Commit graph

2150 commits

Author SHA1 Message Date
dependabot[bot]
d2fa5ed41c
chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.8.0 to 0.9.0 (#2931)
Bumps [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/CycloneDX/cyclonedx-go/releases)
- [Changelog](https://github.com/CycloneDX/cyclonedx-go/blob/master/.goreleaser.yml)
- [Commits](https://github.com/CycloneDX/cyclonedx-go/compare/v0.8.0...v0.9.0)

---
updated-dependencies:
- dependency-name: github.com/CycloneDX/cyclonedx-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-05 11:57:43 -07:00
Christopher Angelo Phillips
7508d75b2b
fix: update unit tests to use pinned patch version (#2932)
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-06-05 18:31:38 +00:00
Alex Goodman
3472b48177
Add relationships for python poetry packages (#2906)
* [wip] add initial poetry.lock relationship support

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* provide generic set for basic types

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* dependency resolver should allow for conditional deps

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add tests for poetry lock relationship additions

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* update schema with python poetry dependency refs

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* dep specification data structure should not be recursive in nature

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-04 20:00:05 +00:00
Alex Goodman
4bdbd1aa2a
remove unused test fixtures and empty dirs (#2924)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-04 15:22:49 -04:00
William Murphy
557ad73ee6
fix: only skip tmpfs mounts for some paths (#2918)
* fix: only skip tmpfs mounts for some paths

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* refactor and add tests

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add regression test for archive processing

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* bump to golang 1.22

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* remove rule 1 and add more tests

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-04 15:21:45 -04:00
Alex Goodman
cb09dd9e19 match existing DCO GH check name
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-04 13:34:29 -04:00
Alex Goodman
2f39322f81
use dco tool during gh app outage (#2926)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-04 17:31:29 +00:00
William Tang
fe0b78b7fe
fix: close sql driver after testing sqlite availability (#2922)
Signed-off-by: William Tang <ttc0419@outlook.com>
2024-06-03 14:42:13 +00:00
Ralph Bean
8a7f08e2c8
Use redhat as namespace for redhat rpms (#2914)
The namespace value of `redhat` signifies this as an RPM package
produced and distributed by Red Hat.

Using "rhel" in the namespace is not correct.

Signed-off-by: Ralph Bean <rbean@redhat.com>
2024-06-03 10:18:52 -04:00
dufucun
29d601d1f1
chore: fix some comments (#2920)
Signed-off-by: dufucun <dufuchun@sohu.com>
Co-authored-by: dufucun <dufucunn@sohu.com>
2024-06-03 14:10:39 +00:00
anchore-actions-token-generator[bot]
3ac95bfbd0
chore(deps): update CPE dictionary index (#2919)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-06-03 10:00:30 -04:00
dependabot[bot]
24262b9e31
chore(deps): bump modernc.org/sqlite from 1.29.10 to 1.30.0 (#2921)
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.29.10 to 1.30.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.29.10...v1.30.0)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-03 09:59:33 -04:00
dependabot[bot]
b04bc0fbfe
chore(deps): bump github/codeql-action from 3.25.6 to 3.25.7 (#2916)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.6 to 3.25.7.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](9fdb3e4972...f079b84933)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-31 11:17:21 -04:00
dependabot[bot]
aafa161ff6
chore(deps): bump github.com/charmbracelet/bubbletea (#2917)
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea) from 0.26.3 to 0.26.4.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases)
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.26.3...v0.26.4)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-31 10:20:00 -04:00
Laurent Goderre
eeb4193d4a
Lua: Add support for more advanced syntax (#2908)
* Add lua/rocksepc support for variables substitution
* Lua: Skip expressions in rockspec packages
* Lua: Add support for concatenation of string and variables
* Lua: Skip expressions in local
* Lua: Skip build sections in Rockspec files
* Lua: skip function blocks in Rockspec
* Lua: Add support for multi variable per line
---------
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-05-30 11:38:45 -04:00
anchore-actions-token-generator[bot]
5cf8cc9bc3
chore(deps): update tools to latest versions (#2913)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-05-30 11:37:31 -04:00
Alex Goodman
f4a69e6d35
add relationships for go binary packages (#2912)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-05-30 11:37:17 -04:00
Keith Zantow
ac34808b9c
feat: detect fluent-bit binaries (#2905)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-05-28 10:13:06 -04:00
anchore-actions-token-generator[bot]
2b70ea3fc2
chore(deps): update tools to latest versions (#2907)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-05-28 10:02:32 -04:00
dependabot[bot]
5eb1e7115f
chore(deps): bump docker/login-action from 3.1.0 to 3.2.0 (#2909)
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](e92390c5fb...0d4c9c5ea7)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-28 09:57:32 -04:00
dependabot[bot]
774602f0d8
chore(deps): bump github.com/charmbracelet/bubbletea (#2901)
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea) from 0.26.2 to 0.26.3.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases)
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.26.2...v0.26.3)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-25 16:30:48 -04:00
Jon Johnson
c314e05aae
Handle GOEXPERIMENTs in go version (#2893)
* Handle GOEXPERIMENTs in go version

