oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-22 02:43:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,988 Commits 63 Branches 244 Tags
Commit Graph

454 Commits

Author SHA1 Message Date
Laurent Goderre
a635d66657
Add binary classifier for the ERLang interpretter (#2417) 
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
 2023-12-18 15:00:49 -05:00
Laurent Goderre
51d3cd0066
Add binary classifier for Julia lang (#2427) 
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
 2023-12-18 15:00:21 -05:00
Laurent Goderre
4846639ee4
Add binary detection for PHP composer (#2432) 
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
 2023-12-18 14:59:45 -05:00
anchore-actions-token-generator[bot]
8b9194eb81
chore(deps): update CPE dictionary index (#2442) 
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
 2023-12-18 07:01:21 -05:00
Alex Goodman
4eace4b141
refactor javascript cataloger to use configuration options when creating packages (#2438) 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-12-15 17:11:02 -05:00
Alex Goodman
05660da8d7
use single source of truth for archive options (#2437) 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-12-15 17:07:55 -05:00
Colm O hEigeartaigh
38a12bd91a
Look for a maven version in a pom from a parent dependency management section (#2423) 
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
 2023-12-14 13:15:14 -05:00
Colm O hEigeartaigh
649d152548
Parse Python licenses from LicenseExpression entry in the Wheel Metadata (#2431) 
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
 2023-12-14 12:41:41 -05:00
Colm O hEigeartaigh
d39ef44e40
Parse Python licenses from LicenseFile entry in the Wheel Metadata (#2331) 
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
 2023-12-13 17:46:56 -05:00
Colm O hEigeartaigh
e789e0714d
feat: add the option to retrieve remote licenses for projects defined in a maven pom (#2409) 
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
 2023-12-12 14:02:36 -05:00
anchore-actions-token-generator[bot]
68f35815d6
chore(deps): update CPE dictionary index (#2412) 
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
 2023-12-11 06:35:58 -05:00
Weston Steimel
4d4b502174
fix(java): improve identification for org.codehaus.groovy artifacts (#2404) 
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
 2023-12-08 05:02:01 -05:00
Weston Steimel
ea80f94c0e
fix(java): improve identification for commons-jelly artifacts (#2399) 
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
 2023-12-07 12:28:21 -05:00
Weston Steimel
2c145f70b2
fix(java): improve identification for io.minio artifacts (#2398) 
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
 2023-12-06 16:58:07 -05:00
Weston Steimel
bcc7e90fcc
fix(java): improve identification for com.graphql-java artifacts (#2397) 
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
 2023-12-06 18:04:43 +00:00
Colm O hEigeartaigh
16dee41b4b
feat: add ability to retrieve remote licenses for yarn.lock (#2338) 
---------

Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
 2023-12-05 13:38:28 -05:00
Colm O hEigeartaigh
3ba9df4ff3
Retrieve remote licenses using pom.properties when there is no pom.xml (#2315) 
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
 2023-12-05 09:47:40 -05:00
Weston Steimel
bbf223b2c9
fix(java): improve identification for org.apache.tapestry artifacts (#2384) 
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
 2023-12-04 11:23:40 -05:00
Weston Steimel
b126276f97
fix(java): improve identification for io.ratpack artifacts (#2379) 
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
 2023-12-04 11:23:26 -05:00
Weston Steimel
40d766a257
fix(java): improve identification for org.apache.cassandra artifacts (#2386) 
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
 2023-12-01 10:51:14 -05:00
Weston Steimel
814960f65a
fix(java): improve identification for org.neo4j.procedure artifacts (#2388) 
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
 2023-12-01 10:50:24 -05:00
Weston Steimel
11039f4b4e
fix(java): improve identification for org.elasticsearch artifacts (#2383) 
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
 2023-12-01 09:22:33 -05:00
Weston Steimel
413ffdb233
fix(java): improve identification for org.apache.geode artifacts (#2382) 
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
 2023-12-01 12:48:15 +00:00
Weston Steimel
e53fe51612
fix(java): improve identification for org.apache.tomcat.embed artifacts (#2381) 
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
 2023-12-01 07:13:13 -05:00
Weston Steimel
facbc486a8
fix(java): improve identification for io.projectreactor.netty artifacts (#2378) 
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
 2023-12-01 07:09:06 -05:00
Weston Steimel
5d42a349e6
fix(java): improve identification for org.eclipse.platform artifacts (#2349) 
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
 2023-11-30 16:02:03 -05:00
Alex Goodman
4adfbeb5f0
Generalize UI events for cataloging tasks (#2369) 
* generalize ui events for cataloging tasks

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* moderate review comments

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* incorporate review comments

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* rename cataloger task progress object

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* migrate cataloger task fn to bus helper

