oss/syft - syft - Sa' Rocí Solutions

oss/syft

mirror of https://github.com/anchore/syft.git synced 2025-11-17 16:33:21 +01:00

Author	SHA1	Message	Date
Stefan Profanter	07ac640ac5	fix: properly parse conan ref and include user and channel (#2034 ) * fix: properly parse conan ref and include user and channel Signed-off-by: Stefan Profanter <stefan.profanter@agile-robots.com> * unexport the conanRef type Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Stefan Profanter <stefan.profanter@agile-robots.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-08-23 17:51:07 +00:00
dependabot[bot]	a2b389523d	chore(deps): bump github.com/charmbracelet/lipgloss from 0.7.1 to 0.8.0 (#2053 ) Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.7.1 to 0.8.0. - [Release notes](https://github.com/charmbracelet/lipgloss/releases) - [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.7.1...v0.8.0) --- updated-dependencies: - dependency-name: github.com/charmbracelet/lipgloss dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-23 13:41:17 -04:00
Alex Goodman	17d4203bbb	Enable reading non-utf-8 encodings for java pom.xml files (#2047 ) * fix reading non utf8 encodings Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * in cases where we cant tell the encoding use the UTF8 replacement char Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * decompose the xml decoding func to get a valid utf8 reader first and test unknown encoding Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-08-23 10:06:34 -04:00
Christopher Angelo Phillips	ee121cff21	feat: 1944 - update purl generation to use a consistent groupID (#2033 ) Separate the logic for CPE and PURL generation. PURL generation needs a single answer for groupID based on a priority of discovering the field. CPE generation still uses multiple potential groupID to populate the candidate cpe. Improve GroupID detection. Currently syft does not use any hierarchy for GroupID detection and treats all sources as equal. It treats fields from the manifest file with priority. This change adds a hierarchy to the fields and returns a single answer based on that hierarchy. --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Signed-off-by: Keith Zantow <kzantow@gmail.com> Co-authored-by: Keith Zantow <kzantow@gmail.com>	2023-08-22 10:47:07 -04:00
dependabot[bot]	cf37b17869	chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 (#2049 ) Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.3.0 to 1.3.1. - [Release notes](https://github.com/google/uuid/releases) - [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md) - [Commits](https://github.com/google/uuid/compare/v1.3.0...v1.3.1) --- updated-dependencies: - dependency-name: github.com/google/uuid dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-22 10:42:19 -04:00
anchore-actions-token-generator[bot]	ee656fe088	chore(deps): update bootstrap tools to latest versions (#2048 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>	2023-08-22 08:48:42 -04:00
dependabot[bot]	f58425a305	chore(deps): bump github.com/jinzhu/copier from 0.3.5 to 0.4.0 (#2045 ) Bumps [github.com/jinzhu/copier](https://github.com/jinzhu/copier) from 0.3.5 to 0.4.0. - [Commits](https://github.com/jinzhu/copier/compare/v0.3.5...v0.4.0) --- updated-dependencies: - dependency-name: github.com/jinzhu/copier dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-21 10:37:11 -04:00
anchore-actions-token-generator[bot]	01c7709e0d	chore(deps): update CPE dictionary index (#2043 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>	2023-08-21 09:33:41 -04:00
Alex Goodman	cb0214ec1d	fill out new version notice (#2042 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-08-18 16:03:11 -04:00
Keith Zantow	4762ba0943	feat: use java package names to determine known groupids (#2032 ) Signed-off-by: Keith Zantow <kzantow@gmail.com> v0.87.1	2023-08-17 12:55:25 -04:00
Keith Zantow	d1635971a1	fix: inconsistent removal of binaries by overlap (#2036 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-08-17 15:27:31 +00:00
Mark Galpin	9467bd66c2	fix: CycloneDX relationships not output or decoded properly (#1974 ) Signed-off-by: Mark Galpin <mark@tidelift.com> Signed-off-by: Keith Zantow <kzantow@gmail.com> Co-authored-by: Mark Galpin <mark@tidelift.com> Co-authored-by: Keith Zantow <kzantow@gmail.com>	2023-08-17 11:02:12 -04:00
Keith Zantow	59107324ce	chore: restore cataloger.DefaultConfig (#2028 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-08-14 20:28:07 +00:00
Keith Zantow	b3d7ba569b	fix: read direct package files when decoding SPDX tag-value (#2014 ) * fix: read direct package files when decoding SPDX tag-value --------- Signed-off-by: Keith Zantow <kzantow@gmail.com> v0.87.0	2023-08-14 11:37:24 -04:00
anchore-actions-token-generator[bot]	c7fe58683d	chore(deps): update bootstrap tools to latest versions (#2022 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>	2023-08-14 11:36:15 -04:00
