Java packages are known to embed other ecosystem packages within them, so we don't want to currently make this assumption for any java language type packages
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* initial v4 schema setup
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* update v3 => v4 for unit tests
-- did NOT update
- grype/db/v3/*
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* use nullable string in sqlite so null values get represented correctly
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* add missing unit test case for dotnet
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* Add db writer function for calling sqlite vacuum
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* adding normalization of package names at database adapter layer
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* refactor namespaces for v4
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* update v4 stuff to use sqlite fork
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* Namespace should satisfy Stringer interface
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* normalize CPEs before comparison
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* vulnerability exclusion => vulnerability match exclusion
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* updates to vulnerability match exclusion models
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* add initial vulnerability match exclusion store unit tests
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* make vuln match exclusion constraints nullable
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* move vuln match namespace into constraints object and refactor
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* check db match constraints to ensure there aren't any unknown fields and add json hints
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* ensure we only keep compatible match exclusion constraints
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* use omitempty on all match exclusion structs
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* remove db v4 schema resolver and namespace types
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* rename Vacuum to Close
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* lint fixes + remove panic on vuln provider creation
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* WIP match exclusions
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* build list of ignore rules from v4 db records
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* quick attempt at a new uber object
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* just pass around the full object for now to quickly get to a usable state
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* fix panic when no vuln db loaded
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* use interfaces for db.store function signatures
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* Flatten the match exclusion constraint model to simplify logic
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* updating some tests
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* fix panic when no db update possible
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* more tests
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* WIP fixing match exclusion constraint usability and json mapping logic
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* add v4 db diff logic (excluding vulnerability_match_exclusion data for now)
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* lint fix
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* update integration tests
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* nvd -> nvd:cpe namespace updates
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* ensure test store uses v4 normalized names
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* set the grype db update url to staging for v4
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* prevent more segfaults on database open
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* add continue when unable to load ignore rules
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* remove db.Status from the Store object
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* fix compare_sbom_input_vs_lib_test.go
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* remove staging endpoint now that v4 is published
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
