grype

mirror of https://github.com/anchore/grype synced 2024-11-10 06:34:13 +00:00

Author	SHA1	Message	Date
Christopher Angelo Phillips	43c2d91f34	update log file permissions (#422 ) Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>	2021-09-21 12:14:38 -04:00
Christopher Angelo Phillips	fe00b3c314	Enhance version cmd with SYFT_VERSION (#420 ) * update command to take in SYFT_VERSION Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com> * add dynamic input to build command for ci Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>	2021-09-16 16:08:07 -04:00
Alex Goodman	bef03f70b3	Bump untar file size threshold (#392 ) * bump untar file size threshold Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * adjust variable names and comments around copyWithLimits for tar processing Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-08-23 09:16:35 -04:00
Keith Zantow	7b044b1154	Add option to enable http registry connections #334 (#380 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2021-08-17 12:52:08 -04:00
Dan Luhring	8da410c578	Allow registry auth config without authority value (#322 ) * Allow registry auth config without authority value Signed-off-by: Dan Luhring <dan.luhring@anchore.com> * Update CLI tests for new stereoscope log output Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-05-24 16:06:09 -04:00
Alex Goodman	80fccec6f8	remove tar test testify comment Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-15 15:39:26 -04:00
Alex Goodman	34fa1cf0c8	adjust zip slip attack error message Co-authored-by: Alfredo Deza <adeza@anchore.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2021-04-15 08:53:57 -04:00
Alex Goodman	a958acc57b	safely join paths derived from tar headers Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-15 08:53:57 -04:00
Alex Goodman	007542a1d1	dont append registry auth if potentially empty Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-14 09:21:04 -04:00
Alex Goodman	157640129e	add registry options to application configuration Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-13 16:09:38 -04:00
Dan Luhring	d4c3fa5f3b	Add tests for template presenter and consolidate data generation code Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-04-09 09:34:58 -04:00
Dan Luhring	eb74835a1a	Add template presenter Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-04-09 09:34:58 -04:00
Alex Goodman	07f61c0ff5	stage db by dir named by schema version Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-01 16:11:58 -04:00
Alex Goodman	976e3d68eb	pull in syft v0.14.0 and further decouple presenters from syft Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-01 10:01:07 -04:00
Alex Goodman	0a9408005f	refactor constraint expression parser to allow for quoted versions Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-02-16 09:15:17 -05:00
Alex Goodman	45d3938046	do not require hashing of the DB file as validation on standard startup Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-12-14 07:55:55 -05:00
Alex Goodman	25d6ec6c79	add SBOM JSON document input from syft Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-11-17 17:55:24 -05:00
Alex Goodman	7fdbcf8a6c	add warn log level Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-11-12 10:02:40 -05:00
Alex Goodman	98a17355c5	remove constraint panics & invalid test assertiona (handle pre-release TODOs) (#171 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-09-29 10:20:51 -04:00
Alex Goodman	f0f8f4bf02	add --fail-on threshold support (#156 ) * add --fail-on threshold support Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rename fail-on support functions and variables Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove UK spelling of canceled Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-09-21 17:12:21 -04:00
Samuel Dacanay	9fa5064107	Fix json keys to be camel case instead of kebab Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com>	2020-09-14 13:47:30 -07:00
Alex Goodman	651751f698	simplify version cmd + add json option (#139 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-08-25 11:51:24 -04:00
Dan Luhring	219d8bcf0f	Use warn instead of error for packages with no matchers (#113 ) * Add warn method to logging system Signed-off-by: Dan Luhring <dan.luhring@anchore.com> * Move from error to warn for no matcher scenario Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2020-08-10 16:03:12 -04:00
Alex Goodman	fb8f3d87ed	restore log source after etui exit	2020-08-02 18:31:00 -04:00
Alex Goodman	11731fac40	replace zap logger with logrus (#80 )	2020-08-01 11:58:10 -04:00
Alex Goodman	6395481e73	Add ETUI (#77 ) * add base syft UI elements * add etui with shared ui elements * allow for concurrent download DB and fetch/catalog image	2020-07-30 19:06:27 -04:00
Alex Goodman	009dcb1a46	Ignore prerelease versions on release + add DB update URL (#76 ) * ignore prerelease versions when uploading version file on release * add db update url	2020-07-30 12:37:49 -04:00
Alex Goodman	8d84dfeb65	finalize update check URL	2020-07-27 15:13:10 -04:00
Alex Goodman	5051c6202d	simplify schema checks and update grype-db	2020-07-25 19:03:33 -04:00
Alex Goodman	564fffec6d	rename to grype	2020-07-23 21:29:05 -04:00
Alex Goodman	6340b2da3a	add release pipeline & replace imgbom with syft (#60 )	2020-07-23 21:26:03 -04:00
Alex Goodman	bfca4d9e62	limit update version string length (#61 )	2020-07-23 20:35:26 -04:00
Alex Goodman	c8bca755ff	Add integration tests (#54 ) * add integration tests + add matcher types * tweak db auto update var; rm dead cache cmd * Update cmd/root.go Co-authored-by: Alfredo Deza <adeza@anchore.com> Co-authored-by: Alfredo Deza <adeza@anchore.com>	2020-07-21 12:34:39 -04:00
Alex Goodman	66453e65f2	add app upate check on startup (#56 )	2020-07-21 11:58:00 -04:00
Alex Goodman	bbff869499	Add matching by CPE (#40 ) * Commit just to share progress, needs to be squashed/fixed-up once working. Signed-off-by: Zach Hill <zach@anchore.com> * minor fixes * add cpe obj * add cpe matching * report cpe in search key * add verbose logging for matches; bump vulnscan-db ver * add dev profiler option; tweak logging * test support for CPE URI bindings addresses https://github.com/anchore/vulnscan/pull/40#discussion_r455389937 * rename nvdv2 to nvd * reduce scope of cpe matching to non-distro packages * normalize nil constraint strings Co-authored-by: Zach Hill <zach@anchore.com>	2020-07-16 15:12:19 -04:00
Alex Goodman	afb8597aa2	split vulnerability into index & metadata (#51 )	2020-07-16 14:59:35 -04:00
Alex Goodman	12aeee3b92	add java matcher (#44 )	2020-07-15 07:17:21 -04:00
Alex Goodman	a004668056	add db archive import	2020-06-29 10:10:02 -04:00
Alex Goodman	92cf98ab12	sync vulnscan db changes	2020-06-28 07:22:27 -04:00
Alex Goodman	ce707a6f1a	fix testutils dependency	2020-06-22 14:42:14 -04:00
Alex Goodman	9c70953dfb	add curation of db file	2020-06-19 10:57:06 -04:00
Alex Goodman	1ca035363a	add gem matcher	2020-06-04 15:40:40 -04:00
Alex Goodman	622f09feff	add matcher tests + dpkg constraint adapter (add <)	2020-06-04 10:23:18 -04:00
Alex Goodman	b72e25afea	add sqlite vulnscan-db integrations	2020-06-02 14:12:20 -04:00
Alex Goodman	7371815a3e	add db mock + stubs (temporary)	2020-06-01 07:16:47 -04:00
Alex Goodman	3c6ae01619	initial project structure	2020-05-26 10:41:23 -04:00

1 2

96 commits