dependabot[bot]
2e718cf865
chore(deps): bump github.com/docker/docker ( #1955 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 24.0.2+incompatible to 24.0.5+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v24.0.2...v24.0.5 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-25 10:37:16 -04:00
dependabot[bot]
4000a84624
chore(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to 5.8.0 ( #1951 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.7.0 to 5.8.0.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.7.0...v5.8.0 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-24 11:28:54 -04:00
dependabot[bot]
3f5c601620
chore(deps): bump github.com/gookit/color from 1.5.3 to 1.5.4 ( #1949 )
...
Bumps [github.com/gookit/color](https://github.com/gookit/color ) from 1.5.3 to 1.5.4.
- [Release notes](https://github.com/gookit/color/releases )
- [Commits](https://github.com/gookit/color/compare/v1.5.3...v1.5.4 )
---
updated-dependencies:
- dependency-name: github.com/gookit/color
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-21 08:50:47 -04:00
Dan Luhring
8478e0bef7
Add support for parsing .NET assemblies ( #1943 )
...
* Add support for parsing .NET assemblies
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
Former-commit-id: 69c33fe4d77357d843c11590f3b07825bc6249ac
* Add dll and exe files
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
Former-commit-id: b9d204efa6d2ef385b5fbb7a59a3474ecabea641
* Add PE cataloger to directory catalogers
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
Former-commit-id: 9711c00d9da92e2887e0c1f92edd740ea5345849
* Don't set language to dotnet for PEs
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
Former-commit-id: 368313fddac9160d8a06a01ebe8c5ac7990232f5
* Fix spelling of cataloger in constructor
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
Former-commit-id: e42fd77b2f8b6d42e076a84f6cce386861260941
* Adjust which cases in PE parsing return errors
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
Former-commit-id: 95b25f8fc3a7d4e18fe30e489b09851f316795ff
* remove build binary from branch
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Former-commit-id: fa54c0d0aef0998d5520e9f44cae51f5f9cd38a2
* Fix failing CLI tests
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
---------
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-07-19 15:34:07 -04:00
Alex Goodman
35699f6fdc
remove jotframe UI ( #1932 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-07-13 13:21:52 -04:00
Christopher Angelo Phillips
2e7fd031d4
fix: remove indirect dependency of circl v1.1.0 ( #1940 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-07-13 12:30:37 -04:00
Alex Goodman
4fc17edd14
implement ui handle waiter ( #1930 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-07-12 13:14:54 -04:00
dependabot[bot]
05a61897f2
chore(deps): bump modernc.org/sqlite from 1.23.1 to 1.24.0 ( #1928 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.23.1 to 1.24.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.23.1...v1.24.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-11 14:01:48 -04:00
dependabot[bot]
8ce88e11fd
chore(deps): bump golang.org/x/net from 0.11.0 to 0.12.0 ( #1916 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.11.0 to 0.12.0.
- [Commits](https://github.com/golang/net/compare/v0.11.0...v0.12.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-06 16:02:44 -04:00
Alex Goodman
f8b832e6c3
Switch UI to bubbletea ( #1888 )
...
* add bubbletea UI
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* swap pipeline to go 1.20.x and add attest guard for cosign binary
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update note in developing.md about the required golang version
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix merge conflict for windows path handling
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* temp test for attest handler
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add addtional test iterations for background reader
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-07-06 09:00:46 -04:00
dependabot[bot]
e8f7108e6e
chore(deps): bump golang.org/x/mod from 0.11.0 to 0.12.0 ( #1912 )
...
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.11.0 to 0.12.0.
- [Commits](https://github.com/golang/mod/compare/v0.11.0...v0.12.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-05 11:06:05 -04:00
dependabot[bot]
023ca1be32
chore(deps): bump golang.org/x/term from 0.9.0 to 0.10.0 ( #1913 )
...
Bumps [golang.org/x/term](https://github.com/golang/term ) from 0.9.0 to 0.10.0.
