* add db staleness check
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* less config fields
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* fix import order
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* warn even when set to not error on staleness
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* nits
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* nits
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* feedback changes
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* lint fix
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* fix test
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* consistent log message
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* consistent new version message
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* feedback changes
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* human friendly time durations
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* fix typo
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* feedback changes
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* cleaner tests and default db value
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* support filtering matches based on Namespace
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* support filtering matches based on package language
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* add tests for filtering matches on Namespace and Language
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* update README for new ignore rule criteria
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* fix linting errors
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* add key flag to attest validation
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* mvp: verify sig and extract sbom
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* wip read attestation without scheme
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* go mod tidy
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* mvp consuming attestations - needs unit tests
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* remove prototype file
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* drop local syft from go.mod
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* fix order of sbom parsing strategies
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* handle implicit attestation input
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* wip
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* add test for invalid attestation key
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* rebase and go-mod-tidy
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* consume attestation via stdin
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* attestation test for stdin
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* validate input and content for attestation
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* add stdin test
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* fix config tags
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* add int test to ignore attestation validation
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* fix cycloneDX attestation fixture
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* add tampered att test
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* add tampered predicate type test
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* improve docs/help on atttestation
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* feedback changes
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* upgrade to latest syft
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* fall through when guessing between sbom and att
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* go mod tidy
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* fix butter finger rebase
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* drop default key value
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* assert error messages
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* better test/cli coverage
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* fix stdin decode test
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* fix goimports
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* tui - verified attestation and feedback changes
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* better naming
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* add attestation section to config file
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* emit event for skipped verification
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* use public key name
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* feedback changes
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* nit
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* add db list command
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add stderr print helper
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update docs to with details about listing files and DB curation
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* Remove webinar announcement
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* Document only-fixed feature
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* Expand docs for Grype database
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* List out allowed values for fix-state
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* Make installation methods more obvious
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* Add badge for joining Slack
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* Document requirement for signed commits
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* Preliminary implementation of ignore rules
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* Support ignoring matches by package type
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* Add tests for ignore functionality
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* Add documentation for ignore rules and clean up README
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* Add test for glob location matching
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* Add announcement for KubeCon meetup
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* Remove warning about zsh completion
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
