grype

mirror of https://github.com/anchore/grype synced 2024-11-14 00:07:08 +00:00

Author	SHA1	Message	Date
Alex Goodman	ebd4643930	Port UI to bubbletea (#1385 ) * initial port to bubbletea Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * remove jotframe UI Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add bubbletea component tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update main.go refs to cmd package Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * move goreleaser build dir to cmd Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * upgrade yardstick for grype source installs and fix post-ui tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * ensure stable severity map in UI component test Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add windows support for tui Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-07-13 17:13:48 +00:00
Tim Gerla	ecf9e65b95	Add a simple CSV format template to the templates/ directory and tweak docs (#1366 )	2023-06-29 17:05:17 -04:00
James Neate	0ace6b1a98	feat: add non-hermetic sprig functions (#1243 ) (#1273 ) Because the general set of sprig functions can used to access environment variables, explicitly warn users never to run untrusted templates. --------- Signed-off-by: James Neate <jamesmneate@gmail.com> Signed-off-by: Will Murphy <will.murphy@anchore.com> Co-authored-by: Will Murphy <will.murphy@anchore.com>	2023-05-08 17:14:45 -04:00
James Neate	2930a18786	docs: add config flag to configuration section (#1271 ) (#1274 ) Signed-off-by: James Neate <jamesmneate@gmail.com>	2023-05-05 18:58:21 -04:00
HNKNTA	9ba7a6a1ad	docs: add "cyclonedx-json" to output formats (#1252 ) Signed-off-by: HNKNTA <hnknta@gmail.com>	2023-05-02 17:20:47 -04:00
Christopher Angelo Phillips	8dec5c3784	feat: add default-image-source-config option (#1215 ) #1204 surfaces the need for allowing a user to express a preference over the default-image-pull-source to be used when building an SBOM for vulnerability scanning. This adds a config option into grype to consume the new syft behavior. Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-04-04 10:28:33 -04:00
Christopher Angelo Phillips	788ed965ec	chore: prune cosign dependency for grype builds (#1100 ) * feat: segment cosign dependency for grype builds for faster build times Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-01-31 11:42:40 -05:00
Christopher Angelo Phillips	cdb8f3fa45	chore: change CVE example to official sample (#1028 ) CVE-2017-41432 is not a valid ID but in theory could be one day. Changed it to CVE-2014-54321 which is one of a number sample IDs used during the Syntax change in 2013/2014. References: cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-54321 cve.mitre.org/data/board/archives/2013-04/msg00000.html Co-authored-by: Jericho <3095424+attritionorg@users.noreply.github.com>	2022-12-06 13:03:40 -05:00
Joyce	2cd2ef5340	Enable the Scorecard Github Action and badge (#929 )	2022-11-03 14:24:20 -04:00
Jan Hensel	a678b8d134	Correct falsely copied app-name 'syft' in example (#922 )	2022-09-19 12:19:49 -04:00
Chapman Pendery	d5b825e40b	feat: extract use cpes in matching logic to be configurable (#911 )	2022-09-06 09:55:35 -04:00
Adam Hughes	ac3d6b643c	docs: add Singularity to "features" in README (#912 )	2022-09-06 09:33:07 -04:00
Adam Hughes	9810495212	docs: improve Singularity image source docs (#910 )	2022-09-01 12:53:54 -04:00
Adam Hughes	9f28cdc24f	Add Singularity image source (#908 )	2022-08-31 13:55:49 -04:00
Keith Zantow	64cbb68d9d	Add blurbs about building and running from source (#893 )	2022-08-24 15:30:21 -04:00
Brock R	174f61ec23	Update README.md (#871 )	2022-08-16 19:45:50 +00:00
Neil Levine	f12bb67720	Update README.md (#868 )	2022-08-04 21:08:16 +00:00
cpendery	51617f8aa5	feat: add --only-notfixed flag (#828 )	2022-07-15 10:01:05 -04:00
cpendery	75a7e54f52	docs: update to include rust (#814 )	2022-06-29 15:45:21 -04:00
Adin Ermie	b3a078aa02	Added Docker example to Readme (#769 )	2022-06-27 16:59:51 -04:00
cpendery	64277bf6f4	docs: update php listing to be more clear that the `.json` file isn't indexed (#808 )	2022-06-27 10:26:49 -04:00
Christopher Angelo Phillips	bbe933204a	remove oss meetup message (#799 )	2022-06-23 18:03:38 +00:00
cpendery	335f744b9b	docs: update to include php (#793 )	2022-06-17 19:14:47 +00:00
cpendery	11cf09222b	fix: add golang to documentation (#788 )	2022-06-16 15:59:32 -04:00
Jonas Xavier	d6fa674edc	add db staleness check (#785 ) * add db staleness check Signed-off-by: Jonas Xavier <jonasx@anchore.com> * less config fields Signed-off-by: Jonas Xavier <jonasx@anchore.com> * fix import order Signed-off-by: Jonas Xavier <jonasx@anchore.com> * warn even when set to not error on staleness Signed-off-by: Jonas Xavier <jonasx@anchore.com> * nits Signed-off-by: Jonas Xavier <jonasx@anchore.com> * nits Signed-off-by: Jonas Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Xavier <jonasx@anchore.com> * lint fix Signed-off-by: Jonas Xavier <jonasx@anchore.com> * fix test Signed-off-by: Jonas Xavier <jonasx@anchore.com> * consistent log message Signed-off-by: Jonas Xavier <jonasx@anchore.com> * consistent new version message Signed-off-by: Jonas Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Xavier <jonasx@anchore.com> * human friendly time durations Signed-off-by: Jonas Xavier <jonasx@anchore.com> * fix typo Signed-off-by: Jonas Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Xavier <jonasx@anchore.com> * cleaner tests and default db value Signed-off-by: Jonas Xavier <jonasx@anchore.com>	2022-06-15 12:48:10 -04:00
Weston Steimel	736117e0d9	Support namespace and language as additional criteria for ignoring vulnerability matches (#780 ) * support filtering matches based on Namespace Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * support filtering matches based on package language Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * add tests for filtering matches on Namespace and Language Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * update README for new ignore rule criteria Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * fix linting errors Signed-off-by: Weston Steimel <weston.steimel@anchore.com>	2022-06-10 18:15:58 +01:00
