Alex Goodman
4adfbeb5f0
Generalize UI events for cataloging tasks ( #2369 )
...
* generalize ui events for cataloging tasks
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* moderate review comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* incorporate review comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* rename cataloger task progress object
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* migrate cataloger task fn to bus helper
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-30 16:25:50 +00:00
anchore-actions-token-generator[bot]
b943da6433
chore(deps): update tools to latest versions ( #2376 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2023-11-30 09:25:02 -05:00
dependabot[bot]
e8119acf93
chore(deps): bump github.com/google/go-containerregistry ( #2377 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.16.1 to 0.17.0.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.16.1...v0.17.0 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-30 09:24:25 -05:00
Laurent Goderre
06b9a79e3d
chore: fix tests failing due to Mac Rosetta cache ( #2374 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2023-11-29 18:39:28 +00:00
Keith Zantow
ef5c1651ef
fix: improve dotnet portable executable identification ( #2133 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-11-29 12:51:24 -05:00
Alex Goodman
5c8dd4c3a7
fix file metadata cataloger to use resolved locations ( #2370 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-29 09:42:34 -05:00
Keith Zantow
f5a6b5a02f
fix: logging level for parsing potential PE files ( #2367 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-11-29 03:42:22 +00:00
Alex Goodman
c379d21e9a
only remove breaking-change label when there are schema changes ( #2371 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-28 17:59:04 -05:00
Keith Zantow
a50a0f77d2
fix: capture root command stdout ( #2364 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-11-28 15:04:28 -05:00
William Murphy
ea4a6747eb
fix: hardcode xalan group ID ( #2368 )
...
According to maven central, the package called "xalan" should just have
the group ID xalan, but currently syft isn't able to find that.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-11-28 14:40:03 -05:00
Alex Goodman
1cfc4c7387
Normalize cataloger configuration patterns ( #2365 )
...
* normalize cataloger patterns
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove central reference for maven configurable
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-28 17:02:43 +00:00
Alex Goodman
4d0da703bf
normalize enums to lowercase with hyphens ( #2363 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-28 11:02:20 -05:00
anchore-actions-token-generator[bot]
4ee6be3777
chore(deps): update tools to latest versions ( #2358 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2023-11-28 10:22:57 -05:00
dependabot[bot]
5d44e49d2f
chore(deps): bump github.com/spf13/afero from 1.10.0 to 1.11.0 ( #2361 )
...
Bumps [github.com/spf13/afero](https://github.com/spf13/afero ) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/spf13/afero/releases )
- [Commits](https://github.com/spf13/afero/compare/v1.10.0...v1.11.0 )
---
updated-dependencies:
- dependency-name: github.com/spf13/afero
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-28 10:22:21 -05:00
dependabot[bot]
5dd3b127b0
chore(deps): bump github.com/go-git/go-git/v5 from 5.10.0 to 5.10.1 ( #2362 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.10.0 to 5.10.1.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.10.0...v5.10.1 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-28 10:21:59 -05:00
William Murphy
ce4b31757a
fix: index file itself when file scan path has symlink ( #2359 )
...
Previously, building the index of the filesystem when source was file
would fail if part of the path syft was passed to the file included a
symlinked directory, resulting in cataloging misses.
---------
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-11-28 09:41:28 -05:00
dependabot[bot]
c08b0990ca
chore(deps): bump github/codeql-action from 2.22.7 to 2.22.8 ( #2351 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.7 to 2.22.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](66b90a5db1...407ffafae6
2023-11-24 06:42:30 -05:00
Alex Goodman
8ee209a5ae
use read lock in pkg collection ( #2341 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-21 13:48:25 -05:00
Alex Goodman
4712246897
Fix the attest command ( #2337 )
...
* fix attest command
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add notification on how to access the attestation
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix integration test
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-21 18:29:58 +00:00
Weston Steimel
ebeb768f59
fix: add manual namespace mapping for org.springframework jars ( #2345 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-11-21 18:28:10 +00:00
Duane May
d4733fac1d
Add binary classifiers for MySQL and MariaDB ( #2316 )
...
* Add MySQL and MariaDB binary classifiers
Signed-off-by: Duane May <duanemay@gmail.com>
Signed-off-by: Duane May <mduane@vmware.com>
* use smallest possible binary fixtures
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Duane May <duanemay@gmail.com>
Signed-off-by: Duane May <mduane@vmware.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-21 16:54:41 +00:00
David Dooling
34774a0e10
Enhance redis binary classifier ( #2329 )
...
Allow existing matcher to match host identifiers longer than 12
characters. The binaries distributed by redis have the version before
payload, so add a matcher for that. Add test fixtures covering these
scenarios.
Signed-off-by: David Dooling <david.dooling@docker.com>
2023-11-21 16:24:59 +00:00
dependabot[bot]
1c582f0aa5
chore(deps): bump anchore/sbom-action from 0.14.3 to 0.15.0 ( #2344 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.14.3 to 0.15.0.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](78fc58e266...fd74a6fb98
2023-11-21 11:12:43 -05:00
Weston Steimel
9d766c0325
fix: add manual namespace mapping for org.springframework.security jars ( #2343 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-11-21 13:46:34 +00:00
Weston Steimel
5751b43608
fix: add manual namespace mapping for org.bouncycastle jars ( #2342 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-11-21 08:17:07 -05:00
Alex Goodman
51d015d5ea
Update developer docs to represent the current package layout ( #2340 )
...