- [Commits](https://github.com/golang/term/compare/v0.9.0...v0.10.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/term
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-05 11:05:46 -04:00
anchore-actions-token-generator[bot]
791d1f9552
chore(deps): update stereoscope to cd49355d934e9e09339e0b690398afe7bd9f63f1 ( #1903 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-06-28 12:05:12 -04:00
anchore-actions-token-generator[bot]
0d4f19043e
chore(deps): update stereoscope to 8c7173ebcf69187d480d4d8b0c6cafaa7aef7024 ( #1890 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-06-26 13:58:44 -04:00
dependabot[bot]
badb957888
chore(deps): bump golang.org/x/mod from 0.10.0 to 0.11.0 ( #1878 )
...
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.10.0 to 0.11.0.
- [Commits](https://github.com/golang/mod/compare/v0.10.0...v0.11.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-15 14:10:11 -04:00
dependabot[bot]
a1bba36d51
chore(deps): bump modernc.org/sqlite from 1.23.0 to 1.23.1 ( #1874 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.23.0 to 1.23.1.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.23.0...v1.23.1 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-14 11:45:39 -04:00
anchore-actions-token-generator[bot]
c019cd51da
chore(deps): update stereoscope to 5b5049bf4d3a99df9a2b1c31d5d52ddff7b5cec2 ( #1871 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-06-14 11:29:39 -04:00
dependabot[bot]
5406d8a366
chore(deps): bump golang.org/x/net from 0.10.0 to 0.11.0 ( #1876 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.10.0 to 0.11.0.
- [Commits](https://github.com/golang/net/compare/v0.10.0...v0.11.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-14 10:30:19 -04:00
dependabot[bot]
2c5d64ac9e
chore(deps): bump github.com/spdx/tools-golang from 0.5.1 to 0.5.2 ( #1868 )
...
Bumps [github.com/spdx/tools-golang](https://github.com/spdx/tools-golang ) from 0.5.1 to 0.5.2.
- [Release notes](https://github.com/spdx/tools-golang/releases )
- [Changelog](https://github.com/spdx/tools-golang/blob/main/RELEASE-NOTES.md )
- [Commits](https://github.com/spdx/tools-golang/compare/v0.5.1...v0.5.2 )
---
updated-dependencies:
- dependency-name: github.com/spdx/tools-golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-08 17:01:19 -04:00
dependabot[bot]
c560ffd811
chore(deps): bump github.com/spdx/tools-golang from 0.5.0 to 0.5.1 ( #1850 )
...
* chore(deps): bump github.com/spdx/tools-golang from 0.5.0 to 0.5.1
Bumps [github.com/spdx/tools-golang](https://github.com/spdx/tools-golang ) from 0.5.0 to 0.5.1.
- [Release notes](https://github.com/spdx/tools-golang/releases )
- [Changelog](https://github.com/spdx/tools-golang/blob/main/RELEASE-NOTES.md )
- [Commits](https://github.com/spdx/tools-golang/compare/v0.5.0...v0.5.1 )
---
updated-dependencies:
- dependency-name: github.com/spdx/tools-golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore: update fixtures for spdx with new library changes
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-06-05 15:01:06 -04:00
dependabot[bot]
d676e5e781
chore(deps): bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 ( #1862 )
...
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus ) from 1.9.2 to 1.9.3.
- [Release notes](https://github.com/sirupsen/logrus/releases )
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md )
- [Commits](https://github.com/sirupsen/logrus/compare/v1.9.2...v1.9.3 )
---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-05 10:48:18 -04:00
dependabot[bot]
903d29b6f7
chore(deps): bump modernc.org/sqlite from 1.22.1 to 1.23.0 ( #1863 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.22.1 to 1.23.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.22.1...v1.23.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-05 10:47:59 -04:00
dependabot[bot]
1bd9de9047
chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 ( #1851 )
...
Bumps [github.com/spf13/viper](https://github.com/spf13/viper ) from 1.15.0 to 1.16.0.
- [Release notes](https://github.com/spf13/viper/releases )
- [Commits](https://github.com/spf13/viper/compare/v1.15.0...v1.16.0 )
---
updated-dependencies:
- dependency-name: github.com/spf13/viper
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-01 08:35:14 -04:00
dependabot[bot]
5842fc2a64
chore(deps): bump github.com/stretchr/testify from 1.8.3 to 1.8.4 ( #1852 )
...