anchore-actions-token-generator[bot]	28b06dae25	chore(deps): update CPE dictionary index (#2025 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>	2023-08-14 11:35:57 -04:00
anchore-actions-token-generator[bot]	a90cff1cd2	chore(deps): update bootstrap tools to latest versions (#2012 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>	2023-08-10 13:20:09 -04:00
dependabot[bot]	82eafeaf4a	chore(deps): bump github.com/vifraa/gopom from 0.2.2 to 1.0.0 (#2008 ) * chore(deps): bump github.com/vifraa/gopom from 0.2.2 to 1.0.0 * refactor: update consumer code to use new optional values Bumps [github.com/vifraa/gopom](https://github.com/vifraa/gopom) from 0.2.2 to 1.0.0. - [Release notes](https://github.com/vifraa/gopom/releases) - [Commits](https://github.com/vifraa/gopom/compare/v0.2.2...v1.0.0) --- updated-dependencies: - dependency-name: github.com/vifraa/gopom dependency-type: direct:production update-type: version-update:semver-major ... --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-08-09 17:22:51 -04:00
Christopher Angelo Phillips	541c8d339b	1948-filter-pkg-by-type (#2011 ) --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-08-09 16:05:52 -04:00
dependabot[bot]	6bf6f85584	chore(deps): bump github.com/dave/jennifer from 1.6.1 to 1.7.0 (#2009 ) Bumps [github.com/dave/jennifer](https://github.com/dave/jennifer) from 1.6.1 to 1.7.0. - [Commits](https://github.com/dave/jennifer/compare/v1.6.1...v1.7.0) --- updated-dependencies: - dependency-name: github.com/dave/jennifer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-09 14:46:11 -04:00
Keith Zantow	c7272fd6a5	fix: SPDX license values and download location (#2007 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-08-08 15:55:50 -04:00
Christopher Angelo Phillips	466da7cbda	931: binary cataloger exclusion defaults for ownership by overlap (#1948 ) Fixes #931 PR #1948 introduces a new implicit exclusion for binary packages that overlap by file ownership and have certain characteristics: 1) the relationship between packages is OwnershipByFileOverlap 2) the parent package is an "os" package - see changelog for included catalogers 3) the child is a synthetic package generated by the binary cataloger - see changelog for included catalogers 4) the package names are identical --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-08-08 13:00:52 -04:00
dependabot[bot]	2fc65094b7	chore(deps): bump golang.org/x/net from 0.13.0 to 0.14.0 (#2004 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.13.0 to 0.14.0. - [Commits](https://github.com/golang/net/compare/v0.13.0...v0.14.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-07 10:34:00 -04:00
dependabot[bot]	d7ff77072a	chore(deps): bump modernc.org/sqlite from 1.24.0 to 1.25.0 (#1998 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.24.0 to 1.25.0. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.24.0...v1.25.0) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-04 14:24:31 -04:00
Christopher Angelo Phillips	78660022bf	test: add coverage for new rpmdb paths (#1999 ) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-08-04 13:04:36 -04:00
Keith Zantow	aaf767f8d3	chore: improve spdx purl decoding (#1996 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-08-04 11:43:21 -04:00
Keith Zantow	79014ed8c8	fix: gradle lockfile parser groupId handling (#1995 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-08-04 11:42:26 -04:00
Christopher Angelo Phillips	e774006052	fix: update glob to use newer usr/lib/sysimage path (#1997 ) See this link for details on the path migration for the rpmdb https://fedoraproject.org/wiki/Changes/RelocateRPMToUsr Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-08-03 16:23:50 -07:00
Nicholas R. Smith	1d6d5f7f5f	fix: opkg search glob (#1994 ) Signed-off-by: Nicholas R. Smith <nicholas_smith@selinc.com>	2023-08-03 19:33:11 +00:00
Sem Provoost	433a7b8a42	feat: nginx binary classifier (#1988 ) Signed-off-by: SemProvoost <27961543+SemProvoost@users.noreply.github.com>	2023-08-03 13:09:31 -04:00
Nicholas R. Smith	e55277f26d	Expand deb cataloger to include opkg (#1985 ) * Add opkg info directory and status file to deb cataloger opkg uses the same or nearly the same metadata and structure as Debian: /lib/opkg/status lists status information for all packages /lib/opkg/info/opkg.conffiles is a list of configuration files */lib/opkg/info/.list contains files and directories installed by the package */lib/opkg/info/.preinst are scripts to run before installation */lib/opkg/info/.postinst are scripts to run after installation */lib/opkg/info/.postrm are scripts to run after package removal */lib/opkg/info/.control provides package metadata Signed-off-by: Nicholas R. Smith <nicholas_smith@selinc.com> --------- Signed-off-by: Nicholas R. Smith <nicholas_smith@selinc.com> Co-authored-by: Nicholas R. Smith <nicholas_smith@selinc.com>	2023-08-03 12:33:14 -04:00
anchore-actions-token-generator[bot]	c2b4231cc3	chore(deps): update bootstrap tools to latest versions (#1991 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>	2023-08-03 10:53:29 -04:00
