A CI failure was observed where a generated file was only partly written
when the CI job immediately tried to read it. Put in an fs.Sync call to
eliminate this flakiness.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* group dependabot updates
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* use directories key
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* migrate to runs-on runners
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* keep validations on x64
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* correct ubuntu arm refs
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bust cache
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* use artifacts api between jobs
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* download individual artifacts
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* troubleshoot artifact upload
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* disable magic cache
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix deps
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* attempt to replicate layout
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* change asset names and remove extras
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* better artifact filters
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* use action to get artifacts working
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add sboms
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* simpler artifacts
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add logging
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove logging
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* make artifacts executable
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* improve workflow dispatch calls
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* attempt to bring down ci times
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update repo path
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* use local config instead of shared one
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* use runner labels instead of config
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* use valid alias
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* use compute instances for build
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* small comment on concurrency
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fixes from review
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove parallelism
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add info command from generated capabilities
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* correct gentoo and arch ecosystems
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* rename os pkg types
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* better binary cataloger description
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* expose metadata and pacakge types in json
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* expose json schema types
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add completeness tests for metadata types
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* latest generation
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix linting
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* improve testing a docs
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix tests and linting
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* restore goreleaser config
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* tweak diagram
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix pdm
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* chore: java binary data
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* new capability descriptions for gguf and python
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* correct poetry lock integrity hash claim
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix compile error
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix: remove purl version from overrides
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* fix lua deps ref
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* keep gguf as ai ecosystem
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* split packages.yaml to multiple files by go package
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* ensure tests do not use go test cache
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* sort json output for info command
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* docs: fix ocaml, php, and portage capabilities yaml
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* chore: update erlang capabilities
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* chore: update java capabilities
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* chore: update javascript capabilities
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* chore: update linux kernel capabilities
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* remove missing tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix package.yaml references
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* revert license list change
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* check for drift in capability descriptions
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* regenerate capabilities
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* test cleanup
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* use fixture cache in static analysis
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* claim fixtures pre-req for cap generation
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update documentation with correct regeneration procedure
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* chore: ruby-gemspec-cataloger finds no dependencies
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* chore: fix python docs and config comment
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* chore: commit re-generated java yaml
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* add cataloger selection to caps command
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* re-generate cap yamls
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix tests for cataloger selection
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix cli test
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add missing tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix linting
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* rename cmd to `cataloger info`
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* [wip] change capability description locations
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* [wip] continued
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* [wip] adjust for import cycles
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* correct docs
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix linting
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* unpin dependencies for package dedup case
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* prevent make from blocking tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add check
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* decompress upx packed binaries
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix linting and remove dead code
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* syft detect embedded deps.json,dotnet , fixed#4344
Signed-off-by: Rez Moss <hi@rezmoss.com>
* [wip] have pe utils process embedded dep.json
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* [wip] add PoC bundler processing
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* [wip] search for bundle marker within pe sections
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* put bundle parsing for multiple .net versions under test
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Rez Moss <hi@rezmoss.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fixed#4316 go mod with ver purl
Signed-off-by: Rez Moss <hi@rezmoss.com>
* go mod purl fixed, added func to handle go.mod
Signed-off-by: Rez Moss <hi@rezmoss.com>
* fix: use module name in PURL string everywhere
Signed-off-by: Keith Zantow <kzantow@gmail.com>
---------
Signed-off-by: Rez Moss <hi@rezmoss.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
* fix:the os of an elf binary should be detected even when the os version is empty
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* chore:revoke the update of appCpe
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* chore:resume the testcase
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* fix:revoke the possible compromise to the json schema
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* fix:align with the json schema
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* add a json schema(pre-relase,may be in conflict with others')
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* chore:add a json schema
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* chore:revert the accidental change to 16.1.0
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* regression/fix:best effort to get the os info
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* chore:resume the previous json file
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* update the schema ver to 16.2.0
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* chore:no breaking behavior
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* chore: follow the guide of the README.md
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* appCpe is temporarily unused
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* preserve json field for osCPE
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
