* Add test to assert no panic in FromCatalog
Signed-off-by: Dan Luhring <dan+github@luhrings.com>
* Adjust loop to append packages
Signed-off-by: Dan Luhring <dan+github@luhrings.com>
The io/ioutil package has been deprecated as of Go 1.16, see
https://golang.org/doc/go1.16#ioutil. This commit replaces the existing
io/ioutil functions with their new definitions in io and os packages.
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
* Adding AlmaLinux OS Support
Signed-off-by: Bala Raman <srbala@gmail.com>
* incorporate grype-db updates for ALMA linux
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
* add db list command
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add stderr print helper
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update docs to with details about listing files and DB curation
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update syft and jotframe
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update validations and release pipeline
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* moved terminal package to golang.org/x/term
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update integration tests to account for package relationships
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add license exception for xz
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update Location and Coordinate references
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove benchmark tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove mac acceptance tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add syft-grype relationship notes in DEVELOPING.md
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* Add injectable HTTP client to file getter
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* WIP: Map config for custom CA certs
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* update curator and add tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add TLS helper scripts
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove grype-db local mod edit
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* tidy go modules
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* use ssl.context over deprecated fn
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* disallow tls 1 and 1.1
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* suppress non-archive sources for fetch-to-dir capability
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* ensure DB load failure does not panic
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* address review comments
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
- Update grype-db dependency for the distro-feed namespace mapping
- Add test to verify the above mapping
Signed-off-by: Swathi Gangisetty <swathi@anchore.com>
* update syft version with correct arguments
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* bump integration tests with new presenter format
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* update integration tests to remove php-composer failure
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* use named pipe bit on stdin as indicator for piped input
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* ensure stdin is ignored when the CLI hints are present
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add CLI test to cover subprocess integration behavior
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* added test case for java regression
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove extra line in makefile
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* see if QEMU offers support
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* update QEMU support before cli verification
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* update grype to compile windows
Signed-off-by: spiffcs <christopher.phillips@anchore.com>
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* update go mod with new stereoscope
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* update build comments
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* small build tags
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* add goreleaser windows
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* bump syft version
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* update tests
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* update test images to use newest pinned golang
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* Remove webinar announcement
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* Document only-fixed feature
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* Expand docs for Grype database
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* List out allowed values for fix-state
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* add binary for arm64 to release process
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* update from darwin -> linux
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* disable etui when piping input
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* restore jotframe version
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove test code
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* raise error from IsPipedInput
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* factor out verbosity check to function
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* Silence usage and errors on root command
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* show help when no args are given
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove comments
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add cli test for help behavior
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
Add --only-fixed option to root command. Grype will now exit with status code 0 when passing this option if vulnerabilities are detected but have no upstream resolution.
* update config with new option
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* add flag into root cmd
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* Retrieve target from directory sbom types in addition to image types
Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com>
* add dir sbom ingest test
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
* Make installation methods more obvious
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* Add badge for joining Slack
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* Document requirement for signed commits
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
