Mirrors/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft synced 2024-11-10 14:24:12 +00:00
Code Issues Projects Releases Packages Wiki Activity
538 commits 73 branches 214 tags 132 MiB
Commit graph

538 commits

This branch
This branch
All branches
Author SHA1 Message Date
Alex Goodman
a56292e2e0
Revert "Add the ability to run syft from a scratch image." 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2020-12-16 16:54:34 -05:00
Toure Dunnon
688aa2e832
Merge pull request #288 from anchore/syft_docker_image 
Add the ability to run syft from a scratch image.
 2020-12-16 10:39:30 -05:00
Toure Dunnon
2c90ec84b9
Merge branch 'main' into syft_docker_image 2020-12-15 19:52:55 -05:00
Alex Goodman
d1d7471f2f
Merge pull request #290 from anchore/improve-python-cataloger 
Improve performance of the python cataloger
 2020-12-15 12:41:58 -05:00
Toure Dunnon
a19496b846 added: Docker login github action to publish new images 
Signed-off-by: Toure Dunnon <toure.dunnon@anchore.com>
 2020-12-15 11:07:14 -05:00
Alex Goodman
d94d7a7d80
add tests for content requester object 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-12-15 10:59:15 -05:00
Alex Goodman
45fed7c69b
break out packageEntry into a separate file 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-12-15 10:59:14 -05:00
Alex Goodman
e4a3e433b6
add content requested and refactor python cataloger to use it 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-12-15 10:59:14 -05:00
Alex Goodman
82c8a8e17b
add mem profile option and refactor python cataloger for batch requests 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-12-15 10:59:14 -05:00
Alex Goodman
be5917a058
add profiler dev option 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-12-15 10:59:13 -05:00
Toure Dunnon
9365625fc3 added: corrected request from review. 
Signed-off-by: Toure Dunnon <toure.dunnon@anchore.com>
 2020-12-15 09:27:09 -05:00
Toure Dunnon
c626cb1c60 added: update to README.md to indicate on how to use the new feature. 
Signed-off-by: Toure Dunnon <toure.dunnon@anchore.com>
 2020-12-14 08:10:46 -05:00
Toure Dunnon
07f2c2f702 Add the ability to run syft from a scratch image. 
This change will allow endusers or CI to run syft from a
minimum image which will simplify CI deployment.

Signed-off-by: Toure Dunnon <toure.dunnon@anchore.com>
 2020-12-14 08:10:46 -05:00
Dan Luhring
737a81c38c
Sort generated CPEs by specificity (#289) 
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
 2020-12-11 12:08:39 -05:00
Alex Goodman
52bac6e2fd
Add enterprise upload capability (#285) 
* add support to upload results to enterprise

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add package sbom upload

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add dockerfile support

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add manifest, index, and dockerfile import functions

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* schema version to json output + enhance json schema generation

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* modify package SBOM shape to be entire syft document + add etui updates

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add import image config and manifest support

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add config options for import to enterprise

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* incorporate final stereoscope and client-go deps

