Mirrors/syft

mirror of https://github.com/anchore/syft synced 2024-11-10 14:24:12 +00:00

Author	SHA1	Message	Date
Dan Luhring	949cff158d	Add support for dependency relationships for alpine (apk) (#1063 ) * Fix type of pull deps and add support for provides Signed-off-by: Dan Luhring <dan+github@luhrings.com> * [wip] apk dependency lookup Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update whitespace for linter Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * adjust test conditions Signed-off-by: Timothy Gerla <tim@gerla.net> * fix TODOs and improve Provides parser * run simports after main merge Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * add tests to cover apk relationship parsing cases Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * generate JSON schema for breaking changes to apk metadata Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update tests to account for additional dependencies Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * [wip] fix relationship encoding for cyclonedx Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * simplify package relationships that can be expressed Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Dan Luhring <dan+github@luhrings.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Signed-off-by: Timothy Gerla <tim@gerla.net> Co-authored-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: Timothy Gerla <tim@gerla.net>	2022-11-09 15:43:37 +00:00
Alex Goodman	d7a51a69dd	Update java generic cataloger (#1329 ) * remove centralize pURL generation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * port java cataloger to new generic cataloger pattern Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove common.GenericCataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update format test fixtures to reflect ID updates Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix package sort instability for encode-decode-encode cycles Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-11-09 14:55:54 +00:00
Alex Goodman	5ed002e1a9	Update swift cataloger to generic cataloger (#1324 ) * port swift cataloger to new generic cataloger pattern Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add cocopods metadata to json schema defs Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update json test fixture with latest schema version Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-11-04 13:51:59 -04:00
Alex Goodman	2deb96a801	Update portage cataloger to new generic cataloger (#1316 ) * port portage (ha) cataloger to new generic cataloger pattern Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update JSON schema to account for removing portage fields Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-11-03 14:49:18 -04:00
Christopher Angelo Phillips	89575199b8	feat: add RelationshipsBySourceOwnership to syft json output (#1248 )	2022-10-11 15:11:03 -04:00
Hiroaki KAWAI	b9b13d5525	Add Conan (C/C++) conan.lock file support (#1230 ) Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-09-29 18:45:59 +00:00
Dan Nurmi	04387301ce	Add modularitylabel metadata to RPM type records generated by syft (#1148 ) * bump cosign to v1.10.1 (#1144) Signed-off-by: Daniel Nurmi <nurmi@anchore.com> * Add modularitylabel metadata to RPM type records generated by syft. Fixes #1145. Signed-off-by: Daniel Nurmi <nurmi@anchore.com> * update to address lint failures Signed-off-by: Daniel Nurmi <nurmi@anchore.com> * Update syft/pkg/rpmdb_metadata.go Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com> Signed-off-by: Daniel Nurmi <nurmi@anchore.com> * update json schema to match camel case Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Weston Steimel <weston.steimel@anchore.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2022-08-08 11:52:32 +00:00
Zac Medico	4c55c62834	Add portage support for Gentoo Linux (#1076 ) Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-07-06 16:18:54 -04:00
Morten Linderud	e72d68b0c6	Add pacman (alpm) parser support (#943 ) Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-06-13 18:51:37 +00:00
Jonas Xavier	0aea55f880	add main module field to go bin metadata (#1026 ) * add main module field to go bin metadata Signed-off-by: Jonas Xavier <jonasx@anchore.com> * udpate json ouput schema to 3.2.4 Signed-off-by: Jonas Xavier <jonasx@anchore.com> * clean up fixture Signed-off-by: Jonas Xavier <jonasx@anchore.com>	2022-06-03 23:12:09 +00:00
Christian Kotzbauer	1cea0ecd5c	feat: add initial dotnet-support (#951 ) * feat: add initial dotnet-support Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de> * fix: add path, sha512 and hashpath Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de> * fix: add missing dot Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de> * fix: lint warnings Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de> * fix CLI test package counts to account for dotnet Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix: updated packagurl-go Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de> * tidy go.sum Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update json schema Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2022-05-05 15:32:02 -04:00
Eric Larssen	cb3e73e308	Add dart support (#919 ) Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2022-03-31 15:44:55 -04:00
Jonas Xavier	283db88dc4	Omit H1Digest when empty (#902 ) * Omit HD1Field when empty Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * update test-fixtures Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-03-21 11:59:10 -07:00
Jonas Xavier	6ef3e45ffc	Use go 1.18 buildinfo to catalog binaries (#827 ) * initial working version Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * added build settings to pkg metadata wip - unit tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * handle mach-O FatFiles Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add support to mod replace fixed golang catalger tests trying GH Actions with go 1.18rc1 Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * log error Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * use go-macholibre for extraction Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * cleaner tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add version to main module Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * check macho file with macholibre Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * run golangci in its own workflow Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip - golangci workflow Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix golangci wf yml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix golangci wf yml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip - golangci wf Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip - golangci wf Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * get arch from bin file headers upgrade macholibre Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * test new stereoscope lazy reader interface Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove devel version from golang cataloger Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * switch github workflows to go1.18 stable Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add union reader interface in golang cataloger update stereoscope Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * simpler golangci validation Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix makefile Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * get archs refactor Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * nolint for golang version Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix go bin tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * golangci nolint needs a \n before package Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * cleanup Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * move golangci-lint to its own jobs again Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix ci yaml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add support for xcoff files add arch assets to test bin file types Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * clean up golangci-lint config Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * nolint for xcoff Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * explain nolints Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove unused xcoff testdata assets Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * make go bin test-fixtures in docker Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix make clean with -f Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * update json output schema Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * update schema version in test fixture Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * explain possible empty main module Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-03-16 17:07:02 -07:00
