Mirrors/grype
2
0
Fork 0
mirror of https://github.com/anchore/grype synced 2024-11-10 14:44:12 +00:00
Code Issues Projects Releases Packages Wiki Activity
211 commits 36 branches 157 tags 14 MiB
Commit graph

211 commits

This branch
This branch
All branches
Author SHA1 Message Date
Alfredo Deza
578afab216 update go.mod and go.sum 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-09-23 16:58:14 -04:00
Alex Goodman
c73a33700a
fix replacement of results with matches (#158) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-09-22 16:10:23 -04:00
Alex Goodman
f0f8f4bf02
add --fail-on threshold support (#156) 
* add --fail-on threshold support

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* rename fail-on support functions and variables

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* remove UK spelling of canceled

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-09-21 17:12:21 -04:00
Alfredo Deza
0397206376
Merge pull request #154 from anchore/issue-148 
Add CycloneDX schema validation
 2020-09-21 16:07:44 -04:00
Alfredo Deza
ca19b08850 presenter: cyclonedx shouldn't eat up errors 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-09-21 15:35:43 -04:00
Alfredo Deza
7b71401c26 cyclonedx tests: update BD name to use grype instead of syft 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-09-21 15:35:43 -04:00
Alfredo Deza
2d448390d6 presenter: cyclonedx document updates to pass schema validation 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-09-21 15:35:43 -04:00
Alfredo Deza
4f78b57a63 presenter: cyclonedx vulnerability schema fixes 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-09-21 14:53:23 -04:00
Alfredo Deza
2b8dfc2d75 temporary bump of go deps for testing 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-09-21 11:17:51 -04:00
Alfredo Deza
0fb5080735 presenter: add new golden files for cyclonedx tests 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-09-21 11:17:51 -04:00
Alfredo Deza
46f39486ab presenter: remove unneeded golden files 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-09-21 11:17:51 -04:00
Alfredo Deza
3de06ce3f6 presenter: join dir+img presesnter tests for cyclonedx 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-09-21 11:17:51 -04:00
Alfredo Deza
298a8019fc tests: update CycloneDX presenters with new namespaces 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-09-21 11:17:51 -04:00
Alfredo Deza
80d494b79c presenter: add xmlns for bd and v namespaces in cyclonedx output 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-09-21 11:17:51 -04:00
Alfredo Deza
3a5721801e ci: hook the cyclonedx validation into CircleCI 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-09-21 11:17:51 -04:00
Alfredo Deza
57d777cf04 tests: add cyclonedx schema check 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-09-21 11:17:51 -04:00
Sam Dacanay
2c1ddbecc4
Merge pull request #152 from anchore/fix-json-keys 
Change kebab case to camelCase
 2020-09-21 08:17:32 -07:00
Samuel Dacanay
cb437b6721 Change kebab case to camelCase, use updated syft version 
Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com>

Ignore packageurl-go which is a dependency from syft, and has a weird license format

Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com>
 2020-09-21 08:12:31 -07:00
Alex Goodman
ca8ac613e0
Rename Result object to Matches (#153) 
* rename result to matches

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* renames NewResult to NewMatches

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-09-17 06:02:17 -04:00
Sam Dacanay
ad7d9d5fdb
Merge pull request #151 from anchore/fix-version-json-output-casing 
Fix json keys to be camel case instead of kebab
 2020-09-14 13:51:39 -07:00
Samuel Dacanay
9fa5064107 Fix json keys to be camel case instead of kebab 
Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com>
 2020-09-14 13:47:30 -07:00
Sam Dacanay
293368e25e
Shell completion via Cobra utility (#149) 
* Add completion script, ValidArgsFunction to root command to list docker images using docker go sdk, and update README

Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com>

Remove support for zsh and powershell completion, as it doesnt work out of the box, and currently dont have a way to test powershell. Reported an issue with Cobra ZSH completion script generation as there are 2 bugs in it AFIACT

Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com>

* add zsh with cobra master branch

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
 2020-09-14 09:06:29 -07:00
Alex Goodman
0f970816a2
add positional argument validation (#150) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-09-12 20:04:39 -04:00
Alex Goodman
1338850a8e
Add fixed-in-version to the presenters (#147) 
* add fix-in-version to the json and table presenters

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* incorporate grype-db fixed-in updates

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-09-09 12:55:22 -04:00
Alex Goodman
bd50ffc585
Change search key json output to a map (#146) 
* change search key json output to a map

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add documentation around the match object

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-09-08 11:23:29 -04:00
Alfredo Deza
c0efed5027
Merge pull request #143 from anchore/issue-39 
cyclonedx presenter
 2020-08-31 15:42:55 -04:00
Alfredo Deza
c7689556be presenter: cyclonedx tests 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-08-31 15:40:27 -04:00
Alfredo Deza
8fc7efd464 result: add a helper to get packages by ID 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-08-31 15:24:09 -04:00
Alfredo Deza
444b191404 presenter: set the options to hook CycloneDX output 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-08-31 15:24:09 -04:00
Alfredo Deza
48c3c2ab35 presenter: add a cyclonedx presenter 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-08-31 15:24:09 -04:00
Alfredo Deza
8e8ad489f9 dependencies: update to latest syft and include uuid 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-08-28 13:38:56 -04:00
Alfredo Deza
b77e023be8
Merge pull request #137 from anchore/issue-94 
Prevent duplicates, expand on matching information
 2020-08-25 13:58:34 -04:00
Alfredo Deza
d2949a2ddd matcher: add duplicate to demonstrate they don't show up 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-08-25 13:26:38 -04:00
Alfredo Deza
89f8ac49b9 test: update integration to match new SearchMatches 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-08-25 11:53:23 -04:00
Alfredo Deza
46f614d912 tests: json presenter output updated 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-08-25 11:53:23 -04:00
Alfredo Deza
5428cc25af presenter: json to use a string for the search key, not a map 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-08-25 11:53:23 -04:00
Alfredo Deza
2d7af0b10a matchers: use strings for SearchKeys 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-08-25 11:53:23 -04:00
Alfredo Deza
87c267f7ad matchers: cpe should prevent duplicates by not adding already present CPEs 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-08-25 11:53:23 -04:00
Alex Goodman
b8a4183fc2 vuln matches should include search matches 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-08-25 11:53:23 -04:00
Alex Goodman
651751f698
simplify version cmd + add json option (#139) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-08-25 11:51:24 -04:00
Zach Hill
be6a7ea4f5
Update README.md to highlight supported distros and languages (#135) 
* Update README.md to highlight supported distros and languages

Same content, just bullet points instead of a single item for each type. Just visually easier to identify if you're looking for this info.

Signed-off-by: Zach Hill <zach@anchore.com>

* incorporated README feature comments

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
 2020-08-24 12:27:07 -04:00
Alfredo Deza
8757b470cc
Merge pull request #136 from anchore/issue-py-setup 
Match on `setup.py` files
 2020-08-18 12:27:42 -04:00
Alfredo Deza
b0c6dc2fb1 test: update scope.FilesByGlob, it is now part of Resolver 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-08-18 11:31:07 -04:00
Alfredo Deza
b8e9431f89 dependencies: bump to latest syft that includes setup.py support 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-08-17 17:24:43 -04:00
Alfredo Deza
618672a014 matcher: use pkg.PythonSetupPkg as well 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-08-17 12:05:00 -04:00
Alex Goodman
3836626031
add demo gif (#134) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-08-14 15:03:29 -04:00
Dan Luhring
d3987d7e3e
Update modules (#127) 
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
 2020-08-13 14:20:53 -04:00
Alfredo Deza
66b2512780
Merge pull request #124 from anchore/issue-91 
Explicitly use PythonFormat to address PEP440 rules
 2020-08-13 10:09:36 -04:00
Alfredo Deza
b237bf985b test: fuzzyConstraint needs a hint now, update tests 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-08-12 13:55:41 -04:00
Alfredo Deza
75b3537781 version: use hint if provided 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-08-12 13:55:41 -04:00