Mirrors/syft

mirror of https://github.com/anchore/syft synced 2024-11-10 06:14:16 +00:00

Author	SHA1	Message	Date
Christopher Angelo Phillips	9e72771b85	update zip_read_closer to incorporate zip64 support (#1041 )	2022-06-16 10:43:18 -04:00
Morten Linderud	e72d68b0c6	Add pacman (alpm) parser support (#943 ) Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-06-13 18:51:37 +00:00
marcinbojko	f15d4a9984	Update of README.md (#1027 )	2022-06-08 17:39:22 -04:00
Weston Steimel	b8d1a46e7e	bump cosign to v1.9.0 to resolve reporting of GHSA-66x3-6cw3-v5gj (#1025 ) Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-06-08 11:51:10 -04:00
Christopher Angelo Phillips	f35a252ecf	add workflows to test new project automation (#1023 )	2022-06-08 09:42:53 -04:00
Weston Steimel	05be9e25ce	improve LanguageByName and add unit tests (#1034 ) Signed-off-by: Weston Steimel <weston.steimel@anchore.com>	2022-06-07 14:09:09 +01:00
Ryan Moran	5e2ab0874d	Read Description from dpkg status files (#996 )	2022-06-06 16:59:35 -04:00
briankoe741	fb699496a8	Add announcement for Anchore OSS Virtual Meetup (#1033 )	2022-06-06 20:26:05 +00:00
Jonas Xavier	0aea55f880	add main module field to go bin metadata (#1026 ) * add main module field to go bin metadata Signed-off-by: Jonas Xavier <jonasx@anchore.com> * udpate json ouput schema to 3.2.4 Signed-off-by: Jonas Xavier <jonasx@anchore.com> * clean up fixture Signed-off-by: Jonas Xavier <jonasx@anchore.com>	2022-06-03 23:12:09 +00:00
Jonas Xavier	caff67289a	Add filters to package cataloger (#1021 ) * Add filters to package cataloger This PR adds filters so a package without name or version doesn't go in the list of all discovered packages. Integration and cli tests were added to validate the feature. Signed-off-by: Jonas Xavier <jonasx@anchore.com> * add nolint:funlen to cataloger/catalog.go Signed-off-by: Jonas Xavier <jonasx@anchore.com> * don't require package version Signed-off-by: Jonas Xavier <jonasx@anchore.com> * add package filtering to generic and python cataloger also removes cli tests in favor of integration and unit tests Signed-off-by: Jonas Xavier <jonasx@anchore.com> * drop nolint:funlen Signed-off-by: Jonas Xavier <jonasx@anchore.com> * check for no-removal operation Signed-off-by: Jonas Xavier <jonasx@anchore.com> * remove unused fixtures Signed-off-by: Jonas Xavier <jonasx@anchore.com> * rename no-version file to hide semantic version Signed-off-by: Jonas Xavier <jonasx@anchore.com> * drop integration tests and add pkg func for validation Signed-off-by: Jonas Xavier <jonasx@anchore.com> * python cataloger use global pkg validation Signed-off-by: Jonas Xavier <jonasx@anchore.com> * check for valid packages on deb/go/rpm catalogers Signed-off-by: Jonas Xavier <jonasx@anchore.com> * update rpm cataloger after rebase Signed-off-by: Jonas Xavier <jonasx@anchore.com> * nit with pointers Signed-off-by: Jonas Xavier <jonasx@anchore.com> * simpler use of package validation Signed-off-by: Jonas Xavier <jonasx@anchore.com> * remmove double pkg validations Signed-off-by: Jonas Xavier <jonasx@anchore.com> * rename func param to artifactsToExclude Signed-off-by: Jonas Xavier <jonasx@anchore.com> * add test for relationships and bug fix Signed-off-by: Jonas Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Xavier <jonasx@anchore.com>	2022-06-03 13:17:43 -04:00
Christopher Angelo Phillips	82de24cf7c	change draft to false for release process (#1016 )	2022-06-01 11:55:33 -04:00
Tom Fay	3db3efacdc	Support RPM distros with newer RPM db formats (#1018 ) * Support RPM distros with newer db formats Recent RPM distros (Fedora 33+, CBL-Mariner 2.0+, amazonlinux 2022+) use an sqlite package database in /var/lib/rpm/rpmdb.sqlite, or "ndb" format (SUSE). Remove anchore's fork in favour of the upstream, https://github.com/knqyf263/go-rpmdb, to gain support for these formats. Signed-off-by: Tom Fay <tomfay@microsoft.com> * add exception for modernc.org repos Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * shorten rpmdb helper function Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2022-05-31 17:25:22 -04:00
cpendery	6ccd460e59	fix: add component list to prevent cyclone-dx panic (#1015 )	2022-05-26 13:44:12 -04:00
