Mirrors/syft

mirror of https://github.com/anchore/syft synced 2024-09-20 14:11:54 +00:00

Author	SHA1	Message	Date
Alex Goodman	748cfbf006	Retry auth URL lookup without docker credentialhelper workaround (#939 )	2022-04-06 16:27:13 +00:00
Alex Goodman	f157d7a862	Pull from DockerHub fails for public images when using SSO (#928 )	2022-03-30 17:32:49 +00:00
Alex Goodman	cc2c0e57a0	bump strset version to fix 386 builds (#911 )	2022-03-23 14:34:54 -04:00
Alex Goodman	5253da4b36	Rollback referencing docker config items (#912 )	2022-03-23 18:33:41 +00:00
Alex Goodman	cffcaf5984	Improve docker config support (#906 )	2022-03-22 11:02:54 -04:00
j-k	a644a45ef4	Correct go.mod to enforce go 1.18 (#897 ) Since syft now depends on debug/buildinfo go 1.18 is required to build syft and as such go.mod needs updating Signed-off-by: 06kellyjac <jack@control-plane.io>	2022-03-21 15:38:32 -04:00
Alex Goodman	069aa68b63	Fix image cleanup when there is an error (#905 )	2022-03-21 14:48:11 +00:00
Jonas Xavier	6ef3e45ffc	Use go 1.18 buildinfo to catalog binaries (#827 ) * initial working version Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * added build settings to pkg metadata wip - unit tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * handle mach-O FatFiles Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add support to mod replace fixed golang catalger tests trying GH Actions with go 1.18rc1 Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * log error Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * use go-macholibre for extraction Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * cleaner tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add version to main module Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * check macho file with macholibre Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * run golangci in its own workflow Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip - golangci workflow Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix golangci wf yml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix golangci wf yml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip - golangci wf Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip - golangci wf Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * get arch from bin file headers upgrade macholibre Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * test new stereoscope lazy reader interface Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove devel version from golang cataloger Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * switch github workflows to go1.18 stable Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add union reader interface in golang cataloger update stereoscope Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * simpler golangci validation Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix makefile Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * get archs refactor Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * nolint for golang version Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix go bin tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * golangci nolint needs a \n before package Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * cleanup Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * move golangci-lint to its own jobs again Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix ci yaml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add support for xcoff files add arch assets to test bin file types Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * clean up golangci-lint config Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * nolint for xcoff Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * explain nolints Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove unused xcoff testdata assets Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * make go bin test-fixtures in docker Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix make clean with -f Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * update json output schema Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * update schema version in test fixture Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * explain possible empty main module Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-03-16 17:07:02 -07:00
mikey strauss	95271fb10d	NPM PURLs are invalid (#832 ) Signed-off-by: houdini91 <mdstrauss91@gmail.com>	2022-03-15 11:54:33 -04:00
Christopher Angelo Phillips	fa03723617	Upgrade vault api from v1.3.1 to v1.4.1 (#878 ) * move v1.3.1 => v1.4.1 * go mod tidy Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-03-09 15:11:07 -05:00
Sambhav Kothari	39737a2825	Update cyclonedx to v1.4 (#820 )	2022-03-08 12:09:55 -05:00
Alex Goodman	5123f073c7	Update containerd via stereoscope (#870 ) Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-03-07 17:37:20 +00:00
Alex Goodman	a86dd3704e	Add platform selection (#866 )	2022-03-04 22:41:38 +00:00
Dan Luhring	1e75cb0418	Update to cosign v1.5.2 (#857 )	2022-03-02 15:09:47 +00:00
Christopher Angelo Phillips	afc0c1acd9	855 attest registry source only (#856 ) Add source.NewFromRegistry function so that the syft attest command can always explicitly ask for an OCIRegistry provider rather than rely on local daemon detection for image sources. Attestation can not be used where local images loaded in a daemon are the source. Digest values for the layer identification step in attestation can sometimes vary across workstations. This fix makes it so that attest is generating an SBOM for, and attesting to, a source that exists in an OCI registry. It should never load a source from a local user docker/podman daemon. Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2022-03-01 23:16:42 -05:00
