Andrew Garner
29c9857857
feat: binary classifiers for Percona Software For MySQL ( #2478 )
...
Signed-off-by: Andrew Garner <garnera@vmware.com>
2024-01-10 16:06:14 +00:00
Laurent Goderre
d1e4ecba42
feat: binary classifier for pypy ( #2474 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-01-10 10:59:25 -05:00
dependabot[bot]
c209d03fe8
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.4.9 to 6.5.2 ( #2476 )
2024-01-10 15:58:09 +00:00
Laurent Goderre
fecfb2f939
fix: support traefik binary from the official Docker image ( #2484 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-01-10 15:57:32 +00:00
Laurent Goderre
e61aac0b53
feat: binary classifier for GCC ( #2479 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-01-10 10:50:38 -05:00
anchore-actions-token-generator[bot]
85cc64f7e3
chore(deps): update tools to latest versions ( #2480 )
2024-01-10 10:49:45 -05:00
dependabot[bot]
1af68683d0
chore(deps): bump golang.org/x/net from 0.19.0 to 0.20.0 ( #2482 )
2024-01-10 15:49:18 +00:00
dependabot[bot]
1ca8ee2a8d
chore(deps): bump github/codeql-action from 3.22.12 to 3.23.0 ( #2477 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.22.12 to 3.23.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](012739e508...e5f05b81d5
2024-01-08 08:33:13 -05:00
Christopher Angelo Phillips
7182f5b519
Upgrade binary test fixtures management ( #2444 )
...
* test: strip fixtures of any execution permissions
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* chore: add lint check for large files
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* add helper script to capture binary snippets
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* chore: update scripts and add new dir output for snippets
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: update erlang test to new generated format
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: update memcached to new generator pattern
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: update openjdk to named version
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: move openjdk lts to versioned folder
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: rename unversioned java to versioned folders
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: migrate bash fixture to new snippet workflow
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: update script to size 600 bytes
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: update go classifier to new snippet workflow
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: move haproxy new new snippet
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: add flatter haproxy example
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: update tests to new pattern
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: final version of snippet script
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* [wip] download bin helpers
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add manager for binary cataloger test fixtures
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add remaining binary cataloger patterns and snippets
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* adjust gitignore to be more permissive to snippets
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add rust darwin snippets
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* skip tests that are missing full binaries
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* address PR feedback
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add tests for binary test fixture manager
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* highlight rows that do not have binaries or snippets
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bump fixture limit to 1K (found exceptions when adding snippets)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add redis and postgres snippets
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* improve formating of fixture listing
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-05 21:40:03 +00:00
Laurent Goderre
a16a4ad6c9
Add ability to extend the binaries cataloguers ( #2469 )
...
* Add ability to extend the binaries cataloguers
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
* restrict binary classifier package attributes
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-05 15:32:07 -05:00
dependabot[bot]
3174a17efb
chore(deps): bump anchore/sbom-action from 0.15.1 to 0.15.2 ( #2464 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.1 to 0.15.2.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](5ecf649a41...719133684c
2024-01-05 11:26:27 -05:00
Laurent Goderre
bf39456fbc
fix: add missing purl for busybox ( #2457 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-01-04 14:51:56 -05:00
Laurent Goderre
c72d295719
Fix diff error obfuscating binary test failures message ( #2468 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-01-04 12:54:52 -05:00
Alex Goodman
4c20a74d2f
Replace packages command with scan ( #2446 )
...
* replace packages command with scan
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add tests for packages alias
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update comments with referenes to the packages command
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* rename valiadte args function
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-04 16:56:57 +00:00
William Murphy
7c67df397e
fix: PURLs with "nuget" type are dotnet packages ( #2466 )
...
Otherwise, Grype won't match on well-formed .NET purls from other SBOM
tools.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2024-01-03 16:50:42 -05:00
anchore-actions-token-generator[bot]
0e5fb8e01f
chore(deps): update tools to latest versions ( #2459 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2024-01-02 09:39:17 -05:00
anchore-actions-token-generator[bot]
8ea2425c97
chore(deps): update CPE dictionary index ( #2458 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
2024-01-02 06:12:32 -05:00
Christopher Angelo Phillips
2a04e06cbc
chore: update binary to -x ( #2456 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-12-22 09:50:32 -05:00
Laurent Goderre
3a6b6562d1
Add more functionality to the ErLang parser ( #2390 )
...
* ERLang parser support for empty lists
* ERLang add support for single quote strings
* ERLang parser support for comments
---------
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2023-12-22 09:45:20 -05:00
Laurent Goderre
63e7a004cb
Added OpenSSL binary matcher ( #2416 )
...
* Added OpenSSL binary matcher
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
* chore: strip binary to smaller detection
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-12-22 09:37:09 -05:00
anchore-actions-token-generator[bot]
04e8c96822
chore(deps): update stereoscope to 590920dabc5479216e755983d41367b6be3544f3 ( #2452 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-12-22 09:36:13 -05:00
anchore-actions-token-generator[bot]
1bc4179193
chore(deps): update tools to latest versions ( #2451 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2023-12-22 09:30:00 -05:00
dependabot[bot]
51a1bad159
chore(deps): bump github/codeql-action from 3.22.11 to 3.22.12 ( #2455 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.22.11 to 3.22.12.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b374143c11...012739e508
2023-12-22 09:01:16 -05:00
Christopher Angelo Phillips
3cffa0b7fd
chore: remove execute from test fixtures ( #2450 )
...
