Mirrors/syft

mirror of https://github.com/anchore/syft synced 2024-09-20 14:11:54 +00:00

Author	SHA1	Message	Date
anchore-actions-token-generator[bot]	bb52a25c8a	Update Stereoscope to 529924d6d5aa6c708cceffc651883b6e1e27f5df (#1602 ) Signed-off-by: GitHub <noreply@github.com>	2023-02-22 08:49:04 +00:00
anchore-actions-token-generator[bot]	2642a36161	Update Stereoscope to 4b5ebf8c7f4b81ca79c4c3f0af1d0723eab87d42 (#1576 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>	2023-02-16 10:22:43 -05:00
dependabot[bot]	1981b249f1	chore(deps): bump golang.org/x/net from 0.6.0 to 0.7.0 (#1574 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.6.0 to 0.7.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](https://github.com/golang/net/compare/v0.6.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-15 12:54:55 -05:00
dependabot[bot]	3013c8b691	chore(deps): bump github.com/docker/docker (#1563 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.0+incompatible to 23.0.1+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v23.0.0...v23.0.1) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-10 10:43:19 -05:00
Alex Goodman	988041ba6d	Speed up cataloging by replacing globs searching with index lookups (#1510 ) * replace raw globs with index equivelent operations Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add cataloger test for alpm cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix import sorting for binary cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting for mock resolver Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * separate portage cataloger parser impl from cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * enhance cataloger pkgtest utils to account for resolver responses Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for alpm cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for apkdb cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for dpkg cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for cpp cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for dart cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for dotnet cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for elixir cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for erlang cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for golang cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for haskell cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for java cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for javascript cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for php cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for portage cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for python cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for rpm cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for rust cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for sbom cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for swift cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * allow generic catloger to run all mimetype searches at once Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove stutter from php and javascript cataloger constructors Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump stereoscope Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add tests for generic.Search Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add exceptions for java archive git ignore entries Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * enhance basename and extension resolver methods to be variadic Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * dont allow * prefix on extension searches Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for ruby cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove unnecessary string casting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * incorporate surfacing of leaf link resolitions from stereoscope results Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * [wip] switch to stereoscope file metadata Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * [wip + failing] revert to old globs but keep new resolvers Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * index files, links, and dirs within the directory resolver Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix several resolver bugs and inconsistencies Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * move format testutils to internal package Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update syft json to account for file type string normalization Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * split up directory resolver from indexing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update docs to include details about searching Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * [wip] bump stereoscope to development version Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * adjust symlinks fixture to be fixed to digest Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix all-locations resolver tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix test fixture reference Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rename file.Type Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump stereoscope Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix PR comment to exclude extra * Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump to dev version of stereoscope Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump to final version of stereoscope Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * move observing resolver to pkgtest Signed-off-by: Alex Goodman <alex.goodman@anchore.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2023-02-09 16:19:47 +00:00
dependabot[bot]	08804842fa	chore(deps): bump golang.org/x/net from 0.5.0 to 0.6.0 (#1558 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.5.0 to 0.6.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](https://github.com/golang/net/compare/v0.5.0...v0.6.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-09 09:01:56 -05:00
dependabot[bot]	48528efff3	chore(deps): bump golang.org/x/mod from 0.7.0 to 0.8.0 (#1552 ) Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.7.0 to 0.8.0. - [Release notes](https://github.com/golang/mod/releases) - [Commits](https://github.com/golang/mod/compare/v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-08 10:07:37 -05:00
dependabot[bot]	8d856a7c7b	chore(deps): bump golang.org/x/term from 0.4.0 to 0.5.0 (#1551 ) Bumps [golang.org/x/term](https://github.com/golang/term) from 0.4.0 to 0.5.0. - [Release notes](https://github.com/golang/term/releases) - [Commits](https://github.com/golang/term/compare/v0.4.0...v0.5.0) --- updated-dependencies: - dependency-name: golang.org/x/term dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-08 09:23:31 -05:00
anchore-actions-token-generator[bot]	95201840d2	Update Stereoscope to c49244e4d66f1ee789027ea23acc746968799c3b (#1539 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-02-07 10:05:18 -05:00
dependabot[bot]	ad8604c223	chore(deps): bump github.com/docker/docker (#1531 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.23+incompatible to 23.0.0+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v20.10.23...v23.0.0) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-02 10:53:22 -05:00
Keith Zantow	1530ef354f	chore: update spdx/tools-golang to v0.5.0-rc1 (#1503 )	2023-01-31 11:53:16 -05:00
Bradley Jones	cdac2245b5	feat: update golang to 1.19 (#1526 ) * feat: update golang to 1.19 Signed-off-by: Bradley Jones <bradley.jones@anchore.com> * chore: break out json schema drift check into separate script Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * chore: update git index refresh Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> --------- Signed-off-by: Bradley Jones <bradley.jones@anchore.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-01-31 11:39:57 -05:00
dependabot[bot]	21ba5d0806	chore(deps): bump github.com/google/go-containerregistry (#1513 ) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.12.1 to 0.13.0. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.12.1...v0.13.0) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-25 13:41:43 +00:00