Alex Goodman	99bb93d0fe	Resolve symlinks when fetching file contents (#782 )	2022-02-24 10:01:59 -05:00
Christopher Angelo Phillips	256e85bc12	510 - SBOM attestation stdout (#785 ) add syft attest command to produce an attestation as application/vnd.in-toto+json to standard out using on disk PKI Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-02-22 21:45:12 -05:00
Jonas Xavier	4b16737b2f	ignore minor parsing error when reading dpkg status files (#786 ) * ignore minor parsing error when reading dpkg status files helps with https://github.com/anchore/syft/issues/733 Question: should we add a smarter parser to guess approximate installed-size value? Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add datasize lib to help dpkg parsing added unit tests to expand coverage of dpkg parsing Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * drop parse error added unit tests to handleNewKeyValue Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * don't return parsing errors from dpkg Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * test higher level functions Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * return parsing err to let cataloger handle it Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * ignore key parsing error log warning with relevant context Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add context info to log lines simpler error assertion Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * use error.As to assert error in chain Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-02-17 14:05:11 -08:00
Alex Goodman	51c6eb30f5	bump stereoscope to include functional options (#823 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-02-14 20:40:51 -05:00
Christopher Angelo Phillips	e1e9ccb401	update golang crypto library dependency (#815 ) * bump golang crypto to resolve CVE-2020-29652 Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * go mod tidy Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-02-11 13:36:52 -05:00
Jonas Xavier	a04fa68539	Ensure completion of UI progress bar (#810 ) * update stereoscope fetches latest fixes for UI Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * use context when getting image Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-02-09 11:23:58 -08:00
Keith Zantow	76f8205936	Suport SPDX SBOM decoding (#738 )	2022-02-09 14:11:20 -05:00
Christopher Angelo Phillips	8f96adacfb	Upgrade golang to 1.17 (#809 ) * initial upgrade workflow Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * update go.mod Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-02-09 11:08:24 -05:00
Jonas Xavier	40423d8eee	update stereoscope version - include Podman support (#781 ) * update stereoscope Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix FilesByMIMEType tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * change expected mime types in unit tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * test stereoscope fix Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove mod replace and use latest stereoscope Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-02-01 14:47:15 -08:00
Alex Goodman	706f291679	Replace distro type (#742 ) * remove strong distro type Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump json schema to v3 (breaking distro shape) Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * allow for v2 decoding of distro idLikes field in v3 json decoder Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix casing in simple linux release name Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * use discovered name as pretty name in simple linux release Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-01-12 12:13:42 -05:00
Christopher Angelo Phillips	b77ddfc29c	bump stereoscope version to remove old containerd (#741 ) * bump stereoscope version to remove old containerd Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * go mod tidy Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-01-10 13:40:24 -05:00
Keith Zantow	5e5312c72d	Add support for multiple output files in different formats (#732 )	2022-01-06 17:52:20 -05:00
Alex Goodman	38c4b17847	Add support for searching for jars within archives (#734 ) * add support for searching jars within archives Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add package cataloger config options Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * address review comments + factor out safeCopy helper Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update config docs regarding package archive search options Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * show that unindexed archive cataloging defaults to false Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove lies about -s Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * address review comments Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update search archive note about java Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-01-06 21:40:51 +00:00
