Alex Goodman
58f8c852df
Require ordering of relationships when comparing parser output ( #2160 )
...
* require ordering of relationships when comparing parser output
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* [wip] fix cataloger test
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* change method of relationship sort to simple string dump
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-09-20 17:39:18 +00:00
William Murphy
b8f52d570e
chore: stop unit test switch on host arch ( #2156 )
...
Now that the test fixture pins to a particular digest, there's no need
for platform specific architecture switches in this test.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-09-20 11:45:13 -04:00
dependabot[bot]
ba00f3328d
chore(deps): bump github.com/github/go-spdx/v2 from 2.1.2 to 2.2.0 ( #2158 )
...
Bumps [github.com/github/go-spdx/v2](https://github.com/github/go-spdx ) from 2.1.2 to 2.2.0.
- [Release notes](https://github.com/github/go-spdx/releases )
- [Commits](https://github.com/github/go-spdx/compare/v2.1.2...v2.2.0 )
---
updated-dependencies:
- dependency-name: github.com/github/go-spdx/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-20 10:12:33 -04:00
dependabot[bot]
962ff1ec49
chore(deps): bump tibdex/github-app-token from 2.0.0 to 2.1.0 ( #2157 )
...
Bumps [tibdex/github-app-token](https://github.com/tibdex/github-app-token ) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/tibdex/github-app-token/releases )
- [Commits](0914d50df7...3beb63f4bd
2023-09-20 10:12:13 -04:00
Alex Goodman
40899adb87
use annotated tags, update chronicle, fix cache keys ( #2154 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-09-20 10:11:44 -04:00
Christopher Angelo Phillips
650f71cbe0
chore: update to latest stereoscope ( #2151 )
...
* chore: update to latest stereoscope
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* chore: go mod tidy
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-19 15:22:10 -04:00
dependabot[bot]
30885ed92e
chore(deps): bump github/codeql-action from 2.21.7 to 2.21.8 ( #2150 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.7 to 2.21.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](04daf014b5...6a28655e3d
2023-09-19 14:37:54 -04:00
anchore-actions-token-generator[bot]
51243aa65f
chore(deps): update stereoscope to 41288870305034fade27388afa7326c44eb8ff17 ( #2149 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-09-19 09:07:15 -04:00
Shane Dell
23e3de75e3
Add containerd support ( #1793 )
...
* [wip] add containerd UI handlers
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* Add containerd support
- Add UI handlers (done by @wagoodman)
- Add containerd types and wrappers (done by @wagoodman)
- Add flag for specifying containerd address
Closes #201
Signed-off-by: Shane Dell <shanedell100@gmail.com>
* Fix lint
Signed-off-by: Shane Dell <shanedell100@gmail.com>
* add containerd ui handler
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add containerd scheme to readme
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add test for scheme detection
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Shane Dell <shanedell100@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-09-18 11:33:43 -04:00
Christopher Angelo Phillips
594ba5f295
chore: pin workflow checkout for cpe update-cpe-dictionary-index ( #2141 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-15 16:00:15 -04:00
Alex Goodman
5d48882a78
Add GitHub actions and shared workflow usage catalogers ( #2140 )
...
* add github actions usage cataloger
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update integration and cli tests with github actions sample
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add support for shared workflows
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* split github actions usage cataloger
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add source explanation for github action types
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* a github purl does not always mean the package is a github action
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* keep github action catalogers as dir only catalogers
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-09-15 18:51:21 +00:00
Stefan Profanter
ec4d595920
feat: add dependency information to conan lockfile parser ( #2131 )
...
Signed-off-by: Stefan Profanter <stefan.profanter@agile-robots.com>
2023-09-15 14:31:08 -04:00
Christopher Angelo Phillips
094b41b301
chore: pin and update all workflow dependencies; add permission scopes ( #2138 )
...
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-15 14:18:42 -04:00
William Murphy
2eb2d55551
chore: pin all cli test FROM lines to linux/amd64 ( #2137 )
...
