Commit graph

48 commits

Author SHA1 Message Date
Alfredo Deza
578afab216 update go.mod and go.sum
Signed-off-by: Alfredo Deza <adeza@anchore.com>
2020-09-23 16:58:14 -04:00
Alfredo Deza
2b8dfc2d75 temporary bump of go deps for testing
Signed-off-by: Alfredo Deza <adeza@anchore.com>
2020-09-21 11:17:51 -04:00
Samuel Dacanay
cb437b6721 Change kebab case to camelCase, use updated syft version
Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com>

Ignore packageurl-go which is a dependency from syft, and has a weird license format

Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com>
2020-09-21 08:12:31 -07:00
Sam Dacanay
293368e25e
Shell completion via Cobra utility (#149)
* Add completion script, ValidArgsFunction to root command to list docker images using docker go sdk, and update README

Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com>

Remove support for zsh and powershell completion, as it doesnt work out of the box, and currently dont have a way to test powershell. Reported an issue with Cobra ZSH completion script generation as there are 2 bugs in it AFIACT

Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com>

* add zsh with cobra master branch

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
2020-09-14 09:06:29 -07:00
Alex Goodman
1338850a8e
Add fixed-in-version to the presenters (#147)
* add fix-in-version to the json and table presenters

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* incorporate grype-db fixed-in updates

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-09-09 12:55:22 -04:00
Alfredo Deza
8e8ad489f9 dependencies: update to latest syft and include uuid
Signed-off-by: Alfredo Deza <adeza@anchore.com>
2020-08-28 13:38:56 -04:00
Alfredo Deza
b8e9431f89 dependencies: bump to latest syft that includes setup.py support
Signed-off-by: Alfredo Deza <adeza@anchore.com>
2020-08-17 17:24:43 -04:00
Dan Luhring
d3987d7e3e
Update modules (#127)
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
2020-08-13 14:20:53 -04:00
Alex Goodman
56b9576a19
Add inline-comparison as acceptance test (#106)
* add inline-compare as acceptance tests

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* improve RPM matching with source indirection matching

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add comments to compare-* make targets

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* clean inline-compare image test names

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* bump syft version to get rpm field enhancements

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-08-10 11:03:48 -04:00
Alex Goodman
30d72dd476
fix spaces alignment on etui
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-08-07 18:19:25 -04:00
Alex Goodman
6de7e4030d
finalize the json output (no schema yet) (#102)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-08-07 13:05:58 -04:00
Alex Goodman
51479857e6
add description and cvss metadata to v1 schema (#100)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-08-06 13:15:22 -04:00
Dan Luhring
2cd127b932
Update pkg type (#87)
* Integrate Alex's changes

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Fix test issues

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Update syft dependency references

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
2020-08-05 08:18:24 -04:00
Alex Goodman
e1f4c549d5
bump syft for docker pull + UI elements for pull status (#81) 2020-08-03 18:07:33 -04:00
Alex Goodman
11731fac40
replace zap logger with logrus (#80) 2020-08-01 11:58:10 -04:00
Alex Goodman
861883c8d4
pull in fix for bounds check progress formatting values in etui 2020-07-31 06:57:05 -04:00
Alex Goodman
6395481e73
Add ETUI (#77)
* add base syft UI elements

* add etui with shared ui elements

* allow for concurrent download DB and fetch/catalog image
2020-07-30 19:06:27 -04:00
Alfredo Deza
561f7577c1 dependencies: bump to latest syft that includes yarn support
Signed-off-by: Alfredo Deza <adeza@anchore.com>
2020-07-30 09:35:53 -04:00
Alex Goodman
6ec1ce6ca6
use explicitly the v1 db schema 2020-07-27 08:49:39 -04:00
Alex Goodman
5051c6202d
simplify schema checks and update grype-db 2020-07-25 19:03:33 -04:00
Alex Goodman
4220fc60a7
Add default table presenter (#59)
* add default table presenter

