Alex Goodman
0956753409
Consider Author field for wordpress plugins when generating CPEs ( #2946 )
...
* enhance wordpress vendor candidates for CPEs
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* encode wordpress plugin target software
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-10 14:12:20 -04:00
Alex Goodman
f966bcfd03
trim whitespace from wordpress values ( #2945 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-10 13:35:01 -04:00
Alex Goodman
c43f4fb416
add signature verification to install.sh ( #2941 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-10 11:29:53 -04:00
Alex Goodman
db0c33481e
pin golang image ( #2944 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-10 09:59:33 -04:00
anchore-actions-token-generator[bot]
a658cc7402
chore(deps): update tools to latest versions ( #2943 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-06-10 09:20:22 -04:00
Alex Goodman
254a562b4e
Add support for reading ELF package notes with section header ( #2939 )
...
* add support for reading ELF package notes with section header
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add systemd elf package fields to json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-07 14:38:54 -04:00
anchore-actions-token-generator[bot]
bc20e66d08
chore(deps): update tools to latest versions ( #2940 )
...
* chore(deps): update tools to latest versions
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* chore: update header and deprecated fields
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---------
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-06-07 16:55:32 +00:00
Alex Goodman
6e16396d18
remove dco workflow ( #2936 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-06 14:29:55 +00:00
Brian Ebarb
5cdc0845fb
feat: add license field to ELF binary package metadata ( #2890 )
...
Signed-off-by: Brian Ebarb <ebarb.brian@gmail.com>
feat: add License component to elf binary packages
Signed-off-by: Brian Ebarb <ebarb.brian@gmail.com>
feat: fix elf_package_cataloger test
feat: elf package cataloger unit test updates
2024-06-06 14:10:53 +00:00
dependabot[bot]
baca15f186
chore(deps): bump github.com/docker/docker ( #2935 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 26.1.3+incompatible to 26.1.4+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v26.1.3...v26.1.4 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-06 09:56:47 -04:00
Laurent Goderre
b608ab77e1
feat: classifier for util-linux ( #2933 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-06-05 17:32:52 -04:00
dependabot[bot]
f4c941f08d
chore(deps): bump golang.org/x/net from 0.25.0 to 0.26.0 ( #2929 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.25.0 to 0.26.0.
- [Commits](https://github.com/golang/net/compare/v0.25.0...v0.26.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-05 19:09:09 +00:00
dependabot[bot]
2d5760145c
chore(deps): bump github/codeql-action from 3.25.7 to 3.25.8 ( #2928 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.7 to 3.25.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f079b84933...2e230e8fe0
2024-06-05 11:58:14 -07:00
dependabot[bot]
f11bb95c1e
chore(deps): bump golang.org/x/mod from 0.17.0 to 0.18.0 ( #2930 )
...
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.17.0 to 0.18.0.
- [Commits](https://github.com/golang/mod/compare/v0.17.0...v0.18.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-05 11:57:54 -07:00
dependabot[bot]
d2fa5ed41c
chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.8.0 to 0.9.0 ( #2931 )
...
Bumps [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go ) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/CycloneDX/cyclonedx-go/releases )
- [Changelog](https://github.com/CycloneDX/cyclonedx-go/blob/master/.goreleaser.yml )
- [Commits](https://github.com/CycloneDX/cyclonedx-go/compare/v0.8.0...v0.9.0 )
---
updated-dependencies:
- dependency-name: github.com/CycloneDX/cyclonedx-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-05 11:57:43 -07:00
Christopher Angelo Phillips
7508d75b2b
fix: update unit tests to use pinned patch version ( #2932 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-06-05 18:31:38 +00:00
Alex Goodman
3472b48177
Add relationships for python poetry packages ( #2906 )
...
