Commit graph

2124 commits

Author SHA1 Message Date
dependabot[bot]
d7e58964ef
chore(deps): bump actions/cache from 4.0.0 to 4.0.1 (#2685)
Bumps [actions/cache](https://github.com/actions/cache) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](13aacd865c...ab5e6d0c87)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-01 13:50:49 -05:00
dependabot[bot]
59d54d6154
chore(deps): bump github/codeql-action from 3.24.5 to 3.24.6 (#2686)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.5 to 3.24.6.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](47b3d888fe...8a470fddaf)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-01 13:50:34 -05:00
Christopher Angelo Phillips
4d0dd02d5a
chore: update stereoscope (#2683)
* chore: update stereoscope to account for traversal bug fix

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-02-29 13:32:18 -05:00
Harm Weites
356f7c92b4
fix: match OpenSSL letter releases (#2682)
* chore: match openssl 1.1 letter releases

Signed-off-by: Harm Weites <harm@weites.com>

* chore: include image sha

Signed-off-by: Harm Weites <harm@weites.com>

---------

Signed-off-by: Harm Weites <harm@weites.com>
2024-02-29 14:39:23 +00:00
Alex Goodman
6377465440
Mark duplicated rows in table output (#2679)
* mark duplicated rows in table output

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix unit test

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-29 09:33:00 -05:00
William Murphy
3ad91f2678
fix: trim path from deps.json in portable way (#2674)
* fix: trim path from deps.json in portable way

Previously, the path trimming regex would leave leading path separator
in place on Windows.

Probably a better long term fix is to a library path operation.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
2024-02-29 09:31:55 -05:00
anchore-actions-token-generator[bot]
5ef83fdc79
chore(deps): update tools to latest versions (#2680)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-02-29 09:27:37 -05:00
Alex Goodman
06ff1a353a
enforce breaking change bump major version (#2635)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-28 15:48:20 -05:00
Keith Zantow
326ec57d4a
docs: fix incorrect flag name in readme (#2677) 2024-02-28 15:39:43 -05:00
Alex Goodman
48e5672a87
Consider filesystem types for mount points when ignoring system paths (#2675)
* consider fs types for mount points when ignoring system paths

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* address feedback

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-28 15:37:17 -05:00
William Murphy
63171b55dd
fix: stop emitting bus events on go mod events (#2673)
Previously, the TUI would hang when scanning directories with lots of go
packages, possibly because this path was spamming the TUI with too
many events. Since checking on a particular go module is fast, don't
show TUI events for each one.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
2024-02-28 14:14:46 -05:00
dependabot[bot]
acc473fc30
chore(deps): bump peter-evans/create-pull-request from 6.0.0 to 6.0.1 (#2676)
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](b1ddad2c99...a4f52f8033)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-28 09:31:29 -05:00
Keith Zantow
a978966cad
feat: add --from flag, refactor source providers (#2610)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-02-27 16:44:37 -05:00
dependabot[bot]
928511ea0f
chore(deps): bump modernc.org/sqlite from 1.29.1 to 1.29.2 (#2671) 2024-02-26 10:57:06 -05:00
dependabot[bot]
33b72ccbf8
chore(deps): bump github/codeql-action from 3.24.4 to 3.24.5 (#2666) 2024-02-23 14:10:26 +00:00
Keith Zantow
2995c3c4fd
fix: SPDX tag value version selector (#2665)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-02-23 08:22:10 -05:00
Stefan Hacker
170ac079d4
fix(install): return appropriate error codes (#2664)
Signed-off-by: Stefan Hacker <mail@hacst.net>
2024-02-22 19:34:51 -05:00
Keith Zantow
108a5dae9b
chore: update busybox image for acceptance tests (#2663)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-02-22 15:32:17 -05:00
dependabot[bot]
cdf1e0bacb
chore(deps): bump github/codeql-action from 3.24.3 to 3.24.4 (#2662) 2024-02-22 16:50:53 +00:00
Alex Goodman
0c3b8ca4ed
rename binary classifier cataloger name (#2643)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-20 13:52:11 -05:00
Alex Goodman
434b6ad506
add cataloger selection example (#2646)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-20 11:44:42 -05:00
anchore-actions-token-generator[bot]
3598cb4f8f
chore(deps): update tools to latest versions (#2651)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-02-20 11:39:54 -05:00
anchore-actions-token-generator[bot]
8260bce057
chore(deps): update stereoscope to 6171ee21e1d584f6bde910f354d126c9cd70deaa (#2655) 2024-02-17 10:22:56 -05:00
dependabot[bot]
578ac9cf2d
chore(deps): bump github/codeql-action from 3.24.1 to 3.24.3 (#2649)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.1 to 3.24.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](e675ced7a7...379614612a)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-15 09:13:29 -05:00
Alex Goodman
a1b23bd57d
add syft version used to SBOM tool info by default (#2647)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-14 16:57:31 -05:00
Alex Goodman
65cadda486
Survive indexing dead symlinks (#2645)
* survive indexing branches that start with a bad symlink

