dependabot[bot]
5dd3b127b0
chore(deps): bump github.com/go-git/go-git/v5 from 5.10.0 to 5.10.1 ( #2362 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.10.0 to 5.10.1.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.10.0...v5.10.1 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-28 10:21:59 -05:00
William Murphy
ce4b31757a
fix: index file itself when file scan path has symlink ( #2359 )
...
Previously, building the index of the filesystem when source was file
would fail if part of the path syft was passed to the file included a
symlinked directory, resulting in cataloging misses.
---------
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-11-28 09:41:28 -05:00
dependabot[bot]
c08b0990ca
chore(deps): bump github/codeql-action from 2.22.7 to 2.22.8 ( #2351 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.7 to 2.22.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](66b90a5db1...407ffafae6
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-24 06:42:30 -05:00
Alex Goodman
8ee209a5ae
use read lock in pkg collection ( #2341 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-21 13:48:25 -05:00
Alex Goodman
4712246897
Fix the attest
command ( #2337 )
...
* fix attest command
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add notification on how to access the attestation
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix integration test
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-21 18:29:58 +00:00
Weston Steimel
ebeb768f59
fix: add manual namespace mapping for org.springframework jars ( #2345 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-11-21 18:28:10 +00:00
Duane May
d4733fac1d
Add binary classifiers for MySQL and MariaDB ( #2316 )
...
* Add MySQL and MariaDB binary classifiers
Signed-off-by: Duane May <duanemay@gmail.com>
Signed-off-by: Duane May <mduane@vmware.com>
* use smallest possible binary fixtures
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Duane May <duanemay@gmail.com>
Signed-off-by: Duane May <mduane@vmware.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-21 16:54:41 +00:00
David Dooling
34774a0e10
Enhance redis binary classifier ( #2329 )
...
Allow existing matcher to match host identifiers longer than 12
characters. The binaries distributed by redis have the version before
payload, so add a matcher for that. Add test fixtures covering these
scenarios.
Signed-off-by: David Dooling <david.dooling@docker.com>
2023-11-21 16:24:59 +00:00
dependabot[bot]
1c582f0aa5
chore(deps): bump anchore/sbom-action from 0.14.3 to 0.15.0 ( #2344 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.14.3 to 0.15.0.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](78fc58e266...fd74a6fb98
)
---
updated-dependencies:
- dependency-name: anchore/sbom-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-21 11:12:43 -05:00
Weston Steimel
9d766c0325
fix: add manual namespace mapping for org.springframework.security jars ( #2343 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-11-21 13:46:34 +00:00
Weston Steimel
5751b43608
fix: add manual namespace mapping for org.bouncycastle jars ( #2342 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-11-21 08:17:07 -05:00
Alex Goodman
51d015d5ea
Update developer docs to represent the current package layout ( #2340 )
...
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-20 15:06:18 -05:00
Alex Goodman
5565bdef0c
Remove the power-user command and related catalogers ( #2306 )
...
* remove the power-user command
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove secrets + classifier catalogers
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bump json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* regenerate json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-20 15:44:28 +00:00
Alex Goodman
1676934c63
Add "pretty" json configuration and change default behavior to be space-efficient ( #2275 )
...
* expose underlying format options
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove escape html options and address PR feedback
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* incorporate PR feedback
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix cli test
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-20 15:29:34 +00:00
anchore-actions-token-generator[bot]
7cfb5f630a
chore(deps): update stereoscope to 3610f4ef3e83e8ff2edf8859e8916bce326fa260 ( #2336 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
2023-11-17 20:53:01 +00:00
Christopher Angelo Phillips
ba80e490c2
feat: allow for stdout to be buffered on each command ( #2335 )
...
* feat: add preRun func to version to restore stdout
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: add test to capture version in output
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* change stdout buffering to log to be opt-in per command
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-17 14:14:13 -05:00
Keith Zantow
1c787f436f
fix: prevent writing non-report output to stdout ( #2324 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-11-16 17:45:25 -05:00
dependabot[bot]
c7eb3f4c93
chore(deps): bump github/codeql-action from 2.22.6 to 2.22.7 ( #2332 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.6 to 2.22.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](689fdc5193...66b90a5db1
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-16 09:22:23 -05:00
Alex Goodman
11a8cde8e4
export metadata type helper ( #2328 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-15 19:05:18 +00:00
Weston Steimel
dcd062cffb
fix(java): add manual groupid mappings for org.apache.velocity jars ( #2327 )
...
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2023-11-15 17:44:36 +00:00
Weston Steimel
b9294976ef
fix(java): skip maven bundle plugin logic if vendor id and symbolic name match ( #2326 )
...
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2023-11-15 17:44:15 +00:00
Colm O hEigeartaigh
3e8a2304e8
Refine license searching from groupIDFromJavaMetadata to allow for having the artfactId in the groupId ( #2313 )
...
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
2023-11-15 10:04:31 -05:00
anchore-actions-token-generator[bot]
e04d90fc9a
chore(deps): update tools to latest versions ( #2325 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2023-11-15 10:02:27 -05:00
anchore-actions-token-generator[bot]
0f39917999
chore(deps): update tools to latest versions ( #2318 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2023-11-14 12:01:47 -05:00
Colm O hEigeartaigh
0652998b9b
Add license for golang stdlib ( #2317 )
...