* chore: remove execute from test fixtures
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* chore: add back ignored file
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-12-20 22:34:29 +00:00
anchore-actions-token-generator[bot]
da03e981c3
chore(deps): update tools to latest versions ( #2447 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2023-12-20 10:59:01 -05:00
William Murphy
4aa2d8c0af
fix: don't panic when hackage missing in haskell stack yaml lock ( #2448 )
...
Fixes a bug where previously the haskell cataloger would panic
when parsing a stack.yaml.lock file that had an entry with an empty
hackage string.
Signed-off-by: houdini91 <mdstrauss91@gmail.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Co-authored-by: houdini91 <mdstrauss91@gmail.com>
2023-12-20 10:57:06 -05:00
Laurent Goderre
a635d66657
Add binary classifier for the ERLang interpretter ( #2417 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2023-12-18 15:00:49 -05:00
Laurent Goderre
51d3cd0066
Add binary classifier for Julia lang ( #2427 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2023-12-18 15:00:21 -05:00
Laurent Goderre
4846639ee4
Add binary detection for PHP composer ( #2432 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2023-12-18 14:59:45 -05:00
dependabot[bot]
6030a69b17
chore(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0 ( #2433 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.3 to 4.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](a8a3f3ad30...c7d193f32e
2023-12-18 11:17:07 -05:00
anchore-actions-token-generator[bot]
8b9194eb81
chore(deps): update CPE dictionary index ( #2442 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
2023-12-18 07:01:21 -05:00
anchore-actions-token-generator[bot]
56a1ab54d2
chore(deps): update stereoscope to 4b999b76ca8901d15bb97aef445dc94c38d11d5c ( #2440 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-12-18 06:43:24 -05:00
Alex Goodman
f4dd36ca9d
fix syft-json test to use pretty json for snapshot testing ( #2441 )
...
without this fix, capturing fixtures will result in hard-to-read
failures in testing.
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-12-15 17:23:21 -05:00
Alex Goodman
17c605822e
refactor pkg.Collection ( #2439 )
...
- remove "catalog" references
- add a separate add() function for readability
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-12-15 17:11:11 -05:00
Alex Goodman
4eace4b141
refactor javascript cataloger to use configuration options when creating packages ( #2438 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-12-15 17:11:02 -05:00
Alex Goodman
05660da8d7
use single source of truth for archive options ( #2437 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-12-15 17:07:55 -05:00
Alex Goodman
2f378d806e
fix file digest cataloger when passed coordinates ( #2436 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-12-15 14:43:09 -05:00
dependabot[bot]
b83cc8485a
chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.2 to 0.8.0 ( #2413 )
2023-12-14 17:18:37 -05:00
Colm O hEigeartaigh
38a12bd91a
Look for a maven version in a pom from a parent dependency management section ( #2423 )
...
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
2023-12-14 13:15:14 -05:00
Colm O hEigeartaigh
649d152548
Parse Python licenses from LicenseExpression entry in the Wheel Metadata ( #2431 )
...
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
2023-12-14 12:41:41 -05:00
dependabot[bot]
f5d5892434
chore(deps): bump github/codeql-action from 2.22.10 to 3.22.11 ( #2430 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.10 to 3.22.11.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](305f654631...b374143c11
2023-12-14 12:40:39 -05:00
dependabot[bot]
51831d303c
chore(deps): bump modernc.org/sqlite from 1.27.0 to 1.28.0 ( #2429 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.27.0 to 1.28.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.27.0...v1.28.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-14 12:38:55 -05:00
anchore-actions-token-generator[bot]
09e62c3282
chore(deps): update tools to latest versions ( #2428 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2023-12-14 07:31:44 -05:00
Colm O hEigeartaigh
d39ef44e40
Parse Python licenses from LicenseFile entry in the Wheel Metadata ( #2331 )
...
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
2023-12-13 17:46:56 -05:00
Wayne Starr
8bca0ac39e
fix: use filepath instead of path for file source exclusions ( #2411 )
...
Signed-off-by: Wayne Starr <me@racer159.com>
2023-12-13 17:45:34 -05:00
dependabot[bot]
67dbd1fe4c
chore(deps): bump github.com/charmbracelet/bubbletea ( #2424 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 0.24.2 to 0.25.0.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.24.2...v0.25.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-13 12:21:22 -05:00
dependabot[bot]
402227f0b3
chore(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 ( #2425 )
...
Bumps [github.com/google/uuid](https://github.com/google/uuid ) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/google/uuid/releases )
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md )
- [Commits](https://github.com/google/uuid/compare/v1.4.0...v1.5.0 )
---
updated-dependencies:
- dependency-name: github.com/google/uuid
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-13 11:45:04 -05:00
dependabot[bot]
2bcf825857
chore(deps): bump github/codeql-action from 2.22.9 to 2.22.10 ( #2426 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.9 to 2.22.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](c0d1daa7f7...305f654631
2023-12-13 11:44:41 -05:00
dependabot[bot]
9cb7c3d350
chore(deps): bump dawidd6/action-homebrew-bump-formula ( #2420 )
...
Bumps [dawidd6/action-homebrew-bump-formula](https://github.com/dawidd6/action-homebrew-bump-formula ) from 3.10.0 to 3.10.1.
- [Release notes](https://github.com/dawidd6/action-homebrew-bump-formula/releases )
- [Commits](d3667e5ae1...75ed025ff3
2023-12-12 14:43:43 -05:00
Colm O hEigeartaigh
e789e0714d
feat: add the option to retrieve remote licenses for projects defined in a maven pom ( #2409 )
...
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
2023-12-12 14:02:36 -05:00
