* Add support for macOS signing and notarization
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* Use Docker to run the changelog generator locally
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* Adds java and npm package comparison
* Adds probable matching of extra packages syft found and missing packages that syft did not find (but inline did). This way there is a section of output that fuzzy-matches the package names to get a better sense of "real" problems (actual missing packages) vs slightly mismatched metadata during troubleshooting.
* Adds a set or probable missing packages to the report based on the probable matches (again, to aid in troubleshooting)
* Fixes image reference clean function to support references with registries
* Only shows metadata differences when the package was found by both inline and syft
* Splits the inline-compare code into more manageable pieces
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* Remove and update TODOs
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* Update TODO with link
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* Expand matching of requirements.txt file to include any prefixes or suffixes
Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com>
* Add some test cases to integration test (ensure syft can pick up multiple requirements files)
Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com>
* Run lint-fix
Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com>
* add package URL support to the CycloneDX presenter
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* wrap license tags with licenses
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* ensure acceptance tests fail when results are piped
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix spelling in inline-compare python script
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add inline-compare as acceptance test
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add additional RPM metadata
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add comments and doc strings to the compare-* make targets
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* Minor cleanup
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* Update pkg Type definition to string
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* Implement poetry.lock parsing
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* Address CI issues
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* Integrate Alex's changes
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
* add check for app update; fix ETUI error handling
* validate user args
* add goreleaser support
* replace cgo dependencies (go-rpm) with go equivalents
* add acceptance tests against build snapshot
* add brew tap + acceptance test pipeline
* add mac acceptance tests
* fix compare makefile
* fix mac acceptance tests
* add release pipeline with wait checks
* add token to release step
* rm dir presenters int test
* enforce dpkg to be non interactive
Co-authored-by: Alfredo Deza <adeza@anchore.com>
* pin brew formulae
* pin skopeo to formulae url
* only run acceptance tests
Co-authored-by: Alfredo Deza <adeza@anchore.com>
