oss/syft - syft - Sa' Rocí Solutions

oss/syft

mirror of https://github.com/anchore/syft.git synced 2025-11-17 08:23:15 +01:00

Author	SHA1	Message	Date
Christopher Angelo Phillips	204b790012	docs: update docs with new docker specific instructions (#1941 ) * docs: update docs with new docker specific instructions --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Former-commit-id: c67c76e84df84e3e24aa307637d884ca8b7e3eea	2023-07-17 18:19:21 +00:00
Alex Goodman	35699f6fdc	remove jotframe UI (#1932 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-07-13 13:21:52 -04:00
Christopher Angelo Phillips	2e7fd031d4	fix: remove indirect dependency of circl v1.1.0 (#1940 ) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-07-13 12:30:37 -04:00
Christopher Angelo Phillips	32296f5943	chore: move wait before iteration to guarantee read before tea (#1931 ) * chore: move wait before iteration to guarantee read before tea --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-07-12 13:59:31 -04:00
Alex Goodman	4fc17edd14	implement ui handle waiter (#1930 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> v0.85.0	2023-07-12 13:14:54 -04:00
Christopher Angelo Phillips	38efe4ec5f	fix: background reader apart from global handler for testing (#1929 ) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-07-12 12:37:19 -04:00
dependabot[bot]	05a61897f2	chore(deps): bump modernc.org/sqlite from 1.23.1 to 1.24.0 (#1928 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.23.1 to 1.24.0. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.23.1...v1.24.0) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-11 14:01:48 -04:00
James Neate	5a7c200911	fix: allow valid cyclonedx input with no components (#1873 ) fix: allow valid cyclonedx input with no components --------- Signed-off-by: James Neate <jamesmneate@gmail.com> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-07-11 13:56:36 -04:00
Christopher Angelo Phillips	72616db81f	fix: "or-later" suffix updated to consider deprecated "+" operator (#1907 ) * fix: or-later suffix has been updated to consider deprecated + If a given license has the suffix "or-later" it previously could have been considered or represented with a "+". Example "GFDL-1.0-or-later" could have been represented as "GFDL-1.0+". This PR allows the license list generation to consider "or-later" as == to "+" when generating permutations for upgrading deprecated licenses. --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-07-11 16:21:29 +00:00
Avi Deitcher	4ab9f393fc	feat: CLI flag for directory base (#1867 ) Signed-off-by: Avi Deitcher <avi@deitcher.net> Signed-off-by: Keith Zantow <kzantow@gmail.com> Co-authored-by: Keith Zantow <kzantow@gmail.com>	2023-07-10 13:36:41 -04:00
Dan Luhring	9744f4c009	Fix CPE gen for k8s python client (#1921 ) Signed-off-by: Dan Luhring <dluhring@chainguard.dev> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-07-10 15:54:19 +00:00
Christopher Angelo Phillips	d21fa84335	chore: update iterations to protect against race (#1927 ) * chore: update iterations to protect against race --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-07-10 11:44:54 -04:00
anchore-actions-token-generator[bot]	d5d95da3b6	chore(deps): update bootstrap tools to latest versions (#1922 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>	2023-07-10 11:03:09 -04:00
Dan Luhring	c0c089ffd5	fix: Don't use the actual redis or grpc CPEs for gems (#1926 ) Signed-off-by: Dan Luhring <dluhring@chainguard.dev>	2023-07-10 10:24:42 -04:00
Lorenzo Orsatti	376c42893b	fix(install): return with right error code (#1915 ) This resolves #1566. Signed-off-by: Lorenzo Orsatti <49567430+lorsatti@users.noreply.github.com> Co-authored-by: Christopher Phillips <cphillips918@gmail.com>	2023-07-06 16:56:07 -04:00
Dan Luhring	81d8019207	Remove erroneous Java CPEs from generation (#1918 ) Signed-off-by: Dan Luhring <dluhring@chainguard.dev>	2023-07-06 16:12:55 -04:00
dependabot[bot]	8ce88e11fd	chore(deps): bump golang.org/x/net from 0.11.0 to 0.12.0 (#1916 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.11.0 to 0.12.0. - [Commits](https://github.com/golang/net/compare/v0.11.0...v0.12.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-06 16:02:44 -04:00