Many of these images have a slightly different sets of packages when the
arm64 variant is pulled, so that leaving this digest unpinned causes the
tests to fail on arm64 hosts. Pin the FROM lines to force stable
platform values regardless of host architecture.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-09-15 12:49:02 -04:00
Keith Zantow
a46d12270f
fix: encode and decode FileLicenses and FileContents in Syft JSON ( #2083 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-09-13 16:14:20 -04:00
Christopher Angelo Phillips
3e16c6813f
feat: add cyclonedx schema version selection ( #2123 )
...
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-13 14:50:22 -04:00
Ahmet Taha
5035d9ca1a
fix: allow cyclonedx json input with no components ( #2127 )
...
Signed-off-by: Ahmet Taha Özdemir <me@ahoz.de>
2023-09-13 13:14:14 -04:00
dependabot[bot]
c21b16d924
chore(deps): bump docker/login-action from 2 to 3 ( #2119 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 2 to 3.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](https://github.com/docker/login-action/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: docker/login-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-13 10:34:19 -04:00
dependabot[bot]
4a2fc226dd
chore(deps): bump github.com/go-git/go-git/v5 from 5.8.1 to 5.9.0 ( #2125 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.8.1 to 5.9.0.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.8.1...v5.9.0 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-13 10:33:47 -04:00
Alex Goodman
7de5643227
fix source-version typo in flag description ( #2126 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-09-13 10:05:24 -04:00
William Murphy
9de4129638
chore: enforce race detector ( #2122 )
...
Previously, there were some data races in syft. Right now, none are
detected, so check for data races on the overall command, and on unit
tests. (Checking for races on integration tests triples the time needed
for those tests, from ~1 minute to ~3 minutes on my workstation, so that
was not done at this time.)
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-09-12 13:09:18 -04:00
anchore-actions-token-generator[bot]
3a45653cfa
chore(deps): update stereoscope to 2fc2d6c2503b6e2212e04c64ceffd57c3395ae70 ( #2117 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-09-12 11:49:20 -04:00
GGMU
b82c0ffc34
fix(help): power-user help text to indicate it supports file-system ( #2113 )
...
Signed-off-by: tomersein <tomersein@gmail.com>
2023-09-11 16:12:04 +00:00
dependabot[bot]
b2be411f77
chore(deps): bump tibdex/github-app-token from 1 to 2 ( #2116 )
...
Bumps [tibdex/github-app-token](https://github.com/tibdex/github-app-token ) from 1 to 2.
- [Release notes](https://github.com/tibdex/github-app-token/releases )
- [Commits](https://github.com/tibdex/github-app-token/compare/v1...v2 )
---
updated-dependencies:
- dependency-name: tibdex/github-app-token
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-11 09:56:22 -04:00
anchore-actions-token-generator[bot]
ec22f4b773
chore(deps): update CPE dictionary index ( #2114 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
2023-09-11 09:42:59 -04:00
anchore-actions-token-generator[bot]
e3c525b4b8
chore(deps): update stereoscope to 057dda3667e7f2b5e6ec6716747badd5f403c6de ( #2109 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-09-08 14:10:00 -04:00
Christopher Angelo Phillips
3842d28e90
fix: update codeql-analysis for go 1.21 ( #2108 )
...
* fix: update codeql-analysis for go 1.21
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* nit: remove comment
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-07 15:54:42 -04:00
dlorenc
9f22ab6137
Bump the golang.org/x/exp dependency and fix a build breakage. ( #2088 )
...
* Bump the golang.org/x/exp dependency and fix a build breakage.
---------
Signed-off-by: Dan Lorenc <dlorenc@chainguard.dev>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-07 14:55:52 -04:00
dependabot[bot]
1315cfd787
chore(deps): bump actions/checkout from 3 to 4 ( #2094 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-07 09:57:51 -04:00
dependabot[bot]
212aa9b6cf
chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.7 to 0.4.10 ( #2106 )
...
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) from 0.4.7 to 0.4.10.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.7...v0.4.10 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-07 09:56:41 -04:00
anchore-actions-token-generator[bot]
46e4ac1474
chore(deps): update bootstrap tools to latest versions ( #2086 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2023-09-07 09:30:44 -04:00
anchore-actions-token-generator[bot]
6800a5f64b
chore(deps): update CPE dictionary index ( #2089 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
2023-09-07 09:30:18 -04:00
dependabot[bot]
9caf51596e
chore(deps): bump github.com/saferwall/pe from 1.4.4 to 1.4.5 ( #2096 )
...
Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe ) from 1.4.4 to 1.4.5.
- [Release notes](https://github.com/saferwall/pe/releases )
- [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md )
- [Commits](https://github.com/saferwall/pe/compare/v1.4.4...v1.4.5 )
---
updated-dependencies:
- dependency-name: github.com/saferwall/pe
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-07 09:29:06 -04:00
dependabot[bot]
7645d5759d
chore(deps): bump github.com/docker/docker ( #2098 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 24.0.5+incompatible to 24.0.6+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v24.0.5...v24.0.6 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-07 09:27:21 -04:00
dependabot[bot]
ce32f8bb74
chore(deps): bump golang.org/x/net from 0.14.0 to 0.15.0 ( #2099 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.14.0 to 0.15.0.
- [Commits](https://github.com/golang/net/compare/v0.14.0...v0.15.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-07 09:26:56 -04:00
Đỗ Trọng Hải
f8ab7c4695
feat(cmd/update): add UA header with current ver when check for update ( #2100 )
...
Signed-off-by: hainenber <dotronghai96@gmail.com>
2023-09-06 11:43:01 -04:00
Đỗ Trọng Hải
305ee87052
fix(cdx): validate external refs before encoding ( #2091 )
...
Signed-off-by: hainenber <dotronghai96@gmail.com>
2023-09-05 14:39:51 +00:00
Alex Goodman
49e7f399f9
expose cobra command in cli package ( #2097 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-09-05 14:33:38 +00:00
William Murphy
007b034ee3
fix: correct group IDs for commons-codec, okhttp, okio, and add integration tests for Java PURL generation ( #2075 )
...
Add overall integration test for java PURL detection.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-08-31 16:57:55 -04:00
Alex Goodman
b454160549
tidy gomod and gitignore ( #2082 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-08-31 14:50:32 +00:00
Alex Goodman
36d794febe
fix quiet flag ( #2081 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-08-31 10:40:11 -04:00
William Murphy
51d38f8e59
fix: in some cases, try to use pom info to guess name and version to top level jar ( #2080 )
...
Otherwise, small renames like 'hudson-war-2.2.1.war' to 'hudson.war', would cause
syft to incorrectly catolog the archive.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-08-31 10:19:55 -04:00
William Murphy
cfebae27f5
fix: don't panic on universal go binaries ( #2078 )
...
If crypto settings or arch cannot be determined, still attempt to catalog packages from
the build info, rather than panicking.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-08-30 08:37:50 -04:00
Keith Zantow
2b7a9d0be3
chore: update CLI to CLIO ( #2001 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-08-29 15:52:26 -04:00
5p2O5pe25ouT
b03e9c6868
Add registry certificate verification support ( #1734 )
...
* add registry certificate verification support
* replace stereoscope version
* modify go.mod
* pull in stereoscope update
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* rename registry cert options, add docs, and add test
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update to account for changes in anchore/stereoscope#195
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix cli tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: lishituo <24578666@qq.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-08-29 11:45:20 -04:00
witchcraze
cedfa05e93
fix: CPE generation for django ( #2068 )
...
Signed-off-by: witchcraze <witchcraze@gmail.com>
2023-08-28 08:28:01 -04:00
Keith Zantow
dd09e0362e
chore: update quill to the latest version ( #2065 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-08-25 20:45:04 +00:00
Keith Zantow
4ae94c37eb
fix: duplicate entries in cyclonedx dependency list ( #2063 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-08-25 12:19:01 -04:00
William Murphy
d08e2be768
Fix panic in pom parsing ( #2064 )
...
A recent update to gopom changed many fields to be omitted when empty,
resulting in a number of nil pointers inside the nested structure of the
pom that previously didn't exist. Defend against these in the search for
the property value.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-08-25 12:04:57 -04:00
William Murphy
faa902209e
Fix: don't validate pom declared group ( #2054 )
...
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-08-24 13:28:40 -04:00
