Mirrors/grype
2
0
Fork 0
mirror of https://github.com/anchore/grype synced 2024-11-10 14:44:12 +00:00
Code Issues Projects Releases Packages Wiki Activity
387 commits 36 branches 157 tags 14 MiB
Commit graph

387 commits

This branch
This branch
All branches
Author SHA1 Message Date
Alex Goodman
594cfd05c9
add java virutal path to package metadata 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2021-05-24 11:23:31 -04:00
Alex Goodman
ecd8fd0e64
Merge pull request #319 from anchore/show-pkg-metadata 
Show limited package metadata in json presenter
 2021-05-24 09:35:08 -04:00
Alex Goodman
400ccb2f1d
show limited package metadata in json presenter 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2021-05-24 09:17:33 -04:00
Alex Goodman
f97f56b6d1
Merge pull request #313 from anchore/add-json-sorting 
Add package sorting for artifacts in json document
 2021-05-18 15:58:48 -04:00
Alex Goodman
48e479a78a
split out matches sort testing into pairs in same dimension 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2021-05-18 15:47:22 -04:00
Alex Goodman
a8577eade7
add package sorting for artifacts in json document 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2021-05-11 16:40:27 -04:00
Alex Goodman
3c13966407
Merge pull request #312 from anchore/fix-compare-test 
Fix acceptance tests
 2021-05-07 15:04:23 -04:00
Alex Goodman
2ecf5a58f0
remove upper limit to alpine-vuln inline-compare testing 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2021-05-07 14:59:35 -04:00
Alex Goodman
374d9c3d21
Merge pull request #303 from anchore/fix-alpine-matching 
Adjust Alpine matching to lean on NVD matches when possible
 2021-05-07 14:01:24 -04:00
Alex Goodman
55eeb45f6f
rm NVD reference from comment 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2021-05-07 13:57:35 -04:00
Alex Goodman
bd182a81dc
add namespace to search match section in apk tests 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2021-05-07 13:57:34 -04:00
Alex Goodman
33b59d544e
add apk matcher case for mismatched product and package names 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2021-05-07 13:57:34 -04:00
Alex Goodman
1c4a18b6c0
breakout cpe-secdb deduplication into separate function 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2021-05-07 13:57:34 -04:00
Alex Goodman
4bc28bfb8e
add logic for set(nvd) - set(secDbFixed) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2021-05-07 13:57:34 -04:00
Alex Goodman
5e1826eeb4
ensure empty constraints always are satisfied 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2021-05-07 13:57:34 -04:00
Alex Goodman
ce0bc73ede
adjust alpine matching to be able to independenly rely on nvd 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2021-05-07 13:57:34 -04:00
Dan Luhring
dfaa1c4102
Merge pull request #311 from anchore/link-back-to-syft 
Include references back to Syft
 2021-05-06 14:44:56 -04:00
Dan Luhring
be81dbb746
Expand out SBOM acronym 
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
 2021-05-06 14:35:32 -04:00
Dan Luhring
8e153c9120
Include references back to Syft 
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
 2021-05-06 14:20:03 -04:00
Alfredo Deza
eb41d80285
Merge pull request #308 from anchore/issue-286 
Support for MSRC matching
 2021-05-04 09:54:12 -04:00
Alfredo Deza
878e312de1 remove msrc fromo defined matchers - can't use a container to catalog 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2021-05-03 14:56:00 -04:00
Alfredo Deza
c8a3ed226c add tests for kb constraints 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2021-05-03 14:56:00 -04:00
Alfredo Deza
b817bd16be include new kbFormat in versions and constraint handling 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2021-05-03 14:56:00 -04:00
Alfredo Deza
e7a8d9797f fix incorrect error message in rpm constraint 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2021-05-03 14:56:00 -04:00
Alfredo Deza
b07922a8e4 add kb version and constraints 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2021-05-03 14:56:00 -04:00
Alfredo Deza
6a7a0a7e01 update dependencies 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2021-05-03 14:56:00 -04:00
Alfredo Deza
7f874dff78 support msrc namespace in vulnerabilities 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2021-05-03 14:56:00 -04:00
Alfredo Deza
8b1434d7d5 add msrc matching logic 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2021-05-03 11:31:25 -04:00
Alex Goodman
3551b3a367
Merge pull request #299 from anchore/add-match-record-namespace 
Add grype db namespace indication in match details
 2021-04-29 09:18:27 -04:00
Alex Goodman
67ef73074f
simplify common matcher test helper function 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2021-04-29 09:14:35 -04:00
Alex Goodman
acf60ad0cf
normalize grypeDbNamespace to namespace 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2021-04-29 09:14:35 -04:00
Alex Goodman
36735af68e
add grype db namespace indication in match details 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2021-04-29 09:14:34 -04:00
Alex Goodman
5b8c650456
Merge pull request #302 from anchore/add-db-data-to-json 
Add DB information to json descriptor block
 2021-04-28 10:16:32 -04:00
Alex Goodman
269d93cd57
update db status and add to json descriptor block 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2021-04-28 10:12:12 -04:00
Alex Goodman
0a46e54aae
Merge pull request #306 from anchore/bump-syft-v0.15.1 
Update Syft to v0.15.1
 2021-04-22 17:34:03 -04:00
Alex Goodman
28f6051204
update syft to v0.15.1 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2021-04-22 17:29:01 -04:00
Alex Goodman
1a6a1a36fd
Merge pull request #301 from anchore/bump-go-mod-go-version 
Bump go.mod minimum required go version to 1.16
 2021-04-16 09:02:44 -04:00
Alex Goodman
6ad5e94674
bump go.mod minimum required go version 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2021-04-16 08:55:03 -04:00
Alex Goodman
e9a78b1d1d
Merge pull request #300 from anchore/update-comment 
Remove tar test testify comment
 2021-04-15 16:16:56 -04:00
Alex Goodman
80fccec6f8
remove tar test testify comment 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2021-04-15 15:39:26 -04:00
Alex Goodman
84cc4748cf
Merge pull request #294 from anchore/add-safe-join 
Safely join paths derived from tar headers
 2021-04-15 13:13:24 -04:00
Alex Goodman
34fa1cf0c8
adjust zip slip attack error message 
Co-authored-by: Alfredo Deza <adeza@anchore.com>

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2021-04-15 08:53:57 -04:00
Alex Goodman
a958acc57b
safely join paths derived from tar headers 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2021-04-15 08:53:57 -04:00
Alex Goodman
48f12f7b7a
Merge pull request #297 from anchore/bootstrap-go-mod-tidy 
Ensure consistent go.sum state during release
 2021-04-14 17:30:53 -04:00
Alex Goodman
6ddea51209
go mod tidy during bootstrap target to ensure consistent go.sum state 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2021-04-14 16:56:25 -04:00
Alex Goodman
ebe23d582a
Merge pull request #296 from anchore/fix-release-pipeline 
Fix release pipeline quality gate
 2021-04-14 15:02:12 -04:00
Alex Goodman
a0767aaa04
fix release pipeline quality gate 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2021-04-14 14:56:56 -04:00
Alex Goodman
9d94879ffc
Merge pull request #293 from anchore/add-registry-follow-up 
Modify registry credential verification
 2021-04-14 09:54:48 -04:00
Alex Goodman
007542a1d1
dont append registry auth if potentially empty 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2021-04-14 09:21:04 -04:00
Dan Luhring
6345251b61
Merge pull request #292 from anchore/fix-column-mismatch 2021-04-14 09:18:14 -04:00