oss/syft - syft - Sa' Rocí Solutions

oss/syft

mirror of https://github.com/anchore/syft.git synced 2025-11-20 09:53:16 +01:00

Author	SHA1	Message	Date
anchore-actions-token-generator[bot]	4edfa4d138	chore(deps): update CPE dictionary index (#3599 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>	2025-01-21 11:43:59 -05:00
Dominik Schmidt	19a75fe504	feat(golang): add license parsing from vendor dirs (#3522 ) Signed-off-by: Dominik Schmidt <dev@dominik-schmidt.de> Signed-off-by: Keith Zantow <kzantow@gmail.com> Co-authored-by: Keith Zantow <kzantow@gmail.com>	2025-01-17 20:25:05 -05:00
Christopher Angelo Phillips	8198a706d6	chore: bump packageurl-go with new parsing rules (#3596 ) * chore: bump packageurl-go with new parsing rules * test: update expectedPURL in unit tests to match new % encoding --------- Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>	2025-01-17 16:20:14 -05:00
Bert Coppens	512319337f	feat: add cataloger for NuGet packages (#3484 ) * add cataloger for dotnet packages.lock.json files Signed-off-by: Kemosabert <bert.coppens14@gmail.com> * add entry for dotnet packages.lock files Signed-off-by: Kemosabert <bert.coppens14@gmail.com> * add unit test for dotnet packages.lock cataloger Signed-off-by: Kemosabert <bert.coppens14@gmail.com> * add test for faulty packages.lock.json file Signed-off-by: Kemosabert <bert.coppens14@gmail.com> * add missing name metadata Signed-off-by: Kemosabert <bert.coppens14@gmail.com> * ensure package appears with version Signed-off-by: Kemosabert <bert.coppens14@gmail.com> * add example of conflicting dependencies Signed-off-by: Kemosabert <bert.coppens14@gmail.com> * fix linting Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * bump json schema and fix tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * move section Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Kemosabert <bert.coppens14@gmail.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2025-01-16 14:57:17 -05:00
GGMU	6b2d73d4b7	allow disabling all package catalogers (#3468 ) Signed-off-by: tomersein <tomersein@gmail.com>	2025-01-16 13:03:54 -05:00
anchore-actions-token-generator[bot]	da62caee3d	chore(deps): update CPE dictionary index (#3583 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>	2025-01-15 12:11:46 -05:00
Keith Zantow	a2a56dd3e9	fix: golang remote license search not executing when error reading local mod dir (#3549 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2025-01-06 11:47:55 -05:00
anchore-actions-token-generator[bot]	dc01c5d052	chore(deps): update CPE dictionary index (#3565 )	2025-01-06 11:15:13 -05:00
Alex Goodman	cbce129bb9	Use reader when scanning for package versions over reading entire binary into memory (#3558 ) * use streaming readers Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * replace redis search patterns Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * address PR feedback Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2025-01-02 22:12:37 +00:00
anchore-actions-token-generator[bot]	1f4a48c3c1	chore(deps): update tools to latest versions (#3556 ) * chore(deps): update tools to latest versions Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore: update build scripts with new architecture suffix Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> * chore: update suffix for new ppc64 arch Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> * chore(deps): update tools to latest versions Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore: lintfix Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>	2025-01-02 16:18:47 -05:00
anchore-actions-token-generator[bot]	5c47568362	chore(deps): update CPE dictionary index (#3550 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>	2025-01-02 09:25:13 -05:00
anchore-actions-token-generator[bot]	453c429c5c	chore(deps): update CPE dictionary index (#3544 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>	2024-12-23 09:37:58 -05:00
anchore-actions-token-generator[bot]	397eb9c10a	chore(deps): update CPE dictionary index (#3526 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>	2024-12-16 10:37:35 -05:00
William Murphy	445142886e	fix: stop omitting redundantly parenthesized licenses in CDX formatter (#3517 ) Previously, a bug in the formatter would cause SPDX expressions that were surrounded in redundant parentheses to be dropped instead of normalized. Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>	2024-12-11 10:06:08 -05:00
Christopher Angelo Phillips	561ed50c2d	chore: migrate syft to use the anchore fork of archiver without replace (#3516 ) --------- Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>	2024-12-10 13:33:24 -05:00