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-11-30 16:25:50 +00:00
Keith Zantow
ef5c1651ef
fix: improve dotnet portable executable identification (#2133) 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
 2023-11-29 12:51:24 -05:00
Keith Zantow
f5a6b5a02f
fix: logging level for parsing potential PE files (#2367) 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
 2023-11-29 03:42:22 +00:00
William Murphy
ea4a6747eb
fix: hardcode xalan group ID (#2368) 
According to maven central, the package called "xalan" should just have
the group ID xalan, but currently syft isn't able to find that.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
 2023-11-28 14:40:03 -05:00
Alex Goodman
1cfc4c7387
Normalize cataloger configuration patterns (#2365) 
* normalize cataloger patterns

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* remove central reference for maven configurable

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-11-28 17:02:43 +00:00
Weston Steimel
ebeb768f59
fix: add manual namespace mapping for org.springframework jars (#2345) 
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
 2023-11-21 18:28:10 +00:00
Duane May
d4733fac1d
Add binary classifiers for MySQL and MariaDB (#2316) 
* Add MySQL and MariaDB binary classifiers

Signed-off-by: Duane May <duanemay@gmail.com>
Signed-off-by: Duane May <mduane@vmware.com>

* use smallest possible binary fixtures

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Duane May <duanemay@gmail.com>
Signed-off-by: Duane May <mduane@vmware.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-11-21 16:54:41 +00:00
David Dooling
34774a0e10
Enhance redis binary classifier (#2329) 
Allow existing matcher to match host identifiers longer than 12
characters. The binaries distributed by redis have the version before
payload, so add a matcher for that. Add test fixtures covering these
scenarios.

Signed-off-by: David Dooling <david.dooling@docker.com>
 2023-11-21 16:24:59 +00:00
Weston Steimel
9d766c0325
fix: add manual namespace mapping for org.springframework.security jars (#2343) 
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
 2023-11-21 13:46:34 +00:00
Weston Steimel
5751b43608
fix: add manual namespace mapping for org.bouncycastle jars (#2342) 
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
 2023-11-21 08:17:07 -05:00
Weston Steimel
dcd062cffb
fix(java): add manual groupid mappings for org.apache.velocity jars (#2327) 
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
 2023-11-15 17:44:36 +00:00
Weston Steimel
b9294976ef
fix(java): skip maven bundle plugin logic if vendor id and symbolic name match (#2326) 
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
 2023-11-15 17:44:15 +00:00
Colm O hEigeartaigh
3e8a2304e8
Refine license searching from groupIDFromJavaMetadata to allow for having the artfactId in the groupId (#2313) 
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
 2023-11-15 10:04:31 -05:00
Colm O hEigeartaigh
0652998b9b
Add license for golang stdlib (#2317) 
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
 2023-11-14 11:53:07 -05:00
Colm O hEigeartaigh
7ccbadff34
Fall back to searching maven central using groupIDFromJavaMetadata (#2295) 
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
 2023-11-10 22:02:53 -05:00
Alex Goodman
3f13d209a5
rename file.Location.VirtualPath to AccessPath (#2288) 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-11-09 11:30:08 -06:00
Colm O hEigeartaigh
bae5a2e741
Check maven central as well for licenses in parents poms for nested jars (#2302) 
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
 2023-11-08 10:26:12 -08:00
anchore-actions-token-generator[bot]
4ba92ac43b
chore(deps): update CPE dictionary index (#2290) 
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
 2023-11-06 09:23:24 -05:00
Colm O hEigeartaigh
9fa11f2339
Wire though maven-url to java config (#2291) 
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
 2023-11-06 09:08:03 -05:00
Mark Severson
1470abaded
Use case-insensitive matching for Go license files (#2286) 
Signed-off-by: Mark Severson <mark@kasten.io>
 2023-11-03 14:47:09 -04:00
Colm O hEigeartaigh
2d582f78a1
Add a new Java configuration option to recursively search parent poms… (#2274) 
- Add a new Java configuration option to recursively search parent poms for licenses
---------
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
 2023-11-03 10:33:02 -04:00
Alex Goodman
b2f4d7eda2
Follow convention for naming catalogers (#2277) 
* follow convention for naming catalogers

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix cataloger name example

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-11-02 12:39:42 +00:00
Colm O hEigeartaigh
26cdbfc299
fix: syft does not handle the case of parsing a jar with multiple poms (#2231) 
---------

Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
 2023-11-01 17:10:17 +00:00
Robbie Vanbrabant
dc9bc58480
add PURLs when scanning Gradle lock files (#2278) 
This adds PURLs when scanning Gradle lock files.

Unintuitively the correct PURL type appears to be `maven` as opposed to
`gradle`. See https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst

- `gradle` for Gradle plugins
- `maven` for Maven JARs and related artifacts

Signed-off-by: Robbie Vanbrabant <robbie@monzo.com>
 2023-11-01 13:09:31 -04:00