William Murphy
0c71bf23c5
docs: clearer deprecation message for --file ( #3310 )
...
It's not clear to users that they shoudl use --output FORMAT=PATH
instead of --file. Directly suggest the FORMAT=PATH syntax.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2024-10-10 13:11:45 -04:00
Alan Pope
b62b0cb800
[docs] Add mastodon link to README.md ( #3306 )
...
Hello friends.
This follows the same pattern as the other badges at the top of the readme. It adds the mastodon link to the Syft account.
This also means that the link back here from the Mastodon account's profile page will show as 'Validated' once landed, which gives more authenticity to the account.
Signed-off-by: Alan Pope <alan.pope@anchore.com>
2024-10-10 15:28:55 +01:00
anchore-actions-token-generator[bot]
223a52d07e
chore(deps): update stereoscope to 5bc91bf166769e43d8d0f86c02e877c55eb04aed ( #3313 )
2024-10-10 06:03:55 -04:00
dependabot[bot]
5d068f30c0
chore(deps): bump actions/cache from 4.1.0 to 4.1.1 ( #3312 )
2024-10-10 06:01:06 -04:00
dependabot[bot]
5d165e0230
chore(deps): bump github/codeql-action from 3.26.11 to 3.26.12 ( #3307 )
2024-10-09 08:07:36 -04:00
dependabot[bot]
56ed131247
chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 ( #3308 )
2024-10-09 08:07:14 -04:00
dependabot[bot]
37c179b530
chore(deps): bump actions/upload-artifact from 4.4.0 to 4.4.1 ( #3309 )
2024-10-09 08:06:49 -04:00
Keith Zantow
ccbee94b87
feat: report unknowns in sbom ( #2998 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-10-07 16:11:37 -04:00
dependabot[bot]
4d7ed9f749
chore(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0 ( #3299 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.6.0 to 3.7.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/v3.6.0...v3.7.0 )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-07 15:21:34 -04:00
anchore-actions-token-generator[bot]
4c4e5cb06c
chore(deps): update stereoscope to efa76446cc1c7e6c4117350943a2754b2453aec4 ( #3301 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-10-07 15:21:26 -04:00
dependabot[bot]
8b6159dbd8
chore(deps): bump golang.org/x/net from 0.29.0 to 0.30.0 ( #3304 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.29.0 to 0.30.0.
- [Commits](https://github.com/golang/net/compare/v0.29.0...v0.30.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-07 15:20:38 -04:00
dependabot[bot]
7b30ce15d7
chore(deps): bump actions/cache from 4.0.2 to 4.1.0 ( #3305 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.0.2 to 4.1.0.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](0c45773b62...2cdf405574
2024-10-07 15:20:29 -04:00
anchore-actions-token-generator[bot]
27ee203495
chore(deps): update CPE dictionary index ( #3302 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-10-07 15:20:12 -04:00
Piotr Radkowski
3b9c55d28b
Fix: Parse package.json with non-standard fields in 'author' section ( #3300 )
...
* Improved parsing of package.json 'author' section
Signed-off-by: Piotr Radkowski <piotr.radkowski@contractors.roche.com>
* test: parse 'package.json' files with non-standard fields in author section
Signed-off-by: Piotr Radkowski <piotr.radkowski@contractors.roche.com>
---------
Signed-off-by: Piotr Radkowski <piotr.radkowski@contractors.roche.com>
Co-authored-by: Piotr Radkowski <piotr.radkowski@contractors.roche.com>
2024-10-07 10:26:04 -04:00
dependabot[bot]
25f5c6729f
chore(deps): bump github/codeql-action from 3.26.10 to 3.26.11 ( #3298 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.10 to 3.26.11.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](e2b3eafc8d...6db8d6351f
2024-10-05 09:25:01 -04:00
William Murphy
0d457142cc
chore: add pull request template ( #3294 )
...
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2024-10-05 09:05:11 -04:00
anchore-actions-token-generator[bot]
fc8457418a
chore(deps): update tools to latest versions ( #3296 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-10-05 07:32:32 -04:00
Alex Goodman
13c6876906
Track supporting DPKG evidence ( #3228 )
...
* add dpkg evidence support
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* use path over filepath
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-10-04 11:07:29 -04:00
William Murphy
770fdc53ea
Fix: make failed CPE validation correctly return error ( #2762 )
...