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
2023-11-14 11:53:07 -05:00
dependabot[bot]
43bdf6e1b2
chore(deps): bump github/codeql-action from 2.22.5 to 2.22.6 ( #2321 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.5 to 2.22.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](74483a38d3...689fdc5193
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-14 11:35:59 -05:00
Benji Visser
9aa9e0e09a
docs: Update README.md for dotnet-portable-executable ( #2322 )
...
Signed-off-by: Benji Visser <benji@093b.org>
2023-11-14 10:37:56 -05:00
Colm O hEigeartaigh
7ccbadff34
Fall back to searching maven central using groupIDFromJavaMetadata ( #2295 )
...
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
2023-11-10 22:02:53 -05:00
Alex Goodman
3f13d209a5
rename file.Location.VirtualPath to AccessPath ( #2288 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-09 11:30:08 -06:00
anchore-actions-token-generator[bot]
baa3dc74d3
chore(deps): update tools to latest versions ( #2308 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2023-11-09 08:07:59 -08:00
dependabot[bot]
58f310c390
chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.11 to 0.4.12 ( #2310 )
...
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) from 0.4.11 to 0.4.12.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.11...v0.4.12 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-09 08:06:50 -08:00
dependabot[bot]
a383239217
chore(deps): bump golang.org/x/net from 0.17.0 to 0.18.0 ( #2311 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.17.0 to 0.18.0.
- [Commits](https://github.com/golang/net/compare/v0.17.0...v0.18.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-09 08:06:19 -08:00
Benji Visser
0891d35e07
include image labels in cycloneDX SBOM ( #2294 )
...
* include image labels in SBOM
Signed-off-by: Benji Visser <benji@093b.org>
* update tests
Signed-off-by: Benji Visser <benji@093b.org>
* gocritic
Signed-off-by: Benji Visser <benji@093b.org>
* add properties
Signed-off-by: Benji Visser <benji@093b.org>
* add decoder
Signed-off-by: Benji Visser <benji@093b.org>
* update golden snapshots
Signed-off-by: Benji Visser <benji@093b.org>
* decodeProperties
Signed-off-by: Benji Visser <benji@093b.org>
* add test
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove the snapshot test changes
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* restore snapshots
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Benji Visser <benji@093b.org>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-08 23:13:04 +00:00
Alex Goodman
502971a1b2
Add accessPath on Location objects to syft-json output ( #2287 )
...
* add accessPath on Location objects to syft-json output
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* generate json schema v12.0.1
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-08 17:05:30 -06:00
Colm O hEigeartaigh
dc14dbb326
SPDX file has duplicate sha256 tag in versionInfo ( #2300 )
...
* SPDX file has duplicate sha256 tag in versionInfo
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
* add tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-08 22:49:31 +00:00
Colm O hEigeartaigh
bae5a2e741
Check maven central as well for licenses in parents poms for nested jars ( #2302 )
...
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
2023-11-08 10:26:12 -08:00
dependabot[bot]
220655743b
chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 ( #2293 )
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Commits](https://github.com/spf13/cobra/compare/v1.7.0...v1.8.0 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-08 10:23:40 -08:00
anchore-actions-token-generator[bot]
9fce006b8f
chore(deps): update tools to latest versions ( #2301 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2023-11-08 09:33:59 -08:00
Keith Zantow
d91c2dd842
fix: identify cyclone-json without $schema ( #2303 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-11-08 11:54:22 -05:00
Christopher Angelo Phillips
9b98785aab
chore: setup release task before calling go releaser ( #2297 )
...
* chore: update release command to use config at repo root
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-11-07 16:33:06 +00:00
anchore-actions-token-generator[bot]
ad977ee0a1
chore(deps): update tools to latest versions ( #2296 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2023-11-07 06:44:39 -08:00
anchore-actions-token-generator[bot]
9eac737fe2
chore(deps): update tools to latest versions ( #2289 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2023-11-06 09:23:46 -05:00
anchore-actions-token-generator[bot]
4ba92ac43b
chore(deps): update CPE dictionary index ( #2290 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
2023-11-06 09:23:24 -05:00
dependabot[bot]
a4b895d31f
chore(deps): bump golang.org/x/mod from 0.13.0 to 0.14.0 ( #2292 )
...
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.13.0 to 0.14.0.
- [Commits](https://github.com/golang/mod/compare/v0.13.0...v0.14.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-06 14:12:40 +00:00
Colm O hEigeartaigh
9fa11f2339
Wire though maven-url to java config ( #2291 )
...
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
2023-11-06 09:08:03 -05:00
Mark Severson
1470abaded
Use case-insensitive matching for Go license files ( #2286 )
...
Signed-off-by: Mark Severson <mark@kasten.io>
2023-11-03 14:47:09 -04:00
Colm O hEigeartaigh
2d582f78a1
Add a new Java configuration option to recursively search parent poms… ( #2274 )
...
- Add a new Java configuration option to recursively search parent poms for licenses
---------
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-11-03 10:33:02 -04:00
anchore-actions-token-generator[bot]
793cef5086
chore(deps): update tools to latest versions ( #2280 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2023-11-02 09:20:27 -04:00
Alex Goodman
b2f4d7eda2
Follow convention for naming catalogers ( #2277 )
...
* follow convention for naming catalogers
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix cataloger name example
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 12:39:42 +00:00
Alex Goodman
6c41f15975
change dir resolver to include virtual path ( #2259 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 08:20:00 -04:00