dependabot[bot]	3269bc98d4	chore(deps): bump golang.org/x/mod from 0.6.0 to 0.7.0 (#1505 ) Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.6.0 to 0.7.0. - [Release notes](https://github.com/golang/mod/releases) - [Commits](https://github.com/golang/mod/compare/v0.6.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-23 15:01:25 -05:00
dependabot[bot]	7f3382f7eb	chore(deps): bump github.com/docker/docker (#1506 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.20+incompatible to 20.10.23+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v20.10.20...v20.10.23) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-23 14:58:39 -05:00
dependabot[bot]	65e5ff63f0	chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 (#1507 ) Bumps [github.com/Masterminds/sprig/v3](https://github.com/Masterminds/sprig) from 3.2.2 to 3.2.3. - [Release notes](https://github.com/Masterminds/sprig/releases) - [Changelog](https://github.com/Masterminds/sprig/blob/master/CHANGELOG.md) - [Commits](https://github.com/Masterminds/sprig/compare/v3.2.2...v3.2.3) --- updated-dependencies: - dependency-name: github.com/Masterminds/sprig/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-23 14:48:22 -05:00
dependabot[bot]	d287c22b69	chore(deps): bump github.com/dustin/go-humanize from 1.0.0 to 1.0.1 (#1508 ) Bumps [github.com/dustin/go-humanize](https://github.com/dustin/go-humanize) from 1.0.0 to 1.0.1. - [Release notes](https://github.com/dustin/go-humanize/releases) - [Commits](https://github.com/dustin/go-humanize/compare/v1.0.0...v1.0.1) --- updated-dependencies: - dependency-name: github.com/dustin/go-humanize dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-23 14:48:00 -05:00
Luca Comellini	e8be93a8eb	Bump github.com/spdx/tools-golang to v0.4.0 (#1450 ) Signed-off-by: Luca Comellini <luca.com@gmail.com>	2023-01-20 17:00:21 -05:00
dependabot[bot]	285112fe29	chore(deps): bump github.com/facebookincubator/nvdtools (#1499 ) Bumps [github.com/facebookincubator/nvdtools](https://github.com/facebookincubator/nvdtools) from 0.1.4 to 0.1.5. - [Release notes](https://github.com/facebookincubator/nvdtools/releases) - [Commits](https://github.com/facebookincubator/nvdtools/compare/v0.1.4...v0.1.5) --- updated-dependencies: - dependency-name: github.com/facebookincubator/nvdtools dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-20 14:02:47 +00:00
dependabot[bot]	f29bea5921	chore(deps): bump github.com/jinzhu/copier from 0.3.2 to 0.3.5 (#1498 ) Bumps [github.com/jinzhu/copier](https://github.com/jinzhu/copier) from 0.3.2 to 0.3.5. - [Release notes](https://github.com/jinzhu/copier/releases) - [Commits](https://github.com/jinzhu/copier/compare/v0.3.2...v0.3.5) --- updated-dependencies: - dependency-name: github.com/jinzhu/copier dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-20 08:51:20 -05:00
dependabot[bot]	39cdbc42aa	chore(deps): bump github.com/vbatts/go-mtree from 0.5.0 to 0.5.2 (#1497 ) Bumps [github.com/vbatts/go-mtree](https://github.com/vbatts/go-mtree) from 0.5.0 to 0.5.2. - [Release notes](https://github.com/vbatts/go-mtree/releases) - [Changelog](https://github.com/vbatts/go-mtree/blob/main/releases.md) - [Commits](https://github.com/vbatts/go-mtree/compare/v0.5.0...v0.5.2) --- updated-dependencies: - dependency-name: github.com/vbatts/go-mtree dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-20 08:50:59 -05:00
dependabot[bot]	27b62ce833	chore(deps): bump github.com/gookit/color from 1.4.2 to 1.5.2 (#1496 ) Bumps [github.com/gookit/color](https://github.com/gookit/color) from 1.4.2 to 1.5.2. - [Release notes](https://github.com/gookit/color/releases) - [Commits](https://github.com/gookit/color/compare/v1.4.2...v1.5.2) --- updated-dependencies: - dependency-name: github.com/gookit/color dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-20 08:50:37 -05:00
dependabot[bot]	499e7c4e16	chore(deps): bump github.com/spf13/viper from 1.14.0 to 1.15.0 (#1495 ) Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.14.0 to 1.15.0. - [Release notes](https://github.com/spf13/viper/releases) - [Commits](https://github.com/spf13/viper/compare/v1.14.0...v1.15.0) --- updated-dependencies: - dependency-name: github.com/spf13/viper dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-20 08:50:19 -05:00
dependabot[bot]	09a5baf523	chore(deps): bump github.com/spf13/viper from 1.13.0 to 1.14.0 (#1488 ) Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.13.0 to 1.14.0. - [Release notes](https://github.com/spf13/viper/releases) - [Commits](https://github.com/spf13/viper/compare/v1.13.0...v1.14.0) --- updated-dependencies: - dependency-name: github.com/spf13/viper dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-19 10:39:04 -05:00
dependabot[bot]	33c08c8545	chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.0.2 to 4.6.0 (#1489 ) Bumps [github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar) from 4.0.2 to 4.6.0. - [Release notes](https://github.com/bmatcuk/doublestar/releases) - [Commits](https://github.com/bmatcuk/doublestar/compare/v4.0.2...v4.6.0) --- updated-dependencies: - dependency-name: github.com/bmatcuk/doublestar/v4 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-19 10:38:50 -05:00
dependabot[bot]	fd002db802	chore(deps): bump github.com/spf13/cobra from 1.6.0 to 1.6.1 (#1490 ) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.6.0 to 1.6.1. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.6.0...v1.6.1) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-19 14:16:50 +00:00
dependabot[bot]	cb3e4b8e49	chore(deps): bump github.com/go-test/deep from 1.0.8 to 1.1.0 (#1491 ) Bumps [github.com/go-test/deep](https://github.com/go-test/deep) from 1.0.8 to 1.1.0. - [Release notes](https://github.com/go-test/deep/releases) - [Changelog](https://github.com/go-test/deep/blob/master/CHANGES.md) - [Commits](https://github.com/go-test/deep/compare/v1.0.8...v1.1.0) --- updated-dependencies: - dependency-name: github.com/go-test/deep dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-19 14:01:33 +00:00
dependabot[bot]	5917f8d8f9	chore(deps): bump github.com/google/go-containerregistry (#1487 ) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.11.0 to 0.12.1. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.11.0...v0.12.1) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-19 13:47:36 +00:00
dependabot[bot]	70e6d0f2e3	chore(deps): bump golang.org/x/net from 0.4.0 to 0.5.0 (#1475 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.4.0 to 0.5.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](https://github.com/golang/net/compare/v0.4.0...v0.5.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-18 14:39:50 +00:00
dependabot[bot]	31a763c46d	chore(deps): bump github.com/adrg/xdg from 0.3.3 to 0.4.0 (#1477 ) Bumps [github.com/adrg/xdg](https://github.com/adrg/xdg) from 0.3.3 to 0.4.0. - [Release notes](https://github.com/adrg/xdg/releases) - [Commits](https://github.com/adrg/xdg/compare/v0.3.3...v0.4.0) --- updated-dependencies: - dependency-name: github.com/adrg/xdg dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-18 09:39:35 -05:00
dependabot[bot]	ae6c9c2e97	chore(deps): bump github.com/sergi/go-diff from 1.2.0 to 1.3.1 (#1476 ) Bumps [github.com/sergi/go-diff](https://github.com/sergi/go-diff) from 1.2.0 to 1.3.1. - [Release notes](https://github.com/sergi/go-diff/releases) - [Commits](https://github.com/sergi/go-diff/compare/v1.2.0...v1.3.1) --- updated-dependencies: - dependency-name: github.com/sergi/go-diff dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-18 09:39:15 -05:00
dependabot[bot]	f6a0dd33d1	chore(deps): bump github.com/vifraa/gopom from 0.1.0 to 0.2.1 (#1474 ) Bumps [github.com/vifraa/gopom](https://github.com/vifraa/gopom) from 0.1.0 to 0.2.1. - [Release notes](https://github.com/vifraa/gopom/releases) - [Commits](https://github.com/vifraa/gopom/compare/v0.1.0...v0.2.1) --- updated-dependencies: - dependency-name: github.com/vifraa/gopom dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-18 09:38:30 -05:00
Weston Steimel	fc4d28f365	fix: bump golang.org/x/net to v0.4.0 (#1467 ) resolves reporting of CVE-2022-41717 Signed-off-by: Weston Steimel <weston.steimel@anchore.com>	2023-01-17 17:02:34 +00:00
