Mirrors/grype
2
0
Fork 0
mirror of https://github.com/anchore/grype synced 2024-11-10 06:34:13 +00:00
Code Issues Projects Releases Packages Wiki Activity
731 commits 36 branches 157 tags 14 MiB
Commit graph

731 commits

This branch
This branch
All branches
Author SHA1 Message Date
Christopher Angelo Phillips
c8ddd7e218
chore: update syft to v0.60.3 (#978) 2022-11-03 16:19:03 +00:00
Weston Steimel
e33b1203a1
feat: consider well-known false-positive generating CPE target SW components in match filtering logic (#961) 
Enhances the CPE target software component match filtering logic to consider ecosystems which aren't currently supported by
syft cataloging but are well-known sources of false-positives. This currently adds support for filtering various
permutations of `wordpress`, `joomla`, and `drupal`

Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
 2022-11-02 20:21:14 +00:00
Weston Steimel
a2ab617cef
chore: grype quality pipeline latest label updates and images (#976) 
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
 2022-11-01 21:20:49 +00:00
vimalpatel19
0c4a372910
Implemented new CLI flag: --show-suppressed (#966) 2022-11-01 14:02:26 -04:00
Christopher Angelo Phillips
142ebb9a60
fix: update case for alpine:edge correct vuln feed (#965) 2022-10-28 13:33:55 -04:00
Keith Zantow
2078fcdb0a
PURL input results in incorrect artifact in JSON output (#968) 2022-10-26 15:10:05 -04:00
anchore-actions-token-generator[bot]
b05f37f66c
Update grype bootstrap tools to latest versions. (#956) 
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
 2022-10-24 10:25:24 -04:00
Weston Steimel
4cda526992
implement v5 db schema to support improved matching between rpm appstream modules (#944) 
Adds support for a `package_qualifiers` column to allow evaluating package matches to vulnerabilities based on more than just version constraints. Currently adds an rpm-modularity qualifier in order to support matching to correct app stream module in order to reduce false positives within rpm-based distro ecosystems. In order to prevent an increase in false positive matches for previous versions of grype using the v4 schema, this change (along with the vulnerability source driver parser updates) requires bumping the schema to v5.

Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
 2022-10-18 00:34:47 +01:00
anchore-actions-token-generator[bot]
b62ad702b9
Update Syft to v0.59.0 (#957) 2022-10-17 16:07:39 -04:00
Weston Steimel
cd634961e6
expand quality gate image set to include rpm appstreams-related images (#952) 
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
 2022-10-10 17:10:10 +01:00
anchore-actions-token-generator[bot]
90ac37d00d
Update grype bootstrap tools to latest versions. (#947) 
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
 2022-10-06 11:08:55 -04:00
Weston Steimel
539e64204a
chore: add more quality gate images (#950) 
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
 2022-10-06 15:01:49 +01:00
Alex Goodman
d4587ddeec
Add in-depth quality gate checks (#949) 
* add in-depth quality gate checks

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add quality tests to PR checks

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2022-10-05 16:26:26 -04:00
anchore-actions-token-generator[bot]
7ad60ce410
Update Syft to v0.58.0 (#941) 
* Update Syft to v0.58.0

