* fix: the licenses config was not being carried through causing content to show by default
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
* feat: expose rpm signature information
This helps with more confident identification of an rpm.
In theory, two rpms can be built that have the same purl string, and
otherwise look identical in syft's output, but the PGP information
would distinguish them as signed either by different keys, or signed at
different times.
In practice, this usually makes no difference since rpms tend to have
unique name/version/release strings. This just gives increased
confidence about the identity of the rpm found in the db.
Signed-off-by: Ralph Bean <rbean@redhat.com>
* chore: generate json schema
Signed-off-by: Ralph Bean <rbean@redhat.com>
* re-generate json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* rename to a more generic signature field
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* rename rpm.pgp to rpm.signatures
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* split out signature fields
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bump json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* include RPM archives
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* dont fail on unknown signature type
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Ralph Bean <rbean@redhat.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update fixtures based on ci builds
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix typo
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
This prevents the cpe🅰️redis:redis... from being emitted for the PHP
Pear / PECL package called redis.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* fix: use package id from cyclonedx when provided
Signed-off-by: James Neate <jamesmneate@gmail.com>
* override package IDs from converted SBOMs
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix typo
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove extractSyftID function
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: James Neate <jamesmneate@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add nix DB cataloger
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add derivation path to nix store pkg metadata
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* go mod tidy
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* allow for derivation path to be optional
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* repin build image and disable syscall filtering
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bump storage capacity
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* track nix derivation details on packages
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* image fixture should have derivation examples
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* address comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* Update semver to v3. Fixes#3829
Signed-off-by: Alan Pope <alan.pope@anchore.com>
* use single instance of regex obj
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alan Pope <alan.pope@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
* Add support for PHP Pear and unify PECL with it
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove log statements
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix struct comment
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
* Resolve upstream symlinks correctly
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* in case of the root directory
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* for static analysis check pass
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* add unit test cases for the symlink scenarios
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
---------
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* fix the dpkg files pattern detection
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* consider slash before the path is concatenated
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* add test
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add support for .NET libman files
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix when no libman detected
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add libman.json docs
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* consider child dll claims for .NET packages from deps.json
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* make dll claim propagation configurable
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* Modify the Regex version matcher for golang in the binary classifiers to make it compatible with golang tip images
Signed-off-by: Victor Hu <victorhu493@gmail.com>
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* Preliminary fix the regex matching for golang tip image and add the corresponding unit tests
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* consider VERSION.cache when it comes to golang tip images
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* consider VERSION.cache when it comes to golang tip images
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
---------
Signed-off-by: Victor Hu <victorhu493@gmail.com>
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* We only need to replace the name of a GoLang package when the name is a web link
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* make the detection of a localfile path pattern more easy
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* consider the m.New.Version so the granularity is narrowed
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* to pass the static-analysis
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* to pass the static-analysis
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* add test
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