Weston Steimel	5290dfb9c2	fix: bump golang.org/x/text to v0.3.8 (#1466 ) This resolves reporting of GHSA-69ch-w2m2-3vjp Signed-off-by: Weston Steimel <weston.steimel@anchore.com>	2023-01-17 15:50:02 +00:00
Christopher Angelo Phillips	44e8ae2577	fix: update attestation code to remove library dependencies and shellout for keyless flow (#1442 ) Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2023-01-12 17:22:05 +00:00
Benji Visser	bb6fc6525c	Add alpine type to purl (#1431 ) Signed-off-by: Benji Visser <benji@093b.org>	2023-01-04 17:35:46 -05:00
Keith Zantow	e1e489a284	fix: unicode output in cyclonedx-json format (#1420 )	2022-12-23 08:37:47 -05:00
Christopher Angelo Phillips	0f1e8fca14	bug: spdx checksum empty array; allow syft to generate SHA1 for spdx-tag-value documents (#1404 )	2022-12-20 00:10:35 +00:00
Christopher Angelo Phillips	730d3e3187	chore: update latest cyclonedx library (#1390 )	2022-12-08 11:36:08 -05:00
anchore-actions-token-generator[bot]	f1a124209a	Update Stereoscope to c5ff155d72f166e2332e160a75c3ff2b8e9c7e2e (#1395 ) Signed-off-by: GitHub <noreply@github.com>	2022-12-08 08:32:49 +00:00
anchore-actions-token-generator[bot]	247b054ab5	Update Stereoscope to 3b80d983223f6e6fc2d33b0ffa003d30268418e9 (#1376 ) Signed-off-by: GitHub <noreply@github.com> Signed-off-by: GitHub <noreply@github.com> Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>	2022-11-30 16:11:57 +00:00
Keith Zantow	42cb0a47a4	feat: SPDX 2.3 support (#1311 )	2022-11-18 08:54:39 -05:00
Alex Goodman	d7a51a69dd	Update java generic cataloger (#1329 ) * remove centralize pURL generation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * port java cataloger to new generic cataloger pattern Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove common.GenericCataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update format test fixtures to reflect ID updates Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix package sort instability for encode-decode-encode cycles Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-11-09 14:55:54 +00:00
Weston Steimel	919c929798	update go-rpmdb to improve parsing of installed files (#1297 )	2022-10-30 23:55:17 -04:00
Alex Goodman	d8c659b65b	replace logger interface with anchore/go-logger (#1279 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-10-21 15:12:14 +00:00
anchore-actions-token-generator[bot]	5568cc0dd5	Update syft bootstrap tools to latest versions. (#1267 )	2022-10-21 09:42:13 -04:00
Arnaud J Le Hors	d3ee24017e	Use in-toto CycloneDX predicate to be compatible with cosign (#1270 ) Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-10-19 09:37:52 -04:00
Keith Zantow	780e1c310c	refactor: Remove experimental Anchore Enterprise upload functionality (#1257 )	2022-10-10 16:16:47 -04:00
anchore-actions-token-generator[bot]	d89e320dcd	Update syft bootstrap tools to latest versions. (#1254 )	2022-10-07 13:54:42 -04:00
anchore-actions-token-generator[bot]	71187c6416	Update Stereoscope to d24c9d626b33fa720210b007a20767801827b532 (#1253 ) Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>	2022-10-06 22:04:49 -04:00
Christopher Angelo Phillips	7d2fe9d95e	feat: add identifiable field to source object (#1243 )	2022-10-05 14:01:40 -04:00
Adam Hughes	40d294a89e	feat: attest support for Singularity images (#1201 )	2022-10-04 12:34:59 -04:00
anchore-actions-token-generator[bot]	1fa4bab7a7	Update Stereoscope to 1b1b744a919964f38d14e1416fb3f25221b761ce (#1240 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2022-10-04 10:17:29 +01:00
anchore-actions-token-generator[bot]	911242accc	Update Stereoscope to 56552770e555d764ea72b99d3c810326b27ead4a (#1224 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2022-09-22 10:44:52 +01:00
anchore-actions-token-generator[bot]	ab6e1c4dc3	Update syft bootstrap tools to latest versions. (#1223 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>	2022-09-22 10:41:36 +01:00
anchore-actions-token-generator[bot]	0a1cd25ba5	Update bootstrap tools to latest versions. (#1204 )	2022-09-14 15:28:08 -04:00
Keith Zantow	70db13d49e	Add RPM file scanning support (#1188 )	2022-09-07 14:16:30 -04:00
Christopher Angelo Phillips	a7966a4d9d	update stereoscope to latest (#1181 )	2022-08-29 19:28:19 +00:00
anchore-actions-token-generator[bot]	2c882f6239	Update syft bootstrap tools to latest versions. (#1176 ) Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>	2022-08-25 09:14:24 -04:00
anchore-actions-token-generator[bot]	b0fc955e0c	Update syft bootstrap tools to latest versions. (#1171 ) * Update syft bootstrap tools to latest versions. Signed-off-by: GitHub <noreply@github.com> Signed-off-by: Weston Steimel <weston.steimel@anchore.com> Co-authored-by: Weston Steimel <weston.steimel@anchore.com>	2022-08-23 20:36:59 +01:00
anchore-actions-token-generator[bot]	1344889766	Update Stereoscope to 84004345484edb881f1cc1d841115da8abda06c3 (#1151 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2022-08-09 08:59:35 +00:00
anchore-actions-token-generator[bot]	4df84d380d	Update Stereoscope to 1c79d5c84abcc54466417fcc17c844a4875888a1 (#1149 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2022-08-06 10:52:42 -04:00
Christopher Angelo Phillips	5be7e081f5	retraction for mispublished versions (#1147 ) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-08-06 10:52:21 -04:00
Weston Steimel	fce83321ba	bump cosign to v1.10.1 (#1144 )	2022-08-04 19:03:57 +00:00
Keith Zantow	69bde44c6e	Update stereoscope to get rid of the replace directive (#1140 )	2022-08-03 12:24:20 -04:00
Christopher Angelo Phillips	042304ee4c	Correct squashfs import and fix incorrect bouncer configuration (#1138 )	2022-08-03 09:46:14 -04:00
Adam Hughes	d361d40cfa	Singularity Image Support (#974 ) * docs: add Singularity image support Add "singularity-image" scheme to CLI documentation and README. Signed-off-by: Adam Hughes <9903835+tri-adam@users.noreply.github.com> * upgrade stereoscope + docs Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2022-08-02 11:42:46 -04:00
Tom Fay	b4c272885d	Bump go-rustaudit to support rustaudit 0.2.0 (#1127 )	2022-08-01 09:20:31 -04:00
Tom Fay	9896ff1b1f	add a cataloger for binaries built with rust-audit (#1116 ) * add a cataloger for binaries built with rust-audit Signed-off-by: Tom Fay <tomfay@microsoft.com>	2022-07-28 18:17:38 +00:00
Weston Steimel	b720a3c81c	bump cosign to v1.10.0 (#1114 ) Signed-off-by: Weston Steimel <weston.steimel@anchore.com>	2022-07-22 09:41:38 -04:00
Marco Deicas	ba9adb17eb	Update sigstore/rekor dependency (#1112 )	2022-07-21 09:17:16 -04:00
Christopher Angelo Phillips	64b4852c2a	moves go-rpmdb to latest; libc => v1.16.7 (#1098 )	2022-07-12 10:30:21 -04:00
cpendery	470b13045b	feat: add support for cocoapods (Swift/Objective-C) (#1081 )	2022-07-11 10:09:08 -04:00
anchore-actions-token-generator[bot]	b3a7b912e1	Update Stereoscope to 777471f38c5b2f15c19d6cffe093ce6392d8040c (#1090 ) Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2022-07-11 09:42:59 -04:00
anchore-actions-token-generator[bot]	c7fa498a1b	Update Stereoscope to cfbd966e5a8d11d73cd17adc8b8ab8468a086f1e (#1089 ) Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2022-07-07 10:05:55 -04:00
anchore-actions-token-generator[bot]	1e3ffbebb9	Update Stereoscope to 5bd627c0f9ce7facbd63ed1f0cf894d97021aa5e (#1072 ) Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2022-06-29 10:18:41 -04:00
Jonas Xavier	aed1599c4d	add template output (#1051 ) * add template output Signed-off-by: Jonas Xavier <jonasx@anchore.com> * remove dead code Signed-off-by: Jonas Xavier <jonasx@anchore.com> * fix template cli flag Signed-off-by: Jonas Xavier <jonasx@anchore.com> * implement template's own format type Signed-off-by: Jonas Xavier <jonasx@anchore.com> * simpler code Signed-off-by: Jonas Xavier <jonasx@anchore.com> * fix readme link to Go template Signed-off-by: Jonas Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Xavier <jonasx@anchore.com> * simpler func signature patter Signed-off-by: Jonas Xavier <jonasx@anchore.com> * nit Signed-off-by: Jonas Xavier <jonasx@anchore.com> * fix linter error Signed-off-by: Jonas Xavier <jonasx@anchore.com>	2022-06-17 14:04:31 -04:00