* compress table output

* fix table presenter found-by to use only search key
2020-07-25 11:38:08 -04:00
Alex Goodman
695cc0f640
support version constraint || operator conjunctions (#66) 2020-07-24 14:20:26 -04:00
Alex Goodman
03005af2f2
rename grype-db 2020-07-24 06:59:14 -04:00
Alex Goodman
564fffec6d
rename to grype 2020-07-23 21:29:05 -04:00
Alex Goodman
6340b2da3a
add release pipeline & replace imgbom with syft (#60) 2020-07-23 21:26:03 -04:00
Alfredo Deza
8b17a43c28 dependencies: bump to latest imgbom
Signed-off-by: Alfredo Deza <adeza@anchore.com>
2020-07-23 13:30:12 -04:00
Alfredo Deza
6f06334b01 dependencies: bump to latest imgbom
Signed-off-by: Alfredo Deza <adeza@anchore.com>
2020-07-22 08:26:54 -04:00
Alex Goodman
bc3f298d64
use sqlite reader (remove a cgo dependency) (#57) 2020-07-21 13:41:48 -04:00
Alex Goodman
c8bca755ff
Add integration tests (#54)
* add integration tests + add matcher types

* tweak db auto update var; rm dead cache cmd

* Update cmd/root.go

Co-authored-by: Alfredo Deza <adeza@anchore.com>

Co-authored-by: Alfredo Deza <adeza@anchore.com>
2020-07-21 12:34:39 -04:00
Alfredo Deza
a9172fcd98 dependencies: update with latest imgbom
Signed-off-by: Alfredo Deza <adeza@anchore.com>
2020-07-17 13:58:07 -04:00
Alex Goodman
bbff869499
Add matching by CPE (#40)
* Commit just to share progress, needs to be squashed/fixed-up once working.

Signed-off-by: Zach Hill <zach@anchore.com>

* minor fixes

* add cpe obj

* add cpe matching

* report cpe in search key

* add verbose logging for matches; bump vulnscan-db ver

* add dev profiler option; tweak logging

* test support for CPE URI bindings

addresses https://github.com/anchore/vulnscan/pull/40#discussion_r455389937

* rename nvdv2 to nvd

* reduce scope of cpe matching to non-distro packages

* normalize nil constraint strings

Co-authored-by: Zach Hill <zach@anchore.com>
2020-07-16 15:12:19 -04:00
Alex Goodman
afb8597aa2
split vulnerability into index & metadata (#51) 2020-07-16 14:59:35 -04:00
Alex Goodman
12aeee3b92
add java matcher (#44) 2020-07-15 07:17:21 -04:00
Alex Goodman
2fa38cab3d
migrate to using siren-db lib (#48) 2020-07-14 10:21:20 -04:00
Alex Goodman
765d5dfb5b
add rpm version + constraint, rpmdb matching; refactor dpkg constraint 2020-07-07 09:22:14 -04:00
Alex Goodman
a004668056
add db archive import 2020-06-29 10:10:02 -04:00
Alex Goodman
92cf98ab12
sync vulnscan db changes 2020-06-28 07:22:27 -04:00
Alex Goodman
ce707a6f1a
fix testutils dependency 2020-06-22 14:42:14 -04:00
Alex Goodman
9c70953dfb
add curation of db file 2020-06-19 10:57:06 -04:00
Alfredo Deza
b484b85890 update dependencies
Signed-off-by: Alfredo Deza <adeza@anchore.com>
2020-06-18 10:12:41 -04:00
Alex Goodman
7593c31028
add python matcher 2020-06-05 10:00:14 -04:00
Alex Goodman
1ca035363a
add gem matcher 2020-06-04 15:40:40 -04:00
Alex Goodman
d9c922218c
add store provider tests 2020-06-02 20:54:19 -04:00
Alex Goodman
88eecbd2de
add indirect dpkg source matching 2020-06-02 17:22:57 -04:00
Alex Goodman
75ceb1af2d
pin to imgbom@master 2020-06-01 10:50:34 -04:00
Alex Goodman
e8e8f416d0
add version & version constraint support 2020-06-01 07:13:53 -04:00
Alex Goodman
02556fdd9c
add basic matching execution flow 2020-05-28 18:28:29 -04:00
Alex Goodman
3c6ae01619
initial project structure 2020-05-26 10:41:23 -04:00