briankoe741	30f0aa7051	Add announcement for Anchore OSS Meetup (#775 )	2022-06-06 16:51:34 -04:00
Sean Killeen	55b63a9fb8	Add reference to logrus logging levels (#758 )	2022-05-25 15:06:17 -04:00
Herby Gillot	e6fc3e67d8	README: add MacPorts install info (#759 ) Signed-off-by: Herby Gillot <herby.gillot@gmail.com>	2022-05-25 11:06:42 -07:00
Christian Kotzbauer	731abaab72	Add syft v0.46.0 Dotnet support (#747 )	2022-05-13 12:46:31 -04:00
SALES	7fc4ca7646	Add reference to Grype-based GitHub Action (#710 ) Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2022-05-01 20:03:19 +00:00
Jonas Xavier	523f5ce9c0	Consume attestation files (#706 ) * add key flag to attest validation Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * mvp: verify sig and extract sbom Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip read attestation without scheme Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * mvp consuming attestations - needs unit tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove prototype file Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * drop local syft from go.mod Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix order of sbom parsing strategies Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * handle implicit attestation input Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add test for invalid attestation key Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * rebase and go-mod-tidy Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * consume attestation via stdin Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * attestation test for stdin Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * validate input and content for attestation Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add stdin test Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix config tags Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add int test to ignore attestation validation Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix cycloneDX attestation fixture Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add tampered att test Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add tampered predicate type test Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * improve docs/help on atttestation Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * upgrade to latest syft Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fall through when guessing between sbom and att Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix butter finger rebase Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * drop default key value Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * assert error messages Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * better test/cli coverage Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix stdin decode test Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix goimports Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * tui - verified attestation and feedback changes Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * better naming Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add attestation section to config file Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * emit event for skipped verification Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * use public key name Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * nit Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>	2022-04-21 11:52:42 -07:00
Christopher Angelo Phillips	95f68b4c33	Add java.Matcher configuration to includes maven upstream sha1 query (#714 )	2022-04-13 13:01:22 -04:00
briankoe741	67eacff3e2	Remove announcement for OSS Meetup (#691 ) Proposing changes to remove our 3/23 meetup Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2022-03-25 00:12:07 +00:00
Jonas Xavier	7555342be0	add podman to readme and examples (#677 ) Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-03-17 12:31:01 -07:00
Keith Zantow	a605d55ec0	Update register link text (#668 )	2022-03-15 16:57:26 +00:00
Alex Goodman	cc8e7836f3	Add platform selection (#666 )	2022-03-15 13:13:05 +00:00
briankoe741	8614a67ac5	Add announcement for Anchore OSS Meetup (#665 )	2022-03-14 17:35:04 -04:00
Keith Zantow	fc8e13f5b8	Support for SBOMs with incomplete linux distribution or CPE information (#606 )	2022-03-03 16:31:46 -05:00
Fabrice Jammes	cfc4f8b6f1	Add clarifying message to install command (#608 ) Signed-off-by: Dan Luhring <dan+github@luhrings.com> Co-authored-by: Dan Luhring <dan+github@luhrings.com>	2022-02-25 21:19:42 +00:00
Dan Nurmi	0ce1c43d40	Add list of public data feeds that are sourced when populating grype's vulnerability database (#618 )	2022-02-01 02:32:34 +00:00
Sambhav Kothari	346df07df5	Add sprig templating functions for grype output (#610 ) Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net>	2022-01-28 11:27:27 -05:00
Alex Goodman	c88ee0e8f5	add expose minimal search configuration (#579 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-01-09 06:14:57 -05:00
Christopher Angelo Phillips	9f44aa89b0	Add basic vulnerability summary documentation (#574 ) * add basic vulnerability summary to README Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>	2022-01-04 09:45:37 -05:00
Richard Mayes	75bb4ce9e3	fix(docs): fix issue with template command example (#540 ) Signed-off-by: Richard Mayes <richard.mayes@watchfinder.co.uk> Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-12-22 16:25:52 -05:00
Keith Zantow	647d6fb770	Add --exclude flag (#551 )	2021-12-21 12:52:07 -05:00
Dan Luhring	4bb841e97d	Add section for community meetings (#521 ) Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2021-12-06 12:18:30 -05:00
Alex Goodman	86b7d165e2	Add db list command (#506 ) * add db list command Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add stderr print helper Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update docs to with details about listing files and DB curation Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-12-03 16:43:50 +00:00
Dan Luhring	2867dc0118	Remove webinar announcement (#513 ) Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2021-12-01 19:05:14 +00:00
Dan Luhring	1e35cbf20b	Announce meetup on 2021-12-01 (#505 ) Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2021-11-22 10:13:55 -05:00

1 2

91 commits