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add log statement

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-14 21:06:22 +00:00
Alex Goodman
a909e3cec9
fix considering base path when ignoring known bad unix paths (#2644)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-14 15:57:38 -05:00
Alex Goodman
8e62ff9831
test for field conventions in json schema (#2642)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-14 11:11:53 -05:00
Alexandr Hacicheant
96ee2db875
feat: Add Wordpress cataloger (#2218)
* Closes #1911 Wordpress cataloger

Signed-off-by: disc <a.hacicheant@gmail.com>

* Fixed a few unit tests and static analizer notices

Signed-off-by: disc <a.hacicheant@gmail.com>

* Updated `README.md`

Signed-off-by: disc <a.hacicheant@gmail.com>

* Fixed `golangci-lint` notices
Added integration test for `wordpress-plugin`

Signed-off-by: disc <a.hacicheant@gmail.com>

* Fixed `gosimports` notices

Signed-off-by: disc <a.hacicheant@gmail.com>

* Updated `json schema` version

Signed-off-by: disc <a.hacicheant@gmail.com>

* Fixed CLI tests, increased expected package count

Signed-off-by: disc <a.hacicheant@gmail.com>

* Read first 4Kb of a plugins file's content

Signed-off-by: disc <a.hacicheant@gmail.com>

* replace JSON schema version

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* change wording on source info for wordpress packages

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* Minor changes after a huge refactoring

Signed-off-by: disc <a.hacicheant@gmail.com>

* Removed unused files

Signed-off-by: disc <a.hacicheant@gmail.com>

* Updated schema

Signed-off-by: disc <a.hacicheant@gmail.com>

* Fixed integration tests

Signed-off-by: disc <a.hacicheant@gmail.com>

* fix integration tests

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* Renamed `metadata.Name` to `metadata.PluginInstallDirectory`

Signed-off-by: disc <a.hacicheant@gmail.com>

* rename fields to be compliant with json conventions

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: disc <a.hacicheant@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-14 16:03:25 +00:00
Alex Goodman
98b700e83c
rename binary cataloger to be more unique (#2633)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-14 11:01:55 -05:00
Christopher Angelo Phillips
9803db2949
fix: update runner size to use larger HD for codeql (#2641)
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-02-14 10:31:05 -05:00
anchore-actions-token-generator[bot]
17ef243956
chore(deps): update tools to latest versions (#2616)
* chore(deps): update tools to latest versions

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* fix: update to new linter rules

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

---------

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-02-14 14:59:49 +00:00
dependabot[bot]
3ac7369068
chore(deps): bump github/codeql-action from 3.24.0 to 3.24.1 (#2638)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.0 to 3.24.1.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](e8893c57a1...e675ced7a7)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-14 09:21:21 -05:00
dependabot[bot]
4d4efa4963
chore(deps): bump dawidd6/action-homebrew-bump-formula (#2639)
Bumps [dawidd6/action-homebrew-bump-formula](https://github.com/dawidd6/action-homebrew-bump-formula) from 3.10.1 to 3.11.0.
- [Release notes](https://github.com/dawidd6/action-homebrew-bump-formula/releases)
- [Commits](75ed025ff3...baf2b60c51)

