grype

mirror of https://github.com/anchore/grype synced 2024-11-10 14:44:12 +00:00

Author	SHA1	Message	Date
Alex Goodman	80bb416daa	bump grype-db to pull in v3 schema changes + ensure related vulns are not nil Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-05-27 14:17:05 -04:00
Alex Goodman	1849d7eaea	add vendor advisories and adjust fixes data shape Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-05-26 13:54:19 -04:00
Alex Goodman	f99da01100	add staging update-url to cli tests + add pre-release check Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-05-26 12:30:21 -04:00
Alex Goodman	a6585f4842	add go.mod tidy CI check Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-05-25 13:43:53 -04:00
Dan Luhring	8da410c578	Allow registry auth config without authority value (#322 ) * Allow registry auth config without authority value Signed-off-by: Dan Luhring <dan.luhring@anchore.com> * Update CLI tests for new stereoscope log output Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-05-24 16:06:09 -04:00
Alex Goodman	594cfd05c9	add java virutal path to package metadata Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-05-24 11:23:31 -04:00
Alex Goodman	a8577eade7	add package sorting for artifacts in json document Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-05-11 16:40:27 -04:00
Alfredo Deza	6a7a0a7e01	update dependencies Signed-off-by: Alfredo Deza <adeza@anchore.com>	2021-05-03 14:56:00 -04:00
Alex Goodman	28f6051204	update syft to v0.15.1 Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-22 17:29:01 -04:00
Alex Goodman	871722dd1e	bump syft to add manifest metadata to source for registry source Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-14 08:10:09 -04:00
Alex Goodman	31f44b7302	update syft and stereoscope to pull in registry source Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-13 16:09:27 -04:00
Dan Luhring	d4c3fa5f3b	Add tests for template presenter and consolidate data generation code Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-04-09 09:34:58 -04:00
Alex Goodman	8704dbb2bc	pull in registry credential encoding fix Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-05 14:27:42 -04:00
Alex Goodman	ebe1371d47	bump syft to pull in repoDigests onto image metadata (#274 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-01 21:28:53 +00:00
Alex Goodman	976e3d68eb	pull in syft v0.14.0 and further decouple presenters from syft Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-01 10:01:07 -04:00
Alfredo Deza	f2b815d760	bump go dependencies to use grype-db with v2 schema This will cause grype to set its schema version requirement to 2 Signed-off-by: Alfredo Deza <adeza@anchore.com>	2021-03-30 13:52:31 -04:00
Alex Goodman	a399647afc	add docker image to release process Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-03-23 10:00:13 -04:00
Alfredo Deza	6c3cb94c03	update grype-db dependency Signed-off-by: Alfredo Deza <adeza@anchore.com>	2021-03-05 09:32:13 -05:00
Alex Goodman	0a9408005f	refactor constraint expression parser to allow for quoted versions Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-02-16 09:15:17 -05:00
Dan Luhring	7ec9212c70	Update syft to v0.12.4 Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-01-27 12:29:54 -05:00
Alex Goodman	0699e6a6ca	add package provider abstraction and update json document input Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-12-14 07:55:54 -05:00
Alex Goodman	137be60f28	add grype pkg.Package adapter for syft pkg.Package and remove pkg.Catalog Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-12-14 07:55:54 -05:00
Alex Goodman	7779e71b7e	update syft from v0.9.1 to v0.9.2 Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-12-03 16:57:36 -05:00
Dan Luhring	159e168867	Update syft from 0.9.0 to 0.9.1 Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2020-12-02 18:24:07 -05:00
Dan Luhring	d78c665925	Update syft from 0.8.1 to 0.9.0 Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2020-12-02 15:54:46 -05:00
Alex Goodman	627aa77842	remove CPE generation (rely on static CPES from syft instead) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-11-20 06:43:45 -05:00
Alex Goodman	25d6ec6c79	add SBOM JSON document input from syft Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-11-17 17:55:24 -05:00
Alex Goodman	4ed516e784	bump syft to v0.7.1 (with related fixes) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-11-12 10:02:40 -05:00
Dan Luhring	5d21595414	Update to Syft v0.5.1 Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2020-11-05 13:11:11 -05:00
Alex Goodman	2dcb017295	update python and javascript catalogers Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-10-23 11:34:18 -04:00
Alex Goodman	da614aa4ac	bump syft version (add package.json, rename bundler to ruby) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-10-19 08:02:13 -04:00