Christopher Angelo Phillips	f9e320c5b7	fix: convert file paths for spdx formats from absolute to relative (#3509 ) * feat: convert file paths for spdx formats from absolute to relative --------- Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>	2024-12-09 13:02:54 -05:00
anchore-actions-token-generator[bot]	cd0900e758	chore(deps): update CPE dictionary index (#3507 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>	2024-12-09 09:54:52 -05:00
Alex Goodman	340b5e17f0	Add relationships for rust audit binary packages (#3500 ) * add rust audit binary pkg relationships Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix linting Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2024-12-06 09:23:18 -05:00
William Murphy	4adb56d2fe	fix order of rust dependencies and support git sources in Cargo.lock dependencies (#3502 ) * fix: un-reverse Cargo.lock dependencies Previously, dependencyOf was pointing the wrong way. Use dependency specification helpers to build the dependency graph. Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com> * feat: parse Cargo.lock git dependency relationships Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com> --------- Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>	2024-12-06 13:38:36 +00:00
Christopher Angelo Phillips	48190233f4	fix: emit NOASSERTION for copyright text to fix SPDX 2.2 validation failure (#3495 ) * fixes issue #3346 Signed-off-by: Fearkin <fearjin1@gmail.com> * chore: update schema and unit tests to reflect new copyright property Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> * chore: revert schema changes Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> * fix: noassert copyright on spdx root package Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com> * test: explicitly test spdx 2.2 with tools-java validator Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com> * test: update snapshot files Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com> --------- Signed-off-by: Fearkin <fearjin1@gmail.com> Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com> Co-authored-by: Fearkin <fearjin1@gmail.com> Co-authored-by: Will Murphy <willmurphyscode@users.noreply.github.com>	2024-12-04 14:58:36 -05:00
anchore-actions-token-generator[bot]	0e880e83e6	chore(deps): update CPE dictionary index (#3491 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>	2024-12-02 11:14:28 -05:00
anchore-actions-token-generator[bot]	ec5f3169db	chore(deps): update CPE dictionary index (#3479 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>	2024-11-27 10:17:34 -05:00
witchcraze	2118295f19	fix: dart classifier for 2.x and ARM (#3475 ) Signed-off-by: witchcraze <witchcraze@gmail.com>	2024-11-22 13:05:09 -05:00
Adam McClenaghan	21df38798e	Use file indexer directly when scanning with file source (#3333 ) * Use file indexer when scanning with file source Prevents filesystem walks when scanning a single file, to optimise memory & scan times in case the scanned file lives in a directory containing many files. Signed-off-by: adammcclenaghan <adam@mcclenaghan.co.uk> * Create filetree resolver Shared behaviour for resolving indexed filetrees. Signed-off-by: adammcclenaghan <adam@mcclenaghan.co.uk> --------- Signed-off-by: adammcclenaghan <adam@mcclenaghan.co.uk>	2024-11-22 11:53:53 -05:00
Christopher Angelo Phillips	f4cad63da1	3122 valid license url characters (#3449 ) * chore: strip unwanted characters from license URL --------- Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>	2024-11-19 15:34:58 +00:00
Christopher Angelo Phillips	e7b65c2c58	3030 license declared spdx correction (#3461 ) * feat: update hasExtractedLicense field to include license-ref candidates --------- Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>	2024-11-19 15:00:59 +00:00
anchore-actions-token-generator[bot]	d91150edea	chore(deps): update CPE dictionary index (#3453 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>	2024-11-18 08:33:41 -05:00
William Murphy	bc35345afb	feat: emit dependency relationships found in Cargo.lock (#3443 ) * feat: emit dependency relationships found in Cargo.lock Include updating test Cargo.lock to have dependencies on multiple versions of the same crate. Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>	2024-11-14 16:45:00 -05:00
witchcraze	066aadb4d1	update node classifier (#3419 ) Signed-off-by: witchcraze <witchcraze@gmail.com>	2024-11-12 08:38:43 -05:00
anchore-actions-token-generator[bot]	7c6483f84a	chore(deps): update CPE dictionary index (#3429 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>	2024-11-12 08:36:41 -05:00
