Mirrors/syft

mirror of https://github.com/anchore/syft synced 2024-11-10 06:14:16 +00:00

Author	SHA1	Message	Date
dependabot[bot]	a260fb2774	chore(deps): bump golang.org/x/net from 0.8.0 to 0.9.0 (#1722 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.8.0 to 0.9.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](https://github.com/golang/net/compare/v0.8.0...v0.9.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-07 15:58:21 -04:00
anchore-actions-token-generator[bot]	f83cae35f2	chore(deps): update stereoscope to e95d60a265e384df29b7a139f5c5402d6ad72e06 (#1721 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-04-07 08:48:17 -04:00
Henry Sachs	0fed17f1c8	feat: gradle lockfile support (#1719 ) Signed-off-by: Henry Sachs <Henry.Sachs@deutschebahn.com>	2023-04-06 14:58:28 -04:00
dependabot[bot]	da44db92e9	chore(deps): bump github.com/docker/docker (#1715 )	2023-04-06 13:44:51 +00:00
dependabot[bot]	4a499c946e	chore(deps): bump golang.org/x/mod from 0.9.0 to 0.10.0 (#1713 )	2023-04-06 13:44:41 +00:00
dependabot[bot]	99c28a94a4	chore(deps): bump golang.org/x/term from 0.6.0 to 0.7.0 (#1714 )	2023-04-06 13:36:16 +00:00
dependabot[bot]	f7ac4e98af	chore(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0 (#1716 ) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.6.1 to 1.7.0. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.6.1...v1.7.0) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-06 09:34:59 -04:00
dependabot[bot]	394ec8d215	chore(deps): bump peter-evans/create-pull-request from 4 to 5 (#1712 ) Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 4 to 5. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/v4...v5) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-05 19:04:26 -04:00
Keith Zantow	7845381331	chore: update tools-golang to v0.5.0 (#1717 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-04-05 13:59:52 -04:00
Alex Goodman	7464079a09	Add Nix cataloger (#1696 ) * Add Basic Nix Cataloger Signed-off-by: Julio Tain Sueiras <juliosueiras@gmail.com> * Update nix def for the latest syft definition Signed-off-by: Julio Tain Sueiras <juliosueiras@gmail.com> * capture nix package files on pkg.NixStoreMetadata Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix unit tests and linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update JSON schema Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * address review comments Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * Update syft/pkg/cataloger/nix/parse_nix_store_path_test.go Co-authored-by: Florian Klink <flokli@flokli.de> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * support unstable version conventions Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update json schema relative to main branch Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update syft json with v7.1.1 schema Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix CLI tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove extra continue statement Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add Nix to list of supported ecosystems Signed-off-by: Alex Goodman <alex.goodman@anchore.com> --------- Signed-off-by: Julio Tain Sueiras <juliosueiras@gmail.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Julio Tain Sueiras <juliosueiras@gmail.com> Co-authored-by: Florian Klink <flokli@flokli.de>	2023-04-04 10:53:56 -04:00
Alex Goodman	8a574c9ed9	refactor spdx tooling test to reduce intermittent failures (#1707 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2023-04-03 18:43:28 +00:00
Alex Goodman	681d250fdc	Capture file ownership relationships from portage ecosystem (#1702 ) * add portage as file owners Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update json schema with NPM files Signed-off-by: Alex Goodman <alex.goodman@anchore.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2023-04-03 09:46:18 -04:00
Keith Zantow	2022ffa0e5	chore: update deprecated set-output calls (#1705 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-04-03 09:36:11 -04:00
Christopher Angelo Phillips	dfcc07e512	feat: Add config option to allow user to select the default image source location Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-03-31 10:04:10 -04:00
dependabot[bot]	2fa238af7c	chore(deps): bump github.com/docker/docker (#1699 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.1+incompatible to 23.0.2+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v23.0.1...v23.0.2) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-29 10:00:37 -04:00
anchore-actions-token-generator[bot]	63bbd1e3ed	chore(deps): update bootstrap tools to latest versions (#1697 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>	2023-03-27 09:17:34 -04:00
anchore-actions-token-generator[bot]	81b87dd108	chore(deps): update stereoscope to d7551b7f46f53179922d6229709d3d1602881080 (#1693 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>	2023-03-23 16:30:08 +00:00
Christopher Angelo Phillips	f473bb75a8	1577 spdxlicense generate (#1691 ) Update the license_list.go to have more permissible inputs for greater SPDXID matching. EX: GPL3 gpl3 gpl-3 and GPL-3 can all map to GPL-3.0-only By moving all strings to lower and removing the "-" we're able to return valid SPDX license ID for a greater diversity of input strings. --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-03-23 11:48:24 -04:00
dependabot[bot]	539bc2afcb	chore(deps): bump github.com/vbatts/go-mtree from 0.5.2 to 0.5.3 (#1692 ) Bumps [github.com/vbatts/go-mtree](https://github.com/vbatts/go-mtree) from 0.5.2 to 0.5.3. - [Release notes](https://github.com/vbatts/go-mtree/releases) - [Changelog](https://github.com/vbatts/go-mtree/blob/main/releases.md) - [Commits](https://github.com/vbatts/go-mtree/compare/v0.5.2...v0.5.3) --- updated-dependencies: - dependency-name: github.com/vbatts/go-mtree dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-23 11:09:32 -04:00