Alex Goodman	9d06b57a0e	incorporate gemspec cataloger (#177 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-10-09 11:09:42 -04:00
Dan Luhring	04f88a80c6	Bump go.mod item versions (#173 ) Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2020-09-29 16:24:12 -04:00
Alex Goodman	65ab6dacdb	Support file/dir tilde expansion + APK cataloger xattr fix (#170 ) * pull in upstream tilde expansion Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * pull in apk cataloger xattr checksum fix Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-09-28 17:37:39 -04:00
Alex Goodman	63a6dd33df	always return a cleanup function from scope (#166 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-09-25 16:29:15 -04:00
Dan Luhring	f13b9a76ed	Use latest versions of anchore repos (#164 ) Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2020-09-25 15:00:15 -04:00
Alex Goodman	326afa3c41	Add OCI support + use URI schemes (#160 ) * add oci support + update image schemes Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update to oci-dir Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump upstream stereoscope, testutils, and syft pins Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix malformed go.sum Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * pull in upstream syft json presenter updates Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-09-25 14:18:03 -04:00
Alex Goodman	9f6301bbc2	Change root of JSON presenter to a mapping (instead of a sequence) (#163 ) * update root of json presenter document Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * change vulnerabilities to matches in json output Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-09-25 14:06:28 -04:00
Alex Goodman	ed9f9bcb2b	remove duplicate rows from the summary table (#161 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-09-25 10:34:54 -04:00
Alfredo Deza	578afab216	update go.mod and go.sum Signed-off-by: Alfredo Deza <adeza@anchore.com>	2020-09-23 16:58:14 -04:00
Alfredo Deza	2b8dfc2d75	temporary bump of go deps for testing Signed-off-by: Alfredo Deza <adeza@anchore.com>	2020-09-21 11:17:51 -04:00
Samuel Dacanay	cb437b6721	Change kebab case to camelCase, use updated syft version Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com> Ignore packageurl-go which is a dependency from syft, and has a weird license format Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com>	2020-09-21 08:12:31 -07:00
Sam Dacanay	293368e25e	Shell completion via Cobra utility (#149 ) * Add completion script, ValidArgsFunction to root command to list docker images using docker go sdk, and update README Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com> Remove support for zsh and powershell completion, as it doesnt work out of the box, and currently dont have a way to test powershell. Reported an issue with Cobra ZSH completion script generation as there are 2 bugs in it AFIACT Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com> * add zsh with cobra master branch Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2020-09-14 09:06:29 -07:00
Alex Goodman	1338850a8e	Add fixed-in-version to the presenters (#147 ) * add fix-in-version to the json and table presenters Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * incorporate grype-db fixed-in updates Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-09-09 12:55:22 -04:00
Alex Goodman	bd50ffc585	Change search key json output to a map (#146 ) * change search key json output to a map Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add documentation around the match object Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-09-08 11:23:29 -04:00
Alfredo Deza	8e8ad489f9	dependencies: update to latest syft and include uuid Signed-off-by: Alfredo Deza <adeza@anchore.com>	2020-08-28 13:38:56 -04:00
Alfredo Deza	b8e9431f89	dependencies: bump to latest syft that includes setup.py support Signed-off-by: Alfredo Deza <adeza@anchore.com>	2020-08-17 17:24:43 -04:00
Dan Luhring	d3987d7e3e	Update modules (#127 ) Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2020-08-13 14:20:53 -04:00
Alex Goodman	56b9576a19	Add inline-comparison as acceptance test (#106 ) * add inline-compare as acceptance tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * improve RPM matching with source indirection matching Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add comments to compare-* make targets Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * clean inline-compare image test names Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump syft version to get rpm field enhancements Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-08-10 11:03:48 -04:00
Alex Goodman	30d72dd476	fix spaces alignment on etui Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-08-07 18:19:25 -04:00
Alex Goodman	6de7e4030d	finalize the json output (no schema yet) (#102 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-08-07 13:05:58 -04:00
