oss/syft - syft - Sa' Rocí Solutions

oss/syft

mirror of https://github.com/anchore/syft.git synced 2025-11-17 16:33:21 +01:00

Author	SHA1	Message	Date
anchore-actions-token-generator[bot]	d5d95da3b6	chore(deps): update bootstrap tools to latest versions (#1922 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>	2023-07-10 11:03:09 -04:00
Dan Luhring	c0c089ffd5	fix: Don't use the actual redis or grpc CPEs for gems (#1926 ) Signed-off-by: Dan Luhring <dluhring@chainguard.dev>	2023-07-10 10:24:42 -04:00
Lorenzo Orsatti	376c42893b	fix(install): return with right error code (#1915 ) This resolves #1566. Signed-off-by: Lorenzo Orsatti <49567430+lorsatti@users.noreply.github.com> Co-authored-by: Christopher Phillips <cphillips918@gmail.com>	2023-07-06 16:56:07 -04:00
Dan Luhring	81d8019207	Remove erroneous Java CPEs from generation (#1918 ) Signed-off-by: Dan Luhring <dluhring@chainguard.dev>	2023-07-06 16:12:55 -04:00
dependabot[bot]	8ce88e11fd	chore(deps): bump golang.org/x/net from 0.11.0 to 0.12.0 (#1916 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.11.0 to 0.12.0. - [Commits](https://github.com/golang/net/compare/v0.11.0...v0.12.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-06 16:02:44 -04:00
Alex Goodman	f8b832e6c3	Switch UI to bubbletea (#1888 ) * add bubbletea UI Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * swap pipeline to go 1.20.x and add attest guard for cosign binary Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update note in developing.md about the required golang version Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix merge conflict for windows path handling Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * temp test for attest handler Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add addtional test iterations for background reader Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-07-06 09:00:46 -04:00
DD (Devdatta) Deshpande	a00a3df10c	fix: use filepath.EvalSymlinks if os.Readlink fails to evaluate the link (#1884 ) Signed-off-by: DD (Devdatta) Deshpande <dd@codewits.in> Co-authored-by: Keith Zantow <kzantow@gmail.com>	2023-07-05 14:49:22 -04:00
Alex Goodman	cfbb9f703b	add file source digest support (#1914 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-07-05 13:47:13 -04:00
anchore-actions-token-generator[bot]	6280146c81	chore(deps): update bootstrap tools to latest versions (#1908 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>	2023-07-05 11:06:22 -04:00
dependabot[bot]	e8f7108e6e	chore(deps): bump golang.org/x/mod from 0.11.0 to 0.12.0 (#1912 ) Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.11.0 to 0.12.0. - [Commits](https://github.com/golang/mod/compare/v0.11.0...v0.12.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-05 11:06:05 -04:00
dependabot[bot]	023ca1be32	chore(deps): bump golang.org/x/term from 0.9.0 to 0.10.0 (#1913 ) Bumps [golang.org/x/term](https://github.com/golang/term) from 0.9.0 to 0.10.0. - [Commits](https://github.com/golang/term/compare/v0.9.0...v0.10.0) --- updated-dependencies: - dependency-name: golang.org/x/term dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-05 11:05:46 -04:00
Marco Damiani	2e3c7fa158	doc(readme): add installation section with scoop (#1909 ) Signed-off-by: drazen04 <hangtime23@hotmail.it>	2023-07-03 13:50:01 -04:00
Alex Goodman	4da3be864f	Refactor source API (#1846 ) * refactor source API and syft json source block Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update source detection and format test utils Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * generate list of all source metadata types Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * extract base and root normalization into helper functions Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * preserve syftjson model package name import ref Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * alias should not be a pointer Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-06-30 14:19:16 +00:00
anchore-actions-token-generator[bot]	608dbded06	chore(deps): update bootstrap tools to latest versions (#1905 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>	2023-06-29 14:10:30 -04:00
anchore-actions-token-generator[bot]	791d1f9552	chore(deps): update stereoscope to cd49355d934e9e09339e0b690398afe7bd9f63f1 (#1903 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com> v0.84.1	2023-06-28 12:05:12 -04:00
anchore-actions-token-generator[bot]	e5e97b5c4e	chore(deps): update bootstrap tools to latest versions (#1902 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>	2023-06-28 12:04:39 -04:00
Weston Steimel	8219f8d55b	fix: discover deb file relationships in distroless images (#1901 ) Signed-off-by: Weston Steimel <weston.steimel@anchore.com>	2023-06-28 13:28:20 +01:00
Alex Goodman	026be3c0f1	add oss community board auto-add workflow (#1898 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-06-27 15:53:59 -04:00
anchore-actions-token-generator[bot]	0d4f19043e	chore(deps): update stereoscope to 8c7173ebcf69187d480d4d8b0c6cafaa7aef7024 (#1890 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-06-26 13:58:44 -04:00