Alex Goodman	f8b832e6c3	Switch UI to bubbletea (#1888 ) * add bubbletea UI Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * swap pipeline to go 1.20.x and add attest guard for cosign binary Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update note in developing.md about the required golang version Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix merge conflict for windows path handling Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * temp test for attest handler Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add addtional test iterations for background reader Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-07-06 09:00:46 -04:00
DD (Devdatta) Deshpande	a00a3df10c	fix: use filepath.EvalSymlinks if os.Readlink fails to evaluate the link (#1884 ) Signed-off-by: DD (Devdatta) Deshpande <dd@codewits.in> Co-authored-by: Keith Zantow <kzantow@gmail.com>	2023-07-05 14:49:22 -04:00
Alex Goodman	cfbb9f703b	add file source digest support (#1914 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-07-05 13:47:13 -04:00
anchore-actions-token-generator[bot]	6280146c81	chore(deps): update bootstrap tools to latest versions (#1908 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>	2023-07-05 11:06:22 -04:00
dependabot[bot]	e8f7108e6e	chore(deps): bump golang.org/x/mod from 0.11.0 to 0.12.0 (#1912 ) Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.11.0 to 0.12.0. - [Commits](https://github.com/golang/mod/compare/v0.11.0...v0.12.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-05 11:06:05 -04:00
dependabot[bot]	023ca1be32	chore(deps): bump golang.org/x/term from 0.9.0 to 0.10.0 (#1913 ) Bumps [golang.org/x/term](https://github.com/golang/term) from 0.9.0 to 0.10.0. - [Commits](https://github.com/golang/term/compare/v0.9.0...v0.10.0) --- updated-dependencies: - dependency-name: golang.org/x/term dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-05 11:05:46 -04:00
Marco Damiani	2e3c7fa158	doc(readme): add installation section with scoop (#1909 ) Signed-off-by: drazen04 <hangtime23@hotmail.it>	2023-07-03 13:50:01 -04:00
Alex Goodman	4da3be864f	Refactor source API (#1846 ) * refactor source API and syft json source block Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update source detection and format test utils Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * generate list of all source metadata types Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * extract base and root normalization into helper functions Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * preserve syftjson model package name import ref Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * alias should not be a pointer Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-06-30 14:19:16 +00:00
anchore-actions-token-generator[bot]	608dbded06	chore(deps): update bootstrap tools to latest versions (#1905 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>	2023-06-29 14:10:30 -04:00
anchore-actions-token-generator[bot]	791d1f9552	chore(deps): update stereoscope to cd49355d934e9e09339e0b690398afe7bd9f63f1 (#1903 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com> v0.84.1	2023-06-28 12:05:12 -04:00
anchore-actions-token-generator[bot]	e5e97b5c4e	chore(deps): update bootstrap tools to latest versions (#1902 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>	2023-06-28 12:04:39 -04:00
Weston Steimel	8219f8d55b	fix: discover deb file relationships in distroless images (#1901 ) Signed-off-by: Weston Steimel <weston.steimel@anchore.com>	2023-06-28 13:28:20 +01:00
Alex Goodman	026be3c0f1	add oss community board auto-add workflow (#1898 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-06-27 15:53:59 -04:00
anchore-actions-token-generator[bot]	0d4f19043e	chore(deps): update stereoscope to 8c7173ebcf69187d480d4d8b0c6cafaa7aef7024 (#1890 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-06-26 13:58:44 -04:00
anchore-actions-token-generator[bot]	38b47e484c	chore(deps): update bootstrap tools to latest versions (#1894 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>	2023-06-26 13:58:17 -04:00
Stephane Rufer	7943c73d3f	fix: add support for Dart SDK package dependencies (#1891 ) Signed-off-by: Stephane Rufer <1128559+rufman@users.noreply.github.com>	2023-06-23 12:40:46 -04:00
Alex Goodman	25ce245c03	Simplify the SBOM writer interface (#1892 ) * remove sbom.writer bytes call and consolidate helpers to options pkg Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * dont close stdout Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove close operation from multiwriter Signed-off-by: Alex Goodman <alex.goodman@anchore.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2023-06-23 11:21:22 -04:00
Dan Luhring	7de7a7990a	fix: improve version detection in Java archive name parsing (#1889 ) Signed-off-by: Dan Luhring <dluhring@chainguard.dev>	2023-06-22 18:42:10 +00:00