Christopher Angelo Phillips	03e37044d4	update stereoscope to latest version (#1052 )	2022-06-16 14:56:33 -04:00
Morten Linderud	e72d68b0c6	Add pacman (alpm) parser support (#943 ) Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-06-13 18:51:37 +00:00
Weston Steimel	b8d1a46e7e	bump cosign to v1.9.0 to resolve reporting of GHSA-66x3-6cw3-v5gj (#1025 ) Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-06-08 11:51:10 -04:00
Tom Fay	3db3efacdc	Support RPM distros with newer RPM db formats (#1018 ) * Support RPM distros with newer db formats Recent RPM distros (Fedora 33+, CBL-Mariner 2.0+, amazonlinux 2022+) use an sqlite package database in /var/lib/rpm/rpmdb.sqlite, or "ndb" format (SUSE). Remove anchore's fork in favour of the upstream, https://github.com/knqyf263/go-rpmdb, to gain support for these formats. Signed-off-by: Tom Fay <tomfay@microsoft.com> * add exception for modernc.org repos Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * shorten rpmdb helper function Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2022-05-31 17:25:22 -04:00
Jonas Xavier	0f5a9eed09	bump stereoscope version to include source path fix (#1005 ) * bump stereoscope version to include source path fix Signed-off-by: Jonas Xavier <jonasx@anchore.com> * go mod tidy Signed-off-by: Jonas Xavier <jonasx@anchore.com>	2022-05-18 13:53:53 -07:00
Weston Steimel	8420612724	bump cosign to v1.8.0 (#1003 ) Signed-off-by: Weston Steimel <weston.steimel@anchore.com>	2022-05-18 17:17:21 +01:00
Jonas Xavier	42f8601919	Fix tests: add timeout to long-running failures, update SPDX license list (#989 )	2022-05-09 11:48:44 -04:00
Christopher Angelo Phillips	d2d532f4a8	835 - Keyless Support for SBOM Attestations (#910 ) Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2022-05-06 18:06:32 -04:00
Christian Kotzbauer	1cea0ecd5c	feat: add initial dotnet-support (#951 ) * feat: add initial dotnet-support Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de> * fix: add path, sha512 and hashpath Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de> * fix: add missing dot Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de> * fix: lint warnings Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de> * fix CLI test package counts to account for dotnet Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix: updated packagurl-go Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de> * tidy go.sum Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update json schema Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2022-05-05 15:32:02 -04:00
Christopher Angelo Phillips	03d51c36d0	golang.org/x/crypto upgrade (#979 )	2022-05-02 21:33:40 +00:00
Christian Köberl	7d8ea39ee5	update to cyclonedx-go 0.5.2 (#971 )	2022-04-28 10:42:12 -04:00
Christopher Angelo Phillips	6029dd7c2e	refactor command package to remove globals and add dependency injection	2022-04-26 18:23:03 +00:00
Alex Goodman	748cfbf006	Retry auth URL lookup without docker credentialhelper workaround (#939 )	2022-04-06 16:27:13 +00:00
Alex Goodman	f157d7a862	Pull from DockerHub fails for public images when using SSO (#928 )	2022-03-30 17:32:49 +00:00
Alex Goodman	cc2c0e57a0	bump strset version to fix 386 builds (#911 )	2022-03-23 14:34:54 -04:00
Alex Goodman	5253da4b36	Rollback referencing docker config items (#912 )	2022-03-23 18:33:41 +00:00
Alex Goodman	cffcaf5984	Improve docker config support (#906 )	2022-03-22 11:02:54 -04:00
j-k	a644a45ef4	Correct go.mod to enforce go 1.18 (#897 ) Since syft now depends on debug/buildinfo go 1.18 is required to build syft and as such go.mod needs updating Signed-off-by: 06kellyjac <jack@control-plane.io>	2022-03-21 15:38:32 -04:00
Alex Goodman	069aa68b63	Fix image cleanup when there is an error (#905 )	2022-03-21 14:48:11 +00:00
Jonas Xavier	6ef3e45ffc	Use go 1.18 buildinfo to catalog binaries (#827 ) * initial working version Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * added build settings to pkg metadata wip - unit tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * handle mach-O FatFiles Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add support to mod replace fixed golang catalger tests trying GH Actions with go 1.18rc1 Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * log error Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * use go-macholibre for extraction Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * cleaner tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add version to main module Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * check macho file with macholibre Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * run golangci in its own workflow Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip - golangci workflow Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix golangci wf yml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix golangci wf yml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip - golangci wf Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip - golangci wf Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * get arch from bin file headers upgrade macholibre Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * test new stereoscope lazy reader interface Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove devel version from golang cataloger Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * switch github workflows to go1.18 stable Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add union reader interface in golang cataloger update stereoscope Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * simpler golangci validation Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix makefile Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * get archs refactor Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * nolint for golang version Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix go bin tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * golangci nolint needs a \n before package Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * cleanup Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * move golangci-lint to its own jobs again Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix ci yaml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add support for xcoff files add arch assets to test bin file types Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * clean up golangci-lint config Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * nolint for xcoff Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * explain nolints Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove unused xcoff testdata assets Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * make go bin test-fixtures in docker Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix make clean with -f Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * update json output schema Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * update schema version in test fixture Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * explain possible empty main module Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-03-16 17:07:02 -07:00
mikey strauss	95271fb10d	NPM PURLs are invalid (#832 ) Signed-off-by: houdini91 <mdstrauss91@gmail.com>	2022-03-15 11:54:33 -04:00
Christopher Angelo Phillips	fa03723617	Upgrade vault api from v1.3.1 to v1.4.1 (#878 ) * move v1.3.1 => v1.4.1 * go mod tidy Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-03-09 15:11:07 -05:00
Sambhav Kothari	39737a2825	Update cyclonedx to v1.4 (#820 )	2022-03-08 12:09:55 -05:00
Alex Goodman	5123f073c7	Update containerd via stereoscope (#870 ) Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-03-07 17:37:20 +00:00
Alex Goodman	a86dd3704e	Add platform selection (#866 )	2022-03-04 22:41:38 +00:00
Dan Luhring	1e75cb0418	Update to cosign v1.5.2 (#857 )	2022-03-02 15:09:47 +00:00