* Test CPE attributes correctly returns error
Previously, this method incorrectly return an empty Attributes object
and a nil error, leading to callers attempting to use the empty
attributes object.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
* chore: merge with main and refactor call that relied on old nil behavior
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
* test: add test to cover new OSCPE err pattern
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---------
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-10-03 16:42:57 -04:00
dependabot[bot]
32c0d1e673
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.9 to 6.6.0 ( #3293 )
...
Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty ) from 6.5.9 to 6.6.0.
- [Release notes](https://github.com/jedib0t/go-pretty/releases )
- [Commits](https://github.com/jedib0t/go-pretty/compare/v6.5.9...v6.6.0 )
---
updated-dependencies:
- dependency-name: github.com/jedib0t/go-pretty/v6
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-03 10:14:13 -04:00
witchcraze
263ea6b1bb
feat: update haproxy classifier ( #3277 )
...
Signed-off-by: witchcraze <witchcraze@gmail.com>
2024-10-02 15:10:39 -04:00
anchore-actions-token-generator[bot]
cc4f62b3d4
chore(deps): update tools to latest versions ( #3291 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-10-02 09:07:25 -04:00
Niv Govrin
dbad17de9e
fix: don't use builtin scanner in licensecheck ( #3290 )
...
Signed-off-by: Niv Govrin <nivgo@oligosecurity.io>
2024-10-01 13:53:54 -04:00
anchore-actions-token-generator[bot]
93beceb4a2
chore(deps): update CPE dictionary index ( #3288 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-10-01 10:50:15 -04:00
dependabot[bot]
9b242b0309
chore(deps): bump github/codeql-action from 3.26.9 to 3.26.10 ( #3289 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.9 to 3.26.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](461ef6c76d...e2b3eafc8d
2024-10-01 10:48:46 -04:00
witchcraze
f5f8005fe0
update redis classifier ( #3281 )
...
* update redis classifier
Signed-off-by: witchcraze <witchcraze@gmail.com>
* Remove snippets to pass Validation.
In this case, 9000 byte was required...
Signed-off-by: witchcraze <witchcraze@gmail.com>
2024-09-30 15:37:47 -04:00
witchcraze
2a3d171c10
fix: improve node classifier version matching ( #3284 )
...
Signed-off-by: witchcraze <witchcraze@gmail.com>
2024-09-27 08:53:35 -04:00
witchcraze
1a746b2c05
fix: update ruby classifier for -rc, -dev, etc. versions ( #3285 )
...
Signed-off-by: witchcraze <witchcraze@gmail.com>
2024-09-27 08:51:50 -04:00
anchore-actions-token-generator[bot]
e37c4686c2
chore(deps): update CPE dictionary index ( #3262 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-09-26 13:49:18 -04:00
dependabot[bot]
5393cd5dec
chore(deps): bump github.com/docker/docker ( #3264 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 27.3.0+incompatible to 27.3.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v27.3.0...v27.3.1 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-26 13:49:02 -04:00
dependabot[bot]
f9ef9cf1dc
chore(deps): bump github/codeql-action from 3.26.8 to 3.26.9 ( #3275 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.8 to 3.26.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](294a9d9291...461ef6c76d
2024-09-26 13:48:45 -04:00
anchore-actions-token-generator[bot]
16122eb32d
chore(deps): update stereoscope to dc10ea61fd18efa45b516eda4de8bc19d8322429 ( #3280 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-09-26 13:48:33 -04:00
dependabot[bot]
39b2bf5518
chore(deps): bump actions/checkout from 4.1.7 to 4.2.0 ( #3283 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.7 to 4.2.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](692973e3d9...d632683dd7
2024-09-26 13:48:12 -04:00
Alex Goodman
d7005d7d8c
add awaiting response management ( #3272 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-09-25 08:56:21 -04:00
Christian Dupuis
92c1ddec5a
fix: correct excluded mount point comparison to file paths ( #3269 )
...
Signed-off-by: Christian Dupuis <cd@docker.com>
2024-09-24 17:05:16 -04:00
Alex Goodman
01de99b253
Add JVM cataloger ( #3217 )
...
* add jvm cataloger
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* simplify version selection
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* CPEs from JVM cataloger should be declared
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* ensure package overlap is enabled for sensitive use cases
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* more permissive glob
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-09-23 17:21:38 -04:00
Laurent Goderre
7815d8e4d9
feat: classifier for Dart lang binaries ( #3265 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-09-23 14:21:31 -04:00
Alex Goodman
963ea594c8
Add compliance policy for empty name and version ( #3257 )
...