anchore-actions-token-generator[bot]	38b47e484c	chore(deps): update bootstrap tools to latest versions (#1894 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>	2023-06-26 13:58:17 -04:00
Stephane Rufer	7943c73d3f	fix: add support for Dart SDK package dependencies (#1891 ) Signed-off-by: Stephane Rufer <1128559+rufman@users.noreply.github.com>	2023-06-23 12:40:46 -04:00
Alex Goodman	25ce245c03	Simplify the SBOM writer interface (#1892 ) * remove sbom.writer bytes call and consolidate helpers to options pkg Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * dont close stdout Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove close operation from multiwriter Signed-off-by: Alex Goodman <alex.goodman@anchore.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2023-06-23 11:21:22 -04:00
Dan Luhring	7de7a7990a	fix: improve version detection in Java archive name parsing (#1889 ) Signed-off-by: Dan Luhring <dluhring@chainguard.dev>	2023-06-22 18:42:10 +00:00
Keith Zantow	f79cb9587f	fix: only output valid cyclonedx license choices (#1879 ) * fix: only output valid cyclonedx license choices Signed-off-by: Keith Zantow <kzantow@gmail.com> * chore: update tests Signed-off-by: Keith Zantow <kzantow@gmail.com> * chore: return nil for emtpty cdx license list Signed-off-by: Keith Zantow <kzantow@gmail.com> --------- Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-06-22 12:05:38 -04:00
Tim Gerla	c27d5b11d4	docs: clarify reasoning of default catalogers for images or directories (#1887 ) Add some explanation around why there are different default sets of catalogers for image scans versus directory scans. Hopefully clarify questions related to #1776. Signed-off-by: Timothy Gerla <tim@gerla.net>	2023-06-20 19:47:50 +00:00
William Murphy	5d54e6e847	Configure chronicle to pre-1.0 mode (#1886 ) Track a chronicle config file that causes chronicle to bump minor version instead of major version in response to the "breaking-change" label for pre-1.0 releases. Signed-off-by: Will Murphy <will.murphy@anchore.com> v0.84.0	2023-06-20 16:08:35 +00:00
Keith Zantow	631d50d038	chore: update SPDX license list to 3.21 (#1885 )	2023-06-20 15:47:02 +00:00
anchore-actions-token-generator[bot]	269006bf04	chore(deps): update bootstrap tools to latest versions (#1880 )	2023-06-20 10:22:18 -04:00
William Murphy	e2ed89f700	Pad artifact IDs (#1882 ) Otherwise the hash can sometimes be short if it results in a low uint64. Signed-off-by: Will Murphy <will.murphy@anchore.com>	2023-06-16 13:26:18 -04:00
dependabot[bot]	badb957888	chore(deps): bump golang.org/x/mod from 0.10.0 to 0.11.0 (#1878 ) Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.10.0 to 0.11.0. - [Commits](https://github.com/golang/mod/compare/v0.10.0...v0.11.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-15 14:10:11 -04:00
dependabot[bot]	a1bba36d51	chore(deps): bump modernc.org/sqlite from 1.23.0 to 1.23.1 (#1874 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.23.0 to 1.23.1. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.23.0...v1.23.1) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> v0.83.1	2023-06-14 11:45:39 -04:00
anchore-actions-token-generator[bot]	c019cd51da	chore(deps): update stereoscope to 5b5049bf4d3a99df9a2b1c31d5d52ddff7b5cec2 (#1871 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-06-14 11:29:39 -04:00
dependabot[bot]	5406d8a366	chore(deps): bump golang.org/x/net from 0.10.0 to 0.11.0 (#1876 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.11.0. - [Commits](https://github.com/golang/net/compare/v0.10.0...v0.11.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-14 10:30:19 -04:00
James Neate	098c255a2d	fix: pom properties not setting artifact id (#1870 ) Signed-off-by: James Neate <jamesmneate@gmail.com>	2023-06-12 09:59:14 -04:00
dependabot[bot]	2c5d64ac9e	chore(deps): bump github.com/spdx/tools-golang from 0.5.1 to 0.5.2 (#1868 ) Bumps [github.com/spdx/tools-golang](https://github.com/spdx/tools-golang) from 0.5.1 to 0.5.2. - [Release notes](https://github.com/spdx/tools-golang/releases) - [Changelog](https://github.com/spdx/tools-golang/blob/main/RELEASE-NOTES.md) - [Commits](https://github.com/spdx/tools-golang/compare/v0.5.1...v0.5.2) --- updated-dependencies: - dependency-name: github.com/spdx/tools-golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-08 17:01:19 -04:00
Avi Deitcher	1764e1c3f6	fix: handle invalid symlinks (#1861 ) Signed-off-by: Avi Deitcher <avi@deitcher.net> v0.83.0	2023-06-05 15:04:14 -04:00
dependabot[bot]	c560ffd811	chore(deps): bump github.com/spdx/tools-golang from 0.5.0 to 0.5.1 (#1850 ) * chore(deps): bump github.com/spdx/tools-golang from 0.5.0 to 0.5.1 Bumps [github.com/spdx/tools-golang](https://github.com/spdx/tools-golang) from 0.5.0 to 0.5.1. - [Release notes](https://github.com/spdx/tools-golang/releases) - [Changelog](https://github.com/spdx/tools-golang/blob/main/RELEASE-NOTES.md) - [Commits](https://github.com/spdx/tools-golang/compare/v0.5.0...v0.5.1) --- updated-dependencies: - dependency-name: github.com/spdx/tools-golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore: update fixtures for spdx with new library changes Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-06-05 15:01:06 -04:00