dependabot[bot]	c150b4e358	chore(deps): bump github.com/google/go-containerregistry (#1993 ) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.15.2 to 0.16.1. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.15.2...v0.16.1) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-03 10:53:09 -04:00
Keith Zantow	3f0475efb7	chore: update bubbly to fix hanging (#1990 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-08-02 10:28:35 -04:00
dependabot[bot]	2e376d067f	chore(deps): bump golang.org/x/net from 0.12.0 to 0.13.0 (#1989 )	2023-08-02 14:16:49 +00:00
Christopher Angelo Phillips	8e893dfc20	feat: use originator logic to fill supplier (#1980 ) * feat: use Originator to fill supplier for NTIA minimum --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-08-01 17:19:49 -04:00
Alex Goodman	756d0f29af	add metadata types to all cpe test fixtures (#1982 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-07-31 16:35:09 -04:00
Keith Zantow	e2f7befbfb	fix: default image source name to user input (#1979 ) * fix: default image source name to user input Signed-off-by: Keith Zantow <kzantow@gmail.com> * chore: add test Signed-off-by: Keith Zantow <kzantow@gmail.com> --------- Signed-off-by: Keith Zantow <kzantow@gmail.com> v0.86.1	2023-07-31 17:29:18 +00:00
anchore-actions-token-generator[bot]	f14742b3f3	chore(deps): update stereoscope to d1f3d766295ed3c8362ac1be68070e2a1dba4d03 (#1975 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com> v0.86.0	2023-07-31 12:02:33 -04:00
Christopher Angelo Phillips	3aae316456	chore: update to latest commit in tools-golang (#1969 ) * chore: update to latest commit in tools-golang --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-07-27 15:29:22 -04:00
Alex Goodman	063e9da65d	Guess unpinned versions in python requirements.txt (#1966 ) * feat: python requirements.txt parsing inclusive Signed-off-by: manifestori <ori@manifestcyber.com> * refactor: parseVersion Signed-off-by: manifestori <ori@manifestcyber.com> * add python config for optional requirements version constraint resolution Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * allow for python requirements metadata to be optional Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * restore cyclonedx dependency Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: manifestori <ori@manifestcyber.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: manifestori <ori@manifestcyber.com>	2023-07-27 14:26:59 -04:00
dependabot[bot]	bf1102c3f1	chore(deps): bump github.com/vifraa/gopom from 0.2.1 to 0.2.2 (#1965 ) Bumps [github.com/vifraa/gopom](https://github.com/vifraa/gopom) from 0.2.1 to 0.2.2. - [Release notes](https://github.com/vifraa/gopom/releases) - [Commits](https://github.com/vifraa/gopom/compare/v0.2.1...v0.2.2) --- updated-dependencies: - dependency-name: github.com/vifraa/gopom dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-27 13:28:42 -04:00
Alex Goodman	bbd2d42dbb	Fix panic condition on docker pull failure (#1968 ) * [wip] add image pull error handlers Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix panic and ui hang on docker pull failure Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * linter fix Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-07-27 11:32:02 -04:00
Alex Goodman	d84120f499	bump JSON schema to account for simplified python env markers (#1967 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-07-27 14:13:17 +00:00
Keith Zantow	9480f10ccd	feat: support top-level SPDX package and graph (#1934 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-07-26 13:54:32 -04:00
dependabot[bot]	1e4d26f526	chore(deps): bump github.com/go-git/go-git/v5 from 5.8.0 to 5.8.1 (#1959 ) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.8.0 to 5.8.1. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.8.0...v5.8.1) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-26 13:34:03 +00:00
Tristan Farkas	e1c1832f84	Add cataloger for Swift Package Manager. (#1919 ) Signed-off-by: Tristan Farkas <Tristan.Farkas@axis.com>	2023-07-25 14:35:21 -04:00
anchore-actions-token-generator[bot]	9a73380f29	chore(deps): update stereoscope to d515761c6ca2743a67d7d08053db69235ae76d1d (#1953 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-07-25 10:49:21 -04:00
dependabot[bot]	2e718cf865	chore(deps): bump github.com/docker/docker (#1955 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.2+incompatible to 24.0.5+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v24.0.2...v24.0.5) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-25 10:37:16 -04:00
dependabot[bot]	4000a84624	chore(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to 5.8.0 (#1951 ) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.7.0 to 5.8.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.7.0...v5.8.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-24 11:28:54 -04:00

1 2 3 4 5 ...

1563 Commits