Alex Goodman
f4dd36ca9d
fix syft-json test to use pretty json for snapshot testing ( #2441 )
...
without this fix, capturing fixtures will result in hard-to-read
failures in testing.
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-12-15 17:23:21 -05:00
Alex Goodman
17c605822e
refactor pkg.Collection ( #2439 )
...
- remove "catalog" references
- add a separate add() function for readability
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-12-15 17:11:11 -05:00
Alex Goodman
4eace4b141
refactor javascript cataloger to use configuration options when creating packages ( #2438 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-12-15 17:11:02 -05:00
Alex Goodman
05660da8d7
use single source of truth for archive options ( #2437 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-12-15 17:07:55 -05:00
Alex Goodman
2f378d806e
fix file digest cataloger when passed coordinates ( #2436 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-12-15 14:43:09 -05:00
dependabot[bot]
b83cc8485a
chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.2 to 0.8.0 ( #2413 )
2023-12-14 17:18:37 -05:00
Colm O hEigeartaigh
38a12bd91a
Look for a maven version in a pom from a parent dependency management section ( #2423 )
...
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
2023-12-14 13:15:14 -05:00
Colm O hEigeartaigh
649d152548
Parse Python licenses from LicenseExpression entry in the Wheel Metadata ( #2431 )
...
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
2023-12-14 12:41:41 -05:00
dependabot[bot]
f5d5892434
chore(deps): bump github/codeql-action from 2.22.10 to 3.22.11 ( #2430 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.10 to 3.22.11.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](305f654631...b374143c11
2023-12-14 12:40:39 -05:00
dependabot[bot]
51831d303c
chore(deps): bump modernc.org/sqlite from 1.27.0 to 1.28.0 ( #2429 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.27.0 to 1.28.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.27.0...v1.28.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-14 12:38:55 -05:00
anchore-actions-token-generator[bot]
09e62c3282
chore(deps): update tools to latest versions ( #2428 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2023-12-14 07:31:44 -05:00
Colm O hEigeartaigh
d39ef44e40
Parse Python licenses from LicenseFile entry in the Wheel Metadata ( #2331 )
...
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
2023-12-13 17:46:56 -05:00
Wayne Starr
8bca0ac39e
fix: use filepath instead of path for file source exclusions ( #2411 )
...
Signed-off-by: Wayne Starr <me@racer159.com>
2023-12-13 17:45:34 -05:00
dependabot[bot]
67dbd1fe4c
chore(deps): bump github.com/charmbracelet/bubbletea ( #2424 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 0.24.2 to 0.25.0.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.24.2...v0.25.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-13 12:21:22 -05:00
dependabot[bot]
402227f0b3
chore(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 ( #2425 )
...
Bumps [github.com/google/uuid](https://github.com/google/uuid ) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/google/uuid/releases )
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md )
- [Commits](https://github.com/google/uuid/compare/v1.4.0...v1.5.0 )
---
updated-dependencies:
- dependency-name: github.com/google/uuid
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-13 11:45:04 -05:00
dependabot[bot]
2bcf825857
chore(deps): bump github/codeql-action from 2.22.9 to 2.22.10 ( #2426 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.9 to 2.22.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](c0d1daa7f7...305f654631
2023-12-13 11:44:41 -05:00
dependabot[bot]
9cb7c3d350
chore(deps): bump dawidd6/action-homebrew-bump-formula ( #2420 )
...
Bumps [dawidd6/action-homebrew-bump-formula](https://github.com/dawidd6/action-homebrew-bump-formula ) from 3.10.0 to 3.10.1.
- [Release notes](https://github.com/dawidd6/action-homebrew-bump-formula/releases )
- [Commits](d3667e5ae1...75ed025ff3
2023-12-12 14:43:43 -05:00
Colm O hEigeartaigh
e789e0714d
feat: add the option to retrieve remote licenses for projects defined in a maven pom ( #2409 )
...
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
2023-12-12 14:02:36 -05:00
dependabot[bot]
790ecc6f28
chore(deps): bump github/codeql-action from 2.22.8 to 2.22.9 ( #2400 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.8 to 2.22.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](407ffafae6...c0d1daa7f7
2023-12-12 13:59:39 -05:00
dependabot[bot]
b9462db59e
chore(deps): bump github.com/saferwall/pe from 1.4.7 to 1.4.8 ( #2415 )
...
Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe ) from 1.4.7 to 1.4.8.