* add policy for empty name and version
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* default stub version
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* modifying ids requires augmenting relationships
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-09-20 12:50:47 -04:00
dependabot[bot]
60bbd24031
chore(deps): bump github.com/github/go-spdx/v2 from 2.3.1 to 2.3.2 ( #3254 )
...
Bumps [github.com/github/go-spdx/v2](https://github.com/github/go-spdx ) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/github/go-spdx/releases )
- [Commits](https://github.com/github/go-spdx/compare/v2.3.1...v2.3.2 )
---
updated-dependencies:
- dependency-name: github.com/github/go-spdx/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-20 10:50:16 -04:00
dependabot[bot]
7c12e3f3b3
chore(deps): bump peter-evans/create-pull-request from 7.0.3 to 7.0.5 ( #3255 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.3 to 7.0.5.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](6cd32fd936...5e914681df
2024-09-20 10:50:03 -04:00
dependabot[bot]
9b5cf1db51
chore(deps): bump github/codeql-action from 3.26.7 to 3.26.8 ( #3256 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.7 to 3.26.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8214744c54...294a9d9291
2024-09-20 10:49:55 -04:00
anchore-actions-token-generator[bot]
a08ea86aa6
chore(deps): update tools to latest versions ( #3259 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-09-20 10:49:37 -04:00
dependabot[bot]
98c96ce361
chore(deps): bump github.com/docker/docker ( #3260 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 27.2.1+incompatible to 27.3.0+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v27.2.1...v27.3.0 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-20 10:49:22 -04:00
Krystian G.
6a95a5f2ed
feat: add binary classifiers for lighttp, proftpd, zstd, xz, gzip, jq, and sqlcipher ( #3252 )
...
* feat: detect lighttpd binaries
Signed-off-by: Krystian Gorny <krystian.gorny@wipotec.com>
* feat: detect proftpd binaries
Signed-off-by: Krystian Gorny <krystian.gorny@wipotec.com>
* feat: detect zstd binaries
Signed-off-by: Krystian Gorny <krystian.gorny@wipotec.com>
* feat: detect xz utils binarie
Signed-off-by: Krystian Gorny <krystian.gorny@wipotec.com>
* feat: detect gzip binaries
Signed-off-by: Krystian Gorny <krystian.gorny@wipotec.com>
* feat: detect sqlcipher binaries
Signed-off-by: Krystian Gorny <krystian.gorny@wipotec.com>
* feat: detect jq binaries
Signed-off-by: Krystian Gorny <krystian.gorny@wipotec.com>
* add tests + snippets
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Krystian Gorny <krystian.gorny@wipotec.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Krystian Gorny <krystian.gorny@wipotec.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-09-19 13:21:02 +00:00
Krystian G.
cb0de97bc3
fix: capture-snippet.sh can handle leading whitespaces now ( #3249 ) ( #3250 )
...
Signed-off-by: Gorny Krystian <krystian.gorny@wipotec.com>
Co-authored-by: Gorny Krystian <krystian.gorny@wipotec.com>
2024-09-19 09:15:54 -04:00
anchore-actions-token-generator[bot]
50016c3172
chore(deps): update tools to latest versions ( #3251 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-09-19 09:15:12 -04:00
anchore-actions-token-generator[bot]
a2f12fef0c
chore(deps): update tools to latest versions ( #3247 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-09-18 13:13:24 -04:00
anchore-actions-token-generator[bot]
7934696463
chore(deps): update tools to latest versions ( #3243 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-09-17 12:30:07 -04:00
dependabot[bot]
b9efac4d78
chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.0 to 0.9.1 ( #3242 )
...
Bumps [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go ) from 0.9.0 to 0.9.1.
- [Release notes](https://github.com/CycloneDX/cyclonedx-go/releases )
- [Changelog](https://github.com/CycloneDX/cyclonedx-go/blob/master/.goreleaser.yml )
- [Commits](https://github.com/CycloneDX/cyclonedx-go/compare/v0.9.0...v0.9.1 )
---
updated-dependencies:
- dependency-name: github.com/CycloneDX/cyclonedx-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-16 11:54:12 -04:00
dependabot[bot]
48c1c45d12
chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7 ( #3241 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.6 to 3.26.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](4dd16135b6...8214744c54
2024-09-16 11:54:01 -04:00