Dan Luhring	7de5e1288f	Fix unhelpful error message for oci-archive scheme (#705 ) * Improve error message Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Return error from stereoscope immediately Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Bump version of stereoscope Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Conditionally retry image retrieval Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Update error message for source construction failure Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Update stereoscope Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Retry image pull without predetermined image source Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Add comment to image pull source determination Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2021-12-22 18:53:23 +00:00
Jonas Galvão Xavier	5374a1dc6f	add cyclone-json output format (#635 ) * add cyclone json format Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * adapt format to sbom.SBOM structure Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * cycloneDX json output with official lib Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add cycloneDX 1.3 schema output in xml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix lints errors Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * tidying go mod Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove cycloneDX 1.2 format Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * update cycloneDX xml schema Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix cyclone according to schema Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * use RFC 2141 URN form of uuid for serial number add schema validation for cycloneDX 1.3 JSON output add yajsv cli for JSON schema validation during tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * tidying go mod up Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go get json schema validator Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * install yajsv without mess with go mod Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * reuse code between cycloneDX json & xml encoders Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add output options for cyclone XML add bom.json to .gitignore Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add cyclone json format Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * adapt format to sbom.SBOM structure Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * cycloneDX json output with official lib Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add cycloneDX 1.3 schema output in xml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix lints errors Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * tidying go mod Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove cycloneDX 1.2 format Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * update cycloneDX xml schema Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix cyclone according to schema Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * use RFC 2141 URN form of uuid for serial number add schema validation for cycloneDX 1.3 JSON output add yajsv cli for JSON schema validation during tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * tidying go mod up Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go get json schema validator Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * install yajsv without mess with go mod Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * reuse code between cycloneDX json & xml encoders Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add output options for cyclone XML add bom.json to .gitignore Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix cyclone12xml removal Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2021-12-03 17:06:23 -08:00
Alex Goodman	22c4b275e7	bump containerd and image-spec (#654 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-12-03 16:12:43 +00:00
Alex Goodman	ffccfc8f3f	update stereoscope to bump docker dependency (#648 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-12-02 11:18:00 -05:00
Alex Goodman	00206233e6	use smaller jotframe event buffer (#647 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-11-30 11:23:16 -05:00
Alex Goodman	d76c868481	Catalog archive contents for single-file input (#637 ) * add first-level archive processing when input is a file Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add license exception for github.com/xi2/xz Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * always return cleanup function Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * change source.NewFromFile log entry to warn Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * ensure file source always has cleanup function Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * ensure we are always preferring the unarchive cleanup function for source Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-11-19 14:16:25 +00:00
Alex Goodman	9090c3a772	bump stereoscope, docker, and GGCR (#633 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-11-16 19:43:46 +00:00