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify ) from 1.8.3 to 1.8.4.
- [Release notes](https://github.com/stretchr/testify/releases )
- [Commits](https://github.com/stretchr/testify/compare/v1.8.3...v1.8.4 )
---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-30 13:48:54 -04:00
dependabot[bot]
f0307fdd62
chore(deps): bump github.com/docker/docker ( #1849 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 24.0.1+incompatible to 24.0.2+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v24.0.1...v24.0.2 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-26 16:08:20 -04:00
Alex Goodman
74013d7da7
Add test to ensure package metadata is represented in the JSON schema ( #1841 )
...
* [wip] try to reflect metadata types... probably wont work
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* refactor to add unit test to ensure there is coverage in the schema
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* [wip] generate metadata container
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add generation of metadata container struct for JSON schema generation
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix linting
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update linter script to account for code generation
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
---------
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2023-05-25 13:26:56 -04:00
dependabot[bot]
4bf17a94b9
chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 ( #1843 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.6.1 to 5.7.0.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-24 11:40:11 -04:00
anchore-actions-token-generator[bot]
798af57853
chore(deps): update stereoscope to e14bc4437b2eac481c5b6f101890b22df4f33596 ( #1834 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-05-23 10:18:39 -04:00
dependabot[bot]
f50302b2ba
chore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 ( #1829 )
...
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify ) from 1.8.2 to 1.8.3.
- [Release notes](https://github.com/stretchr/testify/releases )
- [Commits](https://github.com/stretchr/testify/compare/v1.8.2...v1.8.3 )
---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-22 14:01:17 -04:00
dependabot[bot]
b09cf6c6b5
chore(deps): bump github.com/docker/docker ( #1833 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 24.0.0+incompatible to 24.0.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v24.0.0...v24.0.1 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-22 13:07:24 -04:00
Alex Goodman
334a775cb9
Keep original FileInfo persisted on file.Metadata structs ( #1794 )
...
* pull in fileinfo changes from stereoscope #172
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix CLI test assumption about the docker daemon
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
---------
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: <>
2023-05-19 14:21:10 +00:00
dependabot[bot]
f1b6f38ea8
chore(deps): bump github.com/sirupsen/logrus from 1.9.1 to 1.9.2 ( #1827 )
...
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus ) from 1.9.1 to 1.9.2.
- [Release notes](https://github.com/sirupsen/logrus/releases )
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md )
- [Commits](https://github.com/sirupsen/logrus/compare/v1.9.1...v1.9.2 )
---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-19 09:01:05 -04:00
dependabot[bot]
f6f8332b7f
chore(deps): bump github.com/google/go-containerregistry ( #1823 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.15.1 to 0.15.2.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.15.1...v0.15.2 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-17 14:34:27 -04:00
dependabot[bot]
74351567ab
chore(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.1 ( #1822 )
...
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus ) from 1.9.0 to 1.9.1.
- [Release notes](https://github.com/sirupsen/logrus/releases )
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md )
- [Commits](https://github.com/sirupsen/logrus/compare/v1.9.0...v1.9.1 )
---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-17 14:33:48 -04:00
dependabot[bot]
51d4c9b4ab
chore(deps): bump github.com/docker/docker ( #1824 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 23.0.6+incompatible to 24.0.0+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v23.0.6...v24.0.0 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-17 14:33:30 -04:00
Christopher Angelo Phillips
42fa9e4965
feat: update syft license concept to complex struct ( #1743 )
...
this PR makes the following changes to update the underlying license model to have more expressive capabilities
it also provides some guarantee's surrounding the license values themselves
- Licenses are updated from string -> pkg.LicenseSet which contain pkg.License with the following fields:
- original `Value` read by syft
- If it's possible to construct licenses will always have a valid SPDX expression for downstream consumption
- the above is run against a generated list of SPDX license ID to try and find the correct ID
- SPDX concluded vs declared is added to the new struct
- URL source for license is added to the new struct
- Location source is added to the new struct to show where the expression was pulled from
2023-05-15 16:23:39 -04:00
William Murphy
e925d9d4a5
feat: warn if parsing newer SBOM ( #1810 )
...