Signed-off-by: Jon Johnson <jon.johnson@chainguard.dev>

* bump JSON schema

Signed-off-by: Will Murphy <will.murphy@anchore.com>

---------

Signed-off-by: Jon Johnson <jon.johnson@chainguard.dev>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Co-authored-by: Will Murphy <will.murphy@anchore.com>
2024-05-25 20:23:30 +00:00
Alex Goodman
05e8ba948d
Add python wheel egg relationships (#2903)
* add python package relationships

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* nil for empty relationships collections

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* new json schema for optional python requiremenets

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* update format snapshots for python packages

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* decompose python parsers more + add tests around plural fields

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* update JSON schema with python dep refs

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-05-25 20:11:38 +00:00
dependabot[bot]
64e11d53e9
chore(deps): bump github.com/charmbracelet/lipgloss (#2902)
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.10.0 to 0.11.0.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases)
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.10.0...v0.11.0)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-25 16:07:25 -04:00
Laurent Goderre
b51252dbdb
feat: Add Lua cataloger (#2613)
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-05-24 16:56:34 -04:00
anchore-actions-token-generator[bot]
77b3f66404
chore(deps): update tools to latest versions (#2900) 2024-05-24 09:34:08 -04:00
Keith Zantow
1c37bab2b2
feat: add config command (#2892)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-05-23 15:18:09 -04:00
Laurent Goderre
7071f1e498
feat: Added functionality to convert major, minor, patch to version for binary classifier (#2864)
---------
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-05-23 12:17:12 -04:00
dependabot[bot]
3875e4a67d
chore(deps): bump github.com/knqyf263/go-rpmdb from 0.1.0 to 0.1.1 (#2896)
Bumps [github.com/knqyf263/go-rpmdb](https://github.com/knqyf263/go-rpmdb) from 0.1.0 to 0.1.1.
- [Commits](https://github.com/knqyf263/go-rpmdb/compare/v0.1.0...v0.1.1)

---
updated-dependencies:
- dependency-name: github.com/knqyf263/go-rpmdb
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-23 12:06:44 -04:00
anchore-actions-token-generator[bot]
a0f0332e30
chore(deps): update tools to latest versions (#2887)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-05-23 13:39:09 +00:00
dependabot[bot]
ea50c6153d
--- (#2889)
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-23 09:26:12 -04:00
Christopher Angelo Phillips
b41d5cced5
chore: update spdx license list to 3.24.0 (#2895)
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-05-23 13:10:36 +00:00
dependabot[bot]
68daa42f86
--- (#2888)
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-23 08:11:03 -04:00
Russell Haering
2356787053
Go Mod Cataloger: Remove Replaced Packages (#2891)
When the goModCataloger processes a Replace directive it currently adds the new
package to the resulting package list, but does not remove the old one unless
the path is unchanged.

Based on an existing comment in the code, removing the old one seems to be the
intended behavior, and results in a more expected end-result, so this does so.