Alex Goodman	ef627d82ef	Introduce relationships as first-class objects (#607 ) * migrate pkg.ID and pkg.Relationship to artifact package Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * return relationships from tasks Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix more tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add artifact.Identifiable by Identity() method Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove catalog ID assignment Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * adjust spdx helpers to use copy of packages Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * stabilize package ID relative to encode-decode format cycles Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rename Identity() to ID() Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * use zero value for nils in ID generation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * enable source.Location to be identifiable Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * hoist up package relationship discovery to analysis stage Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update ownership-by-file-overlap relationship description Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add test reminders to put new relationships under test Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * adjust PHP composer.lock parser function to return relationships Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-11-16 14:14:13 -05:00
Alex Goodman	8ec3f1d102	Use anchore fork of go-presenter (#611 ) * use anchore fork of go-presenter Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * drop coverage threshold Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-11-02 18:09:26 +00:00
Alex Goodman	ecab44bba1	Add SPDX tag-value format object (#605 ) * add new spdx tag-value format Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove public presenter package Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-11-02 13:45:34 -04:00
Christopher Angelo Phillips	a2882ee810	Update package identifier to be constant across multiple syft run (#595 ) Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>	2021-10-29 16:00:36 +00:00
Alex Goodman	ff5fa2dc1d	pull in space suffix fix (#587 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-10-25 10:14:17 -04:00
Christopher Angelo Phillips	10fa8dc7c9	Add windows support (#548 ) * update build tags, ui support, and stereoscope, and release for windows support Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>	2021-10-21 12:49:36 -04:00
Christopher Angelo Phillips	b25f5b664b	(464) - remove mod and cargo from image cataloger (#539 ) * remove mod and cargo from image cataloger Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com> * update test error messages for clear failures Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>	2021-10-07 15:18:20 -04:00
Christopher Angelo Phillips	3462e18af3	478 identify go binaries and extract mod information (#534 ) * add query by MIME type to source.FileResolver Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * import stereoscope lib changes to find mime type - add bin cataloger - add bin parser - add mime type go utils - import new resolver Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com> * add go std library code to unpack bin - keep them in their own (original) files - add note for "this code was copied from" - comment the lines the required changing Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2021-10-07 12:16:38 -04:00
Alex Goodman	9189ed68df	Add query by MIME type to source.FileResolver (#529 ) * add query by MIME type to source.FileResolver Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * pull in stereoscope MIME type feature Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-10-05 20:50:53 -04:00
Dan Luhring	316d4341c8	Use Anchore fork of packageurl lib without replace directive (#512 ) Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-09-22 15:04:09 -04:00
Alex Goodman	9fe1da8ee6	update go-rpmdb and restruct gomod references (#506 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-09-14 14:51:19 -04:00
Alex Goodman	abbba3fc19	Modify CPE vendor candidate generation approach (#484 ) * consider additional vendor candidates for ruby, python, rpm, npm, and java Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add java pom.xml processing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * allow for downstream transform control in cpe generation processing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * migrate CPE generation logic to dedicated package Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * split java manifest groupID extraction into two tiers Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * extract groupID from pom parent project during CPE generation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update java groupID processing tests to cover multi-tier approach Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix constructor names for cpe.fieldCandidate Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rename helper function to startsWithTopLevelDomain Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add nil changes for java manifest sections Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update comment to reflect parsing maven files Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * split out java description parsing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * split out pom parent processing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * simplify vendorsFromGroupIDs and associated tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * simplify test type for vendorsFromGroupIDs Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * copy candidate varidations to new instances Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rename CPE generation string util functions Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add an explanation around fieldCandidate Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * simplify type for the cpe.fieldCandidateSet Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * make CPE filter function names more readable Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update groupIDsFromJavaManifest to use a guard clause Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * extract groupID extraction from artifactID fields into a separate function Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump goreleaser version to combat failure Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-09-03 14:21:25 -04:00