Jonas Xavier	7cb8e1fc14	Use SBOM descriptor version (#1011 ) * Use SBOM descriptor version Signed-off-by: Jonas Xavier <jonasx@anchore.com> * Update tests Signed-off-by: Jonas Xavier <jonasx@anchore.com> * CycloneDX extract tools metadata in decoding stage Signed-off-by: Jonas Xavier <jonasx@anchore.com> * add descriptor to spdx tag-value test Signed-off-by: Jonas Xavier <jonasx@anchore.com> * remove comment Signed-off-by: Jonas Xavier <jonasx@anchore.com>	2022-05-25 14:40:08 -07:00
Jonas Xavier	c990f425a6	Longer CPEs for golang modules to avoid false positives (#1006 ) * golang module CPE with full path Signed-off-by: Jonas Xavier <jonasx@anchore.com> * add note on longer Golang CPEs Signed-off-by: Jonas Xavier <jonasx@anchore.com>	2022-05-23 10:39:34 -07:00
mikey strauss	d41afe05eb	Malformed licenses field in package json warn not skip (#1004 ) * Malformed licenses field in package json warn not skip Signed-off-by: houdini91 <mdstrauss91@gmail.com> * liceneses failed warn fix Signed-off-by: houdini91 <mdstrauss91@gmail.com> * package.json malformed licenses unitest Signed-off-by: houdini91 <mdstrauss91@gmail.com>	2022-05-19 13:10:34 -07:00
Jonas Xavier	0f5a9eed09	bump stereoscope version to include source path fix (#1005 ) * bump stereoscope version to include source path fix Signed-off-by: Jonas Xavier <jonasx@anchore.com> * go mod tidy Signed-off-by: Jonas Xavier <jonasx@anchore.com>	2022-05-18 13:53:53 -07:00
Weston Steimel	8420612724	bump cosign to v1.8.0 (#1003 ) Signed-off-by: Weston Steimel <weston.steimel@anchore.com>	2022-05-18 17:17:21 +01:00
Christopher Angelo Phillips	03ee4fdf5e	add integration tests for validating CycloneDX output using cyclonedx-cli (#1000 )	2022-05-12 12:56:04 -04:00
Keith Zantow	91e2fd8532	Fix potential race condition during event subscription (#993 )	2022-05-11 18:35:55 -04:00
Jonas Xavier	24f08e7738	Convert between SBOM formats (#964 ) * add convert command Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * mvp Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix hanging bug Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * validate SBOM formats for conversion Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * move convert cmd to new structure Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * remove bin Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * drop event loop from convert cmd extract SBOM type from document namespace Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * validate SPDX in tests Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * documenting convert cmd Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * support output format=file.json notation Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * test convertible formats Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix typo Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * clean up Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * more clean up and docs Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * nit Signed-off-by: Jonas Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Xavier <jonasx@anchore.com> * re-use more code Signed-off-by: Jonas Xavier <jonasx@anchore.com> * undo encode-decode cycle test Signed-off-by: Jonas Xavier <jonasx@anchore.com> * remove unnecessary test constraint Signed-off-by: Jonas Xavier <jonasx@anchore.com> * fix readme Signed-off-by: Jonas Xavier <jonasx@anchore.com> * try verbose Signed-off-by: Jonas Xavier <jonasx@anchore.com> * cleaner README and no table conversion Signed-off-by: Jonas Xavier <jonasx@anchore.com> * simpler conversion Signed-off-by: Jonas Xavier <jonasx@anchore.com> * feedback changes and cleanup Signed-off-by: Jonas Xavier <jonasx@anchore.com> * nit space fix Signed-off-by: Jonas Xavier <jonasx@anchore.com> * use defer Signed-off-by: Jonas Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Xavier <jonasx@anchore.com> Co-authored-by: Keith Zantow <kzantow@gmail.com>	2022-05-09 17:28:33 -07:00
Christopher Angelo Phillips	a83506628c	Add README updates for Keyless features (#988 )	2022-05-09 16:07:28 +00:00
Jonas Xavier	42f8601919	Fix tests: add timeout to long-running failures, update SPDX license list (#989 )	2022-05-09 11:48:44 -04:00
Christopher Angelo Phillips	d2d532f4a8	835 - Keyless Support for SBOM Attestations (#910 ) Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2022-05-06 18:06:32 -04:00
