grype

mirror of https://github.com/anchore/grype synced 2024-09-20 14:31:59 +00:00

Author	SHA1	Message	Date
anchore-actions-token-generator[bot]	7ad60ce410	Update Syft to v0.58.0 (#941 ) * Update Syft to v0.58.0 Signed-off-by: GitHub <noreply@github.com> * fix conan metadata related unit test failures Signed-off-by: Weston Steimel <weston.steimel@anchore.com> Signed-off-by: GitHub <noreply@github.com> Signed-off-by: Weston Steimel <weston.steimel@anchore.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com> Co-authored-by: Weston Steimel <weston.steimel@anchore.com>	2022-10-05 11:26:16 +01:00
anchore-actions-token-generator[bot]	f094b860b9	Update Syft to v0.57.0 (#930 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2022-09-20 09:35:37 +01:00
dependabot[bot]	e63910b2c5	Bump github.com/sigstore/cosign from 1.11.1 to 1.12.0 (#927 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-09-19 11:46:11 -04:00
anchore-actions-token-generator[bot]	403a535321	Update Syft to v0.56.0 (#919 ) Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2022-09-13 11:18:13 -04:00
Keith Zantow	ba73ab362a	Add support for scanning RPM files (#917 )	2022-09-09 14:56:37 -04:00
anchore-actions-token-generator[bot]	77a8eb866d	Update Syft to v0.55.0 (#906 ) Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2022-08-30 09:18:17 -04:00
anchore-actions-token-generator[bot]	08b4ef493b	Update Syft to v0.54.0 (#881 ) Signed-off-by: GitHub <noreply@github.com> Signed-off-by: GitHub <noreply@github.com> Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>	2022-08-17 19:36:54 +00:00
anchore-actions-token-generator[bot]	262630e01e	Update Syft to v0.53.4 (#856 )	2022-08-04 09:37:48 -04:00
Christopher Angelo Phillips	74fd591caf	update golanci-lint, goreleaser, cosign (#850 )	2022-07-28 14:55:14 -04:00
Christopher Angelo Phillips	991d16879a	update grype to use syft v0.52.0 (#838 )	2022-07-22 16:12:18 +00:00
Zac Medico	30943e032b	add Gentoo matching support (#813 ) Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-07-19 09:37:21 -04:00
Christopher Angelo Phillips	cb6bddfeeb	bump syft version to v0.51.0 (#822 )	2022-07-11 15:15:12 -04:00
Christopher Angelo Phillips	0e0a9d9e7a	update syft to v0.50.0 (#818 )	2022-07-06 14:48:21 +00:00
Christopher Angelo Phillips	82c0146b0a	update syft => v0.49.0 (#804 )	2022-06-24 18:30:36 +00:00
cpendery	bb2f8dcdb4	fix: add fixed versions to cyclonedxjson output (#763 )	2022-06-21 17:50:05 -04:00
Christopher Angelo Phillips	0703bae977	update grype to latest syft patch v0.48.1 (#790 )	2022-06-17 15:45:33 +00:00
Jonas Xavier	d6fa674edc	add db staleness check (#785 ) * add db staleness check Signed-off-by: Jonas Xavier <jonasx@anchore.com> * less config fields Signed-off-by: Jonas Xavier <jonasx@anchore.com> * fix import order Signed-off-by: Jonas Xavier <jonasx@anchore.com> * warn even when set to not error on staleness Signed-off-by: Jonas Xavier <jonasx@anchore.com> * nits Signed-off-by: Jonas Xavier <jonasx@anchore.com> * nits Signed-off-by: Jonas Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Xavier <jonasx@anchore.com> * lint fix Signed-off-by: Jonas Xavier <jonasx@anchore.com> * fix test Signed-off-by: Jonas Xavier <jonasx@anchore.com> * consistent log message Signed-off-by: Jonas Xavier <jonasx@anchore.com> * consistent new version message Signed-off-by: Jonas Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Xavier <jonasx@anchore.com> * human friendly time durations Signed-off-by: Jonas Xavier <jonasx@anchore.com> * fix typo Signed-off-by: Jonas Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Xavier <jonasx@anchore.com> * cleaner tests and default db value Signed-off-by: Jonas Xavier <jonasx@anchore.com>	2022-06-15 12:48:10 -04:00
Christopher Angelo Phillips	69de9e7a0a	update syft version to v0.47.0 (#781 )	2022-06-09 16:03:14 -04:00
Weston Steimel	81af51302d	use anchore fork of glebarez/sqlite (#778 ) This overcomes an issue with duplicate registration of sqlite drivers between glebarez/sqlite and knqyf263/go-rpmdb by just using modernc.org/sqlite directly within our fork Signed-off-by: Weston Steimel <weston.steimel@anchore.com>	2022-06-08 09:41:15 -04:00
dependabot[bot]	07dfb28718	Bump github.com/hashicorp/go-getter from 1.5.11 to 1.6.1 (#770 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-06-02 09:18:53 -04:00
anchore-actions-token-generator[bot]	10c3604498	Update Syft to v0.46.3 (#761 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: jonasagx <jonasagx@users.noreply.github.com>	2022-05-26 10:14:28 -07:00
Alex Goodman	06d28dad9f	bump to syft v0.46.2 (#755 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-05-23 13:47:21 +00:00
Jonas Xavier	c842fb9af5	bump stereoscope version to include source path fix (#752 )	2022-05-19 08:18:49 -07:00
anchore-actions-token-generator[bot]	5a5642cc0d	Update Syft to v0.46.1 (#751 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2022-05-18 14:10:39 -07:00
Christian Kotzbauer	731abaab72	Add syft v0.46.0 Dotnet support (#747 )	2022-05-13 12:46:31 -04:00
dependabot[bot]	d6196b6525	Bump github.com/hashicorp/go-getter from 1.5.9 to 1.5.11 (#742 ) Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.5.9 to 1.5.11. - [Release notes](https://github.com/hashicorp/go-getter/releases) - [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml) - [Commits](https://github.com/hashicorp/go-getter/compare/v1.5.9...v1.5.11) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-getter dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-05-04 16:33:28 +01:00
Dan Luhring	0df35f8d2c	address excessive warnings from multiple sources (#741 )	2022-05-03 14:05:50 +00:00
Christopher Angelo Phillips	36f5150fa9	bump syft version (#738 )	2022-04-29 13:39:08 -04:00