* [wip] add initial poetry.lock relationship support
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* provide generic set for basic types
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* dependency resolver should allow for conditional deps
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add tests for poetry lock relationship additions
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update schema with python poetry dependency refs
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* dep specification data structure should not be recursive in nature
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-04 20:00:05 +00:00
Alex Goodman
4bdbd1aa2a
remove unused test fixtures and empty dirs ( #2924 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-04 15:22:49 -04:00
William Murphy
557ad73ee6
fix: only skip tmpfs mounts for some paths ( #2918 )
...
* fix: only skip tmpfs mounts for some paths
Signed-off-by: Will Murphy <will.murphy@anchore.com>
* refactor and add tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add regression test for archive processing
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bump to golang 1.22
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove rule 1 and add more tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-04 15:21:45 -04:00
Alex Goodman
cb09dd9e19
match existing DCO GH check name
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-04 13:34:29 -04:00
Alex Goodman
2f39322f81
use dco tool during gh app outage ( #2926 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-04 17:31:29 +00:00
William Tang
fe0b78b7fe
fix: close sql driver after testing sqlite availability ( #2922 )
...
Signed-off-by: William Tang <ttc0419@outlook.com>
2024-06-03 14:42:13 +00:00
Ralph Bean
8a7f08e2c8
Use redhat as namespace for redhat rpms ( #2914 )
...
The namespace value of `redhat` signifies this as an RPM package
produced and distributed by Red Hat.
Using "rhel" in the namespace is not correct.
Signed-off-by: Ralph Bean <rbean@redhat.com>
2024-06-03 10:18:52 -04:00
dufucun
29d601d1f1
chore: fix some comments ( #2920 )
...
Signed-off-by: dufucun <dufuchun@sohu.com>
Co-authored-by: dufucun <dufucunn@sohu.com>
2024-06-03 14:10:39 +00:00
anchore-actions-token-generator[bot]
3ac95bfbd0
chore(deps): update CPE dictionary index ( #2919 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-06-03 10:00:30 -04:00
dependabot[bot]
24262b9e31
chore(deps): bump modernc.org/sqlite from 1.29.10 to 1.30.0 ( #2921 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.29.10 to 1.30.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.29.10...v1.30.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-03 09:59:33 -04:00
dependabot[bot]
b04bc0fbfe
chore(deps): bump github/codeql-action from 3.25.6 to 3.25.7 ( #2916 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.6 to 3.25.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](9fdb3e4972...f079b84933
2024-05-31 11:17:21 -04:00
dependabot[bot]
aafa161ff6
chore(deps): bump github.com/charmbracelet/bubbletea ( #2917 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 0.26.3 to 0.26.4.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.26.3...v0.26.4 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-31 10:20:00 -04:00
Laurent Goderre
eeb4193d4a
Lua: Add support for more advanced syntax ( #2908 )
...
* Add lua/rocksepc support for variables substitution
* Lua: Skip expressions in rockspec packages
* Lua: Add support for concatenation of string and variables
* Lua: Skip expressions in local
* Lua: Skip build sections in Rockspec files
* Lua: skip function blocks in Rockspec
* Lua: Add support for multi variable per line
---------
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-05-30 11:38:45 -04:00
anchore-actions-token-generator[bot]
5cf8cc9bc3
chore(deps): update tools to latest versions ( #2913 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-05-30 11:37:31 -04:00
Alex Goodman
f4a69e6d35
add relationships for go binary packages ( #2912 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-05-30 11:37:17 -04:00
Keith Zantow
ac34808b9c
feat: detect fluent-bit binaries ( #2905 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-05-28 10:13:06 -04:00
anchore-actions-token-generator[bot]
2b70ea3fc2
chore(deps): update tools to latest versions ( #2907 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-05-28 10:02:32 -04:00
dependabot[bot]
5eb1e7115f
chore(deps): bump docker/login-action from 3.1.0 to 3.2.0 ( #2909 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](e92390c5fb...0d4c9c5ea7
2024-05-28 09:57:32 -04:00
dependabot[bot]
774602f0d8
chore(deps): bump github.com/charmbracelet/bubbletea ( #2901 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 0.26.2 to 0.26.3.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.26.2...v0.26.3 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-25 16:30:48 -04:00
Jon Johnson
c314e05aae
Handle GOEXPERIMENTs in go version ( #2893 )
...