Alex Goodman	2946813a74	RPM Epoch should be optional in the json schema (#880 )	2022-03-09 14:51:43 -05:00
Toure Dunnon	814f2bf8b9	Update Syft formats for SyftJson (#752 ) * Update Syft formats for SyftJson This change will introduce omitempty struct tag to PackageCustomData. This struct tag will cause null and empty values to be dropped on serialization for consumers downstream. Signed-off-by: Toure Dunnon <toure.dunnon@anchore.com> * Updated the golden files for syftjson to allow for proper test coverage. Signed-off-by: Toure Dunnon <toure.dunnon@anchore.com>	2022-01-18 17:18:34 -05:00
Alex Goodman	706f291679	Replace distro type (#742 ) * remove strong distro type Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump json schema to v3 (breaking distro shape) Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * allow for v2 decoding of distro idLikes field in v3 json decoder Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix casing in simple linux release name Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * use discovered name as pretty name in simple linux release Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-01-12 12:13:42 -05:00
Keith Zantow	5e5312c72d	Add support for multiple output files in different formats (#732 )	2022-01-06 17:52:20 -05:00
Sambhav Kothari	4903b4d73f	Bump syft JSON schema and add v2.0.2 (#716 ) Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net>	2021-12-22 13:55:34 -05:00
Alex Goodman	da0b17b719	Add cataloging of macho multi-architecture binaries (#657 ) * add cataloging within universal binaries Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update json test fixtures Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add comments + correct 32 bit multi arch magic check Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-12-08 16:25:24 -05:00
Alex Goodman	bd9007fc0e	Migrate SPDX-JSON relationships to SBOM model (#634 ) * remove power-user document shape Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add power-user specific fields to syft-json format Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * port remaining spdx-json relationships to sbom model Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add coordinate set Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add SBOM file path helper Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * use internal mimetype helper in go binary cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add new package-of relationship Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update json schema to v2 Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * replace power-user presenter with syft-json format Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix tests and linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove "package-of" relationship (in favor of "contains") Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add tests for spdx22json format encoding enhancements Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update TODO and log entries Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * introduce sbom.Descriptor Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-11-23 14:54:17 -05:00
Alex Goodman	ba3407a767	add dpkg conffile update to json schema + json test snapshots Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-09 08:37:28 -04:00
Alex Goodman	9ec09add67	Add secrets search capability (#367 ) * add initial secrets cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update ETUI elements with new catalogers (file metadata, digests, and secrets) Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update secrets cataloger to read full contents into memory for searching Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * quick prototype of parallelization secret regex search Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * quick prototype with single aggregated regex Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * quick prototype for secret search line-by-line Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * quick prototype hybrid secrets search Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add secrets cataloger with line strategy Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * adjust verbiage towards SearchResults instead of Secrets + add tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update json schema with secrets cataloger results Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * address PR comments Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update readme with secrets config options Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * ensure file catalogers call AllLocations once Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-01 21:34:15 +00:00
Alex Goodman	6a960ec1f3	update json schema with optional poweruser data shape Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-03-22 10:56:16 -04:00
Weston Steimel	35cc00b74a	capture extra metadata about rust crates from the Cargo.lock file Signed-off-by: Weston Steimel <weston.steimel@gmail.com>	2021-03-22 09:13:17 -04:00
Alex Goodman	6d5ff0fd8e	Mark package relations by file ownership (#329 ) * add marking package relations by file ownership Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * correct json schema version; ensure fileOwners dont return dups; pin test pkg versions Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * extract package relationships into separate section Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * pull in client-go features for import of PackageRelationships Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * move unit test for ownership by files relationship further down Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rename relationship to "ownership-by-file-overlap" Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-02-25 13:47:13 -05:00
Zach Hill	7962002f81	Split dpk source into name and version (#297 ) * Split dpk source into name and version Signed-off-by: Zach Hill <zach@anchore.com> * update dpkg status source name parsing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Dan Luhring <luhring@users.noreply.github.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2020-12-18 14:08:19 -05:00
Alex Goodman	52bac6e2fd	Add enterprise upload capability (#285 ) * add support to upload results to enterprise Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add package sbom upload Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add dockerfile support Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add manifest, index, and dockerfile import functions Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * schema version to json output + enhance json schema generation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * modify package SBOM shape to be entire syft document + add etui updates Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add import image config and manifest support Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add config options for import to enterprise Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * incorporate final stereoscope and client-go deps Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-12-09 22:20:53 -05:00
Alex Goodman	c892c3609e	improve doc comments Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-11-17 12:37:13 -05:00
Alex Goodman	06f8355fce	finalize update check URL	2020-07-27 15:13:41 -04:00
Alex Goodman	a4016d35ce	rename to syft	2020-07-23 20:54:04 -04:00
Alex Goodman	3e71315195	add app config and logging interface	2020-05-21 15:25:59 -04:00

32 commits