* Update Syft formats for SyftJson
This change will introduce omitempty struct tag to PackageCustomData.
This struct tag will cause null and empty values to be dropped on serialization
for consumers downstream.
Signed-off-by: Toure Dunnon <toure.dunnon@anchore.com>
* Updated the golden files for syftjson to allow for proper
test coverage.
Signed-off-by: Toure Dunnon <toure.dunnon@anchore.com>
* remove strong distro type
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* bump json schema to v3 (breaking distro shape)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix linting
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* allow for v2 decoding of distro idLikes field in v3 json decoder
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix casing in simple linux release name
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* use discovered name as pretty name in simple linux release
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add cataloging within universal binaries
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update json test fixtures
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add comments + correct 32 bit multi arch magic check
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove power-user document shape
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add power-user specific fields to syft-json format
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* port remaining spdx-json relationships to sbom model
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add coordinate set
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add SBOM file path helper
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* use internal mimetype helper in go binary cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add new package-of relationship
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update json schema to v2
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* replace power-user presenter with syft-json format
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix tests and linting
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove "package-of" relationship (in favor of "contains")
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add tests for spdx22json format encoding enhancements
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update TODO and log entries
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* introduce sbom.Descriptor
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add initial secrets cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update ETUI elements with new catalogers (file metadata, digests, and secrets)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update secrets cataloger to read full contents into memory for searching
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* quick prototype of parallelization secret regex search
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* quick prototype with single aggregated regex
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* quick prototype for secret search line-by-line
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* quick prototype hybrid secrets search
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add secrets cataloger with line strategy
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* adjust verbiage towards SearchResults instead of Secrets + add tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update json schema with secrets cataloger results
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* address PR comments
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update readme with secrets config options
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* ensure file catalogers call AllLocations once
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add marking package relations by file ownership
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* correct json schema version; ensure fileOwners dont return dups; pin test pkg versions
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* extract package relationships into separate section
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* pull in client-go features for import of PackageRelationships
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* move unit test for ownership by files relationship further down
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* rename relationship to "ownership-by-file-overlap"
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* Split dpk source into name and version
Signed-off-by: Zach Hill <zach@anchore.com>
* update dpkg status source name parsing
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Dan Luhring <luhring@users.noreply.github.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
* add support to upload results to enterprise
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add package sbom upload
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add dockerfile support
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add manifest, index, and dockerfile import functions
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* schema version to json output + enhance json schema generation
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* modify package SBOM shape to be entire syft document + add etui updates
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add import image config and manifest support
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add config options for import to enterprise
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* incorporate final stereoscope and client-go deps
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
