Commit graph

1848 commits

Author SHA1 Message Date
Alex Goodman
17c605822e
refactor pkg.Collection (#2439)
- remove "catalog" references
- add a separate add() function for readability

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-12-15 17:11:11 -05:00
Alex Goodman
4eace4b141
refactor javascript cataloger to use configuration options when creating packages (#2438)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-12-15 17:11:02 -05:00
Alex Goodman
05660da8d7
use single source of truth for archive options (#2437)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-12-15 17:07:55 -05:00
Alex Goodman
2f378d806e
fix file digest cataloger when passed coordinates (#2436)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-12-15 14:43:09 -05:00
dependabot[bot]
b83cc8485a
chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.2 to 0.8.0 (#2413) 2023-12-14 17:18:37 -05:00
Colm O hEigeartaigh
38a12bd91a
Look for a maven version in a pom from a parent dependency management section (#2423)
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
2023-12-14 13:15:14 -05:00
Colm O hEigeartaigh
649d152548
Parse Python licenses from LicenseExpression entry in the Wheel Metadata (#2431)
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
2023-12-14 12:41:41 -05:00
dependabot[bot]
f5d5892434
chore(deps): bump github/codeql-action from 2.22.10 to 3.22.11 (#2430)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.10 to 3.22.11.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](305f654631...b374143c11)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-14 12:40:39 -05:00
dependabot[bot]
51831d303c
chore(deps): bump modernc.org/sqlite from 1.27.0 to 1.28.0 (#2429)
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.27.0 to 1.28.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.27.0...v1.28.0)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-14 12:38:55 -05:00
anchore-actions-token-generator[bot]
09e62c3282
chore(deps): update tools to latest versions (#2428)
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2023-12-14 07:31:44 -05:00
Colm O hEigeartaigh
d39ef44e40
Parse Python licenses from LicenseFile entry in the Wheel Metadata (#2331)
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
2023-12-13 17:46:56 -05:00
Wayne Starr
8bca0ac39e
fix: use filepath instead of path for file source exclusions (#2411)
Signed-off-by: Wayne Starr <me@racer159.com>
2023-12-13 17:45:34 -05:00
dependabot[bot]
67dbd1fe4c
chore(deps): bump github.com/charmbracelet/bubbletea (#2424)
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea) from 0.24.2 to 0.25.0.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases)
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.24.2...v0.25.0)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-13 12:21:22 -05:00
dependabot[bot]
402227f0b3
chore(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 (#2425)
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.4.0...v1.5.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-13 11:45:04 -05:00
dependabot[bot]
2bcf825857
chore(deps): bump github/codeql-action from 2.22.9 to 2.22.10 (#2426)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.9 to 2.22.10.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](c0d1daa7f7...305f654631)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-13 11:44:41 -05:00
dependabot[bot]
9cb7c3d350
chore(deps): bump dawidd6/action-homebrew-bump-formula (#2420)
Bumps [dawidd6/action-homebrew-bump-formula](https://github.com/dawidd6/action-homebrew-bump-formula) from 3.10.0 to 3.10.1.
- [Release notes](https://github.com/dawidd6/action-homebrew-bump-formula/releases)
- [Commits](d3667e5ae1...75ed025ff3)

---
updated-dependencies:
- dependency-name: dawidd6/action-homebrew-bump-formula
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-12 14:43:43 -05:00
Colm O hEigeartaigh
e789e0714d
feat: add the option to retrieve remote licenses for projects defined in a maven pom (#2409)
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
2023-12-12 14:02:36 -05:00
dependabot[bot]
790ecc6f28
chore(deps): bump github/codeql-action from 2.22.8 to 2.22.9 (#2400)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.8 to 2.22.9.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](407ffafae6...c0d1daa7f7)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-12 13:59:39 -05:00
dependabot[bot]
b9462db59e
chore(deps): bump github.com/saferwall/pe from 1.4.7 to 1.4.8 (#2415)
Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe) from 1.4.7 to 1.4.8.
- [Release notes](https://github.com/saferwall/pe/releases)
- [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md)
- [Commits](https://github.com/saferwall/pe/compare/v1.4.7...v1.4.8)