Christopher Angelo Phillips	afc0c1acd9	855 attest registry source only (#856 ) Add source.NewFromRegistry function so that the syft attest command can always explicitly ask for an OCIRegistry provider rather than rely on local daemon detection for image sources. Attestation can not be used where local images loaded in a daemon are the source. Digest values for the layer identification step in attestation can sometimes vary across workstations. This fix makes it so that attest is generating an SBOM for, and attesting to, a source that exists in an OCI registry. It should never load a source from a local user docker/podman daemon. Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2022-03-01 23:16:42 -05:00
Alex Goodman	99bb93d0fe	Resolve symlinks when fetching file contents (#782 )	2022-02-24 10:01:59 -05:00
Christopher Angelo Phillips	256e85bc12	510 - SBOM attestation stdout (#785 ) add syft attest command to produce an attestation as application/vnd.in-toto+json to standard out using on disk PKI Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-02-22 21:45:12 -05:00
Jonas Xavier	4b16737b2f	ignore minor parsing error when reading dpkg status files (#786 ) * ignore minor parsing error when reading dpkg status files helps with https://github.com/anchore/syft/issues/733 Question: should we add a smarter parser to guess approximate installed-size value? Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add datasize lib to help dpkg parsing added unit tests to expand coverage of dpkg parsing Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * drop parse error added unit tests to handleNewKeyValue Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * don't return parsing errors from dpkg Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * test higher level functions Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * return parsing err to let cataloger handle it Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * ignore key parsing error log warning with relevant context Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add context info to log lines simpler error assertion Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * use error.As to assert error in chain Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-02-17 14:05:11 -08:00
Alex Goodman	51c6eb30f5	bump stereoscope to include functional options (#823 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-02-14 20:40:51 -05:00
Christopher Angelo Phillips	e1e9ccb401	update golang crypto library dependency (#815 ) * bump golang crypto to resolve CVE-2020-29652 Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * go mod tidy Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-02-11 13:36:52 -05:00
Jonas Xavier	a04fa68539	Ensure completion of UI progress bar (#810 ) * update stereoscope fetches latest fixes for UI Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * use context when getting image Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-02-09 11:23:58 -08:00
Keith Zantow	76f8205936	Suport SPDX SBOM decoding (#738 )	2022-02-09 14:11:20 -05:00
Christopher Angelo Phillips	8f96adacfb	Upgrade golang to 1.17 (#809 ) * initial upgrade workflow Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * update go.mod Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-02-09 11:08:24 -05:00
Jonas Xavier	40423d8eee	update stereoscope version - include Podman support (#781 ) * update stereoscope Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix FilesByMIMEType tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * change expected mime types in unit tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * test stereoscope fix Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove mod replace and use latest stereoscope Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-02-01 14:47:15 -08:00
Alex Goodman	706f291679	Replace distro type (#742 ) * remove strong distro type Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump json schema to v3 (breaking distro shape) Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * allow for v2 decoding of distro idLikes field in v3 json decoder Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix casing in simple linux release name Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * use discovered name as pretty name in simple linux release Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-01-12 12:13:42 -05:00
Christopher Angelo Phillips	b77ddfc29c	bump stereoscope version to remove old containerd (#741 ) * bump stereoscope version to remove old containerd Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * go mod tidy Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-01-10 13:40:24 -05:00
Keith Zantow	5e5312c72d	Add support for multiple output files in different formats (#732 )	2022-01-06 17:52:20 -05:00
Alex Goodman	38c4b17847	Add support for searching for jars within archives (#734 ) * add support for searching jars within archives Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add package cataloger config options Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * address review comments + factor out safeCopy helper Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update config docs regarding package archive search options Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * show that unindexed archive cataloging defaults to false Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove lies about -s Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * address review comments Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update search archive note about java Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-01-06 21:40:51 +00:00
Dan Luhring	7de5e1288f	Fix unhelpful error message for oci-archive scheme (#705 ) * Improve error message Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Return error from stereoscope immediately Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Bump version of stereoscope Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Conditionally retry image retrieval Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Update error message for source construction failure Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Update stereoscope Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Retry image pull without predetermined image source Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Add comment to image pull source determination Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2021-12-22 18:53:23 +00:00
Jonas Galvão Xavier	5374a1dc6f	add cyclone-json output format (#635 ) * add cyclone json format Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * adapt format to sbom.SBOM structure Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * cycloneDX json output with official lib Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add cycloneDX 1.3 schema output in xml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix lints errors Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * tidying go mod Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove cycloneDX 1.2 format Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * update cycloneDX xml schema Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix cyclone according to schema Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * use RFC 2141 URN form of uuid for serial number add schema validation for cycloneDX 1.3 JSON output add yajsv cli for JSON schema validation during tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * tidying go mod up Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go get json schema validator Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * install yajsv without mess with go mod Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * reuse code between cycloneDX json & xml encoders Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add output options for cyclone XML add bom.json to .gitignore Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add cyclone json format Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * adapt format to sbom.SBOM structure Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * cycloneDX json output with official lib Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add cycloneDX 1.3 schema output in xml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix lints errors Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * tidying go mod Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove cycloneDX 1.2 format Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * update cycloneDX xml schema Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix cyclone according to schema Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * use RFC 2141 URN form of uuid for serial number add schema validation for cycloneDX 1.3 JSON output add yajsv cli for JSON schema validation during tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * tidying go mod up Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go get json schema validator Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * install yajsv without mess with go mod Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * reuse code between cycloneDX json & xml encoders Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add output options for cyclone XML add bom.json to .gitignore Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix cyclone12xml removal Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2021-12-03 17:06:23 -08:00
