Alex Goodman
06ff1a353a
enforce breaking change bump major version ( #2635 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-28 15:48:20 -05:00
Keith Zantow
326ec57d4a
docs: fix incorrect flag name in readme ( #2677 )
2024-02-28 15:39:43 -05:00
Alex Goodman
48e5672a87
Consider filesystem types for mount points when ignoring system paths ( #2675 )
...
* consider fs types for mount points when ignoring system paths
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* address feedback
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-28 15:37:17 -05:00
William Murphy
63171b55dd
fix: stop emitting bus events on go mod events ( #2673 )
...
Previously, the TUI would hang when scanning directories with lots of go
packages, possibly because this path was spamming the TUI with too
many events. Since checking on a particular go module is fast, don't
show TUI events for each one.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2024-02-28 14:14:46 -05:00
dependabot[bot]
acc473fc30
chore(deps): bump peter-evans/create-pull-request from 6.0.0 to 6.0.1 ( #2676 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](b1ddad2c99...a4f52f8033
2024-02-28 09:31:29 -05:00
Keith Zantow
a978966cad
feat: add --from flag, refactor source providers ( #2610 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-02-27 16:44:37 -05:00
dependabot[bot]
928511ea0f
chore(deps): bump modernc.org/sqlite from 1.29.1 to 1.29.2 ( #2671 )
2024-02-26 10:57:06 -05:00
dependabot[bot]
33b72ccbf8
chore(deps): bump github/codeql-action from 3.24.4 to 3.24.5 ( #2666 )
2024-02-23 14:10:26 +00:00
Keith Zantow
2995c3c4fd
fix: SPDX tag value version selector ( #2665 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-02-23 08:22:10 -05:00
Stefan Hacker
170ac079d4
fix(install): return appropriate error codes ( #2664 )
...
Signed-off-by: Stefan Hacker <mail@hacst.net>
2024-02-22 19:34:51 -05:00
Keith Zantow
108a5dae9b
chore: update busybox image for acceptance tests ( #2663 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-02-22 15:32:17 -05:00
dependabot[bot]
cdf1e0bacb
chore(deps): bump github/codeql-action from 3.24.3 to 3.24.4 ( #2662 )
2024-02-22 16:50:53 +00:00
Alex Goodman
0c3b8ca4ed
rename binary classifier cataloger name ( #2643 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-20 13:52:11 -05:00
Alex Goodman
434b6ad506
add cataloger selection example ( #2646 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-20 11:44:42 -05:00
anchore-actions-token-generator[bot]
3598cb4f8f
chore(deps): update tools to latest versions ( #2651 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-02-20 11:39:54 -05:00
anchore-actions-token-generator[bot]
8260bce057
chore(deps): update stereoscope to 6171ee21e1d584f6bde910f354d126c9cd70deaa ( #2655 )
2024-02-17 10:22:56 -05:00
dependabot[bot]
578ac9cf2d
chore(deps): bump github/codeql-action from 3.24.1 to 3.24.3 ( #2649 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.1 to 3.24.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](e675ced7a7...379614612a
2024-02-15 09:13:29 -05:00
Alex Goodman
a1b23bd57d
add syft version used to SBOM tool info by default ( #2647 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-14 16:57:31 -05:00
Alex Goodman
65cadda486
Survive indexing dead symlinks ( #2645 )
...
* survive indexing branches that start with a bad symlink
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add log statement
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-14 21:06:22 +00:00
Alex Goodman
a909e3cec9
fix considering base path when ignoring known bad unix paths ( #2644 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-14 15:57:38 -05:00
Alex Goodman
8e62ff9831
test for field conventions in json schema ( #2642 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-14 11:11:53 -05:00
Alexandr Hacicheant
96ee2db875
feat: Add Wordpress cataloger ( #2218 )
...
