	2022-05-13 12:46:31 -04:00
dependabot[bot]	d6196b6525	Bump github.com/hashicorp/go-getter from 1.5.9 to 1.5.11 (#742 ) Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.5.9 to 1.5.11. - [Release notes](https://github.com/hashicorp/go-getter/releases) - [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml) - [Commits](https://github.com/hashicorp/go-getter/compare/v1.5.9...v1.5.11) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-getter dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-05-04 16:33:28 +01:00
Dan Luhring	0df35f8d2c	address excessive warnings from multiple sources (#741 )	2022-05-03 14:05:50 +00:00
Christopher Angelo Phillips	36f5150fa9	bump syft version (#738 )	2022-04-29 13:39:08 -04:00
Jonas Xavier	523f5ce9c0	Consume attestation files (#706 ) * add key flag to attest validation Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * mvp: verify sig and extract sbom Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip read attestation without scheme Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * mvp consuming attestations - needs unit tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove prototype file Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * drop local syft from go.mod Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix order of sbom parsing strategies Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * handle implicit attestation input Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add test for invalid attestation key Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * rebase and go-mod-tidy Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * consume attestation via stdin Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * attestation test for stdin Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * validate input and content for attestation Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add stdin test Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix config tags Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add int test to ignore attestation validation Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix cycloneDX attestation fixture Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add tampered att test Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add tampered predicate type test Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * improve docs/help on atttestation Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * upgrade to latest syft Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fall through when guessing between sbom and att Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix butter finger rebase Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * drop default key value Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * assert error messages Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * better test/cli coverage Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix stdin decode test Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix goimports Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * tui - verified attestation and feedback changes Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * better naming Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add attestation section to config file Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * emit event for skipped verification Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * use public key name Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * nit Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>	2022-04-21 11:52:42 -07:00
Alex Goodman	9cc1c72169	Preserve package IDs on Syft JSON SBOM decode (#731 )	2022-04-18 18:22:58 +00:00
Christopher Angelo Phillips	95f68b4c33	Add java.Matcher configuration to includes maven upstream sha1 query (#714 )	2022-04-13 13:01:22 -04:00
Alex Goodman	c36e9df887	Use CGO-less sqlite GORM driver (#705 )	2022-04-04 18:40:29 +00:00
Jonas Xavier	182c86d11d	Migrate LocationSet and add Dart support (#703 )	2022-04-01 08:21:37 -07:00
Keith Zantow	44e676488e	Update syft to v0.42.4 (#697 )	2022-03-24 14:11:17 -04:00
Keith Zantow	d8e1c37cd1	Update syft to v0.42.3 (#690 )	2022-03-23 17:57:06 -04:00
Alex Goodman	9fc6fb8a32	Bump strset version to fix 386 builds (#689 )	2022-03-23 18:27:11 +00:00
j-k	d40fb77c1a	Correct go.mod to enforce go 1.18 (#685 ) Since grype now depends on debug/buildinfo go 1.18 is required to build grype and as such go.mod needs updating Signed-off-by: 06kellyjac <jack@control-plane.io>	2022-03-22 09:33:35 -04:00
Keith Zantow	f004f7dee3	Update Syft to 0.42.1 (#683 )	2022-03-21 20:11:40 +00:00
Jonas Xavier	dae6411c5c	upgrade github workflows to go 1.18 (#649 ) * upgrade github workflows to go 1.18 Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * upgrade syft & set go1.18 for CI workflows Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add go1.17 static analysis Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix yaml comment Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-03-17 14:58:20 -07:00
Keith Zantow	60c2968953	Update Syft to v0.41.6 (#670 )	2022-03-16 12:48:42 -04:00
Keith Zantow	cbdec2ae5e	Update to Syft v0.41.4 (#664 )	2022-03-14 17:15:09 -04:00
Keith Zantow	bc8f8414ca	Add SARIF presenter option (#654 )	2022-03-14 12:13:37 -04:00
Keith Zantow	ff424d3adc	Bump Syft for CycloneDX input (#650 )	2022-03-02 10:05:01 -05:00
Alex Goodman	16cd14519a	Bump syft to release version v0.39.0 (#645 ) * bump syft to v0.39.0 Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update ByCriteria to log error on failure Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * integration tests now pass Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * bump to v0.39.3 Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * raise search failures to warn Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * tidy go.mod/sum Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-02-26 17:28:08 -05:00
Alex Goodman	f29a0d06d8	Bump syft to v0.38.0 for release (#635 )	2022-02-15 19:03:55 +00:00
Alex Goodman	5aa85338d6	Normalize release assets and refactor install.sh (#630 ) * refactor release to keep snapshot assets in parity with release assets Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * refactor install.sh and put under test Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * tidy go.sum Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add mac acceptance test to github actions workflow Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rm use of goreleaser in cli tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * go mod tidy with go 1.17 Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-02-11 19:24:25 +00:00
