Previously, extracting relationships between packages and files was not
completing correctly, as SPDXRef- ElementIDs were being compared to raw
IDs, and so never matched. This patch ensures that we always compare
ElementIDs, to ensure that the hasFiles field is correctly populated.
Signed-off-by: Justin Chadwell <me@jedevc.com>
* bump cosign to v1.10.1 (#1144)
Signed-off-by: Daniel Nurmi <nurmi@anchore.com>
* Add modularitylabel metadata to RPM type records generated by syft. Fixes#1145.
Signed-off-by: Daniel Nurmi <nurmi@anchore.com>
* update to address lint failures
Signed-off-by: Daniel Nurmi <nurmi@anchore.com>
* Update syft/pkg/rpmdb_metadata.go
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Daniel Nurmi <nurmi@anchore.com>
* update json schema to match camel case
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Weston Steimel <weston.steimel@anchore.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
* Option to enable specific language or ecosystem cataloger
Signed-off-by: ramanan-ravi <ramanan@deepfence.io>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* Disable dotnet cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* Option to enable specific language or ecosystem cataloger
Signed-off-by: Ramanan Ravikumar <ramanan@deepfence.io>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* rename "enable-cataloger" option to "catalogers"
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add cli test for --catalogers option
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update readme with latest cataloger names
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* enable dotnet cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix linting
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix cataloger imports
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update readme with alpmdb cataloger config example
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: ramanan-ravi <ramanan@deepfence.io>
* add template output
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* remove dead code
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* fix template cli flag
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* implement template's own format type
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* simpler code
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* fix readme link to Go template
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* feedback changes
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* simpler func signature patter
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* nit
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* fix linter error
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* add main module field to go bin metadata
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* udpate json ouput schema to 3.2.4
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* clean up fixture
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* Use SBOM descriptor version
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* Update tests
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* CycloneDX extract tools metadata in decoding stage
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* add descriptor to spdx tag-value test
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* remove comment
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* add convert command
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* mvp
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* fix hanging bug
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* validate SBOM formats for conversion
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* move convert cmd to new structure
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* remove bin
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* drop event loop from convert cmd
extract SBOM type from document namespace
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* validate SPDX in tests
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* documenting convert cmd
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* support output format=file.json notation
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* test convertible formats
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* fix typo
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* clean up
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* more clean up and docs
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* feedback changes
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* nit
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* feedback changes
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* re-use more code
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* undo encode-decode cycle test
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* remove unnecessary test constraint
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* fix readme
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* try verbose
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* cleaner README and no table conversion
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* simpler conversion
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* feedback changes and cleanup
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* nit space fix
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* use defer
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* feedback changes
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
* Implement fmt.Stringer with format.ID
Signed-off-by: Dan Luhring <dan+github@luhrings.com>
* Add failing test for formats processing empty SBOMs
Signed-off-by: Dan Luhring <dan+github@luhrings.com>
* Account for nil SPDX document during Syft model conversion
Signed-off-by: Dan Luhring <dan+github@luhrings.com>
