diff --git a/go.mod b/go.mod index 0189dc7be..432200f9e 100644 --- a/go.mod +++ b/go.mod @@ -3,11 +3,15 @@ module github.com/anchore/syft go 1.24.0 require ( + github.com/BurntSushi/toml v1.4.0 github.com/CycloneDX/cyclonedx-go v0.9.2 github.com/Masterminds/semver v1.5.0 github.com/Masterminds/sprig/v3 v3.3.0 + github.com/OneOfOne/xxhash v1.2.8 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d github.com/acobaugh/osrelease v0.1.0 + github.com/adrg/xdg v0.5.3 + github.com/anchore/archiver/v3 v3.5.3-0.20241210171143-5b1d8d1c7c51 github.com/anchore/bubbly v0.0.0-20231115134915-def0aba654a9 github.com/anchore/clio v0.0.0-20241115144204-29e89f9fa837 github.com/anchore/fangs v0.0.0-20241014201141-b6e4b3469f10 @@ -22,6 +26,7 @@ require ( // we are hinting brotli to latest due to warning when installing archiver v3: // go: warning: github.com/andybalholm/brotli@v1.0.1: retracted by module author: occasional panics and data corruption github.com/aquasecurity/go-pep440-version v0.0.1 + github.com/bitnami/go-version v0.0.0-20250131085805-b1f57a8634ef github.com/bmatcuk/doublestar/v4 v4.8.1 github.com/charmbracelet/bubbles v0.20.0 github.com/charmbracelet/bubbletea v1.3.4 @@ -44,13 +49,14 @@ require ( github.com/google/uuid v1.6.0 github.com/gookit/color v1.5.4 github.com/hashicorp/go-multierror v1.1.1 + github.com/hashicorp/hcl/v2 v2.23.0 github.com/iancoleman/strcase v0.3.0 github.com/invopop/jsonschema v0.7.0 github.com/jedib0t/go-pretty/v6 v6.6.7 github.com/jinzhu/copier v0.4.0 github.com/kastenhq/goversion v0.0.0-20230811215019-93b2f8823953 github.com/knqyf263/go-rpmdb v0.1.1 - github.com/microsoft/go-rustaudit v0.0.0-20220730194248-4b17361d90a5 + github.com/magiconair/properties v1.8.9 github.com/mitchellh/go-homedir v1.1.0 github.com/mitchellh/hashstructure/v2 v2.0.2 github.com/mitchellh/mapstructure v1.5.0 @@ -59,6 +65,7 @@ require ( github.com/opencontainers/go-digest v1.0.0 github.com/pelletier/go-toml v1.9.5 github.com/quasilyte/go-ruleguard/dsl v0.3.22 + github.com/rust-secure-code/go-rustaudit v0.0.0-20250226111315-e20ec32e963c github.com/saferwall/pe v1.5.6 github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d github.com/sanity-io/litter v1.5.8 @@ -66,6 +73,7 @@ require ( // pinned to pull in 386 arch fix: https://github.com/scylladb/go-set/commit/cc7b2070d91ebf40d233207b633e28f5bd8f03a5 github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 + github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb github.com/spdx/tools-golang v0.5.5 github.com/spf13/afero v1.12.0 github.com/spf13/cobra v1.9.1 @@ -77,26 +85,13 @@ require ( github.com/xeipuuv/gojsonschema v1.2.0 github.com/zyedidia/generic v1.2.2-0.20230320175451-4410d2372cb1 go.uber.org/goleak v1.3.0 + golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 golang.org/x/mod v0.23.0 golang.org/x/net v0.37.0 gopkg.in/yaml.v3 v3.0.1 modernc.org/sqlite v1.36.0 ) -require google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect - -require ( - github.com/BurntSushi/toml v1.4.0 - github.com/OneOfOne/xxhash v1.2.8 - github.com/adrg/xdg v0.5.3 - github.com/anchore/archiver/v3 v3.5.3-0.20241210171143-5b1d8d1c7c51 - github.com/bitnami/go-version v0.0.0-20250131085805-b1f57a8634ef - github.com/hashicorp/hcl/v2 v2.23.0 - github.com/magiconair/properties v1.8.9 - github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb - golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 -) - require ( dario.cat/mergo v1.0.1 // indirect github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect @@ -246,6 +241,7 @@ require ( golang.org/x/text v0.23.0 // indirect golang.org/x/tools v0.29.0 // indirect golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect + google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20241223144023-3abc09e42ca8 // indirect google.golang.org/grpc v1.67.3 // indirect google.golang.org/protobuf v1.36.3 // indirect diff --git a/go.sum b/go.sum index e17a37602..6301e744e 100644 --- a/go.sum +++ b/go.sum @@ -574,8 +574,6 @@ github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI= github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= -github.com/microsoft/go-rustaudit v0.0.0-20220730194248-4b17361d90a5 h1:tQRHcLQwnwrPq2j2Qra/NnyjyESBGwdeBeVdAE9kXYg= -github.com/microsoft/go-rustaudit v0.0.0-20220730194248-4b17361d90a5/go.mod h1:vYT9HE7WCvL64iVeZylKmCsWKfE+JZ8105iuh2Trk8g= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI= @@ -697,6 +695,8 @@ github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/f github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/rust-secure-code/go-rustaudit v0.0.0-20250226111315-e20ec32e963c h1:8gOLsYwaY2JwlTMT4brS5/9XJdrdIbmk2obvQ748CC0= +github.com/rust-secure-code/go-rustaudit v0.0.0-20250226111315-e20ec32e963c/go.mod h1:kwM/7r/rVluTE8qJbHAffduuqmSv4knVQT2IajGvSiA= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/saferwall/pe v1.5.6 h1:DrRLnoQFxHWJ5lJUmrH7X2L0xeUu6SUS95Dc61eW2Yc= github.com/saferwall/pe v1.5.6/go.mod h1:mJx+PuptmNpoPFBNhWs/uDMFL/kTHVZIkg0d4OUJFbQ= diff --git a/syft/pkg/cataloger/rust/package.go b/syft/pkg/cataloger/rust/package.go index 6af92745d..b530647d3 100644 --- a/syft/pkg/cataloger/rust/package.go +++ b/syft/pkg/cataloger/rust/package.go @@ -1,7 +1,7 @@ package rust import ( - "github.com/microsoft/go-rustaudit" + "github.com/rust-secure-code/go-rustaudit" "github.com/anchore/packageurl-go" "github.com/anchore/syft/syft/file" diff --git a/syft/pkg/cataloger/rust/parse_audit_binary.go b/syft/pkg/cataloger/rust/parse_audit_binary.go index 2ea45a56f..e93bae25a 100644 --- a/syft/pkg/cataloger/rust/parse_audit_binary.go +++ b/syft/pkg/cataloger/rust/parse_audit_binary.go @@ -5,7 +5,7 @@ import ( "errors" "fmt" - "github.com/microsoft/go-rustaudit" + "github.com/rust-secure-code/go-rustaudit" "github.com/anchore/syft/internal/log" "github.com/anchore/syft/internal/relationship"