Mirrors/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft synced 2024-11-10 06:14:16 +00:00
Code Issues Projects Releases Packages Wiki Activity
1155 commits 73 branches 214 tags 132 MiB
Commit graph

166 commits

Author SHA1 Message Date
Alex Goodman
d7a51a69dd
Update java generic cataloger (#1329) 
* remove centralize pURL generation

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* port java cataloger to new generic cataloger pattern

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* remove common.GenericCataloger

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* update format test fixtures to reflect ID updates

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* fix package sort instability for encode-decode-encode cycles

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2022-11-09 14:55:54 +00:00
Weston Steimel
919c929798
update go-rpmdb to improve parsing of installed files (#1297) 2022-10-30 23:55:17 -04:00
Alex Goodman
d8c659b65b
replace logger interface with anchore/go-logger (#1279) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2022-10-21 15:12:14 +00:00
anchore-actions-token-generator[bot]
5568cc0dd5
Update syft bootstrap tools to latest versions. (#1267) 2022-10-21 09:42:13 -04:00
Arnaud J Le Hors
d3ee24017e
Use in-toto CycloneDX predicate to be compatible with cosign (#1270) 
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
 2022-10-19 09:37:52 -04:00
Keith Zantow
780e1c310c
refactor: Remove experimental Anchore Enterprise upload functionality (#1257) 2022-10-10 16:16:47 -04:00
anchore-actions-token-generator[bot]
d89e320dcd
Update syft bootstrap tools to latest versions. (#1254) 2022-10-07 13:54:42 -04:00
anchore-actions-token-generator[bot]
71187c6416
Update Stereoscope to d24c9d626b33fa720210b007a20767801827b532 (#1253) 
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
 2022-10-06 22:04:49 -04:00
Christopher Angelo Phillips
7d2fe9d95e
feat: add identifiable field to source object (#1243) 2022-10-05 14:01:40 -04:00
Adam Hughes
40d294a89e
feat: attest support for Singularity images (#1201) 2022-10-04 12:34:59 -04:00
anchore-actions-token-generator[bot]
1fa4bab7a7
Update Stereoscope to 1b1b744a919964f38d14e1416fb3f25221b761ce (#1240) 
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
 2022-10-04 10:17:29 +01:00
anchore-actions-token-generator[bot]
911242accc
Update Stereoscope to 56552770e555d764ea72b99d3c810326b27ead4a (#1224) 
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
 2022-09-22 10:44:52 +01:00
anchore-actions-token-generator[bot]
ab6e1c4dc3
Update syft bootstrap tools to latest versions. (#1223) 
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
 2022-09-22 10:41:36 +01:00
anchore-actions-token-generator[bot]
0a1cd25ba5
Update bootstrap tools to latest versions. (#1204) 2022-09-14 15:28:08 -04:00
Keith Zantow
70db13d49e
Add RPM file scanning support (#1188) 2022-09-07 14:16:30 -04:00
Christopher Angelo Phillips
a7966a4d9d
update stereoscope to latest (#1181) 2022-08-29 19:28:19 +00:00
anchore-actions-token-generator[bot]
2c882f6239
Update syft bootstrap tools to latest versions. (#1176) 
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
 2022-08-25 09:14:24 -04:00
anchore-actions-token-generator[bot]
b0fc955e0c
Update syft bootstrap tools to latest versions. (#1171) 
* Update syft bootstrap tools to latest versions.

Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Co-authored-by: Weston Steimel <weston.steimel@anchore.com>
 2022-08-23 20:36:59 +01:00
anchore-actions-token-generator[bot]
1344889766
Update Stereoscope to 84004345484edb881f1cc1d841115da8abda06c3 (#1151) 
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: kzantow <kzantow@users.noreply.github.com>
 2022-08-09 08:59:35 +00:00
anchore-actions-token-generator[bot]
4df84d380d
Update Stereoscope to 1c79d5c84abcc54466417fcc17c844a4875888a1 (#1149) 
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: kzantow <kzantow@users.noreply.github.com>
 2022-08-06 10:52:42 -04:00
Christopher Angelo Phillips
5be7e081f5
retraction for mispublished versions (#1147) 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
 2022-08-06 10:52:21 -04:00
Weston Steimel
fce83321ba
bump cosign to v1.10.1 (#1144) 2022-08-04 19:03:57 +00:00
Keith Zantow
69bde44c6e
Update stereoscope to get rid of the replace directive (#1140) 2022-08-03 12:24:20 -04:00
Christopher Angelo Phillips
042304ee4c
Correct squashfs import and fix incorrect bouncer configuration (#1138) 2022-08-03 09:46:14 -04:00
Adam Hughes
d361d40cfa
Singularity Image Support (#974) 
* docs: add Singularity image support

Add "singularity-image" scheme to CLI documentation and README.