- [Release notes](https://github.com/saferwall/pe/releases )
- [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md )
- [Commits](https://github.com/saferwall/pe/compare/v1.4.7...v1.4.8 )
---
updated-dependencies:
- dependency-name: github.com/saferwall/pe
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-11 12:37:20 -05:00
dependabot[bot]
bfad9659a8
chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 ( #2414 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.10.1 to 5.11.0.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.10.1...v5.11.0 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-11 08:58:26 -05:00
dependabot[bot]
b345752f49
chore(deps): bump actions/setup-go from 4.1.0 to 5.0.0 ( #2401 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4.1.0 to 5.0.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](93397bea11...0c52d547c9
2023-12-11 06:38:05 -05:00
anchore-actions-token-generator[bot]
ba9dd1d5fd
chore(deps): update tools to latest versions ( #2408 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2023-12-11 06:36:51 -05:00
anchore-actions-token-generator[bot]
68f35815d6
chore(deps): update CPE dictionary index ( #2412 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
2023-12-11 06:35:58 -05:00
Weston Steimel
4d4b502174
fix(java): improve identification for org.codehaus.groovy artifacts ( #2404 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-08 05:02:01 -05:00
Weston Steimel
ea80f94c0e
fix(java): improve identification for commons-jelly artifacts ( #2399 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-07 12:28:21 -05:00
Weston Steimel
2c145f70b2
fix(java): improve identification for io.minio artifacts ( #2398 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-06 16:58:07 -05:00
Weston Steimel
bcc7e90fcc
fix(java): improve identification for com.graphql-java artifacts ( #2397 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-06 18:04:43 +00:00
anchore-actions-token-generator[bot]
fa1baabc05
chore(deps): update tools to latest versions ( #2395 )
2023-12-06 10:49:07 -05:00
Weston Steimel
b5906824cb
chore: enhance java purl generation integration test ( #2393 )
...
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2023-12-06 15:31:16 +00:00
Colm O hEigeartaigh
16dee41b4b
feat: add ability to retrieve remote licenses for yarn.lock ( #2338 )
...
---------
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-12-05 13:38:28 -05:00
dependabot[bot]
23778de112
chore(deps): bump anchore/sbom-action from 0.15.0 to 0.15.1 ( #2392 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.0 to 0.15.1.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](fd74a6fb98...5ecf649a41
2023-12-05 09:48:40 -05:00
Colm O hEigeartaigh
3ba9df4ff3
Retrieve remote licenses using pom.properties when there is no pom.xml ( #2315 )
...
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
2023-12-05 09:47:40 -05:00
Weston Steimel
bbf223b2c9
fix(java): improve identification for org.apache.tapestry artifacts ( #2384 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-04 11:23:40 -05:00
Weston Steimel
b126276f97
fix(java): improve identification for io.ratpack artifacts ( #2379 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-04 11:23:26 -05:00
Weston Steimel
40d766a257
fix(java): improve identification for org.apache.cassandra artifacts ( #2386 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-01 10:51:14 -05:00
Weston Steimel
814960f65a
fix(java): improve identification for org.neo4j.procedure artifacts ( #2388 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-01 10:50:24 -05:00
William Murphy
13758260dd
fix: bump fangs for ptr summarize fix ( #2387 )
...
Previously, pointers to primitive types in config summarization could be
printed literally (like "0x123aefef"). Pull in fangs to get the fix for
this.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-12-01 14:37:42 +00:00
Weston Steimel
11039f4b4e
fix(java): improve identification for org.elasticsearch artifacts ( #2383 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-01 09:22:33 -05:00
Weston Steimel
413ffdb233
fix(java): improve identification for org.apache.geode artifacts ( #2382 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-01 12:48:15 +00:00
Weston Steimel
e53fe51612
fix(java): improve identification for org.apache.tomcat.embed artifacts ( #2381 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-01 07:13:13 -05:00
Weston Steimel
facbc486a8
fix(java): improve identification for io.projectreactor.netty artifacts ( #2378 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-01 07:09:06 -05:00
Weston Steimel
5d42a349e6
fix(java): improve identification for org.eclipse.platform artifacts ( #2349 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-11-30 16:02:03 -05:00
Alex Goodman
4adfbeb5f0
Generalize UI events for cataloging tasks ( #2369 )
...
* generalize ui events for cataloging tasks
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* moderate review comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* incorporate review comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* rename cataloger task progress object
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* migrate cataloger task fn to bus helper
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-30 16:25:50 +00:00
anchore-actions-token-generator[bot]
b943da6433
chore(deps): update tools to latest versions ( #2376 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2023-11-30 09:25:02 -05:00
dependabot[bot]
e8119acf93
chore(deps): bump github.com/google/go-containerregistry ( #2377 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.16.1 to 0.17.0.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.16.1...v0.17.0 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-30 09:24:25 -05:00
Laurent Goderre
06b9a79e3d
chore: fix tests failing due to Mac Rosetta cache ( #2374 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2023-11-29 18:39:28 +00:00
Keith Zantow
ef5c1651ef
fix: improve dotnet portable executable identification ( #2133 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-11-29 12:51:24 -05:00
Alex Goodman
5c8dd4c3a7
fix file metadata cataloger to use resolved locations ( #2370 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-29 09:42:34 -05:00
Keith Zantow
f5a6b5a02f
fix: logging level for parsing potential PE files ( #2367 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-11-29 03:42:22 +00:00
