Commit graph

2312 commits

Author SHA1 Message Date
Alex Goodman
c43f4fb416
add signature verification to install.sh (#2941)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-10 11:29:53 -04:00
Alex Goodman
db0c33481e
pin golang image (#2944)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-10 09:59:33 -04:00
anchore-actions-token-generator[bot]
a658cc7402
chore(deps): update tools to latest versions (#2943)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-06-10 09:20:22 -04:00
Alex Goodman
254a562b4e
Add support for reading ELF package notes with section header (#2939)
* add support for reading ELF package notes with section header

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add systemd elf package fields to json schema

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-07 14:38:54 -04:00
anchore-actions-token-generator[bot]
bc20e66d08
chore(deps): update tools to latest versions (#2940)
* chore(deps): update tools to latest versions

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* chore: update header and deprecated fields

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>

---------

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-06-07 16:55:32 +00:00
Alex Goodman
6e16396d18
remove dco workflow (#2936)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-06 14:29:55 +00:00
Brian Ebarb
5cdc0845fb
feat: add license field to ELF binary package metadata (#2890)
Signed-off-by: Brian Ebarb <ebarb.brian@gmail.com>

feat: add License component to elf binary packages

Signed-off-by: Brian Ebarb <ebarb.brian@gmail.com>

feat: fix elf_package_cataloger test

feat: elf package cataloger unit test updates
2024-06-06 14:10:53 +00:00
dependabot[bot]
baca15f186
chore(deps): bump github.com/docker/docker (#2935)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 26.1.3+incompatible to 26.1.4+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v26.1.3...v26.1.4)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-06 09:56:47 -04:00
Laurent Goderre
b608ab77e1
feat: classifier for util-linux (#2933)
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-06-05 17:32:52 -04:00
dependabot[bot]
f4c941f08d
chore(deps): bump golang.org/x/net from 0.25.0 to 0.26.0 (#2929)
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.25.0 to 0.26.0.
- [Commits](https://github.com/golang/net/compare/v0.25.0...v0.26.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-05 19:09:09 +00:00
dependabot[bot]
2d5760145c
chore(deps): bump github/codeql-action from 3.25.7 to 3.25.8 (#2928)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.7 to 3.25.8.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](f079b84933...2e230e8fe0)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-05 11:58:14 -07:00
dependabot[bot]
f11bb95c1e
chore(deps): bump golang.org/x/mod from 0.17.0 to 0.18.0 (#2930)
Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.17.0 to 0.18.0.
- [Commits](https://github.com/golang/mod/compare/v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-05 11:57:54 -07:00
dependabot[bot]
d2fa5ed41c
chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.8.0 to 0.9.0 (#2931)
Bumps [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/CycloneDX/cyclonedx-go/releases)
- [Changelog](https://github.com/CycloneDX/cyclonedx-go/blob/master/.goreleaser.yml)
- [Commits](https://github.com/CycloneDX/cyclonedx-go/compare/v0.8.0...v0.9.0)

---
updated-dependencies:
- dependency-name: github.com/CycloneDX/cyclonedx-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-05 11:57:43 -07:00
Christopher Angelo Phillips
7508d75b2b
fix: update unit tests to use pinned patch version (#2932)
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-06-05 18:31:38 +00:00
Alex Goodman
3472b48177
Add relationships for python poetry packages (#2906)
* [wip] add initial poetry.lock relationship support

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* provide generic set for basic types

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* dependency resolver should allow for conditional deps

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add tests for poetry lock relationship additions

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* update schema with python poetry dependency refs

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* dep specification data structure should not be recursive in nature

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-04 20:00:05 +00:00
Alex Goodman
4bdbd1aa2a
remove unused test fixtures and empty dirs (#2924)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-04 15:22:49 -04:00
William Murphy
557ad73ee6
fix: only skip tmpfs mounts for some paths (#2918)
* fix: only skip tmpfs mounts for some paths

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* refactor and add tests

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add regression test for archive processing

