Mirrors/syft

mirror of https://github.com/anchore/syft synced 2024-09-20 22:21:56 +00:00

Author	SHA1	Message	Date
Weston Steimel	bcc7e90fcc	fix(java): improve identification for com.graphql-java artifacts (#2397 ) Signed-off-by: Weston Steimel <weston.steimel@proton.me>	2023-12-06 18:04:43 +00:00
anchore-actions-token-generator[bot]	fa1baabc05	chore(deps): update tools to latest versions (#2395 )	2023-12-06 10:49:07 -05:00
Weston Steimel	b5906824cb	chore: enhance java purl generation integration test (#2393 ) Signed-off-by: Weston Steimel <weston.steimel@anchore.com>	2023-12-06 15:31:16 +00:00
Colm O hEigeartaigh	16dee41b4b	feat: add ability to retrieve remote licenses for yarn.lock (#2338 ) --------- Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-12-05 13:38:28 -05:00
dependabot[bot]	23778de112	chore(deps): bump anchore/sbom-action from 0.15.0 to 0.15.1 (#2392 ) Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.15.0 to 0.15.1. - [Release notes](https://github.com/anchore/sbom-action/releases) - [Commits](`fd74a6fb98...5ecf649a41`) --- updated-dependencies: - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-12-05 09:48:40 -05:00
Colm O hEigeartaigh	3ba9df4ff3	Retrieve remote licenses using pom.properties when there is no pom.xml (#2315 ) Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>	2023-12-05 09:47:40 -05:00
Weston Steimel	bbf223b2c9	fix(java): improve identification for org.apache.tapestry artifacts (#2384 ) Signed-off-by: Weston Steimel <weston.steimel@proton.me>	2023-12-04 11:23:40 -05:00
Weston Steimel	b126276f97	fix(java): improve identification for io.ratpack artifacts (#2379 ) Signed-off-by: Weston Steimel <weston.steimel@proton.me>	2023-12-04 11:23:26 -05:00
Weston Steimel	40d766a257	fix(java): improve identification for org.apache.cassandra artifacts (#2386 ) Signed-off-by: Weston Steimel <weston.steimel@proton.me>	2023-12-01 10:51:14 -05:00
Weston Steimel	814960f65a	fix(java): improve identification for org.neo4j.procedure artifacts (#2388 ) Signed-off-by: Weston Steimel <weston.steimel@proton.me>	2023-12-01 10:50:24 -05:00
William Murphy	13758260dd	fix: bump fangs for ptr summarize fix (#2387 ) Previously, pointers to primitive types in config summarization could be printed literally (like "0x123aefef"). Pull in fangs to get the fix for this. Signed-off-by: Will Murphy <will.murphy@anchore.com>	2023-12-01 14:37:42 +00:00
Weston Steimel	11039f4b4e	fix(java): improve identification for org.elasticsearch artifacts (#2383 ) Signed-off-by: Weston Steimel <weston.steimel@proton.me>	2023-12-01 09:22:33 -05:00
Weston Steimel	413ffdb233	fix(java): improve identification for org.apache.geode artifacts (#2382 ) Signed-off-by: Weston Steimel <weston.steimel@proton.me>	2023-12-01 12:48:15 +00:00
Weston Steimel	e53fe51612	fix(java): improve identification for org.apache.tomcat.embed artifacts (#2381 ) Signed-off-by: Weston Steimel <weston.steimel@proton.me>	2023-12-01 07:13:13 -05:00
Weston Steimel	facbc486a8	fix(java): improve identification for io.projectreactor.netty artifacts (#2378 ) Signed-off-by: Weston Steimel <weston.steimel@proton.me>	2023-12-01 07:09:06 -05:00
Weston Steimel	5d42a349e6	fix(java): improve identification for org.eclipse.platform artifacts (#2349 ) Signed-off-by: Weston Steimel <weston.steimel@proton.me>	2023-11-30 16:02:03 -05:00
Alex Goodman	4adfbeb5f0	Generalize UI events for cataloging tasks (#2369 ) * generalize ui events for cataloging tasks Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * moderate review comments Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * incorporate review comments Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * rename cataloger task progress object Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * migrate cataloger task fn to bus helper Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-11-30 16:25:50 +00:00
anchore-actions-token-generator[bot]	b943da6433	chore(deps): update tools to latest versions (#2376 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>	2023-11-30 09:25:02 -05:00
