Commit graph

202 commits

Author SHA1 Message Date
Alex Goodman
3aaa0e5566
move package purl and cpes (identities) to pkg.Package
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-11-19 11:25:51 -05:00
Alex Goodman
7e270bf76c
restore the checksum file during release
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-11-11 15:11:51 -05:00
Alex Goodman
fde37b4b56
provide goreleaser asset version via env var
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-11-11 14:36:24 -05:00
Dan Luhring
ecfc471ce5
Resolve security warning for macOS users (#249)
* Add support for macOS signing and notarization

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Use Docker to run the changelog generator locally

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
2020-11-04 15:47:55 -05:00
Alex Goodman
0ce8701e73
split python package catalogers by image vs directory
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-10-21 11:48:26 -04:00
Toure Dunnon
27c62e34f2 Add support for package.json #200
Signed-off-by: Toure Dunnon <toure.dunnon@anchore.com>
2020-10-16 11:28:54 -04:00
Alex Goodman
5d0909f31e
add regression test to cover issue #212
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-10-14 07:22:19 -04:00
Alex Goodman
10b44f5311 split catalogers into two sets, one for images another for directory scans
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-10-08 10:23:24 -04:00
Alex Goodman
16b23e7994
add gha pipeline to replace circlei pipeline (#202)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-10-07 12:20:51 -04:00
Alex Goodman
2844b9878f
add release notification
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-09-25 23:21:16 -04:00
Alex Goodman
8b81c87d18
remove unreleased tags and exclude size labels
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-09-25 22:59:19 -04:00
Alex Goodman
9bd9dad76c
remove unrelease changelog option
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-09-25 18:11:02 -04:00
Alex Goodman
6d9f9a9b3b
pin the two tags used for release autochangelog
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-09-25 17:57:51 -04:00
Alex Goodman
50cb5612d0
fix github releaser changelog intake
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-09-25 17:20:27 -04:00
Alex Goodman
080f010746
remove tty requirement from release process
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-09-25 17:07:59 -04:00
Alex Goodman
f4502fc824
Add notifications around the release process (#184)
* add pipeline notification upon release

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add pending notification to release pipeline

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-09-25 16:58:56 -04:00
Alex Goodman
3d91a66536
Add OCI support + use URI schemes for user image input (#178)
* add oci support + update image schemes

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* update docs to reflect OCI image sources + URI scheme change

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* update to oci-dir

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* bump upstream stereoscope pin

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-09-25 10:24:24 -04:00
Alex Goodman
eda0f8c774
add bom descriptor schema + test against xml schemas in pipeline (#163)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-08-27 19:12:45 -04:00
Alex Goodman
d85d0ac418
add changelog generation (#162)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-08-27 08:10:56 -04:00
Alex Goodman
f892289e7c
Add CycloneDX presenter (#157)
* add CycloneDX presenter + BOM Descriptor extension

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add docstrings to cyclonedx presenter

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-08-24 20:43:29 -04:00
Alex Goodman
90bd68e44c
Disable prerelease version update check (#140)
* disable prerelease version update check

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* use prerelease flag as source of truth for user notifications

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-08-11 09:54:04 -04:00
Alex Goodman
2d452bf59e
Add inline-comparison as acceptance test (#130)
* add inline-compare as acceptance test

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add additional RPM metadata

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add comments and doc strings to the compare-* make targets

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-08-10 10:33:44 -04:00
Dan Luhring
70e673204c
Add poetry cataloger (#121)
* Minor cleanup

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Update pkg Type definition to string

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Implement poetry.lock parsing

