grype

mirror of https://github.com/anchore/grype synced 2024-11-10 14:44:12 +00:00

Author	SHA1	Message	Date
Alex Goodman	c7f33a8e4f	bump grype-db version to use main branch Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-07-20 12:18:29 -04:00
Dan Luhring	787dfd8f02	Update syft to v0.19.0 (#352 ) Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-06-30 11:09:44 -04:00
Dan Luhring	1714806a4c	Update syft to v0.18.0 (#351 ) Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-06-29 21:34:26 +00:00
Alex Goodman	27c3437e26	ensure RPM epoch is optional Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-06-16 09:23:46 -04:00
Alex Goodman	402a53d14c	fix tests for v3 schema updates Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-05-27 15:25:21 -04:00
Alex Goodman	80bb416daa	bump grype-db to pull in v3 schema changes + ensure related vulns are not nil Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-05-27 14:17:05 -04:00
Alex Goodman	1849d7eaea	add vendor advisories and adjust fixes data shape Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-05-26 13:54:19 -04:00
Alex Goodman	f99da01100	add staging update-url to cli tests + add pre-release check Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-05-26 12:30:21 -04:00
Dan Luhring	8da410c578	Allow registry auth config without authority value (#322 ) * Allow registry auth config without authority value Signed-off-by: Dan Luhring <dan.luhring@anchore.com> * Update CLI tests for new stereoscope log output Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-05-24 16:06:09 -04:00
Alex Goodman	594cfd05c9	add java virutal path to package metadata Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-05-24 11:23:31 -04:00
Alex Goodman	a8577eade7	add package sorting for artifacts in json document Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-05-11 16:40:27 -04:00
Alfredo Deza	6a7a0a7e01	update dependencies Signed-off-by: Alfredo Deza <adeza@anchore.com>	2021-05-03 14:56:00 -04:00
Alex Goodman	28f6051204	update syft to v0.15.1 Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-22 17:29:01 -04:00
Alex Goodman	6ad5e94674	bump go.mod minimum required go version Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-16 08:55:03 -04:00
Alex Goodman	871722dd1e	bump syft to add manifest metadata to source for registry source Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-14 08:10:09 -04:00
Alex Goodman	31f44b7302	update syft and stereoscope to pull in registry source Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-13 16:09:27 -04:00
Dan Luhring	326a79da2a	Address PR comments Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-04-09 16:31:13 -04:00
Dan Luhring	d4c3fa5f3b	Add tests for template presenter and consolidate data generation code Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-04-09 09:34:58 -04:00
Dan Luhring	eb74835a1a	Add template presenter Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-04-09 09:34:58 -04:00
Alex Goodman	8704dbb2bc	pull in registry credential encoding fix Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-05 14:27:42 -04:00
Alex Goodman	ebe1371d47	bump syft to pull in repoDigests onto image metadata (#274 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-01 21:28:53 +00:00
Alex Goodman	976e3d68eb	pull in syft v0.14.0 and further decouple presenters from syft Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-01 10:01:07 -04:00
Alfredo Deza	f2b815d760	bump go dependencies to use grype-db with v2 schema This will cause grype to set its schema version requirement to 2 Signed-off-by: Alfredo Deza <adeza@anchore.com>	2021-03-30 13:52:31 -04:00
Dan Luhring	12646be461	Fix SBOM input and refactor Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-03-09 08:58:01 -05:00
Alfredo Deza	6c3cb94c03	update grype-db dependency Signed-off-by: Alfredo Deza <adeza@anchore.com>	2021-03-05 09:32:13 -05:00
Alex Goodman	0a9408005f	refactor constraint expression parser to allow for quoted versions Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-02-16 09:15:17 -05:00
Dan Luhring	7ec9212c70	Update syft to v0.12.4 Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-01-27 12:29:54 -05:00
Alex Goodman	0699e6a6ca	add package provider abstraction and update json document input Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-12-14 07:55:54 -05:00
Alex Goodman	137be60f28	add grype pkg.Package adapter for syft pkg.Package and remove pkg.Catalog Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-12-14 07:55:54 -05:00
Alex Goodman	7da2a16eab	fix distroNamespace mapping to only use major version for select distros Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-12-08 14:01:15 -05:00
Alex Goodman	7779e71b7e	update syft from v0.9.1 to v0.9.2 Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-12-03 16:57:36 -05:00
Dan Luhring	159e168867	Update syft from 0.9.0 to 0.9.1 Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2020-12-02 18:24:07 -05:00
Dan Luhring	d78c665925	Update syft from 0.8.1 to 0.9.0 Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2020-12-02 15:54:46 -05:00
Alex Goodman	627aa77842	remove CPE generation (rely on static CPES from syft instead) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-11-20 06:43:45 -05:00
Alex Goodman	25d6ec6c79	add SBOM JSON document input from syft Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-11-17 17:55:24 -05:00
Alex Goodman	4ed516e784	bump syft to v0.7.1 (with related fixes) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-11-12 10:02:40 -05:00
Dan Luhring	5d21595414	Update to Syft v0.5.1 Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2020-11-05 13:11:11 -05:00
Alex Goodman	2dcb017295	update python and javascript catalogers Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-10-23 11:34:18 -04:00
Alex Goodman	da614aa4ac	bump syft version (add package.json, rename bundler to ruby) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-10-19 08:02:13 -04:00
Alex Goodman	9d06b57a0e	incorporate gemspec cataloger (#177 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-10-09 11:09:42 -04:00
Dan Luhring	04f88a80c6	Bump go.mod item versions (#173 ) Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2020-09-29 16:24:12 -04:00
Alex Goodman	65ab6dacdb	Support file/dir tilde expansion + APK cataloger xattr fix (#170 ) * pull in upstream tilde expansion Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * pull in apk cataloger xattr checksum fix Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-09-28 17:37:39 -04:00
Alex Goodman	63a6dd33df	always return a cleanup function from scope (#166 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-09-25 16:29:15 -04:00
Dan Luhring	f13b9a76ed	Use latest versions of anchore repos (#164 ) Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2020-09-25 15:00:15 -04:00
Alex Goodman	326afa3c41	Add OCI support + use URI schemes (#160 ) * add oci support + update image schemes Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update to oci-dir Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump upstream stereoscope, testutils, and syft pins Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix malformed go.sum Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * pull in upstream syft json presenter updates Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-09-25 14:18:03 -04:00
Alfredo Deza	578afab216	update go.mod and go.sum Signed-off-by: Alfredo Deza <adeza@anchore.com>	2020-09-23 16:58:14 -04:00
Alfredo Deza	2b8dfc2d75	temporary bump of go deps for testing Signed-off-by: Alfredo Deza <adeza@anchore.com>	2020-09-21 11:17:51 -04:00
Samuel Dacanay	cb437b6721	Change kebab case to camelCase, use updated syft version Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com> Ignore packageurl-go which is a dependency from syft, and has a weird license format Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com>	2020-09-21 08:12:31 -07:00
Sam Dacanay	293368e25e	Shell completion via Cobra utility (#149 ) * Add completion script, ValidArgsFunction to root command to list docker images using docker go sdk, and update README Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com> Remove support for zsh and powershell completion, as it doesnt work out of the box, and currently dont have a way to test powershell. Reported an issue with Cobra ZSH completion script generation as there are 2 bugs in it AFIACT Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com> * add zsh with cobra master branch Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2020-09-14 09:06:29 -07:00
Alex Goodman	1338850a8e	Add fixed-in-version to the presenters (#147 ) * add fix-in-version to the json and table presenters Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * incorporate grype-db fixed-in updates Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-09-09 12:55:22 -04:00

1 2

93 commits