Alex Goodman	22c4b275e7	bump containerd and image-spec (#654 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-12-03 16:12:43 +00:00
Alex Goodman	ffccfc8f3f	update stereoscope to bump docker dependency (#648 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-12-02 11:18:00 -05:00
Alex Goodman	00206233e6	use smaller jotframe event buffer (#647 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-11-30 11:23:16 -05:00
Alex Goodman	d76c868481	Catalog archive contents for single-file input (#637 ) * add first-level archive processing when input is a file Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add license exception for github.com/xi2/xz Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * always return cleanup function Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * change source.NewFromFile log entry to warn Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * ensure file source always has cleanup function Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * ensure we are always preferring the unarchive cleanup function for source Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-11-19 14:16:25 +00:00
Alex Goodman	9090c3a772	bump stereoscope, docker, and GGCR (#633 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-11-16 19:43:46 +00:00
Alex Goodman	ef627d82ef	Introduce relationships as first-class objects (#607 ) * migrate pkg.ID and pkg.Relationship to artifact package Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * return relationships from tasks Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix more tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add artifact.Identifiable by Identity() method Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove catalog ID assignment Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * adjust spdx helpers to use copy of packages Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * stabilize package ID relative to encode-decode format cycles Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rename Identity() to ID() Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * use zero value for nils in ID generation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * enable source.Location to be identifiable Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * hoist up package relationship discovery to analysis stage Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update ownership-by-file-overlap relationship description Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add test reminders to put new relationships under test Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * adjust PHP composer.lock parser function to return relationships Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-11-16 14:14:13 -05:00
Alex Goodman	8ec3f1d102	Use anchore fork of go-presenter (#611 ) * use anchore fork of go-presenter Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * drop coverage threshold Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-11-02 18:09:26 +00:00
Alex Goodman	ecab44bba1	Add SPDX tag-value format object (#605 ) * add new spdx tag-value format Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove public presenter package Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-11-02 13:45:34 -04:00
Christopher Angelo Phillips	a2882ee810	Update package identifier to be constant across multiple syft run (#595 ) Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>	2021-10-29 16:00:36 +00:00
Alex Goodman	ff5fa2dc1d	pull in space suffix fix (#587 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-10-25 10:14:17 -04:00
Christopher Angelo Phillips	10fa8dc7c9	Add windows support (#548 ) * update build tags, ui support, and stereoscope, and release for windows support Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>	2021-10-21 12:49:36 -04:00
Christopher Angelo Phillips	b25f5b664b	(464) - remove mod and cargo from image cataloger (#539 ) * remove mod and cargo from image cataloger Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com> * update test error messages for clear failures Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>	2021-10-07 15:18:20 -04:00
Christopher Angelo Phillips	3462e18af3	478 identify go binaries and extract mod information (#534 ) * add query by MIME type to source.FileResolver Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * import stereoscope lib changes to find mime type - add bin cataloger - add bin parser - add mime type go utils - import new resolver Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com> * add go std library code to unpack bin - keep them in their own (original) files - add note for "this code was copied from" - comment the lines the required changing Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2021-10-07 12:16:38 -04:00
Alex Goodman	9189ed68df	Add query by MIME type to source.FileResolver (#529 ) * add query by MIME type to source.FileResolver Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * pull in stereoscope MIME type feature Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-10-05 20:50:53 -04:00
Dan Luhring	316d4341c8	Use Anchore fork of packageurl lib without replace directive (#512 ) Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-09-22 15:04:09 -04:00
Alex Goodman	9fe1da8ee6	update go-rpmdb and restruct gomod references (#506 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-09-14 14:51:19 -04:00
Alex Goodman	abbba3fc19	Modify CPE vendor candidate generation approach (#484 ) * consider additional vendor candidates for ruby, python, rpm, npm, and java Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add java pom.xml processing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * allow for downstream transform control in cpe generation processing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * migrate CPE generation logic to dedicated package Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * split java manifest groupID extraction into two tiers Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * extract groupID from pom parent project during CPE generation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update java groupID processing tests to cover multi-tier approach Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix constructor names for cpe.fieldCandidate Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rename helper function to startsWithTopLevelDomain Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add nil changes for java manifest sections Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update comment to reflect parsing maven files Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * split out java description parsing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * split out pom parent processing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * simplify vendorsFromGroupIDs and associated tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * simplify test type for vendorsFromGroupIDs Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * copy candidate varidations to new instances Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rename CPE generation string util functions Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add an explanation around fieldCandidate Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * simplify type for the cpe.fieldCandidateSet Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * make CPE filter function names more readable Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update groupIDsFromJavaManifest to use a guard clause Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * extract groupID extraction from artifactID fields into a separate function Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump goreleaser version to combat failure Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-09-03 14:21:25 -04:00
