Commit graph

1682 commits

Author SHA1 Message Date
anchore-actions-token-generator[bot]
629aafc323
chore(deps): update CPE dictionary index (#2271)
* chore(deps): update CPE dictionary index

Signed-off-by: GitHub <noreply@github.com>

---------

Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: Will Murphy <will.murphy@anchore.com>
Co-authored-by: willmurphyscode <willmurphyscode@users.noreply.github.com>
2023-10-30 09:48:03 -04:00
William Murphy
f430788099
chore: fix cpe generation task (#2270)
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-10-30 12:51:26 +00:00
dependabot[bot]
58850d3258
chore(deps): bump github.com/google/uuid from 1.3.1 to 1.4.0 (#2262)
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.3.1 to 1.4.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.3.1...v1.4.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-27 09:55:04 -04:00
dependabot[bot]
2428d704e1
chore(deps): bump github/codeql-action from 2.22.4 to 2.22.5 (#2261)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.4 to 2.22.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](49abf0ba24...74483a38d3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-27 09:54:23 -04:00
anchore-actions-token-generator[bot]
da07520121
chore(deps): update tools to latest versions (#2258)
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2023-10-26 10:15:13 -04:00
dependabot[bot]
ae27dcdfa9
chore(deps): bump github.com/go-git/go-git/v5 from 5.9.0 to 5.10.0 (#2256)
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.9.0 to 5.10.0.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.9.0...v5.10.0)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-25 10:45:27 -04:00
Colm O hEigeartaigh
1daf18fee9
feat: Perform case insensitive matching on Java license files (#2235)
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
2023-10-25 09:51:59 -04:00
Alex Goodman
7392d607b6
Split the sbom.Format interface by encode and decode use cases (#2186)
* split up sbom.Format into encode and decode ops

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* update cmd pkg to inject format configs

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* bump cyclonedx schema to 1.5

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* redact image metadata from github encoder tests

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add more testing around format decoder identify

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add test case for format version options

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix cli tests

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix CLI test

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* [wip] - review comments

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* keep encoder creation out of post load function

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* keep decider and identify functions

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add a few more doc comments

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* remove format encoder default function helpers

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* address PR feedback

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* move back to streaming based decode functions

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* with common convention for encoder constructors

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix tests and allow for encoders to be created from cli options

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix cli tests

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix linting

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* buffer reads from stdin to support seeking

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-25 13:43:06 +00:00
Alex Goodman
7315f83f9d
Upgrade tool management (#2188)
* migrate to binny and taskfile

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* update binny to not require github token

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* added support for automatically building snapshots

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* detect source changes for snapshot builds

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fail workflow explicitly when snapshot cache restoral fails

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* match snapshot restoral paths

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-25 09:08:43 -04:00
Christopher Angelo Phillips
cd530924d0
fix: 2179 jar chokes empty lines (#2254)
---------

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-10-24 14:03:47 -04:00
anchore-actions-token-generator[bot]
73d5852119
chore(deps): update CPE dictionary index (#2253)
* fix CPE workflow

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* chore(deps): update CPE dictionary index

Signed-off-by: GitHub <noreply@github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-24 13:22:02 -04:00
Alex Goodman
c4b464e616
fix CPE workflow (#2252)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-24 15:07:49 +00:00
Stefan Profanter
234ce4e1f3
feat: add conaninfo.txt parser to detect conan packages in docker images (#2234)
* feat: add conaninfo.txt parser to detect conan packages in docker images

Signed-off-by: Stefan Profanter <stefan.profanter@agile-robots.com>

* fix: add NewConanInfoCataloger as a separate cataloger

Signed-off-by: Stefan Profanter <stefan.profanter@agile-robots.com>

---------

Signed-off-by: Stefan Profanter <stefan.profanter@agile-robots.com>
2023-10-23 16:17:50 -04:00
anchore-actions-token-generator[bot]
f9433e7f9b
chore(deps): update bootstrap tools to latest versions (#2245)
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2023-10-23 10:48:07 -04:00
dependabot[bot]
5a4778093d
chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.6.0 to 4.6.1 (#2248)
Bumps [github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar) from 4.6.0 to 4.6.1.
- [Release notes](https://github.com/bmatcuk/doublestar/releases)
- [Commits](https://github.com/bmatcuk/doublestar/compare/v4.6.0...v4.6.1)

---
updated-dependencies:
- dependency-name: github.com/bmatcuk/doublestar/v4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-23 10:42:17 -04:00
dependabot[bot]
bdbf927847
chore(deps): bump github/codeql-action from 2.22.3 to 2.22.4 (#2249)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.3 to 2.22.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](0116bc2df5...49abf0ba24)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-23 10:41:54 -04:00
Alex Goodman
f3d95aa3a9
fill version info from release and git directly (#2244)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-23 09:05:43 -04:00
Chao Li
671ff39933
Add ruby.NewGemSpecCataloger to DirectoryCatalogers. (#1971)
* Add ruby.NewGemSpecCataloger to DirectoryCatalogers.