dependabot[bot]	e8119acf93	chore(deps): bump github.com/google/go-containerregistry (#2377 ) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.16.1 to 0.17.0. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.16.1...v0.17.0) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-30 09:24:25 -05:00
Laurent Goderre	06b9a79e3d	chore: fix tests failing due to Mac Rosetta cache (#2374 ) Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>	2023-11-29 18:39:28 +00:00
Keith Zantow	ef5c1651ef	fix: improve dotnet portable executable identification (#2133 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-11-29 12:51:24 -05:00
Alex Goodman	5c8dd4c3a7	fix file metadata cataloger to use resolved locations (#2370 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-11-29 09:42:34 -05:00
Keith Zantow	f5a6b5a02f	fix: logging level for parsing potential PE files (#2367 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-11-29 03:42:22 +00:00
Alex Goodman	c379d21e9a	only remove breaking-change label when there are schema changes (#2371 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-11-28 17:59:04 -05:00
Keith Zantow	a50a0f77d2	fix: capture root command stdout (#2364 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-11-28 15:04:28 -05:00
William Murphy	ea4a6747eb	fix: hardcode xalan group ID (#2368 ) According to maven central, the package called "xalan" should just have the group ID xalan, but currently syft isn't able to find that. Signed-off-by: Will Murphy <will.murphy@anchore.com>	2023-11-28 14:40:03 -05:00
Alex Goodman	1cfc4c7387	Normalize cataloger configuration patterns (#2365 ) * normalize cataloger patterns Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * remove central reference for maven configurable Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-11-28 17:02:43 +00:00
Alex Goodman	4d0da703bf	normalize enums to lowercase with hyphens (#2363 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-11-28 11:02:20 -05:00
anchore-actions-token-generator[bot]	4ee6be3777	chore(deps): update tools to latest versions (#2358 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>	2023-11-28 10:22:57 -05:00
dependabot[bot]	5d44e49d2f	chore(deps): bump github.com/spf13/afero from 1.10.0 to 1.11.0 (#2361 ) Bumps [github.com/spf13/afero](https://github.com/spf13/afero) from 1.10.0 to 1.11.0. - [Release notes](https://github.com/spf13/afero/releases) - [Commits](https://github.com/spf13/afero/compare/v1.10.0...v1.11.0) --- updated-dependencies: - dependency-name: github.com/spf13/afero dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-28 10:22:21 -05:00
dependabot[bot]	5dd3b127b0	chore(deps): bump github.com/go-git/go-git/v5 from 5.10.0 to 5.10.1 (#2362 ) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.10.0 to 5.10.1. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.10.0...v5.10.1) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-28 10:21:59 -05:00
William Murphy	ce4b31757a	fix: index file itself when file scan path has symlink (#2359 ) Previously, building the index of the filesystem when source was file would fail if part of the path syft was passed to the file included a symlinked directory, resulting in cataloging misses. --------- Signed-off-by: Will Murphy <will.murphy@anchore.com>	2023-11-28 09:41:28 -05:00
dependabot[bot]	c08b0990ca	chore(deps): bump github/codeql-action from 2.22.7 to 2.22.8 (#2351 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.7 to 2.22.8. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`66b90a5db1...407ffafae6`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-24 06:42:30 -05:00
Alex Goodman	8ee209a5ae	use read lock in pkg collection (#2341 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-11-21 13:48:25 -05:00
Alex Goodman	4712246897	Fix the `attest` command (#2337 ) * fix attest command Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add notification on how to access the attestation Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix integration test Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-11-21 18:29:58 +00:00
Weston Steimel	ebeb768f59	fix: add manual namespace mapping for org.springframework jars (#2345 ) Signed-off-by: Weston Steimel <weston.steimel@proton.me>	2023-11-21 18:28:10 +00:00