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-12-09 22:20:53 -05:00
Toure Dunnon
2d0c127419
Merge pull request #282 from anchore/issue_270 
Corrected syft cyclonedx generated bom to adhere to the specifications found in CycloneDX 1.2
 2020-12-04 13:48:55 -05:00
Toure Dunnon
1a124bd77b added: regenerated new test fixtures to reflect change in specification. 
Signed-off-by: Toure Dunnon <toure.dunnon@anchore.com>
 2020-12-04 11:48:20 -05:00
Toure Dunnon
a5fd83b21d added: correct the bom descriptor to meet the cyclonedx 1.2 
Signed-off-by: Toure Dunnon <toure.dunnon@anchore.com>
 2020-12-04 11:48:20 -05:00
Alex Goodman
f87c59b4eb
Merge pull request #286 from anchore/rm-tree-catalog-sync-check 
Bump stereoscope to remove tree-catalog syft check
 2020-12-03 16:32:24 -05:00
Alex Goodman
3ce7eabc98
bump stereoscope to remove tree-catalog syft check 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-12-03 16:20:17 -05:00
Alex Goodman
6f9ded60ed
Merge pull request #279 from anchore/enhance-java-cpe-by-group-id 
Include CPEs with elements from POM GroupId fields
 2020-12-02 07:50:31 -05:00
Dan Luhring
65cbacd135
Clarify python wheel parsing process (#281) 
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
 2020-12-01 16:30:30 -05:00
Alex Goodman
2989d3d975
include CPEs with elementds from POM GroupId fields 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-12-01 08:00:49 -05:00
Dan Luhring
ae71b8832d
Update stereoscope version to fix opaque directory merge issue (#278) 
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
 2020-11-30 11:37:44 -05:00
Alex Goodman
c42b036f46
Merge pull request #276 from anchore/generate-json-schema 
Generate json schema from struct definitions
 2020-11-23 11:22:33 -05:00
Alex Goodman
8a17bfb69f
generate json schema from struct definitions 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-11-20 15:47:10 -05:00
Alex Goodman
0ed30138c4
Merge pull request #271 from anchore/cpe-generation 
Move package PURL and CPEs to Package definition
 2020-11-19 12:38:20 -05:00
Alex Goodman
3aaa0e5566
move package purl and cpes (identities) to pkg.Package 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-11-19 11:25:51 -05:00
Alex Goodman
71939557e6
Merge pull request #266 from anchore/document-import 
Add JSON document import
 2020-11-17 13:21:57 -05:00
Alex Goodman
030427bb33
rename json artifact to package + update resolver integrity checks 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-11-17 12:37:13 -05:00
Alex Goodman
569a598df7
minimize pointer usage & order return types consistently 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-11-17 12:37:13 -05:00
Dan Luhring
0ad8c53ec2
Fix cyclonedx test fixture usage of dynamic digest value 
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
 2020-11-17 12:37:13 -05:00
Alex Goodman
c892c3609e
improve doc comments 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-11-17 12:37:13 -05:00
Alex Goodman
62b03f3a91
dont export structs used for unmarshaling 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-11-17 12:37:12 -05:00
Alex Goodman
4b45c42f5a
make cyclonedx presenter generally reusable (for grype) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-11-17 12:37:12 -05:00
Alex Goodman
f46de19c6b
migrate scope option to image metadata (from source) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-11-17 12:37:12 -05:00
Alex Goodman
91baabe5a1
add image metadata as catalogFromJSON return 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-11-17 12:37:12 -05:00
Alex Goodman
6f7a4fd3e4
move source metadata upstream and fix tests 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-11-17 12:37:12 -05:00
Alex Goodman
aa0d444fd4
fix tests to use location instead of file.Reference 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-11-17 12:37:12 -05:00
Alex Goodman
b694dacb21
add source.Location + reorient Resolvers to use it 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-11-17 12:37:11 -05:00
Alex Goodman
9668341a14
rename scope to source 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-11-17 12:37:11 -05:00
Alex Goodman
495fb0a45f
add sbom document import lib helper function 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-11-17 12:36:51 -05:00
Dan Luhring
a640a2c4cd
Merge pull request #267 from anchore/improve-java-version-recognition 
Improve Java version recognition
 2020-11-17 10:59:54 -05:00
Dan Luhring
3e8bca6911
Rework Java archive name and version detection and clean up tests 
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
 2020-11-17 08:35:10 -05:00
Dan Luhring
5afdd574a8
Update existing archive test cases to correct names and versions 
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
 2020-11-17 08:35:10 -05:00
Dan Luhring
0ebe791acd
Add archive filename test case for failing example from #255 
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
 2020-11-17 08:35:10 -05:00
Dan Luhring
a5b72405dd
Merge pull request #265 from anchore/package-json-license-objects 
Improve package.json license parsing
 2020-11-14 13:06:24 -05:00
Dan Luhring
4861f69d7c
Fix spelling in logger setup 
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
 2020-11-14 11:35:55 -05:00
Dan Luhring
6bde075cd3
Remove unused argument value 
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
 2020-11-14 11:20:06 -05:00
Dan Luhring
f7be73dbcc
Fix package.json parsing for no licenses 
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
 2020-11-14 11:12:13 -05:00