---
updated-dependencies:
- dependency-name: github.com/saferwall/pe
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-11 12:37:20 -05:00
dependabot[bot]
bfad9659a8
chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 (#2414)
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.10.1 to 5.11.0.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.10.1...v5.11.0)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-11 08:58:26 -05:00
dependabot[bot]
b345752f49
chore(deps): bump actions/setup-go from 4.1.0 to 5.0.0 (#2401)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4.1.0 to 5.0.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](93397bea11...0c52d547c9)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-11 06:38:05 -05:00
anchore-actions-token-generator[bot]
ba9dd1d5fd
chore(deps): update tools to latest versions (#2408)
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2023-12-11 06:36:51 -05:00
anchore-actions-token-generator[bot]
68f35815d6
chore(deps): update CPE dictionary index (#2412)
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
2023-12-11 06:35:58 -05:00
Weston Steimel
4d4b502174
fix(java): improve identification for org.codehaus.groovy artifacts (#2404)
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-08 05:02:01 -05:00
Weston Steimel
ea80f94c0e
fix(java): improve identification for commons-jelly artifacts (#2399)
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-07 12:28:21 -05:00
Weston Steimel
2c145f70b2
fix(java): improve identification for io.minio artifacts (#2398)
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-06 16:58:07 -05:00
Weston Steimel
bcc7e90fcc
fix(java): improve identification for com.graphql-java artifacts (#2397)
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-06 18:04:43 +00:00
anchore-actions-token-generator[bot]
fa1baabc05
chore(deps): update tools to latest versions (#2395) 2023-12-06 10:49:07 -05:00
Weston Steimel
b5906824cb
chore: enhance java purl generation integration test (#2393)
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2023-12-06 15:31:16 +00:00
Colm O hEigeartaigh
16dee41b4b
feat: add ability to retrieve remote licenses for yarn.lock (#2338)
---------

Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-12-05 13:38:28 -05:00
dependabot[bot]
23778de112
chore(deps): bump anchore/sbom-action from 0.15.0 to 0.15.1 (#2392)
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.15.0 to 0.15.1.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](fd74a6fb98...5ecf649a41)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-05 09:48:40 -05:00
Colm O hEigeartaigh
3ba9df4ff3
Retrieve remote licenses using pom.properties when there is no pom.xml (#2315)
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
2023-12-05 09:47:40 -05:00
Weston Steimel
bbf223b2c9
fix(java): improve identification for org.apache.tapestry artifacts (#2384)
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-04 11:23:40 -05:00
Weston Steimel
b126276f97
fix(java): improve identification for io.ratpack artifacts (#2379)
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-04 11:23:26 -05:00
Weston Steimel
40d766a257
fix(java): improve identification for org.apache.cassandra artifacts (#2386)
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-01 10:51:14 -05:00
Weston Steimel
814960f65a
fix(java): improve identification for org.neo4j.procedure artifacts (#2388)
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-01 10:50:24 -05:00
William Murphy
13758260dd
fix: bump fangs for ptr summarize fix (#2387)
Previously, pointers to primitive types in config summarization could be
printed literally (like "0x123aefef"). Pull in fangs to get the fix for
this.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-12-01 14:37:42 +00:00
Weston Steimel
11039f4b4e
fix(java): improve identification for org.elasticsearch artifacts (#2383)
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-01 09:22:33 -05:00
Weston Steimel
413ffdb233
fix(java): improve identification for org.apache.geode artifacts (#2382)
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-01 12:48:15 +00:00
Weston Steimel
e53fe51612
fix(java): improve identification for org.apache.tomcat.embed artifacts (#2381)
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-01 07:13:13 -05:00
Weston Steimel
facbc486a8
fix(java): improve identification for io.projectreactor.netty artifacts (#2378)
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-01 07:09:06 -05:00
Weston Steimel
5d42a349e6
fix(java): improve identification for org.eclipse.platform artifacts (#2349)
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-11-30 16:02:03 -05:00
Alex Goodman
4adfbeb5f0
Generalize UI events for cataloging tasks (#2369)
* generalize ui events for cataloging tasks

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* moderate review comments

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* incorporate review comments

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* rename cataloger task progress object

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* migrate cataloger task fn to bus helper

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-30 16:25:50 +00:00
anchore-actions-token-generator[bot]
b943da6433
chore(deps): update tools to latest versions (#2376)
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2023-11-30 09:25:02 -05:00
dependabot[bot]
e8119acf93
chore(deps): bump github.com/google/go-containerregistry (#2377)
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.16.1 to 0.17.0.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.16.1...v0.17.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-30 09:24:25 -05:00
Laurent Goderre
06b9a79e3d
chore: fix tests failing due to Mac Rosetta cache (#2374)
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2023-11-29 18:39:28 +00:00
Keith Zantow
ef5c1651ef
fix: improve dotnet portable executable identification (#2133)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-11-29 12:51:24 -05:00
Alex Goodman
5c8dd4c3a7
fix file metadata cataloger to use resolved locations (#2370)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-29 09:42:34 -05:00
Keith Zantow
f5a6b5a02f
fix: logging level for parsing potential PE files (#2367)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-11-29 03:42:22 +00:00
Alex Goodman
c379d21e9a
only remove breaking-change label when there are schema changes (#2371)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-28 17:59:04 -05:00