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Address CI issues

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Integrate Alex's changes

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
2020-08-04 18:22:43 -04:00
Alex Goodman
e2a874a277
finalize json output & add schema (#118) 2020-08-04 16:05:53 -04:00
Alex Goodman
ad1a72c6ff
ignore prerelease verions when uploading version file on release 2020-07-29 14:54:47 -04:00
Alex Goodman
06f8355fce
finalize update check URL 2020-07-27 15:13:41 -04:00
Alex Goodman
d21de64cb3
use mount path for version upload 2020-07-27 09:35:55 -04:00
Alex Goodman
6536f0bb36
upload version check file on release 2020-07-27 09:30:05 -04:00
Alex Goodman
78c3652759
bump bouncer version 2020-07-25 16:55:41 -04:00
Alex Goodman
2502814143
rollup static analysis to make target 2020-07-25 16:40:37 -04:00
Alex Goodman
05c78de9d3
generate java fixtures ahead of tests 2020-07-25 10:06:52 -04:00
Alex Goodman
c9dea59232
verify signing fingerprint 2020-07-25 09:59:48 -04:00
Alex Goodman
1ba0678cf6
provide signed checksums 2020-07-25 08:42:50 -04:00
Alex Goodman
32bd57886e
add publish release 2020-07-25 07:09:20 -04:00
Alex Goodman
14ec30aee1
fix acceptance test compare script & persist 2020-07-24 17:41:22 -04:00
Alex Goodman
0a0bc68e95
show verbose test output to prevent circleci kills 2020-07-23 21:47:11 -04:00
Alex Goodman
a4016d35ce
rename to syft 2020-07-23 20:54:04 -04:00
Alex Goodman
2132700198
add apk/alpine support (#98) 2020-07-23 20:35:57 -04:00
Alex Goodman
5ccd6d5f6a
check for unsupported "go get" chars (#100) 2020-07-23 13:08:31 -04:00
Alex Goodman
ba4f63099d
Add release process (#89)
* add check for app update; fix ETUI error handling

* validate user args

* add goreleaser support

* replace cgo dependencies (go-rpm) with go equivalents

* add acceptance tests against build snapshot

* add brew tap + acceptance test pipeline

* add mac acceptance tests

* fix compare makefile

* fix mac acceptance tests

* add release pipeline with wait checks

* add token to release step

* rm dir presenters int test

* enforce dpkg to be non interactive

Co-authored-by: Alfredo Deza <adeza@anchore.com>

* pin brew formulae

* pin skopeo to formulae url

* only run acceptance tests

Co-authored-by: Alfredo Deza <adeza@anchore.com>
2020-07-23 10:52:44 -04:00
Alex Goodman
9e285fd0e2
use common entry point for integration tests; refactor cmd pkg (#86) 2020-07-17 15:16:33 -04:00
Alfredo Deza
b734623ef0 make: bump test coverage
Signed-off-by: Alfredo Deza <adeza@anchore.com>
2020-07-17 13:32:53 -04:00
Alfredo Deza
b457d4ebd2 tests: drop coverage requirement to 69% for now
Signed-off-by: Alfredo Deza <adeza@anchore.com>
2020-07-15 10:15:58 -04:00
Alex Goodman
e8d11eec69
add license validation (#80) 2020-07-13 13:07:20 -04:00
Alex Goodman
61f51d80bb
Add comparative analysis with anchore-engine (#78)
* add comparative analysis

* remove extra comma from compare script tuple

Co-authored-by: Alfredo Deza <adeza@anchore.com>

Co-authored-by: Alfredo Deza <adeza@anchore.com>
2020-07-13 12:12:00 -04:00
Alex Goodman
3f090f9647
fix java cache key for CI; fix circle docker api version (#79) 2020-07-13 12:11:11 -04:00
Alex Goodman
e55db9247e
add java cataloger 2020-07-08 16:16:01 -04:00
Alex Goodman
1896831c39
add rpmdb support; enhance integration tests 2020-07-06 12:55:11 -04:00
Alex Goodman
d59a19697d
add coverage + makefile improvements 2020-07-06 07:25:18 -04:00
Alex Goodman
2471663d27
sync/fmt linting tasks with stereoscope 2020-05-21 09:37:20 -04:00
Alex Goodman
cb6555491c
add analyzer interface/controller and supporting package/catalog 2020-05-13 10:13:48 -04:00
Alex Goodman
1e5c7bb5c7
initial project structure 2020-05-12 10:45:18 -04:00