Mirrors/syft

mirror of https://github.com/anchore/syft synced 2024-11-10 06:14:16 +00:00

Author	SHA1	Message	Date
Rajan Agaskar	ae0683074e	feat: update syft to generate cyclone-dx 1.6 by default (#2978 ) - Resolves #2974 - add detailed instructions re: updating schemas (a necessary task when a new CycloneDX spec version becomes available). - The DefaultVersion constant has been updated to "1.6" -- it's not clear to me how this is used at this time (it may be redundant given other code), but effectively unless a specific spec version is configured, `syft` will emit the "most recent" spec version available for cyclonedx. Users who wish to pin back to a "older" specVersion (e.g. to preserve compatibilty with utilities that have not yet bumped to latest) can either set this in a syft config file or pass a name@spec_version pair to the output flag (e.g. `-o cyclonedx-json@1.5=some-1.5-spec-bom.cdx.json`) - Regenerate relevant .golden files (there seems to be a way to do this via flags, but I couldn't quite figure out the right set to pass correctly, esp. since (as a relative go novice) I found it difficult to run just a single test file. I ended up "brute-forcing it" by changing the *updateSnapshot val to "true" and running it in Goland. A brief comment giving an example of regenerating fixtures usage would be helpful. Signed-off-by: Rajan Agaskar <ragaskar@gmail.com>	2024-06-21 08:51:27 -07:00
Alex Goodman	87cd6c8c48	update spdx license list to 3.23 (#2818 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2024-04-26 14:50:55 +00:00
Alex Goodman	7392d607b6	Split the sbom.Format interface by encode and decode use cases (#2186 ) * split up sbom.Format into encode and decode ops Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update cmd pkg to inject format configs Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * bump cyclonedx schema to 1.5 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * redact image metadata from github encoder tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add more testing around format decoder identify Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add test case for format version options Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix cli tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix CLI test Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * [wip] - review comments Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * keep encoder creation out of post load function Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * keep decider and identify functions Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add a few more doc comments Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * remove format encoder default function helpers Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * address PR feedback Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * move back to streaming based decode functions Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * with common convention for encoder constructors Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix tests and allow for encoders to be created from cli options Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix cli tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix linting Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * buffer reads from stdin to support seeking Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-10-25 13:43:06 +00:00
Alex Goodman	7315f83f9d	Upgrade tool management (#2188 ) * migrate to binny and taskfile Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update binny to not require github token Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * added support for automatically building snapshots Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * detect source changes for snapshot builds Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fail workflow explicitly when snapshot cache restoral fails Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * match snapshot restoral paths Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-10-25 09:08:43 -04:00
Christopher Angelo Phillips	3e16c6813f	feat: add cyclonedx schema version selection (#2123 ) --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-09-13 14:50:22 -04:00
Christopher Angelo Phillips	6029dd7c2e	refactor command package to remove globals and add dependency injection	2022-04-26 18:23:03 +00:00
Sambhav Kothari	39737a2825	Update cyclonedx to v1.4 (#820 )	2022-03-08 12:09:55 -05:00
Dan Luhring	f98868b55e	Find Java package versions in additional manifest sections (#673 ) * Add failing test for missing versions Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Look through all named sections for version Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Consistent installation of yajsv Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Adjust output text for test assertion Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2021-12-13 15:39:42 -05:00
Jonas Galvão Xavier	5374a1dc6f	add cyclone-json output format (#635 ) * add cyclone json format Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * adapt format to sbom.SBOM structure Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * cycloneDX json output with official lib Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add cycloneDX 1.3 schema output in xml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix lints errors Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * tidying go mod Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove cycloneDX 1.2 format Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * update cycloneDX xml schema Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix cyclone according to schema Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * use RFC 2141 URN form of uuid for serial number add schema validation for cycloneDX 1.3 JSON output add yajsv cli for JSON schema validation during tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * tidying go mod up Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go get json schema validator Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * install yajsv without mess with go mod Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * reuse code between cycloneDX json & xml encoders Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add output options for cyclone XML add bom.json to .gitignore Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add cyclone json format Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * adapt format to sbom.SBOM structure Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * cycloneDX json output with official lib Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add cycloneDX 1.3 schema output in xml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix lints errors Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * tidying go mod Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove cycloneDX 1.2 format Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * update cycloneDX xml schema Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix cyclone according to schema Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * use RFC 2141 URN form of uuid for serial number add schema validation for cycloneDX 1.3 JSON output add yajsv cli for JSON schema validation during tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * tidying go mod up Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go get json schema validator Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * install yajsv without mess with go mod Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * reuse code between cycloneDX json & xml encoders Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add output options for cyclone XML add bom.json to .gitignore Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix cyclone12xml removal Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2021-12-03 17:06:23 -08:00
Toure Dunnon	a5fd83b21d	added: correct the bom descriptor to meet the cyclonedx 1.2 Signed-off-by: Toure Dunnon <toure.dunnon@anchore.com>	2020-12-04 11:48:20 -05:00
Alex Goodman	eda0f8c774	add bom descriptor schema + test against xml schemas in pipeline (#163 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-08-27 19:12:45 -04:00

11 commits