Mirrors/grype
2
0
Fork 0
mirror of https://github.com/anchore/grype synced 2024-11-10 14:44:12 +00:00
Code Issues Projects Releases Packages Wiki Activity
264 commits 36 branches 157 tags 14 MiB
Commit graph

40 commits

Author SHA1 Message Date
Alex Goodman
627aa77842
remove CPE generation (rely on static CPES from syft instead) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-11-20 06:43:45 -05:00
Alex Goodman
25d6ec6c79
add SBOM JSON document input from syft 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-11-17 17:55:24 -05:00
Alex Goodman
98a17355c5
remove constraint panics & invalid test assertiona (handle pre-release TODOs) (#171) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-09-29 10:20:51 -04:00
Alex Goodman
326afa3c41
Add OCI support + use URI schemes (#160) 
* add oci support + update image schemes

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* update to oci-dir

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* bump upstream stereoscope, testutils, and syft pins

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* fix malformed go.sum

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* pull in upstream syft json presenter updates

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-09-25 14:18:03 -04:00
Alex Goodman
c73a33700a
fix replacement of results with matches (#158) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-09-22 16:10:23 -04:00
Alex Goodman
f0f8f4bf02
add --fail-on threshold support (#156) 
* add --fail-on threshold support

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* rename fail-on support functions and variables

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* remove UK spelling of canceled

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-09-21 17:12:21 -04:00
Alex Goodman
ca8ac613e0
Rename Result object to Matches (#153) 
* rename result to matches

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* renames NewResult to NewMatches

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-09-17 06:02:17 -04:00
Sam Dacanay
293368e25e
Shell completion via Cobra utility (#149) 
* Add completion script, ValidArgsFunction to root command to list docker images using docker go sdk, and update README

Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com>

Remove support for zsh and powershell completion, as it doesnt work out of the box, and currently dont have a way to test powershell. Reported an issue with Cobra ZSH completion script generation as there are 2 bugs in it AFIACT

Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com>

* add zsh with cobra master branch

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
 2020-09-14 09:06:29 -07:00
Alex Goodman
6de7e4030d
finalize the json output (no schema yet) (#102) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-08-07 13:05:58 -04:00
Alex Goodman
f3756d0dc0
change default scope to squashed (from all-layers) (#95) 2020-08-06 08:27:09 -04:00
Alfredo Deza
c581a454f2 cmd: display help menu when no args are passed in - skip the error 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-08-03 16:00:12 -04:00
Alex Goodman
11731fac40
replace zap logger with logrus (#80) 2020-08-01 11:58:10 -04:00
Alex Goodman
6395481e73
Add ETUI (#77) 
* add base syft UI elements

* add etui with shared ui elements

* allow for concurrent download DB and fetch/catalog image
 2020-07-30 19:06:27 -04:00
Alex Goodman
4220fc60a7
Add default table presenter (#59) 
* add default table presenter

* compress table output

* fix table presenter found-by to use only search key
 2020-07-25 11:38:08 -04:00
Alfredo Deza
4eea5d00fc
Merge pull request #65 from anchore/dir-helpmenu 
cmd: add directory scan help entry
 2020-07-24 15:34:14 -04:00
Alex Goodman
fdbcc665a3
add update check to entrypoint (#67) 2020-07-24 14:24:16 -04:00
Alfredo Deza
4f6ebda460 cmd: add directory scan help entry 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-07-24 14:03:25 -04:00
Alex Goodman
564fffec6d
rename to grype 2020-07-23 21:29:05 -04:00
Alex Goodman
6340b2da3a
add release pipeline & replace imgbom with syft (#60) 2020-07-23 21:26:03 -04:00
Alex Goodman
bc3f298d64
use sqlite reader (remove a cgo dependency) (#57) 2020-07-21 13:41:48 -04:00
Alex Goodman
c8bca755ff
Add integration tests (#54) 
* add integration tests + add matcher types

* tweak db auto update var; rm dead cache cmd

* Update cmd/root.go

Co-authored-by: Alfredo Deza <adeza@anchore.com>

Co-authored-by: Alfredo Deza <adeza@anchore.com>
 2020-07-21 12:34:39 -04:00
Alex Goodman
66453e65f2
add app upate check on startup (#56) 2020-07-21 11:58:00 -04:00
Alex Goodman
c83ddc1fa2
validate input arg length (#55) 2020-07-20 12:00:25 -04:00
Alfredo Deza
924d7f9a28 cmd: use NewScope abstraction from imgbom, supports dirs/imgs 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-07-17 13:58:07 -04:00
Alex Goodman
bbff869499
Add matching by CPE (#40) 
* Commit just to share progress, needs to be squashed/fixed-up once working.

Signed-off-by: Zach Hill <zach@anchore.com>

* minor fixes

* add cpe obj

* add cpe matching

* report cpe in search key

* add verbose logging for matches; bump vulnscan-db ver

* add dev profiler option; tweak logging

* test support for CPE URI bindings

addresses https://github.com/anchore/vulnscan/pull/40#discussion_r455389937

* rename nvdv2 to nvd

* reduce scope of cpe matching to non-distro packages

* normalize nil constraint strings

Co-authored-by: Zach Hill <zach@anchore.com>
 2020-07-16 15:12:19 -04:00
Alex Goodman
afb8597aa2
split vulnerability into index & metadata (#51) 2020-07-16 14:59:35 -04:00
Alex Goodman
12aeee3b92
add java matcher (#44) 2020-07-15 07:17:21 -04:00
Alex Goodman
765d5dfb5b
add rpm version + constraint, rpmdb matching; refactor dpkg constraint 2020-07-07 09:22:14 -04:00
Alex Goodman
9c70953dfb
add curation of db file 2020-06-19 10:57:06 -04:00
Alfredo Deza
7f00f5c945 cmd: automatically detect distro based on img input 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-06-18 17:43:50 -04:00
Alfredo Deza
4fc7fbc1fd cmd: default to json output, connect to presenter 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-06-18 10:12:23 -04:00
Alex Goodman
622f09feff
add matcher tests + dpkg constraint adapter (add <) 2020-06-04 10:23:18 -04:00
Alex Goodman
d9c922218c
add store provider tests 2020-06-02 20:54:19 -04:00
Alex Goodman
88eecbd2de
add indirect dpkg source matching 2020-06-02 17:22:57 -04:00
Alex Goodman
b72e25afea
add sqlite vulnscan-db integrations 2020-06-02 14:12:20 -04:00
Alex Goodman
490ba9cd4b
rename os -> distro 2020-06-01 10:43:58 -04:00
Alex Goodman
aacc624033
add FindVulnerability lib function, wire up main with matcher 2020-06-01 07:21:07 -04:00
Alex Goodman
02556fdd9c
add basic matching execution flow 2020-05-28 18:28:29 -04:00
Alex Goodman
d813ac84ca
add CLI commands / subcommands 2020-05-26 13:31:50 -04:00
Alex Goodman
3c6ae01619
initial project structure 2020-05-26 10:41:23 -04:00