If syft is asked to parse an SBOM that was written by a newer version of
syft, emit a warning, since the current version of syft doesn't know about
fields that may be added in the future.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-05-11 08:55:27 -04:00
dependabot[bot]
ef08d0fa39
chore(deps): bump golang.org/x/net from 0.9.0 to 0.10.0 ( #1802 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.9.0 to 0.10.0.
- [Commits](https://github.com/golang/net/compare/v0.9.0...v0.10.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-09 11:59:39 -04:00
dependabot[bot]
75d625b697
chore(deps): bump github.com/docker/docker ( #1795 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 23.0.5+incompatible to 23.0.6+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v23.0.5...v23.0.6 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-08 12:45:50 -04:00
dependabot[bot]
88ba8b78fc
chore(deps): bump github.com/google/go-containerregistry ( #1796 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.14.0 to 0.15.1.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.14.0...v0.15.1 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-08 12:45:30 -04:00
dependabot[bot]
e31839a370
chore(deps): bump golang.org/x/term from 0.7.0 to 0.8.0 ( #1787 )
2023-05-05 18:56:40 +00:00
dependabot[bot]
dd458a2b33
chore(deps): bump github.com/docker/docker ( #1767 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 23.0.4+incompatible to 23.0.5+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v23.0.4...v23.0.5 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-02 16:43:16 -04:00
dependabot[bot]
10c3cc27e8
chore(deps): bump modernc.org/sqlite from 1.22.0 to 1.22.1 ( #1768 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.22.0 to 1.22.1.
- [Release notes](https://gitlab.com/cznic/sqlite/tags )
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.22.0...v1.22.1 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-27 11:58:59 -04:00
dependabot[bot]
02bd52728e
chore(deps): bump modernc.org/sqlite from 1.21.2 to 1.22.0 ( #1758 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.21.2 to 1.22.0.
- [Release notes](https://gitlab.com/cznic/sqlite/tags )
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.21.2...v1.22.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-26 10:37:49 -04:00
Christopher Angelo Phillips
c038f13d44
chore: go-rpmdb update ( #1757 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
2023-04-24 10:34:13 -04:00
dependabot[bot]
8102ad4edc
chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.1-0.20221222100750-41a1ac565cce to 0.7.1 ( #1706 )
2023-04-24 10:20:12 -04:00
Weston Steimel
ee80349ea0
chore: bump stereoscope to latest version ( #1741 )
...
Resolves reporting of GHSA-hw7c-3rfg-p46j
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2023-04-18 15:44:03 +00:00
dependabot[bot]
66d9c5637b
chore(deps): bump github.com/docker/docker ( #1746 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 23.0.3+incompatible to 23.0.4+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v23.0.3...v23.0.4 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-18 10:22:41 -04:00
Avi Deitcher
b69259534d
feat: Support scanning license files in golang packages over the network ( #1630 )
...
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
2023-04-14 15:13:29 -04:00
Avi Deitcher
cc731c7b19
Add Linux Kernel cataloger ( #1694 )
...
* add kernel handler
Signed-off-by: Avi Deitcher <avi@deitcher.net>
* [wip] combine kernel and kernel module cataloging
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* [wip] combine kernel and kernel module cataloging
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Avi Deitcher <avi@deitcher.net>
* rename Kernel package to LinuxKernel package
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* split kernel and module packages within cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* wire up application configuration with kernel cataloger options
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* dont use references for packages on relationships
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix linting and tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* kernel cataloger should be resistent to partial failure
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* log upon kernel module metadata missing
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add tests for linux kernel cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update integration tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update cli package test counts
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add evidence annotations for kernel packages
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* reduce noise in cli test output
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* missed cli test to reduce noise for
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix package counts
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update docs with linux kernel cataloging refs
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* bump json schema with new metadata fields
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
---------
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: <>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
2023-04-14 14:33:36 -04:00