Christopher Angelo Phillips	8a41d77250	chore: prevent file resolver from bubbling errors in binary cataloger (#3410 ) Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> Signed-off-by: Keith Zantow <kzantow@gmail.com> Co-authored-by: Keith Zantow <kzantow@gmail.com>	2024-11-04 20:23:27 +00:00
anchore-actions-token-generator[bot]	849e325408	chore(deps): update CPE dictionary index (#3414 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>	2024-11-04 10:13:22 -05:00
Joel Rudsberg	fcf1350a0e	feat: support dependencies and purl for Native Image SBOMs (#3399 ) Signed-off-by: Joel Rudsberg <joel.rudsberg@oracle.com>	2024-10-31 12:12:54 -04:00
Nathan Voss	a55b71d4ef	feat: exclude devDependencies from package-lock.json parsing (#3371 ) Signed-off-by: Nathan Voss <njvoss299@gmail.com> Signed-off-by: Keith Zantow <kzantow@gmail.com> Co-authored-by: Keith Zantow <kzantow@gmail.com>	2024-10-30 12:02:27 -04:00
Keith Zantow	798c18a698	fix: stack overflow in spyingIoReadCloser (#3392 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2024-10-29 08:23:57 -04:00
Keith Zantow	1118ac4ace	fix: bad pom files may cause infinite loop (#3391 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2024-10-28 18:09:04 -04:00
anchore-actions-token-generator[bot]	c7c036660c	chore(deps): update CPE dictionary index (#3387 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>	2024-10-28 08:03:08 -04:00
Keith Zantow	a00533c836	feat: Java dependency graph information (#3363 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2024-10-23 11:17:34 -04:00
Nathan Voss	b505317e10	Expanded dpkg cataloger globs (#3373 ) Signed-off-by: Nathan Voss <njvoss299@gmail.com>	2024-10-23 14:59:28 +00:00
Alex Goodman	e4e985b9b0	Create single license scanner for all catalogers (#3348 ) * add single license scanner instance Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * rename testing license scanner Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2024-10-21 16:17:12 +00:00
anchore-actions-token-generator[bot]	e38825a0a2	chore(deps): update CPE dictionary index (#3358 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>	2024-10-21 10:04:25 -04:00
Alex Goodman	56dbb342ef	update to latest packageurl-go (#3347 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2024-10-18 14:47:02 -04:00
Weston Steimel	5b9601d9c6	fix: use official CPE for linux kernel (#3343 ) Signed-off-by: Weston Steimel <commits@weston.slmail.me>	2024-10-17 12:01:40 +00:00
Weston Steimel	d7194bb00f	fix: improve mariadb binary classifer to detect older versions (#3339 ) With older versions of mariadb the binary name was `mysql`, so this adjusts the binary classifier to additionally search for the expected version pattern in `mysql` binaries. Signed-off-by: Weston Steimel <commits@weston.slmail.me>	2024-10-16 12:43:50 -04:00
William Murphy	754cebee64	fix: stop some log.Warn spam due parsing an empty string as a CPE (#3330 ) * chore: don't try to parse empty string as CPE Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com> * chore: improve OS name and version extraction from ELF metadata Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com> --------- Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>	2024-10-15 08:50:47 -04:00
anchore-actions-token-generator[bot]	f6e5405eb8	chore(deps): update CPE dictionary index (#3323 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>	2024-10-14 09:42:20 -04:00
Weston Steimel	e962c10da7	fix: improve go binary semver extraction for traefik (#3325 ) Improves the go cataloger semver extraction logic to include getting the release version of traefik. This is based off of the regex pattern that already existed in the traefik binary classifier. Signed-off-by: Weston Steimel <commits@weston.slmail.me>	2024-10-14 09:41:34 -04:00
Keith Zantow	ccbee94b87	feat: report unknowns in sbom (#2998 ) Signed-off-by: Keith Zantow <kzantow@gmail.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2024-10-07 16:11:37 -04:00
anchore-actions-token-generator[bot]	27ee203495	chore(deps): update CPE dictionary index (#3302 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>	2024-10-07 15:20:12 -04:00
Piotr Radkowski	3b9c55d28b	Fix: Parse package.json with non-standard fields in 'author' section (#3300 ) * Improved parsing of package.json 'author' section Signed-off-by: Piotr Radkowski <piotr.radkowski@contractors.roche.com> * test: parse 'package.json' files with non-standard fields in author section Signed-off-by: Piotr Radkowski <piotr.radkowski@contractors.roche.com> --------- Signed-off-by: Piotr Radkowski <piotr.radkowski@contractors.roche.com> Co-authored-by: Piotr Radkowski <piotr.radkowski@contractors.roche.com>	2024-10-07 10:26:04 -04:00

... 2 3 4 5 6 ...

1206 Commits