Keith Zantow	93b4bf9379	Add option to enable http registry connections (#482 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2021-08-17 12:52:51 -04:00
Keith Zantow	58f2be95fd	chore: update packageurl-go and add encoding tests for #351 (#481 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2021-08-13 15:39:52 -04:00
Alex Goodman	fee35dd175	redirect cursor hide/show to stderr (#456 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-06-30 13:10:00 -04:00
Alex Goodman	962e82297c	Split UI from event handling (#448 ) * split UI from event handling Signed-off-by: Alex Goodman <wagoodman@gmail.com> * add event loop tests Signed-off-by: Alex Goodman <wagoodman@gmail.com> * use stereoscope cleanup function during signal handling Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * correct error wrapping in packages cmd Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * migrate ui event handlers to ui package Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * clarify command worker input var + remove dead comments Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-06-29 18:28:09 +00:00
Alex Goodman	706322f826	Add SPDX support (#445 ) * add initial spdx support Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * expose FileOwner and use in SPDX presenter Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add initial json support for SPDX Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add remaining package fields Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add spdx license list generation + tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * keep fileOwner unexported from pkg Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * restore cli test util Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add external refs to spdx tag-value format Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add golang support to CPE generation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * use tag-value format as default "spdx" format flavor Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add tests around spdx presenters + refactor presenter tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add bouncer exception for spdx tools-golang repo Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove spdx model questions Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-06-25 16:30:41 -04:00
Alex Goodman	2f81a2548c	allow for RPM package epoch to be optionally provided in the version string Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-06-02 15:28:12 -04:00
Dan Luhring	17bbf840cf	Allow registry auth config without authority value (#420 ) * Allow registry auth config without authority value Signed-off-by: Dan Luhring <dan.luhring@anchore.com> * Update CLI tests for new stereoscope log output Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-05-24 16:05:56 -04:00
Alex Goodman	0c7706f254	add extra RPM file record fields (user, group, flags) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-16 10:25:46 -04:00
Alex Goodman	b771d7bfd3	bump go.mod minimum required go version Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-16 08:53:03 -04:00
Alex Goodman	2ff3f58730	pull in stereoscope manifest + repo digests on registry source Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-13 18:29:12 -04:00
Alex Goodman	c363b2b532	Add ability to pull images directly from a registry (#378 ) * add registry image source Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * use explicit source for fetching image + add scheme and registry tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * adjust test variable name and add credential helper function Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-13 13:30:57 +00:00
Alex Goodman	7ec0e3785f	bump stereoscope ; pull in fix to ensure credentials are not HTML encoded Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-05 14:20:49 -04:00
Alex Goodman	3ef30f99be	pull in stereoscope cache fix + add test cache makefile target helpers Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-03-23 14:31:59 -04:00
Alex Goodman	d420368ba9	add tests around new file metadata cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-03-23 11:00:59 -04:00
Alex Goodman	1d87f07da1	update pipeline with new levels of testing Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-03-22 10:58:07 -04:00
Alex Goodman	6d5ff0fd8e	Mark package relations by file ownership (#329 ) * add marking package relations by file ownership Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * correct json schema version; ensure fileOwners dont return dups; pin test pkg versions Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * extract package relationships into separate section Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * pull in client-go features for import of PackageRelationships Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * move unit test for ownership by files relationship further down Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rename relationship to "ownership-by-file-overlap" Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-02-25 13:47:13 -05:00
Dan Luhring	3b4d4b186f	Bring in fix to zero layers panic from stereoscope Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-02-01 11:54:30 -05:00
Alex Goodman	33c27c4f3d	add HasPath() to Resolver interface Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-01-04 19:39:49 -05:00
Alex Goodman	7f4e8ab97d	Fix symlink resolutions for constituent paths (#304 ) * bump stereoscope to pull in content API refactors Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * incorporate symlink fixes Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * with filetree.File() adjustments Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * regress all-layers scope to not include dead-links + default tests to squashed scope Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * restore all layers resolver glob behavior (custom + lazy link resolution) Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * incorporate filetree link resolution options and restore no-follow dead link option for resolvers Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * removed path from lower-level FileTree.File() calls Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump stereoscope to pull in latest link resolution fixes Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump doublestar to v2 for directory resolver Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-01-04 16:41:45 -05:00
Alex Goodman	d475e6280a	bump stereoscope to pull in content API refactors Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-01-04 14:07:14 -05:00
Alex Goodman	6aaf9ee712	Incorporate import changes + add image overwrite option (#294 ) * incorporate import changes + add image overwrite option Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update import tests to account for arbitrary json shape Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-12-18 16:59:30 -05:00
Alex Goodman	82c8a8e17b	add mem profile option and refactor python cataloger for batch requests Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-12-15 10:59:14 -05:00