* Closes #1911 Wordpress cataloger
Signed-off-by: disc <a.hacicheant@gmail.com>
* Fixed a few unit tests and static analizer notices
Signed-off-by: disc <a.hacicheant@gmail.com>
* Updated `README.md`
Signed-off-by: disc <a.hacicheant@gmail.com>
* Fixed `golangci-lint` notices
Added integration test for `wordpress-plugin`
Signed-off-by: disc <a.hacicheant@gmail.com>
* Fixed `gosimports` notices
Signed-off-by: disc <a.hacicheant@gmail.com>
* Updated `json schema` version
Signed-off-by: disc <a.hacicheant@gmail.com>
* Fixed CLI tests, increased expected package count
Signed-off-by: disc <a.hacicheant@gmail.com>
* Read first 4Kb of a plugins file's content
Signed-off-by: disc <a.hacicheant@gmail.com>
* replace JSON schema version
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* change wording on source info for wordpress packages
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* Minor changes after a huge refactoring
Signed-off-by: disc <a.hacicheant@gmail.com>
* Removed unused files
Signed-off-by: disc <a.hacicheant@gmail.com>
* Updated schema
Signed-off-by: disc <a.hacicheant@gmail.com>
* Fixed integration tests
Signed-off-by: disc <a.hacicheant@gmail.com>
* fix integration tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* Renamed `metadata.Name` to `metadata.PluginInstallDirectory`
Signed-off-by: disc <a.hacicheant@gmail.com>
* rename fields to be compliant with json conventions
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: disc <a.hacicheant@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-14 16:03:25 +00:00
Alex Goodman
98b700e83c
rename binary cataloger to be more unique ( #2633 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-14 11:01:55 -05:00
Christopher Angelo Phillips
9803db2949
fix: update runner size to use larger HD for codeql ( #2641 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-02-14 10:31:05 -05:00
anchore-actions-token-generator[bot]
17ef243956
chore(deps): update tools to latest versions ( #2616 )
...
* chore(deps): update tools to latest versions
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* fix: update to new linter rules
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-02-14 14:59:49 +00:00
dependabot[bot]
3ac7369068
chore(deps): bump github/codeql-action from 3.24.0 to 3.24.1 ( #2638 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.0 to 3.24.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](e8893c57a1...e675ced7a7
2024-02-14 09:21:21 -05:00
dependabot[bot]
4d4efa4963
chore(deps): bump dawidd6/action-homebrew-bump-formula ( #2639 )
...
Bumps [dawidd6/action-homebrew-bump-formula](https://github.com/dawidd6/action-homebrew-bump-formula ) from 3.10.1 to 3.11.0.
- [Release notes](https://github.com/dawidd6/action-homebrew-bump-formula/releases )
- [Commits](75ed025ff3...baf2b60c51
2024-02-14 09:21:05 -05:00
dependabot[bot]
a7da2270c7
chore(deps): bump modernc.org/sqlite from 1.29.0 to 1.29.1 ( #2640 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.29.0 to 1.29.1.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.29.0...v1.29.1 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-14 09:20:54 -05:00
Keith Zantow
6288530835
fix: add BOMRef to CycloneDX OS Component ( #2634 )
2024-02-14 08:18:16 -05:00
dependabot[bot]
25d3c06962
chore(deps): bump github.com/saferwall/pe from 1.5.0 to 1.5.2 ( #2629 )
...
Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe ) from 1.5.0 to 1.5.2.
- [Release notes](https://github.com/saferwall/pe/releases )
- [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md )
- [Commits](https://github.com/saferwall/pe/compare/v1.5.0...v1.5.2 )
---
updated-dependencies:
- dependency-name: github.com/saferwall/pe
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-13 11:23:35 -05:00
dependabot[bot]
79b71be0ee
chore(deps): bump modernc.org/sqlite from 1.28.0 to 1.29.0 ( #2630 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.28.0 to 1.29.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.28.0...v1.29.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-13 11:23:22 -05:00
Alex Goodman
25ae7bf55f
fix getting union reader for sif images ( #2631 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-13 15:12:31 +00:00
dependabot[bot]
e72dec8e9e
chore(deps): bump golang.org/x/net from 0.20.0 to 0.21.0 ( #2607 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.20.0 to 0.21.0.
- [Commits](https://github.com/golang/net/compare/v0.20.0...v0.21.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-12 14:31:44 -05:00
dependabot[bot]
3398e72066
chore(deps): bump github.com/saferwall/pe from 1.4.8 to 1.5.0 ( #2625 )
...
Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe ) from 1.4.8 to 1.5.0.