Alex Goodman	51479857e6	add description and cvss metadata to v1 schema (#100 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-08-06 13:15:22 -04:00
Alex Goodman	f3756d0dc0	change default scope to squashed (from all-layers) (#95 )	2020-08-06 08:27:09 -04:00
Dan Luhring	2cd127b932	Update pkg type (#87 ) * Integrate Alex's changes Signed-off-by: Dan Luhring <dan.luhring@anchore.com> * Fix test issues Signed-off-by: Dan Luhring <dan.luhring@anchore.com> * Update syft dependency references Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2020-08-05 08:18:24 -04:00
Alex Goodman	e1f4c549d5	bump syft for docker pull + UI elements for pull status (#81 )	2020-08-03 18:07:33 -04:00
Alex Goodman	11731fac40	replace zap logger with logrus (#80 )	2020-08-01 11:58:10 -04:00
Alex Goodman	861883c8d4	pull in fix for bounds check progress formatting values in etui	2020-07-31 06:57:05 -04:00
Alex Goodman	6395481e73	Add ETUI (#77 ) * add base syft UI elements * add etui with shared ui elements * allow for concurrent download DB and fetch/catalog image	2020-07-30 19:06:27 -04:00
Alfredo Deza	561f7577c1	dependencies: bump to latest syft that includes yarn support Signed-off-by: Alfredo Deza <adeza@anchore.com>	2020-07-30 09:35:53 -04:00
Alex Goodman	6ec1ce6ca6	use explicitly the v1 db schema	2020-07-27 08:49:39 -04:00
Alex Goodman	5051c6202d	simplify schema checks and update grype-db	2020-07-25 19:03:33 -04:00
Alex Goodman	4220fc60a7	Add default table presenter (#59 ) * add default table presenter * compress table output * fix table presenter found-by to use only search key	2020-07-25 11:38:08 -04:00
Alex Goodman	695cc0f640	support version constraint \|\| operator conjunctions (#66 )	2020-07-24 14:20:26 -04:00
Alex Goodman	03005af2f2	rename grype-db	2020-07-24 06:59:14 -04:00
Alex Goodman	6340b2da3a	add release pipeline & replace imgbom with syft (#60 )	2020-07-23 21:26:03 -04:00
Alfredo Deza	8b17a43c28	dependencies: bump to latest imgbom Signed-off-by: Alfredo Deza <adeza@anchore.com>	2020-07-23 13:30:12 -04:00
Alfredo Deza	6f06334b01	dependencies: bump to latest imgbom Signed-off-by: Alfredo Deza <adeza@anchore.com>	2020-07-22 08:26:54 -04:00
Alex Goodman	bc3f298d64	use sqlite reader (remove a cgo dependency) (#57 )	2020-07-21 13:41:48 -04:00
Alex Goodman	c8bca755ff	Add integration tests (#54 ) * add integration tests + add matcher types * tweak db auto update var; rm dead cache cmd * Update cmd/root.go Co-authored-by: Alfredo Deza <adeza@anchore.com> Co-authored-by: Alfredo Deza <adeza@anchore.com>	2020-07-21 12:34:39 -04:00
Alfredo Deza	a9172fcd98	dependencies: update with latest imgbom Signed-off-by: Alfredo Deza <adeza@anchore.com>	2020-07-17 13:58:07 -04:00
Alex Goodman	bbff869499	Add matching by CPE (#40 ) * Commit just to share progress, needs to be squashed/fixed-up once working. Signed-off-by: Zach Hill <zach@anchore.com> * minor fixes * add cpe obj * add cpe matching * report cpe in search key * add verbose logging for matches; bump vulnscan-db ver * add dev profiler option; tweak logging * test support for CPE URI bindings addresses https://github.com/anchore/vulnscan/pull/40#discussion_r455389937 * rename nvdv2 to nvd * reduce scope of cpe matching to non-distro packages * normalize nil constraint strings Co-authored-by: Zach Hill <zach@anchore.com>	2020-07-16 15:12:19 -04:00
Alex Goodman	afb8597aa2	split vulnerability into index & metadata (#51 )	2020-07-16 14:59:35 -04:00
Alex Goodman	12aeee3b92	add java matcher (#44 )	2020-07-15 07:17:21 -04:00
Alex Goodman	2fa38cab3d	migrate to using siren-db lib (#48 )	2020-07-14 10:21:20 -04:00
Alex Goodman	765d5dfb5b	add rpm version + constraint, rpmdb matching; refactor dpkg constraint	2020-07-07 09:22:14 -04:00
Alex Goodman	a004668056	add db archive import	2020-06-29 10:10:02 -04:00
Alex Goodman	92cf98ab12	sync vulnscan db changes	2020-06-28 07:22:27 -04:00
Alex Goodman	ce707a6f1a	fix testutils dependency	2020-06-22 14:42:14 -04:00
Alex Goodman	9c70953dfb	add curation of db file	2020-06-19 10:57:06 -04:00
Alfredo Deza	b484b85890	update dependencies Signed-off-by: Alfredo Deza <adeza@anchore.com>	2020-06-18 10:12:41 -04:00
Alex Goodman	7593c31028	add python matcher	2020-06-05 10:00:14 -04:00
Alex Goodman	1ca035363a	add gem matcher	2020-06-04 15:40:40 -04:00
Alex Goodman	d9c922218c	add store provider tests	2020-06-02 20:54:19 -04:00
Alex Goodman	88eecbd2de	add indirect dpkg source matching	2020-06-02 17:22:57 -04:00
Alex Goodman	75ceb1af2d	pin to imgbom@master	2020-06-01 10:50:34 -04:00
Alex Goodman	aacc624033	add FindVulnerability lib function, wire up main with matcher	2020-06-01 07:21:07 -04:00
Alex Goodman	e8e8f416d0	add version & version constraint support	2020-06-01 07:13:53 -04:00
Alex Goodman	02556fdd9c	add basic matching execution flow	2020-05-28 18:28:29 -04:00
Alex Goodman	3c6ae01619	initial project structure	2020-05-26 10:41:23 -04:00

1 2 3 4

189 commits