Avi Deitcher	9fd532246a	feat: scan local go mod cache for licenses of golang packages (#1645 ) Signed-off-by: Avi Deitcher <avi@deitcher.net> Co-authored-by: Keith Zantow <kzantow@gmail.com>	2023-03-23 10:38:15 -04:00
Keith Zantow	11e926ab2f	chore: fix flaky license sorting (#1690 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-03-22 14:41:49 -04:00
dependabot[bot]	168c5aed51	chore(deps): bump github.com/gookit/color from 1.5.2 to 1.5.3 (#1689 )	2023-03-22 14:26:58 -04:00
Dan	d02c56aa5f	fix: shell completion by adding missing usage message required by spf13/cobra (#1688 ) Signed-off-by: DanHam <DanHam@users.noreply.github.com>	2023-03-22 13:45:09 -04:00
anchore-actions-token-generator[bot]	829a71cd92	chore(deps): update bootstrap tools to latest versions (#1686 )	2023-03-22 09:01:24 -04:00
Keith Zantow	34ace36a9e	chore: tweak some workflow text (#1685 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-03-21 11:08:49 -04:00
Alex Goodman	100cf1003d	Remove more side effects from application config testing (#1684 ) * remove a few side effects from config testing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix xdg config app name prefix Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * account for restoring and protecting xdg state throughout testing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2023-03-20 20:53:45 +00:00
Aidan Delaney	f11a7b5e9f	Deprecate config.yaml as valid config source; Add unit regression for correct config paths (#1640 ) Warn user of future deprecation of ./config.yaml for v1.0.0 release --------- Signed-off-by: Aidan Delaney <adelaney21@bloomberg.net> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-03-20 15:13:35 -04:00
anchore-actions-token-generator[bot]	434aa7fd46	chore: Update syft bootstrap tools to latest versions. (#1682 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-03-20 13:20:48 -04:00
Marc-Etienne Vargenau	5fb0423b72	Update documentation: (#1680 ) - Syft is now outputing SPDX 2.3 by default - Give syntax to get SPDX 2.2 Signed-off-by: Marc-Etienne Vargenau <marc-etienne.vargenau@nokia.com>	2023-03-20 10:10:35 -04:00
anchore-actions-token-generator[bot]	7998520848	chore: Update Stereoscope to 7928713c391e20abaede6a029f4ce37b628a4c8b (#1681 )	2023-03-18 10:32:39 -04:00
Keith Zantow	d05000ff21	fix: reduce logging for bad dpkg lines (#1675 ) * fix: reduce logging for bad dpkg lines to Trace level --------- Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-03-17 13:08:51 -04:00
witchcraze	f66e77e2c6	fix ruby classifier (#1678 ) Signed-off-by: witchcraze <witchcraze@gmail.com>	2023-03-17 09:42:20 -04:00
Christopher Angelo Phillips	928c4a55ff	feat: add shared dir for easier cleanup (#1676 ) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-03-16 16:05:34 -04:00
dependabot[bot]	1899eb50d0	chore(deps): bump github.com/google/go-containerregistry (#1672 ) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.13.0 to 0.14.0. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.13.0...v0.14.0) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-16 12:07:47 -04:00
dependabot[bot]	b5ec4d4f08	chore(deps): bump actions/setup-go from 3 to 4 (#1671 ) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-16 12:02:07 -04:00
Christopher Angelo Phillips	61362c04fa	fix: move defer after error to protect panic case (#1670 ) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-03-15 15:29:10 -04:00
Joye Lin	e3140063d4	feat: add argocd, helm, kustomize and kubectl binary classifiers (#1663 ) * add argocd, helm, kustomize and kubectl binary classifiers * update golang PURL * address PR faceback about binary/test-fixtures/Makefile * remove the /v[n] suffix from the PURL in both argocd and helm --------- Signed-off-by: y12studio <y12studio@gmail.com>	2023-03-15 14:53:22 -04:00
razzle	1d9ef34ec7	defer closing file (#1668 ) Signed-off-by: razzle <harry@razzle.cloud>	2023-03-15 14:50:42 -04:00
Keith Zantow	302735097e	fix: remove author contributing to javascript CPEs (#1669 )	2023-03-14 14:10:24 +00:00
Keith Zantow	cc0a376aba	fix: more python matching support (#1667 )	2023-03-13 13:26:43 -04:00
anchore-actions-token-generator[bot]	b379dd9f27	Update syft bootstrap tools to latest versions. (#1666 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>	2023-03-13 10:40:13 -04:00
witchcraze	a81e0c8008	feat: add ruby classifier (#1665 ) Signed-off-by: witchcraze <witchcraze@gmail.com>	2023-03-10 08:29:40 -05:00
anchore-actions-token-generator[bot]	41cbbe09b2	Update syft bootstrap tools to latest versions. (#1658 )	2023-03-07 12:54:32 -05:00
Keith Zantow	7714bc0521	fix: improved Python binary detection (#1648 )	2023-03-07 10:52:29 -05:00
Weston Steimel	096d2b7bff	fix: suppress some known incorrect vendor candidates for npm CPEs (#1659 ) Signed-off-by: Weston Steimel <weston.steimel@anchore.com>	2023-03-07 10:18:44 -05:00
Keith Zantow	7cfdffab5f	fix: sanitize SPDX LicenseRefs (#1657 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-03-06 10:55:23 -05:00
dependabot[bot]	f43953d225	chore(deps): bump golang.org/x/mod from 0.8.0 to 0.9.0 (#1655 )	2023-03-06 15:49:34 +00:00
dependabot[bot]	eea1b48cbb	chore(deps): bump golang.org/x/net from 0.7.0 to 0.8.0 (#1653 )	2023-03-06 15:38:34 +00:00
dependabot[bot]	a063cf300b	chore(deps): bump github.com/spf13/afero from 1.9.4 to 1.9.5 (#1654 )	2023-03-06 15:21:35 +00:00
dependabot[bot]	b73903519c	chore(deps): bump golang.org/x/term from 0.5.0 to 0.6.0 (#1656 )	2023-03-06 15:20:43 +00:00

1 2 3 4 5 ...

1480 commits