- [Release notes](https://github.com/saferwall/pe/releases )
- [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md )
- [Commits](https://github.com/saferwall/pe/compare/v1.4.8...v1.5.0 )
---
updated-dependencies:
- dependency-name: github.com/saferwall/pe
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-12 14:31:31 -05:00
Keith Zantow
d26a5c4d30
fix: ensure version output to stdout ( #2621 )
2024-02-09 20:59:25 +00:00
Alex Goodman
84576b93e1
Guess go main module version based on binary contents ( #2608 )
...
* guess go main module version based on binary contents
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add configuration options for golang main module version heuristics
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix test setup for go bin cataloger
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix unit test
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix incorrect test assert ordering
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* handle error from seek
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-09 19:52:42 +00:00
anchore-actions-token-generator[bot]
737c4e44c5
chore(deps): update stereoscope to 681f6715b0e35686d6e6f40bce109176de1ee274 ( #2617 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-02-09 14:06:28 -05:00
Alex Goodman
7444a9f976
fix readme around templating options ( #2612 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-09 13:44:41 -05:00
Alex Goodman
8683cba081
suppress executable parsing issues ( #2614 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-09 17:13:58 +00:00
Christopher Angelo Phillips
c0f43e5e2d
chore: update license list, cpe dictionary ( #2620 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-02-09 11:31:42 -05:00
anchore-actions-token-generator[bot]
397cf210de
chore(deps): update tools to latest versions ( #2606 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-02-08 10:39:18 -05:00
Christopher Angelo Phillips
bd0cb916df
fix: incorrect conversion between integer types ( #2605 )
...
* chore: match strconv.ParseInt to file mode type
if a string is parsed into an int using strconv.Atoi,
and subsequently that int is converted into another integer type of a smaller size,
the result can produce unexpected values.
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-02-07 20:41:00 +00:00
dependabot[bot]
da31eed637
chore(deps): bump golang.org/x/mod from 0.14.0 to 0.15.0 ( #2602 )
...
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.14.0 to 0.15.0.
- [Commits](https://github.com/golang/mod/compare/v0.14.0...v0.15.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-07 11:31:49 -05:00
dependabot[bot]
704155eb22
chore(deps): bump github.com/docker/docker ( #2601 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 25.0.2+incompatible to 25.0.3+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v25.0.2...v25.0.3 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-07 11:31:41 -05:00
William Murphy
ce67927a98
Fix: unmarshal key values in Java, Go, and Conan metadata ( #2603 )
...
Previously, Syft represented several metadata fields as map[string]string,
however this representation erased ordering, so Syft now represents these values
as []KeyValue. Add custom unmarshaling so that JSON that was written by
older versions of Syft using the map[string]string representation can be parsed
into the new []KeyValue representation.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2024-02-07 11:26:23 -05:00
Weston Steimel
bbd34f61fd
fix(dotnet): prefer portable executable product version when semantically greater than file version ( #2600 )
...
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2024-02-07 13:28:37 +00:00
Alex Goodman
c61f59e7b7
Finalize Conan v2 support ( #2587 )
...
* Add support for conan lock v2 (#2461 )
* conan lock 2.x requires field support
Signed-off-by: houdini91 <mdstrauss91@gmail.com>
* PR review, struct renaming
Signed-off-by: houdini91 <mdstrauss91@gmail.com>
---------
Signed-off-by: houdini91 <mdstrauss91@gmail.com>
* decompose conanlock parser + add tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: houdini91 <mdstrauss91@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: mikey strauss <mdstrauss91@gmail.com>
2024-02-07 08:24:02 -05:00
anchore-actions-token-generator[bot]
00d6269e3c
chore(deps): update tools to latest versions ( #2595 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-02-06 10:48:01 -05:00
dependabot[bot]
0bc5971085
chore(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 ( #2597 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.0 to 4.3.1.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](26f96dfa69...5d5d22a312
2024-02-06 10:44:51 -05:00
anchore-actions-token-generator[bot]
91d7a8a992
chore(deps): update stereoscope to bfa15e446f061bda7f68305d2d6240b053f17e0c ( #2589 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-02-05 10:27:12 -05:00
