* remove existing cataloging API
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add file cataloging config
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add package cataloging config
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add configs for cross-cutting concerns
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* rename CLI option configs to not require import aliases later
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update all nested structs for the Catalog struct
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update Catalog cli options
- add new cataloger selection options (selection and default)
- remove the excludeBinaryOverlapByOwnership
- deprecate "catalogers" flag
- add new javascript configuration
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* migrate relationship capabilities to separate internal package
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* refactor golang cataloger to use configuration options when creating packages
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* create internal object to facilitate reading from and writing to an SBOM
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* create a command-like object (task) to facilitate partial SBOM creation
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add cataloger selection capability
- be able to parse string expressions into a set of resolved actions against sets
- be able to use expressions to select/add/remove tasks to/from the final set of tasks to run
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add package, file, and environment related tasks
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update existing file catalogers to use nested UI elements
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add CreateSBOMConfig that drives the SBOM creation process
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* capture SBOM creation info as a struct
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add CreateSBOM() function
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update docs with SBOM selection help + breaking changes
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix multiple override default inputs
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix deprecation flag printing to stdout
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* refactor cataloger selection description to separate object
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* address review comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* keep expression errors and show specific suggestions only
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* address additional review feedback
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* address more review comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* addressed additional PR review feedback
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix file selection references
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove guess language data generation option
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add tests for coordinatesForSelection
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* rename relationship attributes
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add descriptions to relationships config fields
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* improve documentation around configuration options
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add explicit errors around legacy config entries
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Fixes#931
PR #1948 introduces a new implicit exclusion for binary packages that overlap by file ownership and have certain characteristics:
1) the relationship between packages is OwnershipByFileOverlap
2) the parent package is an "os" package - see changelog for included catalogers
3) the child is a synthetic package generated by the binary cataloger - see changelog for included catalogers
4) the package names are identical
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
this PR makes the following changes to update the underlying license model to have more expressive capabilities
it also provides some guarantee's surrounding the license values themselves
- Licenses are updated from string -> pkg.LicenseSet which contain pkg.License with the following fields:
- original `Value` read by syft
- If it's possible to construct licenses will always have a valid SPDX expression for downstream consumption
- the above is run against a generated list of SPDX license ID to try and find the correct ID
- SPDX concluded vs declared is added to the new struct
- URL source for license is added to the new struct
- Location source is added to the new struct to show where the expression was pulled from
