Weston Steimel
bcc7e90fcc
fix(java): improve identification for com.graphql-java artifacts ( #2397 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-06 18:04:43 +00:00
anchore-actions-token-generator[bot]
fa1baabc05
chore(deps): update tools to latest versions ( #2395 )
2023-12-06 10:49:07 -05:00
Weston Steimel
b5906824cb
chore: enhance java purl generation integration test ( #2393 )
...
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2023-12-06 15:31:16 +00:00
Colm O hEigeartaigh
16dee41b4b
feat: add ability to retrieve remote licenses for yarn.lock ( #2338 )
...
---------
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-12-05 13:38:28 -05:00
dependabot[bot]
23778de112
chore(deps): bump anchore/sbom-action from 0.15.0 to 0.15.1 ( #2392 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.0 to 0.15.1.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](fd74a6fb98...5ecf649a41
)
---
updated-dependencies:
- dependency-name: anchore/sbom-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-05 09:48:40 -05:00
Colm O hEigeartaigh
3ba9df4ff3
Retrieve remote licenses using pom.properties when there is no pom.xml ( #2315 )
...
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
2023-12-05 09:47:40 -05:00
Weston Steimel
bbf223b2c9
fix(java): improve identification for org.apache.tapestry artifacts ( #2384 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-04 11:23:40 -05:00
Weston Steimel
b126276f97
fix(java): improve identification for io.ratpack artifacts ( #2379 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-04 11:23:26 -05:00
Weston Steimel
40d766a257
fix(java): improve identification for org.apache.cassandra artifacts ( #2386 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-01 10:51:14 -05:00
Weston Steimel
814960f65a
fix(java): improve identification for org.neo4j.procedure artifacts ( #2388 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-01 10:50:24 -05:00
William Murphy
13758260dd
fix: bump fangs for ptr summarize fix ( #2387 )
...
Previously, pointers to primitive types in config summarization could be
printed literally (like "0x123aefef"). Pull in fangs to get the fix for
this.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-12-01 14:37:42 +00:00
Weston Steimel
11039f4b4e
fix(java): improve identification for org.elasticsearch artifacts ( #2383 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-01 09:22:33 -05:00
Weston Steimel
413ffdb233
fix(java): improve identification for org.apache.geode artifacts ( #2382 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-01 12:48:15 +00:00
Weston Steimel
e53fe51612
fix(java): improve identification for org.apache.tomcat.embed artifacts ( #2381 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-01 07:13:13 -05:00
Weston Steimel
facbc486a8
fix(java): improve identification for io.projectreactor.netty artifacts ( #2378 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-01 07:09:06 -05:00
Weston Steimel
5d42a349e6
fix(java): improve identification for org.eclipse.platform artifacts ( #2349 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-11-30 16:02:03 -05:00
Alex Goodman
4adfbeb5f0
Generalize UI events for cataloging tasks ( #2369 )
...
* generalize ui events for cataloging tasks
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* moderate review comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* incorporate review comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* rename cataloger task progress object
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* migrate cataloger task fn to bus helper
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-30 16:25:50 +00:00
anchore-actions-token-generator[bot]
b943da6433
chore(deps): update tools to latest versions ( #2376 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2023-11-30 09:25:02 -05:00
dependabot[bot]
e8119acf93
chore(deps): bump github.com/google/go-containerregistry ( #2377 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.16.1 to 0.17.0.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.16.1...v0.17.0 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-30 09:24:25 -05:00
Laurent Goderre
06b9a79e3d
chore: fix tests failing due to Mac Rosetta cache ( #2374 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2023-11-29 18:39:28 +00:00
Keith Zantow
ef5c1651ef
fix: improve dotnet portable executable identification ( #2133 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-11-29 12:51:24 -05:00
Alex Goodman
5c8dd4c3a7
fix file metadata cataloger to use resolved locations ( #2370 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-29 09:42:34 -05:00
Keith Zantow
f5a6b5a02f
fix: logging level for parsing potential PE files ( #2367 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-11-29 03:42:22 +00:00
Alex Goodman
c379d21e9a
only remove breaking-change label when there are schema changes ( #2371 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-28 17:59:04 -05:00
Keith Zantow
a50a0f77d2
fix: capture root command stdout ( #2364 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-11-28 15:04:28 -05:00
William Murphy
ea4a6747eb
fix: hardcode xalan group ID ( #2368 )
...
According to maven central, the package called "xalan" should just have
the group ID xalan, but currently syft isn't able to find that.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-11-28 14:40:03 -05:00
Alex Goodman
1cfc4c7387
Normalize cataloger configuration patterns ( #2365 )
...
* normalize cataloger patterns
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove central reference for maven configurable
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-28 17:02:43 +00:00
Alex Goodman
4d0da703bf
normalize enums to lowercase with hyphens ( #2363 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-28 11:02:20 -05:00
anchore-actions-token-generator[bot]
4ee6be3777
chore(deps): update tools to latest versions ( #2358 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2023-11-28 10:22:57 -05:00
dependabot[bot]
5d44e49d2f
chore(deps): bump github.com/spf13/afero from 1.10.0 to 1.11.0 ( #2361 )
...