Christopher Angelo Phillips	d2dba7d14a	update golang crypto to resolve CVE-2020-29652 (#631 ) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-02-11 13:37:17 -05:00
Christopher Angelo Phillips	16e6bee766	update go -> 1.17 (#628 ) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-02-11 10:50:13 -05:00
Alex Goodman	c9f2716389	Abstract upstream package before matching (#607 ) * add metadata extraction from pURLs Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * extract upstream packages before matching Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * put pkg.UpstreamPackages under test Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove pURL related processing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * pull in syft spdx decoding Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * allow for more flexible GHSA namespace and source extraction Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add matching parity integration tests for all supported formats Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump syft to get spdx tv fix Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-02-10 21:43:12 +00:00
Jonas Xavier	42ca8c61d3	Ensure completion of UI progress bar (#627 )	2022-02-10 08:03:15 -08:00
Jonas Xavier	a8c65807fc	update stereoscope version to include Podman (#612 ) * update stereoscope Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * test stereoscope with fix Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove mod replacement and use latest stereoscope Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-02-01 14:45:11 -08:00
Sambhav Kothari	346df07df5	Add sprig templating functions for grype output (#610 ) Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net>	2022-01-28 11:27:27 -05:00
Alex Goodman	2f8682b3db	Add ability to merge matches (#602 ) * enable merging of matches Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add ability for matches constructor to take initial matches Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update tests to include IDs on package objects Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rename common matcher helper package to search package Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rename search functions and add SearchByCriteria Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * cleanup imports Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-01-25 10:29:16 -05:00
Christopher Angelo Phillips	e453a06551	upgrade syft to v0.36.0 (#597 ) * upgrade syft dependencies Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * add basic metadata for coverage Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-01-20 12:47:15 -05:00
Dan Luhring	bc0f4eb9b2	Bump syft to include file source fix (#596 ) Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2022-01-18 19:29:31 +00:00
Christopher Angelo Phillips	a2e82ee8f0	Update goreleaser so Windows included in checksum (#594 ) * update goreleaser so windows included in checksum Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-01-14 13:13:17 -05:00
Alex Goodman	6e3aa6a8d7	Add strong distro type (#585 ) * add strong distro type Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * nit changes Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update grype/db package to use distro pointer Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * source distro type from release name Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump syft to pull in distro type updates Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump lint timeout Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-01-12 13:47:27 -05:00
Alex Goodman	2647cd0d9e	Port grype-db to grype (#587 ) * port grype-db to grype Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * migrate vulnerability provider implementation to db package Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * upgrade path import validations Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting issues Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-01-12 10:03:22 -05:00
Christopher Angelo Phillips	24ef03efc4	update to secure syft version (#586 ) * update to secure syft version Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * go mod tidy Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-01-11 10:33:58 -05:00
Christopher Angelo Phillips	7fbe20c223	upgrade stereoscope (#584 ) * bump stereoscope to remove vulnerable containerd Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * go mod tidy Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-01-10 15:05:52 -05:00
Christopher Angelo Phillips	64d4dbb993	update syft version for new release (#578 ) * update syft Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * update CatalogPackages to use new cataloger config struct Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * add new valid CPE to matcher tests Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * update integration tests Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-01-07 17:57:44 -05:00
Alex Goodman	b100315292	bump syft to v0.34.0 (#567 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-12-22 16:20:23 -05:00
Keith Zantow	647d6fb770	Add --exclude flag (#551 )	2021-12-21 12:52:07 -05:00
Alex Goodman	4f964c4ee2	bump syft to v0.33.0 (#550 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-12-16 09:49:36 -05:00
Alex Goodman	81a16c4142	bump syft to v0.32.2 (#541 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-12-14 17:39:05 +00:00
Alex Goodman	3f23425fa5	bump syft to v0.32.1 (#535 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-12-14 02:03:13 +00:00
Alex Goodman	f2d02b0b09	pull in binary panic fix; closes #526 (#528 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-12-10 18:03:13 +00:00
Alex Goodman	e62186725b	bump syft to v0.32.0 (#524 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-12-08 21:52:34 +00:00
Bala Raman	8abc83f685	Adding AlmaLinux OS Support (#514 ) * Adding AlmaLinux OS Support Signed-off-by: Bala Raman <srbala@gmail.com> * incorporate grype-db updates for ALMA linux Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2021-12-07 16:55:33 -05:00
Alex Goodman	270606ad37	bump syft to v0.31.0 (#517 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-12-03 16:56:43 +00:00

1 2 3 4

169 commits