Signed-off-by: Evan <chaol@vmware.com>

* fixed tests

Signed-off-by: Evan <chaol@vmware.com>

* Addressed review comment

Signed-off-by: Evan <chaol@vmware.com>

* Remove NewInstalledGemSpecCataloger from default dir catalogers

Because the files that the installed gemspec cataloger work off of are a
subset of the files that the more general gemspec cataloger will work
off of, we shouldn't have both of them on by default, since this could
result in finding the same package twice.

Signed-off-by: Will Murphy <will.murphy@anchore.com>

---------

Signed-off-by: Evan <chaol@vmware.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Co-authored-by: Will Murphy <will.murphy@anchore.com>
2023-10-23 08:49:57 -04:00
Alex Goodman
263be01faa
change homebrew release trigger (#2242)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-20 18:31:41 +00:00
Alex Goodman
8f6bdde666
Label PRs when the json schema changes (#2240)
* label PRs when the json schema changes

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* moderate pr comments

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* be more strict about processing file names

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-20 13:00:15 -04:00
Christopher Angelo Phillips
ef43294d0e
Add download location when cataloging directory npm package lock (#2238)
* added download locatoin (resolved) when cataloging a directory - javascript ecosystem- npm - packag-lock
	Signed-off by Auston(Aoxiang) Zhang <auston.zhang@dal.ca>

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* chore: get DCO to fire

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

---------

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Auston-Zhang <ax706429@dal.ca>
2023-10-20 11:40:38 -04:00
Christopher Angelo Phillips
e1ad340c2d
fix: allow packages to be captured from DIST/EGG case (#2239)
* fix: allow packages to be captured from DIST/EGG case

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* test: update expected glob paths

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

---------

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-10-20 11:29:13 -04:00
Alex Goodman
07f13049da
Account for maven bundle plugin and fix filename matching (#2220)
* account for maven bundle plugin and fix filename matching

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add in-repo jar tests based on metadata to cover #2130

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* tests: fix test merge commit

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-10-19 17:57:23 -04:00
dependabot[bot]
6c7900f5b8
chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#2236)
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](8ade135a41...b4ffde65f4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-18 09:54:26 -04:00
Alex Goodman
7018573bf7
Remove internal string set (#2219)
* remove internal string set

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* incorporate changes from #2227

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* beef up the pkg.License.Merg() doc string

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-17 12:52:11 -04:00
Alex Goodman
f3ad8cf250
bump clio to get stderr reporting fix (#2232)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-16 12:47:48 -04:00
Alex Goodman
31f1d7dbf0
Fix panic for empty input to Swift cataloger (#2226)
* survive invalid input in swift parser

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add empty file

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-16 11:04:33 -04:00
Colm O hEigeartaigh
144ed725a7
Add additional license filenames (#2227)
* Add additional license filenames

Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>

* add comment about the license list being manually updated

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-16 13:20:00 +00:00
dependabot[bot]
dcec2bc352
chore(deps): bump github/codeql-action from 2.22.2 to 2.22.3 (#2229)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.2 to 2.22.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](d90b8d79de...0116bc2df5)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-16 08:59:39 -04:00
dependabot[bot]
1fe0921a5b
chore(deps): bump github.com/charmbracelet/lipgloss from 0.9.0 to 0.9.1 (#2222)
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.9.0 to 0.9.1.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases)
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.9.0...v0.9.1)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-12 11:10:56 -04:00
dependabot[bot]
538fe5ee1d
chore(deps): bump github/codeql-action from 2.22.1 to 2.22.2 (#2224)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.1 to 2.22.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](fdcae64e14...d90b8d79de)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-12 11:10:45 -04:00
Colm O hEigeartaigh
2687100e6a
Detect a license file in the root directory or META-INF of a jar (#2213)
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
2023-10-12 11:09:53 -04:00
Benji Visser
fe7a417fb2
Parse donet dependency trees (#2143)
* add dependency information for .NET pkgs

Signed-off-by: Benji Visser <benji@093b.org>

* update pkg coverage directory test

Signed-off-by: Benji Visser <benji@093b.org>

* reverse dependsOn relationship

Signed-off-by: Benji Visser <benji@093b.org>

* update root pkg parsing

Signed-off-by: Benji Visser <benji@093b.org>

* add comments about the test relationships represented

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add docs around relationship sorting functions + update test helpers