Christian Kotzbauer	1cea0ecd5c	feat: add initial dotnet-support (#951 ) * feat: add initial dotnet-support Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de> * fix: add path, sha512 and hashpath Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de> * fix: add missing dot Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de> * fix: lint warnings Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de> * fix CLI test package counts to account for dotnet Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix: updated packagurl-go Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de> * tidy go.sum Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update json schema Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2022-05-05 15:32:02 -04:00
Alex Goodman	d2f053bc71	unblock timeout for power-user select CLI tests (#985 ) * update to use shared secretsFixture to prevent race Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-05-05 15:12:11 +00:00
Jonas Xavier	2fc344aba4	golang cataloger - main module version as is (#986 ) Signed-off-by: Jonas Xavier <jonasx@anchore.com>	2022-05-05 00:01:00 -07:00
Steven Maude	8b6c576d78	Fix `github-json` output option (#967 ) * Fix "bad output format" for `github-json` output Signed-off-by: Steven Maude <git@stevenmaude.co.uk> * Update formats in README Signed-off-by: Steven Maude <git@stevenmaude.co.uk> * Run `make lint-fix` Signed-off-by: Steven Maude <git@stevenmaude.co.uk>	2022-05-04 17:25:40 -07:00
Jonas Xavier	ab289933da	read Go main module version as is - (devel) (#981 ) * read Go main module version as is - (devel) Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix package test with default (devel) main module Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>	2022-05-04 10:47:13 -07:00
Dan Luhring	37927b8b23	reduce logging severity for non-Go binaries (#983 )	2022-05-03 09:38:14 -04:00
Christopher Angelo Phillips	03d51c36d0	golang.org/x/crypto upgrade (#979 )	2022-05-02 21:33:40 +00:00
Dan Luhring	0bd3558fb2	reduce noise of log output (#976 )	2022-05-02 14:54:30 +00:00
Christopher Angelo Phillips	4ce2edda9e	add version info and remove double config call (#977 )	2022-05-02 14:54:10 +00:00
Sambhav Kothari	36973021fa	Rename syft-id to package-id (#970 ) Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-04-29 11:18:45 -04:00
Christian Köberl	7d8ea39ee5	update to cyclonedx-go 0.5.2 (#971 )	2022-04-28 10:42:12 -04:00
Christopher Angelo Phillips	6029dd7c2e	refactor command package to remove globals and add dependency injection	2022-04-26 18:23:03 +00:00
Jon McEwen	7304bbf8ee	fix: #953 Derive language from pURL - https://github.com/anchore/syft … (#957 ) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-04-26 11:51:24 -04:00
Rob Dimsdale-Zucker	c270ee2a02	Fix typo in CPE-parsing error (#966 )	2022-04-22 12:08:44 -04:00
Alex Goodman	172ecc0d77	Preserve syft IDs on SBOM decode (#963 )	2022-04-18 18:10:55 +00:00
Keith Zantow	248023baaf	Update GitHub format package_url and correlator (#961 )	2022-04-15 13:00:06 -04:00
Keith Zantow	b7295b79de	Ensure SPDXIDs are valid (#955 )	2022-04-14 15:07:23 -04:00
Keith Zantow	321eddf874	Auto-PR needs to run go mod tidy (#958 )	2022-04-13 16:30:35 -04:00
Keith Zantow	25bf679f8f	Add workflow for automatic PR for new stereoscope updates (#954 )	2022-04-13 13:20:40 -04:00
Keith Zantow	02a8fb6f8c	Minor readme update to correct format information (#948 )	2022-04-12 17:16:47 -04:00
Christopher Angelo Phillips	b46d044d7e	Update spdx22json to only take uppercase checksum algorithm (#946 )	2022-04-11 14:56:04 -04:00
Weston Steimel	15e45a8ce1	add additional vendors for springframework (#945 ) The Official CPE dictionary currently contains entries for springframework with three different vendors: springsource, vmware, and pivotal_software. This appears to be because ownership has changed over time. Signed-off-by: Weston Steimel <weston.steimel@anchore.com>	2022-04-11 14:38:52 +01:00
Christopher Angelo Phillips	782b2e3348	Add digest property to parent and nested java package metadata (#941 )	2022-04-08 15:12:32 -04:00
Alex Goodman	e415bb21e7	Update write permissions and log into ghcr.io for release (#942 )	2022-04-06 21:15:55 +00:00
Alex Goodman	748cfbf006	Retry auth URL lookup without docker credentialhelper workaround (#939 )	2022-04-06 16:27:13 +00:00
Sambhav Kothari	8bc5d84481	Ensure that all cyclonedx components have bom-refs (#914 ) Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2022-04-01 12:19:30 -04:00

1 2 3 4 5 ...

981 commits