Keith Zantow	93b4bf9379	Add option to enable http registry connections (#482 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2021-08-17 12:52:51 -04:00
Keith Zantow	58f2be95fd	chore: update packageurl-go and add encoding tests for #351 (#481 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2021-08-13 15:39:52 -04:00
Alex Goodman	fee35dd175	redirect cursor hide/show to stderr (#456 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-06-30 13:10:00 -04:00
Alex Goodman	962e82297c	Split UI from event handling (#448 ) * split UI from event handling Signed-off-by: Alex Goodman <wagoodman@gmail.com> * add event loop tests Signed-off-by: Alex Goodman <wagoodman@gmail.com> * use stereoscope cleanup function during signal handling Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * correct error wrapping in packages cmd Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * migrate ui event handlers to ui package Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * clarify command worker input var + remove dead comments Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-06-29 18:28:09 +00:00
Alex Goodman	706322f826	Add SPDX support (#445 ) * add initial spdx support Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * expose FileOwner and use in SPDX presenter Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add initial json support for SPDX Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add remaining package fields Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add spdx license list generation + tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * keep fileOwner unexported from pkg Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * restore cli test util Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add external refs to spdx tag-value format Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add golang support to CPE generation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * use tag-value format as default "spdx" format flavor Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add tests around spdx presenters + refactor presenter tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add bouncer exception for spdx tools-golang repo Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove spdx model questions Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-06-25 16:30:41 -04:00
Alex Goodman	2f81a2548c	allow for RPM package epoch to be optionally provided in the version string Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-06-02 15:28:12 -04:00
Dan Luhring	17bbf840cf	Allow registry auth config without authority value (#420 ) * Allow registry auth config without authority value Signed-off-by: Dan Luhring <dan.luhring@anchore.com> * Update CLI tests for new stereoscope log output Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-05-24 16:05:56 -04:00
Alex Goodman	0c7706f254	add extra RPM file record fields (user, group, flags) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-16 10:25:46 -04:00
Alex Goodman	b771d7bfd3	bump go.mod minimum required go version Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-16 08:53:03 -04:00
Alex Goodman	2ff3f58730	pull in stereoscope manifest + repo digests on registry source Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-13 18:29:12 -04:00
Alex Goodman	c363b2b532	Add ability to pull images directly from a registry (#378 ) * add registry image source Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * use explicit source for fetching image + add scheme and registry tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * adjust test variable name and add credential helper function Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-13 13:30:57 +00:00
Alex Goodman	7ec0e3785f	bump stereoscope ; pull in fix to ensure credentials are not HTML encoded Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-04-05 14:20:49 -04:00
Alex Goodman	3ef30f99be	pull in stereoscope cache fix + add test cache makefile target helpers Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-03-23 14:31:59 -04:00
Alex Goodman	d420368ba9	add tests around new file metadata cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-03-23 11:00:59 -04:00
Alex Goodman	1d87f07da1	update pipeline with new levels of testing Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-03-22 10:58:07 -04:00
Alex Goodman	6d5ff0fd8e	Mark package relations by file ownership (#329 ) * add marking package relations by file ownership Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * correct json schema version; ensure fileOwners dont return dups; pin test pkg versions Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * extract package relationships into separate section Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * pull in client-go features for import of PackageRelationships Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * move unit test for ownership by files relationship further down Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rename relationship to "ownership-by-file-overlap" Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-02-25 13:47:13 -05:00