---
updated-dependencies:
- dependency-name: dawidd6/action-homebrew-bump-formula
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-14 09:21:05 -05:00
dependabot[bot]
a7da2270c7
chore(deps): bump modernc.org/sqlite from 1.29.0 to 1.29.1 (#2640)
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.29.0 to 1.29.1.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.29.0...v1.29.1)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-14 09:20:54 -05:00
Keith Zantow
6288530835
fix: add BOMRef to CycloneDX OS Component (#2634) 2024-02-14 08:18:16 -05:00
dependabot[bot]
25d3c06962
chore(deps): bump github.com/saferwall/pe from 1.5.0 to 1.5.2 (#2629)
Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe) from 1.5.0 to 1.5.2.
- [Release notes](https://github.com/saferwall/pe/releases)
- [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md)
- [Commits](https://github.com/saferwall/pe/compare/v1.5.0...v1.5.2)

---
updated-dependencies:
- dependency-name: github.com/saferwall/pe
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-13 11:23:35 -05:00
dependabot[bot]
79b71be0ee
chore(deps): bump modernc.org/sqlite from 1.28.0 to 1.29.0 (#2630)
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.28.0 to 1.29.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.28.0...v1.29.0)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-13 11:23:22 -05:00
Alex Goodman
25ae7bf55f
fix getting union reader for sif images (#2631)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-13 15:12:31 +00:00
dependabot[bot]
e72dec8e9e
chore(deps): bump golang.org/x/net from 0.20.0 to 0.21.0 (#2607)
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.20.0 to 0.21.0.
- [Commits](https://github.com/golang/net/compare/v0.20.0...v0.21.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-12 14:31:44 -05:00
dependabot[bot]
3398e72066
chore(deps): bump github.com/saferwall/pe from 1.4.8 to 1.5.0 (#2625)
Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe) from 1.4.8 to 1.5.0.
- [Release notes](https://github.com/saferwall/pe/releases)
- [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md)
- [Commits](https://github.com/saferwall/pe/compare/v1.4.8...v1.5.0)

---
updated-dependencies:
- dependency-name: github.com/saferwall/pe
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-12 14:31:31 -05:00
Keith Zantow
d26a5c4d30
fix: ensure version output to stdout (#2621) 2024-02-09 20:59:25 +00:00
Alex Goodman
84576b93e1
Guess go main module version based on binary contents (#2608)
* guess go main module version based on binary contents

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add configuration options for golang main module version heuristics

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix test setup for go bin cataloger

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix unit test

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix incorrect test assert ordering

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* handle error from seek

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-09 19:52:42 +00:00
anchore-actions-token-generator[bot]
737c4e44c5
chore(deps): update stereoscope to 681f6715b0e35686d6e6f40bce109176de1ee274 (#2617)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-02-09 14:06:28 -05:00
Alex Goodman
7444a9f976
fix readme around templating options (#2612)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-09 13:44:41 -05:00
Alex Goodman
8683cba081
suppress executable parsing issues (#2614)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-09 17:13:58 +00:00
Christopher Angelo Phillips
c0f43e5e2d
chore: update license list, cpe dictionary (#2620)
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-02-09 11:31:42 -05:00
anchore-actions-token-generator[bot]
397cf210de
chore(deps): update tools to latest versions (#2606)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-02-08 10:39:18 -05:00
Christopher Angelo Phillips
bd0cb916df
fix: incorrect conversion between integer types (#2605)
* chore: match strconv.ParseInt to file mode type

if a string is parsed into an int using strconv.Atoi,
and subsequently that int is converted into another integer type of a smaller size,
the result can produce unexpected values.
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-02-07 20:41:00 +00:00
dependabot[bot]
da31eed637
chore(deps): bump golang.org/x/mod from 0.14.0 to 0.15.0 (#2602)
Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.14.0 to 0.15.0.
- [Commits](https://github.com/golang/mod/compare/v0.14.0...v0.15.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-07 11:31:49 -05:00