anchore-actions-token-generator[bot]	7d1b292ad0	chore(deps): update bootstrap tools to latest versions (#1857 ) * chore(deps): update bootstrap tools to latest versions Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-06-05 18:56:04 +00:00
Christopher Angelo Phillips	f07581f504	Pr 1825 (#1865 ) chore: code cleanup Signed-off-by: guoguangwu <guoguangwu@magic-shield.com> --------- Signed-off-by: guoguangwu <guoguangwu@magic-shield.com> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: guoguangwu <guoguangwu@magic-shield.com>	2023-06-05 17:01:00 +00:00
dependabot[bot]	d676e5e781	chore(deps): bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 (#1862 ) Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.2 to 1.9.3. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](https://github.com/sirupsen/logrus/compare/v1.9.2...v1.9.3) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-05 10:48:18 -04:00
dependabot[bot]	903d29b6f7	chore(deps): bump modernc.org/sqlite from 1.22.1 to 1.23.0 (#1863 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.22.1 to 1.23.0. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.22.1...v1.23.0) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-05 10:47:59 -04:00
Keith Zantow	79a955b1a9	feat: source-version flag (#1859 )	2023-06-05 10:36:34 -04:00
dependabot[bot]	1bd9de9047	chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 (#1851 ) Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.15.0 to 1.16.0. - [Release notes](https://github.com/spf13/viper/releases) - [Commits](https://github.com/spf13/viper/compare/v1.15.0...v1.16.0) --- updated-dependencies: - dependency-name: github.com/spf13/viper dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-01 08:35:14 -04:00
Avi Deitcher	68f8df9594	accept main.version ldflags even without vcs (#1855 ) Signed-off-by: Avi Deitcher <avi@deitcher.net>	2023-06-01 08:34:46 -04:00
James Neate	c69cdd9f4a	feat: add scope to pom properties (#1779 ) * feat: add scope to pom properties Signed-off-by: James Neate <jamesmneate@gmail.com> * fix: fixed conflict with schema bump Signed-off-by: James Neate <jamesmneate@gmail.com> --------- Signed-off-by: James Neate <jamesmneate@gmail.com>	2023-06-01 12:22:29 +00:00
dependabot[bot]	5842fc2a64	chore(deps): bump github.com/stretchr/testify from 1.8.3 to 1.8.4 (#1852 ) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.3 to 1.8.4. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.3...v1.8.4) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-30 13:48:54 -04:00
dependabot[bot]	f0307fdd62	chore(deps): bump github.com/docker/docker (#1849 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.1+incompatible to 24.0.2+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v24.0.1...v24.0.2) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-26 16:08:20 -04:00
Alex Goodman	74013d7da7	Add test to ensure package metadata is represented in the JSON schema (#1841 ) * [wip] try to reflect metadata types... probably wont work Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * refactor to add unit test to ensure there is coverage in the schema Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * [wip] generate metadata container Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add generation of metadata container struct for JSON schema generation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update linter script to account for code generation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2023-05-25 13:26:56 -04:00
Alex Goodman	6afbffce28	Fix directory resolver to consider CWD and root path input correctly (#1840 ) * [wip] put in initial fix Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * capture expected behavior of dir resolver in tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update tests + comments to reflect current dir resolver behavior Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add additional test cases Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix additional tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix bad merge conflict resolution Signed-off-by: Alex Goodman <alex.goodman@anchore.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2023-05-25 13:41:18 +00:00
Alex Goodman	07e76907f6	Migrate location-related structs to the file package (#1751 ) * migrate location structs to file package Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * replace source.Location refs with file package call Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove hardlink test for file based catalogers Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove hardlink test for all-regular-files testing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * migrate file resolver implementations to separate package Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * [wip] migrate resolvers to internal Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * migrate resolvers to syft/internal Signed-off-by: Alex Goodman <alex.goodman@anchore.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: <>	2023-05-24 17:06:38 -04:00

1 2 3 4 5 ...

1596 Commits