Duane May	d4733fac1d	Add binary classifiers for MySQL and MariaDB (#2316 ) * Add MySQL and MariaDB binary classifiers Signed-off-by: Duane May <duanemay@gmail.com> Signed-off-by: Duane May <mduane@vmware.com> * use smallest possible binary fixtures Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Duane May <duanemay@gmail.com> Signed-off-by: Duane May <mduane@vmware.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-11-21 16:54:41 +00:00
David Dooling	34774a0e10	Enhance redis binary classifier (#2329 ) Allow existing matcher to match host identifiers longer than 12 characters. The binaries distributed by redis have the version before payload, so add a matcher for that. Add test fixtures covering these scenarios. Signed-off-by: David Dooling <david.dooling@docker.com>	2023-11-21 16:24:59 +00:00
dependabot[bot]	1c582f0aa5	chore(deps): bump anchore/sbom-action from 0.14.3 to 0.15.0 (#2344 ) Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.14.3 to 0.15.0. - [Release notes](https://github.com/anchore/sbom-action/releases) - [Commits](`78fc58e266...fd74a6fb98`) --- updated-dependencies: - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-21 11:12:43 -05:00
Weston Steimel	9d766c0325	fix: add manual namespace mapping for org.springframework.security jars (#2343 ) Signed-off-by: Weston Steimel <weston.steimel@proton.me>	2023-11-21 13:46:34 +00:00
Weston Steimel	5751b43608	fix: add manual namespace mapping for org.bouncycastle jars (#2342 ) Signed-off-by: Weston Steimel <weston.steimel@proton.me>	2023-11-21 08:17:07 -05:00
Alex Goodman	51d015d5ea	Update developer docs to represent the current package layout (#2340 ) --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-11-20 15:06:18 -05:00
Alex Goodman	5565bdef0c	Remove the power-user command and related catalogers (#2306 ) * remove the power-user command Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * remove secrets + classifier catalogers Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * bump json schema Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * regenerate json schema Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-11-20 15:44:28 +00:00
Alex Goodman	1676934c63	Add "pretty" json configuration and change default behavior to be space-efficient (#2275 ) * expose underlying format options Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * remove escape html options and address PR feedback Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * incorporate PR feedback Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix cli test Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-11-20 15:29:34 +00:00
anchore-actions-token-generator[bot]	7cfb5f630a	chore(deps): update stereoscope to 3610f4ef3e83e8ff2edf8859e8916bce326fa260 (#2336 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>	2023-11-17 20:53:01 +00:00
Christopher Angelo Phillips	ba80e490c2	feat: allow for stdout to be buffered on each command (#2335 ) * feat: add preRun func to version to restore stdout Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * test: add test to capture version in output Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * change stdout buffering to log to be opt-in per command Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-11-17 14:14:13 -05:00
Keith Zantow	1c787f436f	fix: prevent writing non-report output to stdout (#2324 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-11-16 17:45:25 -05:00
dependabot[bot]	c7eb3f4c93	chore(deps): bump github/codeql-action from 2.22.6 to 2.22.7 (#2332 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.6 to 2.22.7. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`689fdc5193...66b90a5db1`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-16 09:22:23 -05:00
Alex Goodman	11a8cde8e4	export metadata type helper (#2328 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-11-15 19:05:18 +00:00
Weston Steimel	dcd062cffb	fix(java): add manual groupid mappings for org.apache.velocity jars (#2327 ) Signed-off-by: Weston Steimel <weston.steimel@anchore.com>	2023-11-15 17:44:36 +00:00

1 2 3 4 5 ...

1872 commits