* update command to take in SYFT_VERSION
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* add dynamic input to build command for ci
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
Grype DB Builder was changed to use single quotes instead of double quotes for version constraints. This change broke constraint matching for vulndb records. This change fixes that by adding support for single quotes to the parseUnit function in grype/version/constraint_unit.go.
* Update constraint unit parser to remove single quotes as well as double quotes from a constraint unit. This will allow vulndb constratints to match again.
* Add unit test for quoted fuzzy constraints.
Signed-off-by: Vijay Pillai <vijay.pillai@anchore.com>
* bump syft to the newest 0.23.0 version - tidy mod
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* update integration test to use new pointer
syft source.New() was changed to return a pointer
rather than value for 0.23.0 this commit updates our
integration tests to reflect that change
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* Update go-version package and add test
This is being updated due to an issue that was encountered in the lessThanEqual constraint in go-version: https://github.com/anchore/go-version/pull/2. Was disovered while adding tests for apk origin package matching
Signed-off-by: Zane Burstein <zane.burstein@anchore.com>
* Added matching with source package for apk
This change allows grype to match with a packages source package for apk. Adds APKMetadata with OriginPackage, new matching logic in apk matchers, and tests
Signed-off-by: Zane Burstein <zane.burstein@anchore.com>
Previous install of goreleaser v 0.160.0 was being done with curl command to https://install.goreleaser.com/github.com/goreleaser/goreleaser.sh, but there have been changes to that script that broke bootstrap. Copied the shell script to repo and changed the checksum file name to goreleaser_checksums.txt
Signed-off-by: Zane Burstein <zane.burstein@anchore.com>
* include source RPM release in version used for matching
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* include package name and version searched by in search details
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update test to be table for future regression
Refactor test to assert on public contract of Match
Add base case as first table
TODO:
- Ask about buisness case of Public vs private method
- Add back second case regarding ignore source
- Add cases testing new regexp against variant package types
Signed-off-by: Christopher Phillips <cphillips918@gmail.com>
* add question for tests - base case passing
Signed-off-by: Christopher Phillips <cphillips918@gmail.com>
* update test to cover removed cases
Signed-off-by: Christopher Phillips <cphillips918@gmail.com>
* update with capture group names
Signed-off-by: Christopher Phillips <cphillips918@gmail.com>
* add failing test case for #376
Signed-off-by: Christopher Phillips <cphillips918@gmail.com>
* add version parse for indirect match
Signed-off-by: Christopher Phillips <cphillips918@gmail.com>
* remove debug and comments
Signed-off-by: Christopher Phillips <cphillips918@gmail.com>
* update regex based on PR feedback
Signed-off-by: Christopher Phillips <cphillips918@gmail.com>
* update matcher to use named capture groups
Signed-off-by: Christopher Phillips <cphillips918@gmail.com>
* add regression comment to test
Signed-off-by: Christopher Phillips <cphillips918@gmail.com>
* update to add back old case
Signed-off-by: Christopher Phillips <cphillips918@gmail.com>
* remove warning since we no longer will get multi
Signed-off-by: Christopher Phillips <cphillips918@gmail.com>
* remove wantErr
Signed-off-by: Christopher Phillips <cphillips918@gmail.com>
* bump untar file size threshold
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* adjust variable names and comments around copyWithLimits for tar processing
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* use squashed grype-db branch
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add more tests around the msrc matcher
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* incorporate the grype-db updates for msrc
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Because Grype scanner produces CycloneDX output with lower case component tags instead of upper case.
Signed-off-by: Robin Li <lrobin@vmware.com>
Co-authored-by: Robin Li <lrobin@vmware.com>
