* replace raw globs with index equivelent operations
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add cataloger test for alpm cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix import sorting for binary cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix linting for mock resolver
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* separate portage cataloger parser impl from cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* enhance cataloger pkgtest utils to account for resolver responses
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for alpm cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for apkdb cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for dpkg cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for cpp cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for dart cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for dotnet cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for elixir cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for erlang cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for golang cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for haskell cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for java cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for javascript cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for php cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for portage cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for python cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for rpm cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for rust cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for sbom cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for swift cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* allow generic catloger to run all mimetype searches at once
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove stutter from php and javascript cataloger constructors
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* bump stereoscope
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add tests for generic.Search
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add exceptions for java archive git ignore entries
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* enhance basename and extension resolver methods to be variadic
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* dont allow * prefix on extension searches
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for ruby cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove unnecessary string casting
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* incorporate surfacing of leaf link resolitions from stereoscope results
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* [wip] switch to stereoscope file metadata
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* [wip + failing] revert to old globs but keep new resolvers
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* index files, links, and dirs within the directory resolver
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix several resolver bugs and inconsistencies
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* move format testutils to internal package
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update syft json to account for file type string normalization
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* split up directory resolver from indexing
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update docs to include details about searching
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* [wip] bump stereoscope to development version
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix linting
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* adjust symlinks fixture to be fixed to digest
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix all-locations resolver tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix test fixture reference
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* rename file.Type
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* bump stereoscope
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix PR comment to exclude extra *
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* bump to dev version of stereoscope
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* bump to final version of stereoscope
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* move observing resolver to pkgtest
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
---------
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix: update config struct to not decode password/key
* test: update tests to confirm no secrets in output
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* Fix type of pull deps and add support for provides
Signed-off-by: Dan Luhring <dan+github@luhrings.com>
* [wip] apk dependency lookup
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update whitespace for linter
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* adjust test conditions
Signed-off-by: Timothy Gerla <tim@gerla.net>
* fix TODOs and improve Provides parser
* run simports after main merge
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* add tests to cover apk relationship parsing cases
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* generate JSON schema for breaking changes to apk metadata
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update tests to account for additional dependencies
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* [wip] fix relationship encoding for cyclonedx
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* simplify package relationships that can be expressed
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Dan Luhring <dan+github@luhrings.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Timothy Gerla <tim@gerla.net>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Timothy Gerla <tim@gerla.net>
* remove centralize pURL generation
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* port java cataloger to new generic cataloger pattern
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove common.GenericCataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update format test fixtures to reflect ID updates
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix package sort instability for encode-decode-encode cycles
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* port swift cataloger to new generic cataloger pattern
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add cocopods metadata to json schema defs
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update json test fixture with latest schema version
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* port portage (ha) cataloger to new generic cataloger pattern
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update JSON schema to account for removing portage fields
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Previously, extracting relationships between packages and files was not
completing correctly, as SPDXRef- ElementIDs were being compared to raw
IDs, and so never matched. This patch ensures that we always compare
ElementIDs, to ensure that the hasFiles field is correctly populated.
Signed-off-by: Justin Chadwell <me@jedevc.com>
* bump cosign to v1.10.1 (#1144)
Signed-off-by: Daniel Nurmi <nurmi@anchore.com>
* Add modularitylabel metadata to RPM type records generated by syft. Fixes#1145.
Signed-off-by: Daniel Nurmi <nurmi@anchore.com>
* update to address lint failures
Signed-off-by: Daniel Nurmi <nurmi@anchore.com>
* Update syft/pkg/rpmdb_metadata.go
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Daniel Nurmi <nurmi@anchore.com>
* update json schema to match camel case
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Weston Steimel <weston.steimel@anchore.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