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-20 15:06:18 -05:00
Alex Goodman
5565bdef0c
Remove the power-user command and related catalogers ( #2306 )
...
* remove the power-user command
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove secrets + classifier catalogers
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bump json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* regenerate json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-20 15:44:28 +00:00
Alex Goodman
1676934c63
Add "pretty" json configuration and change default behavior to be space-efficient ( #2275 )
...
* expose underlying format options
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove escape html options and address PR feedback
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* incorporate PR feedback
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix cli test
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-20 15:29:34 +00:00
anchore-actions-token-generator[bot]
7cfb5f630a
chore(deps): update stereoscope to 3610f4ef3e83e8ff2edf8859e8916bce326fa260 ( #2336 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
2023-11-17 20:53:01 +00:00
Christopher Angelo Phillips
ba80e490c2
feat: allow for stdout to be buffered on each command ( #2335 )
...
* feat: add preRun func to version to restore stdout
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: add test to capture version in output
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* change stdout buffering to log to be opt-in per command
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-17 14:14:13 -05:00
Keith Zantow
1c787f436f
fix: prevent writing non-report output to stdout ( #2324 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-11-16 17:45:25 -05:00
dependabot[bot]
c7eb3f4c93
chore(deps): bump github/codeql-action from 2.22.6 to 2.22.7 ( #2332 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.6 to 2.22.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](689fdc5193...66b90a5db1
2023-11-16 09:22:23 -05:00
Alex Goodman
11a8cde8e4
export metadata type helper ( #2328 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-15 19:05:18 +00:00
Weston Steimel
dcd062cffb
fix(java): add manual groupid mappings for org.apache.velocity jars ( #2327 )
...
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2023-11-15 17:44:36 +00:00
Weston Steimel
b9294976ef
fix(java): skip maven bundle plugin logic if vendor id and symbolic name match ( #2326 )
...
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2023-11-15 17:44:15 +00:00
Colm O hEigeartaigh
3e8a2304e8
Refine license searching from groupIDFromJavaMetadata to allow for having the artfactId in the groupId ( #2313 )
...
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
2023-11-15 10:04:31 -05:00
anchore-actions-token-generator[bot]
e04d90fc9a
chore(deps): update tools to latest versions ( #2325 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2023-11-15 10:02:27 -05:00
anchore-actions-token-generator[bot]
0f39917999
chore(deps): update tools to latest versions ( #2318 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2023-11-14 12:01:47 -05:00
Colm O hEigeartaigh
0652998b9b
Add license for golang stdlib ( #2317 )
...
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
2023-11-14 11:53:07 -05:00
dependabot[bot]
43bdf6e1b2
chore(deps): bump github/codeql-action from 2.22.5 to 2.22.6 ( #2321 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.5 to 2.22.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](74483a38d3...689fdc5193
2023-11-14 11:35:59 -05:00
Benji Visser
9aa9e0e09a
docs: Update README.md for dotnet-portable-executable ( #2322 )
...
Signed-off-by: Benji Visser <benji@093b.org>
2023-11-14 10:37:56 -05:00
Colm O hEigeartaigh
7ccbadff34
Fall back to searching maven central using groupIDFromJavaMetadata ( #2295 )
...
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
2023-11-10 22:02:53 -05:00
Alex Goodman
3f13d209a5
rename file.Location.VirtualPath to AccessPath ( #2288 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-09 11:30:08 -06:00
anchore-actions-token-generator[bot]
baa3dc74d3
chore(deps): update tools to latest versions ( #2308 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2023-11-09 08:07:59 -08:00
dependabot[bot]
58f310c390
chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.11 to 0.4.12 ( #2310 )
...
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) from 0.4.11 to 0.4.12.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.11...v0.4.12 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-09 08:06:50 -08:00
dependabot[bot]
a383239217
chore(deps): bump golang.org/x/net from 0.17.0 to 0.18.0 ( #2311 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.17.0 to 0.18.0.
- [Commits](https://github.com/golang/net/compare/v0.17.0...v0.18.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-09 08:06:19 -08:00
Benji Visser
0891d35e07
include image labels in cycloneDX SBOM ( #2294 )
...
* include image labels in SBOM
Signed-off-by: Benji Visser <benji@093b.org>
* update tests
Signed-off-by: Benji Visser <benji@093b.org>
* gocritic
Signed-off-by: Benji Visser <benji@093b.org>
* add properties
Signed-off-by: Benji Visser <benji@093b.org>
* add decoder
Signed-off-by: Benji Visser <benji@093b.org>
* update golden snapshots
Signed-off-by: Benji Visser <benji@093b.org>
* decodeProperties
Signed-off-by: Benji Visser <benji@093b.org>
* add test
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove the snapshot test changes
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* restore snapshots
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Benji Visser <benji@093b.org>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-08 23:13:04 +00:00
Alex Goodman
502971a1b2
Add accessPath on Location objects to syft-json output ( #2287 )
...
* add accessPath on Location objects to syft-json output
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* generate json schema v12.0.1
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-08 17:05:30 -06:00
Colm O hEigeartaigh
dc14dbb326
SPDX file has duplicate sha256 tag in versionInfo ( #2300 )
...
* SPDX file has duplicate sha256 tag in versionInfo
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
* add tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-08 22:49:31 +00:00
Colm O hEigeartaigh
bae5a2e741
Check maven central as well for licenses in parents poms for nested jars ( #2302 )
...
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
2023-11-08 10:26:12 -08:00