Bumps [github.com/spf13/afero](https://github.com/spf13/afero ) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/spf13/afero/releases )
- [Commits](https://github.com/spf13/afero/compare/v1.10.0...v1.11.0 )
---
updated-dependencies:
- dependency-name: github.com/spf13/afero
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-28 10:22:21 -05:00
dependabot[bot]
5dd3b127b0
chore(deps): bump github.com/go-git/go-git/v5 from 5.10.0 to 5.10.1 ( #2362 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.10.0 to 5.10.1.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.10.0...v5.10.1 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-28 10:21:59 -05:00
William Murphy
ce4b31757a
fix: index file itself when file scan path has symlink ( #2359 )
...
Previously, building the index of the filesystem when source was file
would fail if part of the path syft was passed to the file included a
symlinked directory, resulting in cataloging misses.
---------
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-11-28 09:41:28 -05:00
dependabot[bot]
c08b0990ca
chore(deps): bump github/codeql-action from 2.22.7 to 2.22.8 ( #2351 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.7 to 2.22.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](66b90a5db1...407ffafae6
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-24 06:42:30 -05:00
Alex Goodman
8ee209a5ae
use read lock in pkg collection ( #2341 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-21 13:48:25 -05:00
Alex Goodman
4712246897
Fix the attest
command ( #2337 )
...
* fix attest command
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add notification on how to access the attestation
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix integration test
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-21 18:29:58 +00:00
Weston Steimel
ebeb768f59
fix: add manual namespace mapping for org.springframework jars ( #2345 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-11-21 18:28:10 +00:00
Duane May
d4733fac1d
Add binary classifiers for MySQL and MariaDB ( #2316 )
...
* Add MySQL and MariaDB binary classifiers
Signed-off-by: Duane May <duanemay@gmail.com>
Signed-off-by: Duane May <mduane@vmware.com>
* use smallest possible binary fixtures
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Duane May <duanemay@gmail.com>
Signed-off-by: Duane May <mduane@vmware.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-21 16:54:41 +00:00
David Dooling
34774a0e10
Enhance redis binary classifier ( #2329 )
...
Allow existing matcher to match host identifiers longer than 12
characters. The binaries distributed by redis have the version before
payload, so add a matcher for that. Add test fixtures covering these
scenarios.
Signed-off-by: David Dooling <david.dooling@docker.com>
2023-11-21 16:24:59 +00:00
dependabot[bot]
1c582f0aa5
chore(deps): bump anchore/sbom-action from 0.14.3 to 0.15.0 ( #2344 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.14.3 to 0.15.0.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](78fc58e266...fd74a6fb98
)
---
updated-dependencies:
- dependency-name: anchore/sbom-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-21 11:12:43 -05:00
Weston Steimel
9d766c0325
fix: add manual namespace mapping for org.springframework.security jars ( #2343 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-11-21 13:46:34 +00:00
Weston Steimel
5751b43608
fix: add manual namespace mapping for org.bouncycastle jars ( #2342 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-11-21 08:17:07 -05:00
Alex Goodman
51d015d5ea
Update developer docs to represent the current package layout ( #2340 )
...
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-20 15:06:18 -05:00
Alex Goodman
5565bdef0c
Remove the power-user command and related catalogers ( #2306 )
...
* remove the power-user command
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove secrets + classifier catalogers
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bump json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* regenerate json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-20 15:44:28 +00:00
Alex Goodman
1676934c63
Add "pretty" json configuration and change default behavior to be space-efficient ( #2275 )
...
* expose underlying format options
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove escape html options and address PR feedback
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* incorporate PR feedback
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix cli test
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-20 15:29:34 +00:00
anchore-actions-token-generator[bot]
7cfb5f630a
chore(deps): update stereoscope to 3610f4ef3e83e8ff2edf8859e8916bce326fa260 ( #2336 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
2023-11-17 20:53:01 +00:00
Christopher Angelo Phillips
ba80e490c2
feat: allow for stdout to be buffered on each command ( #2335 )
...
* feat: add preRun func to version to restore stdout
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: add test to capture version in output
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* change stdout buffering to log to be opt-in per command
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-17 14:14:13 -05:00
Keith Zantow
1c787f436f
fix: prevent writing non-report output to stdout ( #2324 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-11-16 17:45:25 -05:00
dependabot[bot]
c7eb3f4c93
chore(deps): bump github/codeql-action from 2.22.6 to 2.22.7 ( #2332 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.6 to 2.22.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](689fdc5193...66b90a5db1
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-16 09:22:23 -05:00
Alex Goodman
11a8cde8e4
export metadata type helper ( #2328 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-15 19:05:18 +00:00
Weston Steimel
dcd062cffb
fix(java): add manual groupid mappings for org.apache.velocity jars ( #2327 )
...
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2023-11-15 17:44:36 +00:00