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* bump to golang 1.22

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* remove rule 1 and add more tests

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-04 15:21:45 -04:00
Alex Goodman
cb09dd9e19 match existing DCO GH check name
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-04 13:34:29 -04:00
Alex Goodman
2f39322f81
use dco tool during gh app outage (#2926)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-04 17:31:29 +00:00
William Tang
fe0b78b7fe
fix: close sql driver after testing sqlite availability (#2922)
Signed-off-by: William Tang <ttc0419@outlook.com>
2024-06-03 14:42:13 +00:00
Ralph Bean
8a7f08e2c8
Use redhat as namespace for redhat rpms (#2914)
The namespace value of `redhat` signifies this as an RPM package
produced and distributed by Red Hat.

Using "rhel" in the namespace is not correct.

Signed-off-by: Ralph Bean <rbean@redhat.com>
2024-06-03 10:18:52 -04:00
dufucun
29d601d1f1
chore: fix some comments (#2920)
Signed-off-by: dufucun <dufuchun@sohu.com>
Co-authored-by: dufucun <dufucunn@sohu.com>
2024-06-03 14:10:39 +00:00
anchore-actions-token-generator[bot]
3ac95bfbd0
chore(deps): update CPE dictionary index (#2919)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-06-03 10:00:30 -04:00
dependabot[bot]
24262b9e31
chore(deps): bump modernc.org/sqlite from 1.29.10 to 1.30.0 (#2921)
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.29.10 to 1.30.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.29.10...v1.30.0)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-03 09:59:33 -04:00
dependabot[bot]
b04bc0fbfe
chore(deps): bump github/codeql-action from 3.25.6 to 3.25.7 (#2916)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.6 to 3.25.7.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](9fdb3e4972...f079b84933)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-31 11:17:21 -04:00
dependabot[bot]
aafa161ff6
chore(deps): bump github.com/charmbracelet/bubbletea (#2917)
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea) from 0.26.3 to 0.26.4.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases)
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.26.3...v0.26.4)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-31 10:20:00 -04:00
Laurent Goderre
eeb4193d4a
Lua: Add support for more advanced syntax (#2908)
* Add lua/rocksepc support for variables substitution
* Lua: Skip expressions in rockspec packages
* Lua: Add support for concatenation of string and variables
* Lua: Skip expressions in local
* Lua: Skip build sections in Rockspec files
* Lua: skip function blocks in Rockspec
* Lua: Add support for multi variable per line
---------
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-05-30 11:38:45 -04:00
anchore-actions-token-generator[bot]
5cf8cc9bc3
chore(deps): update tools to latest versions (#2913)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-05-30 11:37:31 -04:00
Alex Goodman
f4a69e6d35
add relationships for go binary packages (#2912)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-05-30 11:37:17 -04:00
Keith Zantow
ac34808b9c
feat: detect fluent-bit binaries (#2905)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-05-28 10:13:06 -04:00
anchore-actions-token-generator[bot]
2b70ea3fc2
chore(deps): update tools to latest versions (#2907)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-05-28 10:02:32 -04:00
dependabot[bot]
5eb1e7115f
chore(deps): bump docker/login-action from 3.1.0 to 3.2.0 (#2909)
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](e92390c5fb...0d4c9c5ea7)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-28 09:57:32 -04:00
dependabot[bot]
774602f0d8
chore(deps): bump github.com/charmbracelet/bubbletea (#2901)
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea) from 0.26.2 to 0.26.3.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases)
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.26.2...v0.26.3)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-25 16:30:48 -04:00
Jon Johnson
c314e05aae
Handle GOEXPERIMENTs in go version (#2893)
* Handle GOEXPERIMENTs in go version

Signed-off-by: Jon Johnson <jon.johnson@chainguard.dev>

* bump JSON schema

Signed-off-by: Will Murphy <will.murphy@anchore.com>

---------

Signed-off-by: Jon Johnson <jon.johnson@chainguard.dev>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Co-authored-by: Will Murphy <will.murphy@anchore.com>
2024-05-25 20:23:30 +00:00
Alex Goodman
05e8ba948d
Add python wheel egg relationships (#2903)
* add python package relationships