Signed-off-by: Adam Hughes <9903835+tri-adam@users.noreply.github.com>

* upgrade stereoscope + docs

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
 2022-08-02 11:42:46 -04:00
Tom Fay
b4c272885d
Bump go-rustaudit to support rustaudit 0.2.0 (#1127) 2022-08-01 09:20:31 -04:00
Tom Fay
9896ff1b1f
add a cataloger for binaries built with rust-audit (#1116) 
* add a cataloger for binaries built with rust-audit

Signed-off-by: Tom Fay <tomfay@microsoft.com>
 2022-07-28 18:17:38 +00:00
Weston Steimel
b720a3c81c
bump cosign to v1.10.0 (#1114) 
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
 2022-07-22 09:41:38 -04:00
Marco Deicas
ba9adb17eb
Update sigstore/rekor dependency (#1112) 2022-07-21 09:17:16 -04:00
Christopher Angelo Phillips
64b4852c2a
moves go-rpmdb to latest; libc => v1.16.7 (#1098) 2022-07-12 10:30:21 -04:00
cpendery
470b13045b
feat: add support for cocoapods (Swift/Objective-C) (#1081) 2022-07-11 10:09:08 -04:00
anchore-actions-token-generator[bot]
b3a7b912e1
Update Stereoscope to 777471f38c5b2f15c19d6cffe093ce6392d8040c (#1090) 
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
 2022-07-11 09:42:59 -04:00
anchore-actions-token-generator[bot]
c7fa498a1b
Update Stereoscope to cfbd966e5a8d11d73cd17adc8b8ab8468a086f1e (#1089) 
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
 2022-07-07 10:05:55 -04:00
anchore-actions-token-generator[bot]
1e3ffbebb9
Update Stereoscope to 5bd627c0f9ce7facbd63ed1f0cf894d97021aa5e (#1072) 
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
 2022-06-29 10:18:41 -04:00
Jonas Xavier
aed1599c4d
add template output (#1051) 
* add template output

Signed-off-by: Jonas Xavier <jonasx@anchore.com>

* remove dead code

Signed-off-by: Jonas Xavier <jonasx@anchore.com>

* fix template cli flag

Signed-off-by: Jonas Xavier <jonasx@anchore.com>

* implement template's own format type

Signed-off-by: Jonas Xavier <jonasx@anchore.com>

* simpler code

Signed-off-by: Jonas Xavier <jonasx@anchore.com>

* fix readme link to Go template

Signed-off-by: Jonas Xavier <jonasx@anchore.com>

* feedback changes

Signed-off-by: Jonas Xavier <jonasx@anchore.com>

* simpler func signature patter

Signed-off-by: Jonas Xavier <jonasx@anchore.com>

* nit

Signed-off-by: Jonas Xavier <jonasx@anchore.com>

* fix linter error

Signed-off-by: Jonas Xavier <jonasx@anchore.com>
 2022-06-17 14:04:31 -04:00
Christopher Angelo Phillips
03e37044d4
update stereoscope to latest version (#1052) 2022-06-16 14:56:33 -04:00
Morten Linderud
e72d68b0c6
Add pacman (alpm) parser support (#943) 
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
 2022-06-13 18:51:37 +00:00
Weston Steimel
b8d1a46e7e
bump cosign to v1.9.0 to resolve reporting of GHSA-66x3-6cw3-v5gj (#1025) 
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
 2022-06-08 11:51:10 -04:00
Tom Fay
3db3efacdc
Support RPM distros with newer RPM db formats (#1018) 
* Support RPM distros with newer db formats

Recent RPM distros (Fedora 33+, CBL-Mariner 2.0+, amazonlinux 2022+)
use an sqlite package database in /var/lib/rpm/rpmdb.sqlite, or
"ndb" format (SUSE).

Remove anchore's fork in favour of the upstream,
https://github.com/knqyf263/go-rpmdb, to gain support for
these formats.

Signed-off-by: Tom Fay <tomfay@microsoft.com>

* add exception for modernc.org repos

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* shorten rpmdb helper function

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
 2022-05-31 17:25:22 -04:00
Jonas Xavier
0f5a9eed09
bump stereoscope version to include source path fix (#1005) 
* bump stereoscope version to include source path fix

Signed-off-by: Jonas Xavier <jonasx@anchore.com>

* go mod tidy

Signed-off-by: Jonas Xavier <jonasx@anchore.com>
 2022-05-18 13:53:53 -07:00
Weston Steimel
8420612724
bump cosign to v1.8.0 (#1003) 
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
 2022-05-18 17:17:21 +01:00
Jonas Xavier
42f8601919
Fix tests: add timeout to long-running failures, update SPDX license list (#989) 2022-05-09 11:48:44 -04:00
Christopher Angelo Phillips
d2d532f4a8
835 - Keyless Support for SBOM Attestations (#910) 
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
 2022-05-06 18:06:32 -04:00
Christian Kotzbauer
1cea0ecd5c
feat: add initial dotnet-support (#951) 
* feat: add initial dotnet-support

Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>

* fix: add path, sha512 and hashpath

Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>

* fix: add missing dot

Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>

* fix: lint warnings

Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>

* fix CLI test package counts to account for dotnet

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* fix: updated packagurl-go

Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>

* tidy go.sum

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* update json schema

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
 2022-05-05 15:32:02 -04:00
Christopher Angelo Phillips
03d51c36d0
golang.org/x/crypto upgrade (#979) 2022-05-02 21:33:40 +00:00
Christian Köberl
7d8ea39ee5
update to cyclonedx-go 0.5.2 (#971) 2022-04-28 10:42:12 -04:00
Christopher Angelo Phillips
6029dd7c2e
refactor command package to remove globals and add dependency injection 2022-04-26 18:23:03 +00:00
Alex Goodman
748cfbf006
Retry auth URL lookup without docker credentialhelper workaround (#939) 2022-04-06 16:27:13 +00:00
Alex Goodman
f157d7a862
Pull from DockerHub fails for public images when using SSO (#928) 2022-03-30 17:32:49 +00:00
Alex Goodman
cc2c0e57a0
bump strset version to fix 386 builds (#911) 2022-03-23 14:34:54 -04:00