* upgrade github workflows to go 1.18
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* upgrade syft & set go1.18 for CI workflows
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* go mod tidy
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* add go1.17 static analysis
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* fix yaml comment
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* refactor release to keep snapshot assets in parity with release assets
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* refactor install.sh and put under test
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* tidy go.sum
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add mac acceptance test to github actions workflow
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* rm use of goreleaser in cli tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* go mod tidy with go 1.17
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update syft and jotframe
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update validations and release pipeline
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* moved terminal package to golang.org/x/term
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update integration tests to account for package relationships
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add license exception for xz
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update Location and Coordinate references
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove benchmark tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove mac acceptance tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add syft-grype relationship notes in DEVELOPING.md
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* use named pipe bit on stdin as indicator for piped input
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* ensure stdin is ignored when the CLI hints are present
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add CLI test to cover subprocess integration behavior
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* added test case for java regression
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove extra line in makefile
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* see if QEMU offers support
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* update QEMU support before cli verification
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* Support gomod configuration in goreleaser
Signed-off-by: Conor Nosal <cnosal@vmware.com>
* switch to goreleaser build for snapshots + bump version
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* modify goreleaser buildx option due to deprecation
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add snapshot flag to builds
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
This change both adds a test to identify and fixes differences between loading sboms from json and loading sboms from Syft as a library.
* adds integration test that compares SBOM input vs image input
* fix integration test cache path
* Add handler for ApkMetadataType in partialSyftPackage.UnmarshalJSON
* Fix Epoch missing from Package.New RpmdbMetadataType handler and update RpmDbMetadata test in TestNew_MetadataExtraction
* bump syft to version 0.24.0
* update license check for packageurl-go
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Vijay Pillai <vijay.pillai@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Vijay Pillai <vijay.pillai@anchore.com>
Previous install of goreleaser v 0.160.0 was being done with curl command to https://install.goreleaser.com/github.com/goreleaser/goreleaser.sh, but there have been changes to that script that broke bootstrap. Copied the shell script to repo and changed the checksum file name to goreleaser_checksums.txt
Signed-off-by: Zane Burstein <zane.burstein@anchore.com>
* Add first issue/PR welcome message action
Signed-off-by: Robert Prince <robert.prince@anchore.com>
* update first-pr-issue message with a simple greeting
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* simplify first message to a greeting
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
* disable prerelease version update check
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* use prerelease flag as source of truth for user notifications
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add installer script + brew tap
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* use correct token on release
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add inline-compare as acceptance tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* improve RPM matching with source indirection matching
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add comments to compare-* make targets
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* clean inline-compare image test names
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* bump syft version to get rpm field enhancements
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
