- Remove old apple signing flow in favor of [quill](https://github.com/anchore/quill)
- Update changelog generation to be in sync with syft's flow
- Remove old goreleaser docker workflow in favor of single file
- Remove individual bootstrap options in favor of single bootstrap action
- Update release and validation workflows to use trigger based approach seen in syft
- Update golangci.yaml to be equivalent to syft patterns
- Remove unused Dockerfile.dev
- Remove docker-compose development cycle
- Add organized test-fixture Makefile targets
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* add inline-compare as acceptance tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* improve RPM matching with source indirection matching
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add comments to compare-* make targets
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* clean inline-compare image test names
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* bump syft version to get rpm field enhancements
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* Commit just to share progress, needs to be squashed/fixed-up once working.
Signed-off-by: Zach Hill <zach@anchore.com>
* minor fixes
* add cpe obj
* add cpe matching
* report cpe in search key
* add verbose logging for matches; bump vulnscan-db ver
* add dev profiler option; tweak logging
* test support for CPE URI bindings
addresses https://github.com/anchore/vulnscan/pull/40#discussion_r455389937
* rename nvdv2 to nvd
* reduce scope of cpe matching to non-distro packages
* normalize nil constraint strings
Co-authored-by: Zach Hill <zach@anchore.com>
