* survive indexing branches that start with a bad symlink
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add log statement
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* guess go main module version based on binary contents
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add configuration options for golang main module version heuristics
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix test setup for go bin cataloger
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix unit test
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix incorrect test assert ordering
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* handle error from seek
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* chore: match strconv.ParseInt to file mode type
if a string is parsed into an int using strconv.Atoi,
and subsequently that int is converted into another integer type of a smaller size,
the result can produce unexpected values.
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Previously, Syft represented several metadata fields as map[string]string,
however this representation erased ordering, so Syft now represents these values
as []KeyValue. Add custom unmarshaling so that JSON that was written by
older versions of Syft using the map[string]string representation can be parsed
into the new []KeyValue representation.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Because we generate a new JSON schema file every time the schema version
changes, the git diff always shows that the file is completely new.
Therefore, every time the file is re-generated, also write the schema to
a stable path, so that the actual changes to the schema are easily
visible in the git diff of the latest schema file.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
* Adding the resolved and integrity fields of yarn.lock to the parsed metadata. This addition is similar to the metadata added when parsing package-lock.json.
Signed-off-by: asi-cider <88270351+asi-cider@users.noreply.github.com>
* fix comment
Signed-off-by: asi-cider <88270351+asi-cider@users.noreply.github.com>
* Adding the Index field to metadeta when parsing poetry.lock similarly to the existing Pipfile metadata
Signed-off-by: asi-cider <88270351+asi-cider@users.noreply.github.com>
* fixing struct accoding to tests
Signed-off-by: asi-cider <88270351+asi-cider@users.noreply.github.com>
* remove old schema change
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove empty constants
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* re-generate JSON schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update document ref
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix linting
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: asi-cider <88270351+asi-cider@users.noreply.github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
* Add cataloger for Erlang OTP applications
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
* Add OTP Package type and Purl for ErLang
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
* remove erlang OTP metadata type
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* use OTP purl type
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* restore otp fixture and adjust tests for dir-only results
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add detection of ELF security features
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix linting
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update json schema with file executable data
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update expected fixure when no tty present
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* more detailed differ
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* use json differ
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove json schema addition
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* regenerate json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix mimtype set ref
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* [wip] initial syft api examples
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* smooth over some rough edges in the API
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* embed example file
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* address review comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* change name of builder function
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Syft can get CPEs from several source, including generating them based on
package data, finding them in the NVD CPE dictionary, or finding them declared
in a manifest or existing SBOM. Record where Syft got CPEs so that consumers of
SBOMs can reason about how trustworthy they are.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