* Handle GOEXPERIMENTs in go version
Signed-off-by: Jon Johnson <jon.johnson@chainguard.dev>
* bump JSON schema
Signed-off-by: Will Murphy <will.murphy@anchore.com>
---------
Signed-off-by: Jon Johnson <jon.johnson@chainguard.dev>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Co-authored-by: Will Murphy <will.murphy@anchore.com>
2024-05-25 20:23:30 +00:00
Alex Goodman
05e8ba948d
Add python wheel egg relationships ( #2903 )
...
* add python package relationships
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* nil for empty relationships collections
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* new json schema for optional python requiremenets
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update format snapshots for python packages
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* decompose python parsers more + add tests around plural fields
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update JSON schema with python dep refs
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-05-25 20:11:38 +00:00
dependabot[bot]
64e11d53e9
chore(deps): bump github.com/charmbracelet/lipgloss ( #2902 )
...
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss ) from 0.10.0 to 0.11.0.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases )
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.10.0...v0.11.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-25 16:07:25 -04:00
Laurent Goderre
b51252dbdb
feat: Add Lua cataloger ( #2613 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-05-24 16:56:34 -04:00
anchore-actions-token-generator[bot]
77b3f66404
chore(deps): update tools to latest versions ( #2900 )
2024-05-24 09:34:08 -04:00
Keith Zantow
1c37bab2b2
feat: add config command ( #2892 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-05-23 15:18:09 -04:00
Laurent Goderre
7071f1e498
feat: Added functionality to convert major, minor, patch to version for binary classifier ( #2864 )
...
---------
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-05-23 12:17:12 -04:00
dependabot[bot]
3875e4a67d
chore(deps): bump github.com/knqyf263/go-rpmdb from 0.1.0 to 0.1.1 ( #2896 )
...
Bumps [github.com/knqyf263/go-rpmdb](https://github.com/knqyf263/go-rpmdb ) from 0.1.0 to 0.1.1.
- [Commits](https://github.com/knqyf263/go-rpmdb/compare/v0.1.0...v0.1.1 )
---
updated-dependencies:
- dependency-name: github.com/knqyf263/go-rpmdb
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-23 12:06:44 -04:00
anchore-actions-token-generator[bot]
a0f0332e30
chore(deps): update tools to latest versions ( #2887 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-05-23 13:39:09 +00:00
dependabot[bot]
ea50c6153d
--- ( #2889 )
...
updated-dependencies:
- dependency-name: anchore/sbom-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-23 09:26:12 -04:00
Christopher Angelo Phillips
b41d5cced5
chore: update spdx license list to 3.24.0 ( #2895 )
...
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-05-23 13:10:36 +00:00
dependabot[bot]
68daa42f86
--- ( #2888 )
...
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-23 08:11:03 -04:00
Russell Haering
2356787053
Go Mod Cataloger: Remove Replaced Packages ( #2891 )
...
When the goModCataloger processes a Replace directive it currently adds the new
package to the resulting package list, but does not remove the old one unless
the path is unchanged.
Based on an existing comment in the code, removing the old one seems to be the
intended behavior, and results in a more expected end-result, so this does so.
Signed-off-by: Russell Haering <russellhaering@gmail.com>
2024-05-22 14:26:40 -04:00
dependabot[bot]
2d318cffaa
chore(deps): bump actions/checkout from 4.1.5 to 4.1.6 ( #2879 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.5 to 4.1.6.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](44c2b7a8a4...a5ac7e51b4
2024-05-20 13:46:57 -04:00
Alan Pope
49c458b113
chore: Reduce length of readme, moving lengthy content to the wiki ( #2882 )
...
* chore: Reduce length of readme, moving lengthy content to the wiki
https://github.com/anchore/syft/wiki
---------
Signed-off-by: Alan Pope <alan@popey.com>
2024-05-20 13:46:32 -04:00
