Mirrors/grype
2
0
Fork 0
mirror of https://github.com/anchore/grype synced 2024-11-12 23:37:06 +00:00
Code Issues Projects Releases Packages Wiki Activity
756 commits 36 branches 157 tags 14 MiB
Commit graph

756 commits

This branch
This branch
All branches
Author SHA1 Message Date
Weston Steimel
ef82b33465
chore: bump yardstick to latest commit (#1027) 2022-12-07 20:14:45 -05:00
anchore-actions-token-generator[bot]
0a2a7b7cbb
Update Syft to v0.62.3 (#1026) 
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
 2022-12-07 18:30:38 -05:00
Christopher Angelo Phillips
cdb8f3fa45
chore: change CVE example to official sample (#1028) 
CVE-2017-41432 is not a valid ID but in theory could be one day. Changed it to CVE-2014-54321 which is one of a number sample IDs used during the Syntax change in 2013/2014. References: cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-54321 cve.mitre.org/data/board/archives/2013-04/msg00000.html

Co-authored-by: Jericho <3095424+attritionorg@users.noreply.github.com>
 2022-12-06 13:03:40 -05:00
Keith Zantow
36c4604383
fix: Table format sorting (#1023) 2022-11-30 18:05:08 +00:00
Christopher Angelo Phillips
1b33a59342
fix: update architecture release for to ppc64le (#1021) 2022-11-29 17:44:59 -05:00
anchore-actions-token-generator[bot]
dd8015e7a5
Update grype bootstrap tools to latest versions. (#1017) 
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
 2022-11-29 10:09:08 -05:00
anchore-actions-token-generator[bot]
6bdb3b50c4
Update Syft to v0.62.2 (#1018) 
Signed-off-by: GitHub <noreply@github.com>
 2022-11-29 08:40:34 +00:00
Weston Steimel
3183c0b58b
chore: update quality gate with latest label data (#1016) 
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
 2022-11-25 18:59:20 +00:00
Weston Steimel
788ca5cf75
chore: update digest for test fixture dockerfile (#1015) 
* chore: update digest for test fixture dockerfile

The previous digest was specifically for i386.  The updated digest should use the manifest to determine the correct platform to use based on the client.

Signed-off-by: Weston Steimel <weston.steimel@anchore.com>

* chore: add digesst on archlinux test fixture image

Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
 2022-11-25 15:42:43 +00:00
Christopher Angelo Phillips
ac8f769179
test: remove presenter tests reliance on docker from unit suite (#1013) 2022-11-23 21:46:41 +00:00
Keith Zantow
26609a8087
fix: swapped base container images (#1011) 2022-11-22 09:49:36 -05:00
Christopher Angelo Phillips
26438862df
chore: update default packages to read (#1007) 2022-11-21 13:07:42 -05:00
anchore-actions-token-generator[bot]
826726d553
Update Syft to v0.62.1 (#1006) 2022-11-21 11:11:25 -05:00
anchore-actions-token-generator[bot]
426c60ba74
Update grype bootstrap tools to latest versions. (#1004) 
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
 2022-11-21 09:57:27 -05:00
Christopher Angelo Phillips
d5c93aa00f
scoped: token release for content write on image assets (#1002) 2022-11-18 22:32:49 +00:00
Christopher Angelo Phillips
a4a62aab4b
chore: bump syft version v0.62.0 (#1000) 2022-11-18 15:03:15 -05:00
Weston Steimel
b3e65b38c2
feat: vulnerability namespacing support for rolling distros (#997) 
Adds support for building the correct vulnerability namespaces for rolling distros.  This
will allow matching against distro-specific feeds once a namespace is populated within the grype
database.

Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
 2022-11-17 15:02:14 +00:00
Weston Steimel
62bc369452
chore: bump quality gate images and label data (#995) 
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
 2022-11-15 10:26:03 -05:00
Weston Steimel
ef1934a5c1
feat: add strong distro type for wolfi (#996) 2022-11-15 10:25:46 -05:00
Christopher Angelo Phillips
3e0af43383
chore: pin dependencies (#994) 2022-11-14 21:23:42 +00:00
Christopher Angelo Phillips
e1d3302b9a
chore: code-ql top level read check (#993) 2022-11-14 14:30:52 -05:00
Joyce
7c73e65a2b
Add SECURITY.md (#989) 2022-11-14 16:08:01 +00:00
Christopher Angelo Phillips
02fe5e9c76
chore: update codeql to pinned v2 with correct write permissions 2022-11-14 15:39:45 +00:00
Joyce
8f28a6ea96
Update token permissions to be read-only (#988) 
Closes https://github.com/anchore/grype/issues/984
 2022-11-14 08:10:09 -05:00
Joyce
2cd2ef5340
Enable the Scorecard Github Action and badge (#929) 2022-11-03 14:24:20 -04:00
Christopher Angelo Phillips
c8ddd7e218
chore: update syft to v0.60.3 (#978) 2022-11-03 16:19:03 +00:00
Weston Steimel
e33b1203a1
feat: consider well-known false-positive generating CPE target SW components in match filtering logic (#961) 
Enhances the CPE target software component match filtering logic to consider ecosystems which aren't currently supported by
syft cataloging but are well-known sources of false-positives. This currently adds support for filtering various
permutations of `wordpress`, `joomla`, and `drupal`

Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
 2022-11-02 20:21:14 +00:00
Weston Steimel
a2ab617cef
chore: grype quality pipeline latest label updates and images (#976) 
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
 2022-11-01 21:20:49 +00:00
vimalpatel19
0c4a372910
Implemented new CLI flag: --show-suppressed (#966) 2022-11-01 14:02:26 -04:00
Christopher Angelo Phillips
142ebb9a60
fix: update case for alpine:edge correct vuln feed (#965) 2022-10-28 13:33:55 -04:00
Keith Zantow
2078fcdb0a
PURL input results in incorrect artifact in JSON output (#968) 2022-10-26 15:10:05 -04:00
anchore-actions-token-generator[bot]
b05f37f66c
Update grype bootstrap tools to latest versions. (#956) 
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
 2022-10-24 10:25:24 -04:00
Weston Steimel
4cda526992
implement v5 db schema to support improved matching between rpm appstream modules (#944) 
Adds support for a `package_qualifiers` column to allow evaluating package matches to vulnerabilities based on more than just version constraints. Currently adds an rpm-modularity qualifier in order to support matching to correct app stream module in order to reduce false positives within rpm-based distro ecosystems. In order to prevent an increase in false positive matches for previous versions of grype using the v4 schema, this change (along with the vulnerability source driver parser updates) requires bumping the schema to v5.

Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
 2022-10-18 00:34:47 +01:00
anchore-actions-token-generator[bot]
b62ad702b9
Update Syft to v0.59.0 (#957) 2022-10-17 16:07:39 -04:00
Weston Steimel
cd634961e6
expand quality gate image set to include rpm appstreams-related images (#952) 
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
 2022-10-10 17:10:10 +01:00
anchore-actions-token-generator[bot]
90ac37d00d
Update grype bootstrap tools to latest versions. (#947) 
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
 2022-10-06 11:08:55 -04:00
Weston Steimel
539e64204a
chore: add more quality gate images (#950) 
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
 2022-10-06 15:01:49 +01:00
Alex Goodman
d4587ddeec
Add in-depth quality gate checks (#949) 
* add in-depth quality gate checks

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add quality tests to PR checks

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2022-10-05 16:26:26 -04:00
anchore-actions-token-generator[bot]
7ad60ce410
Update Syft to v0.58.0 (#941) 
* Update Syft to v0.58.0

Signed-off-by: GitHub <noreply@github.com>

* fix conan metadata related unit test failures

Signed-off-by: Weston Steimel <weston.steimel@anchore.com>

Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
Co-authored-by: Weston Steimel <weston.steimel@anchore.com>
 2022-10-05 11:26:16 +01:00
anchore-actions-token-generator[bot]
a4eb7ac2ce
Update grype bootstrap tools to latest versions. (#945) 
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
 2022-10-04 10:12:33 -04:00
anchore-actions-token-generator[bot]
047e662c11
Update grype bootstrap tools to latest versions. (#935) 
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
 2022-09-26 10:39:44 -04:00
anchore-actions-token-generator[bot]
f094b860b9
Update Syft to v0.57.0 (#930) 
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
 2022-09-20 09:35:37 +01:00
Jan Hensel
a678b8d134
Correct falsely copied app-name 'syft' in example (#922) 2022-09-19 12:19:49 -04:00
dependabot[bot]
e63910b2c5
Bump github.com/sigstore/cosign from 1.11.1 to 1.12.0 (#927) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-19 11:46:11 -04:00
anchore-actions-token-generator[bot]
345d8494fd
Update grype bootstrap tools to latest versions. (#925) 
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
 2022-09-19 10:48:51 -04:00
anchore-actions-token-generator[bot]
403a535321
Update Syft to v0.56.0 (#919) 
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
 2022-09-13 11:18:13 -04:00
Keith Zantow
ba73ab362a
Add support for scanning RPM files (#917) 2022-09-09 14:56:37 -04:00
Christopher Angelo Phillips
7f09eebdde
remove arch typo - add debug/reg s390x (#915) 2022-09-06 13:58:24 -04:00
Christopher Angelo Phillips
78d87c1e11
grype release message update (#914) 2022-09-06 11:46:59 -04:00
Chapman Pendery
d5b825e40b
feat: extract use cpes in matching logic to be configurable (#911) 2022-09-06 09:55:35 -04:00