Alex Goodman	52bac6e2fd	Add enterprise upload capability (#285 ) * add support to upload results to enterprise Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add package sbom upload Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add dockerfile support Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add manifest, index, and dockerfile import functions Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * schema version to json output + enhance json schema generation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * modify package SBOM shape to be entire syft document + add etui updates Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add import image config and manifest support Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add config options for import to enterprise Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * incorporate final stereoscope and client-go deps Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-12-09 22:20:53 -05:00
Alex Goodman	3ce7eabc98	bump stereoscope to remove tree-catalog syft check Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-12-03 16:20:17 -05:00
Alex Goodman	2989d3d975	include CPEs with elementds from POM GroupId fields Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-12-01 08:00:49 -05:00
Dan Luhring	ae71b8832d	Update stereoscope version to fix opaque directory merge issue (#278 ) Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2020-11-30 11:37:44 -05:00
Alex Goodman	8a17bfb69f	generate json schema from struct definitions Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-11-20 15:47:10 -05:00
Alex Goodman	3aaa0e5566	move package purl and cpes (identities) to pkg.Package Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-11-19 11:25:51 -05:00
Alex Goodman	6aba2f48d4	split out rpmdb file processing to helper + lint fixes Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-11-06 10:44:27 -05:00
Alex Goodman	8095cd9980	add rpmdb file info to cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-11-06 07:21:23 -05:00
Dan Luhring	f19cb03aa0	Update doublestar to include fix for open dirs issue (#240 ) Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2020-10-26 11:19:25 -04:00
Alex Goodman	b5ce187ba7	replace modfile with stdlib (#187 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-09-28 17:25:04 -04:00
Alex Goodman	576fbc898b	rm stereoscope from testutils (#181 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-09-25 14:53:05 -04:00
Alex Goodman	3d91a66536	Add OCI support + use URI schemes for user image input (#178 ) * add oci support + update image schemes Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update docs to reflect OCI image sources + URI scheme change Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update to oci-dir Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump upstream stereoscope pin Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-09-25 10:24:24 -04:00
Samuel Dacanay	b467964044	port over shell completion w/ cobra from grype, find/replace, etc. Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com>	2020-09-15 09:07:17 -07:00
Alex Goodman	8a4886ec0e	Add package URL support to the CycloneDX presenter (#164 ) * add package URL support to the CycloneDX presenter Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * wrap license tags with licenses Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-08-30 21:40:19 -04:00
Alex Goodman	f892289e7c	Add CycloneDX presenter (#157 ) * add CycloneDX presenter + BOM Descriptor extension Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add docstrings to cyclonedx presenter Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-08-24 20:43:29 -04:00
Alex Goodman	95517d131a	Improve overall documentation (#148 ) * improve overall documentation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix tests to use scope.Resolver over scope Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-08-13 16:34:32 -04:00
Dan Luhring	47a0454084	Update dependencies (#147 ) Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2020-08-13 12:12:05 -04:00
Alex Goodman	5042d371cf	migrate to anchore/go-rpmdb (#144 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-08-11 15:32:51 -04:00
Alex Goodman	2d452bf59e	Add inline-comparison as acceptance test (#130 ) * add inline-compare as acceptance test Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add additional RPM metadata Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add comments and doc strings to the compare-* make targets Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-08-10 10:33:44 -04:00
Dan Luhring	70e673204c	Add poetry cataloger (#121 ) * Minor cleanup Signed-off-by: Dan Luhring <dan.luhring@anchore.com> * Update pkg Type definition to string Signed-off-by: Dan Luhring <dan.luhring@anchore.com> * Implement poetry.lock parsing Signed-off-by: Dan Luhring <dan.luhring@anchore.com> * Address CI issues Signed-off-by: Dan Luhring <dan.luhring@anchore.com> * Integrate Alex's changes Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2020-08-04 18:22:43 -04:00
Alex Goodman	e2a874a277	finalize json output & add schema (#118 )	2020-08-04 16:05:53 -04:00
Alex Goodman	8fe59c6f1a	bump stereoscope for docker pull + add UI elements for pull status (#117 )	2020-08-03 16:03:47 -04:00
Alex Goodman	78515da285	replace zap logger with logrus (#116 )	2020-08-01 11:56:38 -04:00
Alex Goodman	e3976596f3	pull in fix for bounds check progress formatting values in etui	2020-07-31 06:56:20 -04:00
Alex Goodman	271ba35c85	Export UI handlers for reuse in other tools (#113 ) * export UI handlers for reuse in other tools * bump jotframe to fix cursor issues at frame close	2020-07-30 15:16:58 -04:00
Alex Goodman	32071b0bf1	add default table presenter	2020-07-23 21:48:12 -04:00
Alex Goodman	a4016d35ce	rename to syft	2020-07-23 20:54:04 -04:00
Alex Goodman	ba4f63099d	Add release process (#89 ) * add check for app update; fix ETUI error handling * validate user args * add goreleaser support * replace cgo dependencies (go-rpm) with go equivalents * add acceptance tests against build snapshot * add brew tap + acceptance test pipeline * add mac acceptance tests * fix compare makefile * fix mac acceptance tests * add release pipeline with wait checks * add token to release step * rm dir presenters int test * enforce dpkg to be non interactive Co-authored-by: Alfredo Deza <adeza@anchore.com> * pin brew formulae * pin skopeo to formulae url * only run acceptance tests Co-authored-by: Alfredo Deza <adeza@anchore.com>	2020-07-23 10:52:44 -04:00
Alex Goodman	44c69f1f91	add go.mod cataloger (#97 )	2020-07-23 08:17:30 -04:00
Alex Goodman	7ebb9f4e0b	Add check for app update (#88 ) * add check for app update; fix ETUI error handling * validate user args	2020-07-21 12:02:03 -04:00
Alfredo Deza	942cd6eb18	dependencies: add doublestar for recursive globbing support Signed-off-by: Alfredo Deza <adeza@anchore.com>	2020-07-21 11:10:02 -04:00
Alex Goodman	e8d11eec69	add license validation (#80 )	2020-07-13 13:07:20 -04:00
Alex Goodman	1896831c39	add rpmdb support; enhance integration tests	2020-07-06 12:55:11 -04:00
Alex Goodman	d59a19697d	add coverage + makefile improvements	2020-07-06 07:25:18 -04:00
Alex Goodman	926b5f2a50	add and use event bus for UI progress	2020-06-25 10:39:11 -04:00
Alex Goodman	cd94179985	add symlink content fetching support	2020-06-16 11:37:37 -04:00
Alex Goodman	83e96e8880	generalize common analyzer elements	2020-06-04 17:49:52 -04:00
Alex Goodman	f33720eaa1	add gem analyzer	2020-06-04 14:42:59 -04:00
Alex Goodman	cc724bff26	use filetree reader instead of filetree	2020-06-02 08:52:26 -04:00
Alex Goodman	45fbd05cf9	add first distro support	2020-06-01 10:46:06 -04:00
Alex Goodman	a0e48468c2	with package id	2020-05-29 16:06:31 -04:00
Alex Goodman	1b9effeb49	remove WithFields; add stereoscope logging	2020-05-23 19:22:52 -04:00
Alex Goodman	ae6feed8fc	add named logger + color formatting	2020-05-22 11:30:45 -04:00
Alex Goodman	3e71315195	add app config and logging interface	2020-05-21 15:25:59 -04:00
Alex Goodman	2471663d27	sync/fmt linting tasks with stereoscope	2020-05-21 09:37:20 -04:00
Alex Goodman	17b4b26fbb	update sterescope + add json presenter	2020-05-20 18:29:06 -04:00
Alfredo Deza	5bc17310b6	update dependencies Signed-off-by: Alfredo Deza <adeza@anchore.com>	2020-05-19 09:07:34 -04:00
Alex Goodman	1342cc5b06	add analysis coordination (with dummy analyzer)	2020-05-18 11:59:33 -04:00
Alex Goodman	11b2b1ab45	add scope feature + lint fixes	2020-05-12 20:43:46 -04:00
Alex Goodman	1e5c7bb5c7	initial project structure	2020-05-12 10:45:18 -04:00

... 5 6 7 8 9 ...

508 commits