Signed-off-by: GitHub <noreply@github.com>

* fix conan metadata related unit test failures

Signed-off-by: Weston Steimel <weston.steimel@anchore.com>

Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
Co-authored-by: Weston Steimel <weston.steimel@anchore.com>
 2022-10-05 11:26:16 +01:00
anchore-actions-token-generator[bot]
a4eb7ac2ce
Update grype bootstrap tools to latest versions. (#945) 
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
 2022-10-04 10:12:33 -04:00
anchore-actions-token-generator[bot]
047e662c11
Update grype bootstrap tools to latest versions. (#935) 
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
 2022-09-26 10:39:44 -04:00
anchore-actions-token-generator[bot]
f094b860b9
Update Syft to v0.57.0 (#930) 
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
 2022-09-20 09:35:37 +01:00
Jan Hensel
a678b8d134
Correct falsely copied app-name 'syft' in example (#922) 2022-09-19 12:19:49 -04:00
dependabot[bot]
e63910b2c5
Bump github.com/sigstore/cosign from 1.11.1 to 1.12.0 (#927) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-19 11:46:11 -04:00
anchore-actions-token-generator[bot]
345d8494fd
Update grype bootstrap tools to latest versions. (#925) 
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
 2022-09-19 10:48:51 -04:00
anchore-actions-token-generator[bot]
403a535321
Update Syft to v0.56.0 (#919) 
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
 2022-09-13 11:18:13 -04:00
Keith Zantow
ba73ab362a
Add support for scanning RPM files (#917) 2022-09-09 14:56:37 -04:00
Christopher Angelo Phillips
7f09eebdde
remove arch typo - add debug/reg s390x (#915) 2022-09-06 13:58:24 -04:00
Christopher Angelo Phillips
78d87c1e11
grype release message update (#914) 2022-09-06 11:46:59 -04:00
Chapman Pendery
d5b825e40b
feat: extract use cpes in matching logic to be configurable (#911) 2022-09-06 09:55:35 -04:00
Adam Hughes
ac3d6b643c
docs: add Singularity to "features" in README (#912) 2022-09-06 09:33:07 -04:00
Adam Hughes
9810495212
docs: improve Singularity image source docs (#910) 2022-09-01 12:53:54 -04:00
Adam Hughes
9f28cdc24f
Add Singularity image source (#908) 2022-08-31 13:55:49 -04:00
anchore-actions-token-generator[bot]
df571a1a88
Update grype bootstrap tools to latest versions. (#907) 
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
 2022-08-31 09:05:19 -04:00
anchore-actions-token-generator[bot]
77a8eb866d
Update Syft to v0.55.0 (#906) 
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
 2022-08-30 09:18:17 -04:00
anchore-actions-token-generator[bot]
b31d28546b
Update grype bootstrap tools to latest versions. (#905) 
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
 2022-08-30 09:17:52 -04:00
anchore-actions-token-generator[bot]
a027c74c2c
Update grype bootstrap tools to latest versions. (#903) 
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
 2022-08-29 10:30:39 -04:00
anchore-actions-token-generator[bot]
198326745b
Update grype bootstrap tools to latest versions. (#896) 
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
 2022-08-25 09:14:46 -04:00
Keith Zantow
64cbb68d9d
Add blurbs about building and running from source (#893) 2022-08-24 15:30:21 -04:00
Alex Goodman
ea4b250055
Fix docker build typo (#891) 2022-08-24 17:07:48 +00:00
Weston Steimel
e9df59b4b1
disable CPE match filtering based on target software component for java packages (#889) 
Java packages are known to embed other ecosystem packages within them, so we don't want to currently make this assumption for any java language type packages

Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
 2022-08-24 15:20:45 +00:00
anchore-actions-token-generator[bot]
9d3e40079b
Update grype bootstrap tools to latest versions. (#886) 
* Update grype bootstrap tools to latest versions.

Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Co-authored-by: Weston Steimel <weston.steimel@anchore.com>
 2022-08-23 20:09:56 +00:00
Weston Steimel
0de5dfdd86
fix getting latest gosimports version (#885) 
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
 2022-08-22 18:27:50 +00:00
Weston Steimel
d463d74178
workflow to create automated PRs to update bootstrap tools (#883) 
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
 2022-08-22 17:59:54 +00:00
skuethe
ae37eb4a05
Add s390x build support (#720) 
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
 2022-08-18 16:28:10 -04:00
cpendery
d67b3e64aa
fix: only show distro warning if distro packages exist (#875) 2022-08-18 11:55:35 -04:00
anchore-actions-token-generator[bot]
08b4ef493b
Update Syft to v0.54.0 (#881) 
Signed-off-by: GitHub <noreply@github.com>

Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
 2022-08-17 19:36:54 +00:00
Brock R
174f61ec23
Update README.md (#871) 2022-08-16 19:45:50 +00:00
Neil Levine
f12bb67720
Update README.md (#868) 2022-08-04 21:08:16 +00:00
Michael de Senna
c755c7304f
test: rm mustConst since unused (#860) 2022-08-04 09:38:54 -04:00
anchore-actions-token-generator[bot]
262630e01e
Update Syft to v0.53.4 (#856) 2022-08-04 09:37:48 -04:00
Michael de Senna
80f9e04289
feat: enrich db check cmd feedback (#853) 
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
 2022-08-03 16:34:27 -04:00
Christopher Angelo Phillips
ad9f0ac76e
update syft version location for Makefile (#865) 2022-08-03 12:54:29 -04:00
Christopher Angelo Phillips
8fe761b41f
remove env variable dependencies and keychain from signing script (#864) 2022-08-03 14:55:15 +00:00
Christopher Angelo Phillips
d264309035
macos-latest for signing (#863) 2022-08-03 14:09:44 +00:00