Keith Zantow	f79cb9587f	fix: only output valid cyclonedx license choices (#1879 ) * fix: only output valid cyclonedx license choices Signed-off-by: Keith Zantow <kzantow@gmail.com> * chore: update tests Signed-off-by: Keith Zantow <kzantow@gmail.com> * chore: return nil for emtpty cdx license list Signed-off-by: Keith Zantow <kzantow@gmail.com> --------- Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-06-22 12:05:38 -04:00
Tim Gerla	c27d5b11d4	docs: clarify reasoning of default catalogers for images or directories (#1887 ) Add some explanation around why there are different default sets of catalogers for image scans versus directory scans. Hopefully clarify questions related to #1776. Signed-off-by: Timothy Gerla <tim@gerla.net>	2023-06-20 19:47:50 +00:00
William Murphy	5d54e6e847	Configure chronicle to pre-1.0 mode (#1886 ) Track a chronicle config file that causes chronicle to bump minor version instead of major version in response to the "breaking-change" label for pre-1.0 releases. Signed-off-by: Will Murphy <will.murphy@anchore.com> v0.84.0	2023-06-20 16:08:35 +00:00
Keith Zantow	631d50d038	chore: update SPDX license list to 3.21 (#1885 )	2023-06-20 15:47:02 +00:00
anchore-actions-token-generator[bot]	269006bf04	chore(deps): update bootstrap tools to latest versions (#1880 )	2023-06-20 10:22:18 -04:00
William Murphy	e2ed89f700	Pad artifact IDs (#1882 ) Otherwise the hash can sometimes be short if it results in a low uint64. Signed-off-by: Will Murphy <will.murphy@anchore.com>	2023-06-16 13:26:18 -04:00
dependabot[bot]	badb957888	chore(deps): bump golang.org/x/mod from 0.10.0 to 0.11.0 (#1878 ) Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.10.0 to 0.11.0. - [Commits](https://github.com/golang/mod/compare/v0.10.0...v0.11.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-15 14:10:11 -04:00
dependabot[bot]	a1bba36d51	chore(deps): bump modernc.org/sqlite from 1.23.0 to 1.23.1 (#1874 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.23.0 to 1.23.1. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.23.0...v1.23.1) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> v0.83.1	2023-06-14 11:45:39 -04:00
anchore-actions-token-generator[bot]	c019cd51da	chore(deps): update stereoscope to 5b5049bf4d3a99df9a2b1c31d5d52ddff7b5cec2 (#1871 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-06-14 11:29:39 -04:00
dependabot[bot]	5406d8a366	chore(deps): bump golang.org/x/net from 0.10.0 to 0.11.0 (#1876 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.11.0. - [Commits](https://github.com/golang/net/compare/v0.10.0...v0.11.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-14 10:30:19 -04:00
James Neate	098c255a2d	fix: pom properties not setting artifact id (#1870 ) Signed-off-by: James Neate <jamesmneate@gmail.com>	2023-06-12 09:59:14 -04:00
dependabot[bot]	2c5d64ac9e	chore(deps): bump github.com/spdx/tools-golang from 0.5.1 to 0.5.2 (#1868 ) Bumps [github.com/spdx/tools-golang](https://github.com/spdx/tools-golang) from 0.5.1 to 0.5.2. - [Release notes](https://github.com/spdx/tools-golang/releases) - [Changelog](https://github.com/spdx/tools-golang/blob/main/RELEASE-NOTES.md) - [Commits](https://github.com/spdx/tools-golang/compare/v0.5.1...v0.5.2) --- updated-dependencies: - dependency-name: github.com/spdx/tools-golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-08 17:01:19 -04:00
Avi Deitcher	1764e1c3f6	fix: handle invalid symlinks (#1861 ) Signed-off-by: Avi Deitcher <avi@deitcher.net> v0.83.0	2023-06-05 15:04:14 -04:00
dependabot[bot]	c560ffd811	chore(deps): bump github.com/spdx/tools-golang from 0.5.0 to 0.5.1 (#1850 ) * chore(deps): bump github.com/spdx/tools-golang from 0.5.0 to 0.5.1 Bumps [github.com/spdx/tools-golang](https://github.com/spdx/tools-golang) from 0.5.0 to 0.5.1. - [Release notes](https://github.com/spdx/tools-golang/releases) - [Changelog](https://github.com/spdx/tools-golang/blob/main/RELEASE-NOTES.md) - [Commits](https://github.com/spdx/tools-golang/compare/v0.5.0...v0.5.1) --- updated-dependencies: - dependency-name: github.com/spdx/tools-golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore: update fixtures for spdx with new library changes Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-06-05 15:01:06 -04:00
anchore-actions-token-generator[bot]	7d1b292ad0	chore(deps): update bootstrap tools to latest versions (#1857 ) * chore(deps): update bootstrap tools to latest versions Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-06-05 18:56:04 +00:00

1 2 3 4 5 ...

1508 Commits