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Benji Visser <benji@093b.org>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-11 18:01:24 +00:00
dependabot[bot]
7732cd3b48
chore(deps): bump golang.org/x/net from 0.16.0 to 0.17.0 (#2214)
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/net/compare/v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-11 13:52:07 -04:00
dependabot[bot]
0302fc5b48
chore(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#2215)
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.5.9 to 0.6.0.
- [Release notes](https://github.com/google/go-cmp/releases)
- [Commits](https://github.com/google/go-cmp/compare/v0.5.9...v0.6.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-cmp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-11 09:53:00 -04:00
dependabot[bot]
b899536814
chore(deps): bump github.com/charmbracelet/lipgloss from 0.8.0 to 0.9.0 (#2216)
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases)
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.8.0...v0.9.0)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-11 09:52:42 -04:00
Christopher Angelo Phillips
d1120ad56e
chore: add automated homebrew action (#2164)
* chore: add automated homebrew action

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* migrate homebrew publish step to separate post-release workflow

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-11 09:52:22 -04:00
Alex Goodman
ef759038f5
Add relationships for dpkg packages (#2212)
* add relationships for deb packages

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* update snapshots

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* bump json schema

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* small refactor to remove duplicate code

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-11 08:56:26 -04:00
Colm O hEigeartaigh
0748945c83
Parse the Maven license from the pom.xml if not contained in the mani… (#2115)
* Parse the Maven license from the pom.xml if not contained in the manifest

Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>

* chore: restore 10.0.2 schema

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* chore: generate new 11.0.1 schema

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* refactor: remove schema change

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* test: update unit tests to align with new pattern

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* chore: pr feedback

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* chore: remove struct tags

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* keep license name and url semantics preserved on the pkg object

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-10 13:09:44 -04:00
Alex Goodman
185d0d1bfa
Refine the docs for building a cataloger (#2175)
* refine the docs for building a cataloger

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* incorporate comments

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-09 13:44:38 -04:00
Mohammad Sharief Baig
d16ecdf715
Fix algo lookup by converting key to lower case (#2207)
Signed-off-by: Mohammad Sharief Baig <shariefmohammad007@gmail.com>
2023-10-09 13:07:18 -04:00
dependabot[bot]
68cf57ed03
chore(deps): bump github/codeql-action from 2.22.0 to 2.22.1 (#2208)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.0 to 2.22.1.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](2cb752a87e...fdcae64e14)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-09 13:05:57 -04:00
Christopher Angelo Phillips
f6c8057977
feat: add package for go compiler given binary detection (#2195)
adds a unique synthetic package to the SBOM output that represents the go compiler when it is detected as a part of a package discovered by the go binary cataloger.

When using an SBOM generated by syft - downstream vulnerability scanners now have the opportunity to detect/report on the PURL/CPEs attached to the new stdlib package.
---------

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-10-06 13:15:50 -04:00
dependabot[bot]
87e57aa925
chore(deps): bump github.com/docker/distribution from 2.8.2+incompatible to 2.8.3+incompatible (#2193)
* chore(deps): bump github.com/docker/distribution

Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.2+incompatible to 2.8.3+incompatible.
- [Release notes](https://github.com/docker/distribution/releases)
- [Commits](https://github.com/docker/distribution/compare/v2.8.2...v2.8.3)

---
updated-dependencies:
- dependency-name: github.com/docker/distribution
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: update reference import

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-10-06 12:54:19 -04:00
dependabot[bot]
eed35ec9ce
chore(deps): bump github/codeql-action from 2.21.9 to 2.22.0 (#2202)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.9 to 2.22.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](ddccb87388...2cb752a87e)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-06 12:02:34 -04:00
dependabot[bot]
b23879fd37
chore(deps): bump golang.org/x/net from 0.15.0 to 0.16.0 (#2204)
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.15.0 to 0.16.0.
- [Commits](https://github.com/golang/net/compare/v0.15.0...v0.16.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-06 12:01:38 -04:00
Christopher Angelo Phillips
30f0686353
chore: update license list to 3.22 (#2201) 2023-10-06 10:56:47 -04:00
Marc-Etienne Vargenau
235ad2e749
Add exact syntax of the conversion formats (#2196)
Signed-off-by: Marc-Etienne Vargenau <marc-etienne.vargenau@nokia.com>
2023-10-05 14:48:30 -04:00
dependabot[bot]
127fac8ca9
chore(deps): bump github.com/saferwall/pe from 1.4.6 to 1.4.7 (#2198)
Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe) from 1.4.6 to 1.4.7.
- [Release notes](https://github.com/saferwall/pe/releases)
- [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md)
- [Commits](https://github.com/saferwall/pe/compare/v1.4.6...v1.4.7)

---
updated-dependencies:
- dependency-name: github.com/saferwall/pe
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-05 13:02:30 -04:00
dependabot[bot]
37bb95f5c9
chore(deps): bump golang.org/x/mod from 0.12.0 to 0.13.0 (#2199)
Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.12.0 to 0.13.0.
- [Commits](https://github.com/golang/mod/compare/v0.12.0...v0.13.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-05 11:50:05 -04:00