Commit graph

14 commits

Author SHA1 Message Date
Christopher Angelo Phillips
5754360376
Grype Release Pipeline Update (#1147)
- Remove old apple signing flow in favor of [quill](https://github.com/anchore/quill)
- Update changelog generation to be in sync with syft's flow
- Remove old goreleaser docker workflow in favor of single file
- Remove individual bootstrap options in favor of single bootstrap action
- Update release and validation workflows to use trigger based approach seen in syft
- Update golangci.yaml to be equivalent to syft patterns
- Remove unused Dockerfile.dev
- Remove docker-compose development cycle
- Add organized test-fixture Makefile targets

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-03-03 21:17:44 +00:00
Keith Zantow
2c94031e1e
fix: Exclude binary packages that have overlap by file ownership relationship (#1024) 2022-12-12 15:59:47 -05:00
Christopher Angelo Phillips
02fe5e9c76
chore: update codeql to pinned v2 with correct write permissions 2022-11-14 15:39:45 +00:00
Alex Goodman
a399647afc
add docker image to release process
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-23 10:00:13 -04:00
Alex Goodman
75e3638468
add changelog generation into the release process (#167)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-09-25 16:59:00 -04:00
Alex Goodman
56b9576a19
Add inline-comparison as acceptance test (#106)
* add inline-compare as acceptance tests

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* improve RPM matching with source indirection matching

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add comments to compare-* make targets

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* clean inline-compare image test names

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* bump syft version to get rpm field enhancements

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-08-10 11:03:48 -04:00
Alex Goodman
6dce0bd0f9
add json presenter snapshots 2020-07-23 21:43:14 -04:00
Alex Goodman
6340b2da3a
add release pipeline & replace imgbom with syft (#60) 2020-07-23 21:26:03 -04:00
Alex Goodman
bbff869499
Add matching by CPE (#40)
* Commit just to share progress, needs to be squashed/fixed-up once working.

Signed-off-by: Zach Hill <zach@anchore.com>

* minor fixes

* add cpe obj

* add cpe matching

* report cpe in search key

* add verbose logging for matches; bump vulnscan-db ver

* add dev profiler option; tweak logging

* test support for CPE URI bindings

addresses https://github.com/anchore/vulnscan/pull/40#discussion_r455389937

* rename nvdv2 to nvd

* reduce scope of cpe matching to non-distro packages

* normalize nil constraint strings

Co-authored-by: Zach Hill <zach@anchore.com>
2020-07-16 15:12:19 -04:00
Alex Goodman
765d5dfb5b
add rpm version + constraint, rpmdb matching; refactor dpkg constraint 2020-07-07 09:22:14 -04:00
Alex Goodman
a004668056
add db archive import 2020-06-29 10:10:02 -04:00
Alex Goodman
9c70953dfb
add curation of db file 2020-06-19 10:57:06 -04:00
Alex Goodman
aacc624033
add FindVulnerability lib function, wire up main with matcher 2020-06-01 07:21:07 -04:00
Alex Goodman
3c6ae01619
initial project structure 2020-05-26 10:41:23 -04:00