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* nil for empty relationships collections

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* new json schema for optional python requiremenets

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* update format snapshots for python packages

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* decompose python parsers more + add tests around plural fields

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* update JSON schema with python dep refs

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-05-25 20:11:38 +00:00
dependabot[bot]
64e11d53e9
chore(deps): bump github.com/charmbracelet/lipgloss (#2902)
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.10.0 to 0.11.0.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases)
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.10.0...v0.11.0)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-25 16:07:25 -04:00
Laurent Goderre
b51252dbdb
feat: Add Lua cataloger (#2613)
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-05-24 16:56:34 -04:00
anchore-actions-token-generator[bot]
77b3f66404
chore(deps): update tools to latest versions (#2900) 2024-05-24 09:34:08 -04:00
Keith Zantow
1c37bab2b2
feat: add config command (#2892)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-05-23 15:18:09 -04:00
Laurent Goderre
7071f1e498
feat: Added functionality to convert major, minor, patch to version for binary classifier (#2864)
---------
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-05-23 12:17:12 -04:00
dependabot[bot]
3875e4a67d
chore(deps): bump github.com/knqyf263/go-rpmdb from 0.1.0 to 0.1.1 (#2896)
Bumps [github.com/knqyf263/go-rpmdb](https://github.com/knqyf263/go-rpmdb) from 0.1.0 to 0.1.1.
- [Commits](https://github.com/knqyf263/go-rpmdb/compare/v0.1.0...v0.1.1)

---
updated-dependencies:
- dependency-name: github.com/knqyf263/go-rpmdb
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-23 12:06:44 -04:00
anchore-actions-token-generator[bot]
a0f0332e30
chore(deps): update tools to latest versions (#2887)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-05-23 13:39:09 +00:00
dependabot[bot]
ea50c6153d
--- (#2889)
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-23 09:26:12 -04:00
Christopher Angelo Phillips
b41d5cced5
chore: update spdx license list to 3.24.0 (#2895)
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-05-23 13:10:36 +00:00
dependabot[bot]
68daa42f86
--- (#2888)
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-23 08:11:03 -04:00
Russell Haering
2356787053
Go Mod Cataloger: Remove Replaced Packages (#2891)
When the goModCataloger processes a Replace directive it currently adds the new
package to the resulting package list, but does not remove the old one unless
the path is unchanged.

Based on an existing comment in the code, removing the old one seems to be the
intended behavior, and results in a more expected end-result, so this does so.

Signed-off-by: Russell Haering <russellhaering@gmail.com>
2024-05-22 14:26:40 -04:00
dependabot[bot]
2d318cffaa
chore(deps): bump actions/checkout from 4.1.5 to 4.1.6 (#2879)
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.5 to 4.1.6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](44c2b7a8a4...a5ac7e51b4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-20 13:46:57 -04:00
Alan Pope
49c458b113
chore: Reduce length of readme, moving lengthy content to the wiki (#2882)
* chore: Reduce length of readme, moving lengthy content to the wiki
https://github.com/anchore/syft/wiki
---------
Signed-off-by: Alan Pope <alan@popey.com>
2024-05-20 13:46:32 -04:00
dependabot[bot]
1144407591
chore(deps): bump github.com/docker/docker (#2880)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 26.1.2+incompatible to 26.1.3+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v26.1.2...v26.1.3)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-20 12:30:50 -04:00
dependabot[bot]
15808fbd04
chore(deps): bump github.com/saferwall/pe from 1.5.2 to 1.5.3 (#2881)
Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe) from 1.5.2 to 1.5.3.
- [Release notes](https://github.com/saferwall/pe/releases)
- [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md)
- [Commits](https://github.com/saferwall/pe/compare/v1.5.2...v1.5.3)

---
updated-dependencies:
- dependency-name: github.com/saferwall/pe
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-20 12:25:05 -04:00