Jonas Xavier	523f5ce9c0	Consume attestation files (#706 ) * add key flag to attest validation Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * mvp: verify sig and extract sbom Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip read attestation without scheme Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * mvp consuming attestations - needs unit tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove prototype file Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * drop local syft from go.mod Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix order of sbom parsing strategies Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * handle implicit attestation input Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add test for invalid attestation key Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * rebase and go-mod-tidy Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * consume attestation via stdin Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * attestation test for stdin Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * validate input and content for attestation Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add stdin test Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix config tags Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add int test to ignore attestation validation Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix cycloneDX attestation fixture Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add tampered att test Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add tampered predicate type test Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * improve docs/help on atttestation Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * upgrade to latest syft Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fall through when guessing between sbom and att Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix butter finger rebase Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * drop default key value Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * assert error messages Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * better test/cli coverage Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix stdin decode test Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix goimports Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * tui - verified attestation and feedback changes Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * better naming Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add attestation section to config file Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * emit event for skipped verification Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * use public key name Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * nit Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>	2022-04-21 11:52:42 -07:00
Alex Goodman	9cc1c72169	Preserve package IDs on Syft JSON SBOM decode (#731 )	2022-04-18 18:22:58 +00:00
Christopher Angelo Phillips	95f68b4c33	Add java.Matcher configuration to includes maven upstream sha1 query (#714 )	2022-04-13 13:01:22 -04:00
Alex Goodman	c36e9df887	Use CGO-less sqlite GORM driver (#705 )	2022-04-04 18:40:29 +00:00
Jonas Xavier	182c86d11d	Migrate LocationSet and add Dart support (#703 )	2022-04-01 08:21:37 -07:00
Keith Zantow	44e676488e	Update syft to v0.42.4 (#697 )	2022-03-24 14:11:17 -04:00
Keith Zantow	d8e1c37cd1	Update syft to v0.42.3 (#690 )	2022-03-23 17:57:06 -04:00
Alex Goodman	9fc6fb8a32	Bump strset version to fix 386 builds (#689 )	2022-03-23 18:27:11 +00:00
j-k	d40fb77c1a	Correct go.mod to enforce go 1.18 (#685 ) Since grype now depends on debug/buildinfo go 1.18 is required to build grype and as such go.mod needs updating Signed-off-by: 06kellyjac <jack@control-plane.io>	2022-03-22 09:33:35 -04:00
Keith Zantow	f004f7dee3	Update Syft to 0.42.1 (#683 )	2022-03-21 20:11:40 +00:00
Jonas Xavier	dae6411c5c	upgrade github workflows to go 1.18 (#649 ) * upgrade github workflows to go 1.18 Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * upgrade syft & set go1.18 for CI workflows Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add go1.17 static analysis Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix yaml comment Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-03-17 14:58:20 -07:00
Keith Zantow	60c2968953	Update Syft to v0.41.6 (#670 )	2022-03-16 12:48:42 -04:00
Keith Zantow	cbdec2ae5e	Update to Syft v0.41.4 (#664 )	2022-03-14 17:15:09 -04:00
Keith Zantow	bc8f8414ca	Add SARIF presenter option (#654 )	2022-03-14 12:13:37 -04:00
Keith Zantow	ff424d3adc	Bump Syft for CycloneDX input (#650 )	2022-03-02 10:05:01 -05:00
Alex Goodman	16cd14519a	Bump syft to release version v0.39.0 (#645 ) * bump syft to v0.39.0 Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update ByCriteria to log error on failure Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * integration tests now pass Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * bump to v0.39.3 Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * raise search failures to warn Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * tidy go.mod/sum Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-02-26 17:28:08 -05:00
Alex Goodman	f29a0d06d8	Bump syft to v0.38.0 for release (#635 )	2022-02-15 19:03:55 +00:00
Alex Goodman	5aa85338d6	Normalize release assets and refactor install.sh (#630 ) * refactor release to keep snapshot assets in parity with release assets Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * refactor install.sh and put under test Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * tidy go.sum Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add mac acceptance test to github actions workflow Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rm use of goreleaser in cli tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * go mod tidy with go 1.17 Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-02-11 19:24:25 +00:00
Christopher Angelo Phillips	d2dba7d14a	update golang crypto to resolve CVE-2020-29652 (#631 ) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-02-11 13:37:17 -05:00
Christopher Angelo Phillips	16e6bee766	update go -> 1.17 (#628 ) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-02-11 10:50:13 -05:00
Alex Goodman	c9f2716389	Abstract upstream package before matching (#607 ) * add metadata extraction from pURLs Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * extract upstream packages before matching Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * put pkg.UpstreamPackages under test Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove pURL related processing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * pull in syft spdx decoding Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * allow for more flexible GHSA namespace and source extraction Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add matching parity integration tests for all supported formats Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump syft to get spdx tv fix Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-02-10 21:43:12 +00:00
Jonas Xavier	42ca8c61d3	Ensure completion of UI progress bar (#627 )	2022-02-10 08:03:15 -08:00

1 2 3 4

189 commits