Dan Luhring	3b4d4b186f	Bring in fix to zero layers panic from stereoscope Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2021-02-01 11:54:30 -05:00
Alex Goodman	33c27c4f3d	add HasPath() to Resolver interface Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-01-04 19:39:49 -05:00
Alex Goodman	7f4e8ab97d	Fix symlink resolutions for constituent paths (#304 ) * bump stereoscope to pull in content API refactors Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * incorporate symlink fixes Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * with filetree.File() adjustments Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * regress all-layers scope to not include dead-links + default tests to squashed scope Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * restore all layers resolver glob behavior (custom + lazy link resolution) Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * incorporate filetree link resolution options and restore no-follow dead link option for resolvers Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * removed path from lower-level FileTree.File() calls Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump stereoscope to pull in latest link resolution fixes Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump doublestar to v2 for directory resolver Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-01-04 16:41:45 -05:00
Alex Goodman	d475e6280a	bump stereoscope to pull in content API refactors Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-01-04 14:07:14 -05:00
Alex Goodman	6aaf9ee712	Incorporate import changes + add image overwrite option (#294 ) * incorporate import changes + add image overwrite option Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update import tests to account for arbitrary json shape Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-12-18 16:59:30 -05:00
Alex Goodman	82c8a8e17b	add mem profile option and refactor python cataloger for batch requests Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-12-15 10:59:14 -05:00
Alex Goodman	52bac6e2fd	Add enterprise upload capability (#285 ) * add support to upload results to enterprise Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add package sbom upload Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add dockerfile support Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add manifest, index, and dockerfile import functions Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * schema version to json output + enhance json schema generation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * modify package SBOM shape to be entire syft document + add etui updates Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add import image config and manifest support Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add config options for import to enterprise Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * incorporate final stereoscope and client-go deps Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-12-09 22:20:53 -05:00
Alex Goodman	3ce7eabc98	bump stereoscope to remove tree-catalog syft check Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-12-03 16:20:17 -05:00
Alex Goodman	2989d3d975	include CPEs with elementds from POM GroupId fields Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-12-01 08:00:49 -05:00
Dan Luhring	ae71b8832d	Update stereoscope version to fix opaque directory merge issue (#278 ) Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2020-11-30 11:37:44 -05:00
Alex Goodman	8a17bfb69f	generate json schema from struct definitions Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-11-20 15:47:10 -05:00
Alex Goodman	3aaa0e5566	move package purl and cpes (identities) to pkg.Package Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-11-19 11:25:51 -05:00
Alex Goodman	6aba2f48d4	split out rpmdb file processing to helper + lint fixes Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-11-06 10:44:27 -05:00
Alex Goodman	8095cd9980	add rpmdb file info to cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-11-06 07:21:23 -05:00
Dan Luhring	f19cb03aa0	Update doublestar to include fix for open dirs issue (#240 ) Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2020-10-26 11:19:25 -04:00
Alex Goodman	b5ce187ba7	replace modfile with stdlib (#187 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-09-28 17:25:04 -04:00
Alex Goodman	576fbc898b	rm stereoscope from testutils (#181 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-09-25 14:53:05 -04:00
Alex Goodman	3d91a66536	Add OCI support + use URI schemes for user image input (#178 ) * add oci support + update image schemes Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update docs to reflect OCI image sources + URI scheme change Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update to oci-dir Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump upstream stereoscope pin Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-09-25 10:24:24 -04:00
Samuel Dacanay	b467964044	port over shell completion w/ cobra from grype, find/replace, etc. Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com>	2020-09-15 09:07:17 -07:00
