Commit graph

25 commits

Author SHA1 Message Date
Alex Goodman
564fffec6d
rename to grype 2020-07-23 21:29:05 -04:00
Alex Goodman
6340b2da3a
add release pipeline & replace imgbom with syft (#60) 2020-07-23 21:26:03 -04:00
Alex Goodman
bc3f298d64
use sqlite reader (remove a cgo dependency) (#57) 2020-07-21 13:41:48 -04:00
Alex Goodman
c8bca755ff
Add integration tests (#54)
* add integration tests + add matcher types

* tweak db auto update var; rm dead cache cmd

* Update cmd/root.go

Co-authored-by: Alfredo Deza <adeza@anchore.com>

Co-authored-by: Alfredo Deza <adeza@anchore.com>
2020-07-21 12:34:39 -04:00
Alex Goodman
66453e65f2
add app upate check on startup (#56) 2020-07-21 11:58:00 -04:00
Alex Goodman
c83ddc1fa2
validate input arg length (#55) 2020-07-20 12:00:25 -04:00
Alfredo Deza
924d7f9a28 cmd: use NewScope abstraction from imgbom, supports dirs/imgs
Signed-off-by: Alfredo Deza <adeza@anchore.com>
2020-07-17 13:58:07 -04:00
Alex Goodman
bbff869499
Add matching by CPE (#40)
* Commit just to share progress, needs to be squashed/fixed-up once working.

Signed-off-by: Zach Hill <zach@anchore.com>

* minor fixes

* add cpe obj

* add cpe matching

* report cpe in search key

* add verbose logging for matches; bump vulnscan-db ver

* add dev profiler option; tweak logging

* test support for CPE URI bindings

addresses https://github.com/anchore/vulnscan/pull/40#discussion_r455389937

* rename nvdv2 to nvd

* reduce scope of cpe matching to non-distro packages

* normalize nil constraint strings

Co-authored-by: Zach Hill <zach@anchore.com>
2020-07-16 15:12:19 -04:00
Alex Goodman
afb8597aa2
split vulnerability into index & metadata (#51) 2020-07-16 14:59:35 -04:00
Alex Goodman
12aeee3b92
add java matcher (#44) 2020-07-15 07:17:21 -04:00
Alex Goodman
765d5dfb5b
add rpm version + constraint, rpmdb matching; refactor dpkg constraint 2020-07-07 09:22:14 -04:00
Alex Goodman
a004668056
add db archive import 2020-06-29 10:10:02 -04:00
Alex Goodman
9c70953dfb
add curation of db file 2020-06-19 10:57:06 -04:00
Alfredo Deza
7f00f5c945 cmd: automatically detect distro based on img input
Signed-off-by: Alfredo Deza <adeza@anchore.com>
2020-06-18 17:43:50 -04:00
Alfredo Deza
4fc7fbc1fd cmd: default to json output, connect to presenter
Signed-off-by: Alfredo Deza <adeza@anchore.com>
2020-06-18 10:12:23 -04:00
Alex Goodman
622f09feff
add matcher tests + dpkg constraint adapter (add <) 2020-06-04 10:23:18 -04:00
Alex Goodman
d9c922218c
add store provider tests 2020-06-02 20:54:19 -04:00
Alex Goodman
88eecbd2de
add indirect dpkg source matching 2020-06-02 17:22:57 -04:00
Alex Goodman
b72e25afea
add sqlite vulnscan-db integrations 2020-06-02 14:12:20 -04:00
Alex Goodman
490ba9cd4b
rename os -> distro 2020-06-01 10:43:58 -04:00
Alex Goodman
aacc624033
add FindVulnerability lib function, wire up main with matcher 2020-06-01 07:21:07 -04:00
Alex Goodman
02556fdd9c
add basic matching execution flow 2020-05-28 18:28:29 -04:00
Alex Goodman
4e310ebbe2
simplify initializers 2020-05-26 13:37:47 -04:00
Alex Goodman
d813ac84ca
add CLI commands / subcommands 2020-05-26 13:31:50 -04:00
Alex Goodman
3c6ae01619
initial project structure 2020-05-26 10:41:23 -04:00