* Add ruby.NewGemSpecCataloger to DirectoryCatalogers.
Signed-off-by: Evan <chaol@vmware.com>
* fixed tests
Signed-off-by: Evan <chaol@vmware.com>
* Addressed review comment
Signed-off-by: Evan <chaol@vmware.com>
* Remove NewInstalledGemSpecCataloger from default dir catalogers
Because the files that the installed gemspec cataloger work off of are a
subset of the files that the more general gemspec cataloger will work
off of, we shouldn't have both of them on by default, since this could
result in finding the same package twice.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
---------
Signed-off-by: Evan <chaol@vmware.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Co-authored-by: Will Murphy <will.murphy@anchore.com>
* label PRs when the json schema changes
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* moderate pr comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* be more strict about processing file names
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* added download locatoin (resolved) when cataloging a directory - javascript ecosystem- npm - packag-lock
Signed-off by Auston(Aoxiang) Zhang <auston.zhang@dal.ca>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* chore: get DCO to fire
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Auston-Zhang <ax706429@dal.ca>
* fix: allow packages to be captured from DIST/EGG case
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: update expected glob paths
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* account for maven bundle plugin and fix filename matching
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add in-repo jar tests based on metadata to cover #2130
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* tests: fix test merge commit
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
* remove internal string set
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* incorporate changes from #2227
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* beef up the pkg.License.Merg() doc string
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* survive invalid input in swift parser
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add empty file
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* Add additional license filenames
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
* add comment about the license list being manually updated
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add relationships for deb packages
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update snapshots
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bump json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* small refactor to remove duplicate code
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* Parse the Maven license from the pom.xml if not contained in the manifest
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
* chore: restore 10.0.2 schema
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* chore: generate new 11.0.1 schema
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* refactor: remove schema change
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: update unit tests to align with new pattern
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* chore: pr feedback
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* chore: remove struct tags
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* keep license name and url semantics preserved on the pkg object
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
* refine the docs for building a cataloger
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* incorporate comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
adds a unique synthetic package to the SBOM output that represents the go compiler when it is detected as a part of a package discovered by the go binary cataloger.
When using an SBOM generated by syft - downstream vulnerability scanners now have the opportunity to detect/report on the PURL/CPEs attached to the new stdlib package.
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Previously, which PURL was generated depended on the order of key iteration
in maps. Also update an integ test that was apparently only passing because
of the previous issue.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
* dont show the title in the release notes
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* dont upload assets on the release pipeline
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bump action-slack action to v3.15.1
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove custom go mod and build cache
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