Alex Goodman	8a4886ec0e	Add package URL support to the CycloneDX presenter (#164 ) * add package URL support to the CycloneDX presenter Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * wrap license tags with licenses Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-08-30 21:40:19 -04:00
Alex Goodman	f892289e7c	Add CycloneDX presenter (#157 ) * add CycloneDX presenter + BOM Descriptor extension Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add docstrings to cyclonedx presenter Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-08-24 20:43:29 -04:00
Alex Goodman	95517d131a	Improve overall documentation (#148 ) * improve overall documentation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix tests to use scope.Resolver over scope Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-08-13 16:34:32 -04:00
Dan Luhring	47a0454084	Update dependencies (#147 ) Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2020-08-13 12:12:05 -04:00
Alex Goodman	5042d371cf	migrate to anchore/go-rpmdb (#144 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-08-11 15:32:51 -04:00
Alex Goodman	2d452bf59e	Add inline-comparison as acceptance test (#130 ) * add inline-compare as acceptance test Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add additional RPM metadata Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add comments and doc strings to the compare-* make targets Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2020-08-10 10:33:44 -04:00
Dan Luhring	70e673204c	Add poetry cataloger (#121 ) * Minor cleanup Signed-off-by: Dan Luhring <dan.luhring@anchore.com> * Update pkg Type definition to string Signed-off-by: Dan Luhring <dan.luhring@anchore.com> * Implement poetry.lock parsing Signed-off-by: Dan Luhring <dan.luhring@anchore.com> * Address CI issues Signed-off-by: Dan Luhring <dan.luhring@anchore.com> * Integrate Alex's changes Signed-off-by: Dan Luhring <dan.luhring@anchore.com>	2020-08-04 18:22:43 -04:00
Alex Goodman	e2a874a277	finalize json output & add schema (#118 )	2020-08-04 16:05:53 -04:00
Alex Goodman	8fe59c6f1a	bump stereoscope for docker pull + add UI elements for pull status (#117 )	2020-08-03 16:03:47 -04:00
Alex Goodman	78515da285	replace zap logger with logrus (#116 )	2020-08-01 11:56:38 -04:00
Alex Goodman	e3976596f3	pull in fix for bounds check progress formatting values in etui	2020-07-31 06:56:20 -04:00
Alex Goodman	271ba35c85	Export UI handlers for reuse in other tools (#113 ) * export UI handlers for reuse in other tools * bump jotframe to fix cursor issues at frame close	2020-07-30 15:16:58 -04:00
Alex Goodman	32071b0bf1	add default table presenter	2020-07-23 21:48:12 -04:00
Alex Goodman	a4016d35ce	rename to syft	2020-07-23 20:54:04 -04:00
Alex Goodman	ba4f63099d	Add release process (#89 ) * add check for app update; fix ETUI error handling * validate user args * add goreleaser support * replace cgo dependencies (go-rpm) with go equivalents * add acceptance tests against build snapshot * add brew tap + acceptance test pipeline * add mac acceptance tests * fix compare makefile * fix mac acceptance tests * add release pipeline with wait checks * add token to release step * rm dir presenters int test * enforce dpkg to be non interactive Co-authored-by: Alfredo Deza <adeza@anchore.com> * pin brew formulae * pin skopeo to formulae url * only run acceptance tests Co-authored-by: Alfredo Deza <adeza@anchore.com>	2020-07-23 10:52:44 -04:00
Alex Goodman	44c69f1f91	add go.mod cataloger (#97 )	2020-07-23 08:17:30 -04:00
Alex Goodman	7ebb9f4e0b	Add check for app update (#88 ) * add check for app update; fix ETUI error handling * validate user args	2020-07-21 12:02:03 -04:00
Alfredo Deza	942cd6eb18	dependencies: add doublestar for recursive globbing support Signed-off-by: Alfredo Deza <adeza@anchore.com>	2020-07-21 11:10:02 -04:00
Alex Goodman	e8d11eec69	add license validation (#80 )	2020-07-13 13:07:20 -04:00
Alex Goodman	1896831c39	add rpmdb support; enhance integration tests	2020-07-06 12:55:11 -04:00
Alex Goodman	d59a19697d	add coverage + makefile improvements	2020-07-06 07:25:18 -04:00
Alex Goodman	926b5f2a50	add and use event bus for UI progress	2020-06-25 10:39:11 -04:00
Alex Goodman	cd94179985	add symlink content fetching support	2020-06-16 11:37:37 -04:00
Alex Goodman	83e96e8880	generalize common analyzer elements	2020-06-04 17:49:52 -04:00
Alex Goodman	f33720eaa1	add gem analyzer	2020-06-04 14:42:59 -04:00
Alex Goodman	cc724bff26	use filetree reader instead of filetree	2020-06-02 08:52:26 -04:00
Alex Goodman	45fbd05cf9	add first distro support	2020-06-01 10:46:06 -04:00
Alex Goodman	a0e48468c2	with package id	2020-05-29 16:06:31 -04:00
Alex Goodman	1b9effeb49	remove WithFields; add stereoscope logging	2020-05-23 19:22:52 -04:00
Alex Goodman	ae6feed8fc	add named logger + color formatting	2020-05-22 11:30:45 -04:00
Alex Goodman	3e71315195	add app config and logging interface	2020-05-21 15:25:59 -04:00
Alex Goodman	2471663d27	sync/fmt linting tasks with stereoscope	2020-05-21 09:37:20 -04:00
Alex Goodman	17b4b26fbb	update sterescope + add json presenter	2020-05-20 18:29:06 -04:00
Alfredo Deza	5bc17310b6	update dependencies Signed-off-by: Alfredo Deza <adeza@anchore.com>	2020-05-19 09:07:34 -04:00
Alex Goodman	1342cc5b06	add analysis coordination (with dummy analyzer)	2020-05-18 11:59:33 -04:00
Alex Goodman	11b2b1ab45	add scope feature + lint fixes	2020-05-12 20:43:46 -04:00
Alex Goodman	1e5c7bb5c7	initial project structure	2020-05-12 10:45:18 -04:00

... 6 7 8 9 10

469 commits