Signed-off-by: Russell Haering <russellhaering@gmail.com>
2024-05-22 14:26:40 -04:00
dependabot[bot]
2d318cffaa
chore(deps): bump actions/checkout from 4.1.5 to 4.1.6 (#2879)
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.5 to 4.1.6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](44c2b7a8a4...a5ac7e51b4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-20 13:46:57 -04:00
Alan Pope
49c458b113
chore: Reduce length of readme, moving lengthy content to the wiki (#2882)
* chore: Reduce length of readme, moving lengthy content to the wiki
https://github.com/anchore/syft/wiki
---------
Signed-off-by: Alan Pope <alan@popey.com>
2024-05-20 13:46:32 -04:00
dependabot[bot]
1144407591
chore(deps): bump github.com/docker/docker (#2880)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 26.1.2+incompatible to 26.1.3+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v26.1.2...v26.1.3)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-20 12:30:50 -04:00
dependabot[bot]
15808fbd04
chore(deps): bump github.com/saferwall/pe from 1.5.2 to 1.5.3 (#2881)
Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe) from 1.5.2 to 1.5.3.
- [Release notes](https://github.com/saferwall/pe/releases)
- [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md)
- [Commits](https://github.com/saferwall/pe/compare/v1.5.2...v1.5.3)

---
updated-dependencies:
- dependency-name: github.com/saferwall/pe
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-20 12:25:05 -04:00
dependabot[bot]
13ae56e3ef
chore(deps): bump modernc.org/sqlite from 1.29.9 to 1.29.10 (#2885)
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.29.9 to 1.29.10.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.29.9...v1.29.10)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-20 11:59:28 -04:00
Russell Haering
1bec1fc5d3
fix: DecoderCollection discarding input from non-seekable Readers (#2878)
Signed-off-by: Russell Haering <russellhaering@gmail.com>
2024-05-16 15:17:11 -04:00
anchore-actions-token-generator[bot]
15c9fe092a
chore(deps): update tools to latest versions (#2863)
* chore(deps): update tools to latest versions

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* add tmate debug session

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add go tooling to bootstrap on mac

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-05-14 15:06:21 -04:00
Take
338ce51fd8
Fix outdated spdx links (#2865)
Signed-off-by: Takeru Tanaka <takeru.tt5672@gmail.com>
2024-05-14 17:58:36 +00:00
Alex Goodman
048df17e3d
Use values in relationship To/From fields (#2871)
* use pkg values in relationship fields

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add linter rule for using values in relationships

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* use new cmptest package for comparing relationships

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* create cmptest for common cmp.Diff options in test

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* condense matches for relationship ruleguard

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* remove relationship type from rules

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* restore build tag

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* suggest using values

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* nil check pkgs

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-05-14 13:48:33 -04:00
Alex Goodman
7ad7627d5d
add support for RPM DB package relationships (#2872)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-05-14 13:48:19 -04:00
Russell Haering
e767bcff4b
fix: capture dependencies when parsing SPDX SBOMs (#2869)
Signed-off-by: Russell Haering <russellhaering@gmail.com>
2024-05-14 09:57:48 -04:00
Alex Goodman
4a18895545
Add abstraction for adding relationships from package cataloger results (#2853)
* add internal dependency resolver

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* refactor dependency relationship resolution to common object

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* replace cataloger decorator with generic processor

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* refactor resolver to be a single function

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* use common dependency specifier for debian

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* use common dependency specifier for arch

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* use common dependency specifier for alpine

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* allow for generic pkg and rel assertions in testpkg helper

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* do not allow for empty results

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* move stable deduplicate comment

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* remove relationship resolver type

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-05-14 13:27:36 +00:00
dependabot[bot]
fae6f5d372
chore(deps): bump github/codeql-action from 3.25.4 to 3.25.5 (#2867)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.4 to 3.25.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](ccf74c9479...b7cec75265)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-13 12:27:14 -04:00
Christopher Angelo Phillips
ee75aafa37
chore: fix small tooling error for go.mod (#2868)
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-05-13 11:47:21 -04:00
Alex Goodman
c200896a96
fix pruning binary packages when considering ELF packages (#2862)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-05-09 19:35:22 +00:00
Brian Ebarb
4194a2cd34
feat: add relationships to ELF package discovery (#2715)
This PR adds DependencyOf relationships when ELF packages have been discovered by the binary cataloger. The discovered file.Executable type has a []ImportedLibraries that's read from the file when discovered by syft. By mapping these imported libraries back to the package collection, syft is able to create relationships showing which packages are dependencies of other packages by just reading metadata from the ELF executable.

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Brian Ebarb <ebarb.brian@sers.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-05-09 13:53:59 -04:00