oss/syft - syft - Sa' Rocí Solutions

oss/syft

mirror of https://github.com/anchore/syft.git synced 2025-11-17 16:33:21 +01:00

Author	SHA1	Message	Date
Keith Zantow	99c3339810	Fix CycloneDX license decoding panic (#898 )	2022-03-18 09:44:51 -04:00
Keith Zantow	f4734d28b3	Fix panic when CycloneDX BOM missing metadata.component (#895 ) v0.42.0	2022-03-17 10:22:35 -04:00
Jonas Xavier	6ef3e45ffc	Use go 1.18 buildinfo to catalog binaries (#827 ) * initial working version Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * added build settings to pkg metadata wip - unit tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * handle mach-O FatFiles Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add support to mod replace fixed golang catalger tests trying GH Actions with go 1.18rc1 Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * log error Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * use go-macholibre for extraction Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * cleaner tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add version to main module Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * check macho file with macholibre Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * run golangci in its own workflow Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip - golangci workflow Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix golangci wf yml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix golangci wf yml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip - golangci wf Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip - golangci wf Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * get arch from bin file headers upgrade macholibre Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * test new stereoscope lazy reader interface Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove devel version from golang cataloger Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * switch github workflows to go1.18 stable Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add union reader interface in golang cataloger update stereoscope Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * simpler golangci validation Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix makefile Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * get archs refactor Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * nolint for golang version Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix go bin tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * golangci nolint needs a \n before package Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * cleanup Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * move golangci-lint to its own jobs again Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix ci yaml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add support for xcoff files add arch assets to test bin file types Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * clean up golangci-lint config Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * nolint for xcoff Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * explain nolints Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove unused xcoff testdata assets Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * make go bin test-fixtures in docker Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix make clean with -f Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * update json output schema Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * update schema version in test fixture Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * explain possible empty main module Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-03-16 17:07:02 -07:00
Keith Zantow	ee0a1d172c	panic parsing cyclonedx (#892 ) v0.41.6	2022-03-16 09:10:44 -04:00
Keith Zantow	b9b3ccecf9	Update register link text (#891 ) v0.41.5	2022-03-15 17:02:33 +00:00
mikey strauss	95271fb10d	NPM PURLs are invalid (#832 ) Signed-off-by: houdini91 <mdstrauss91@gmail.com>	2022-03-15 11:54:33 -04:00
Christopher Angelo Phillips	93d2d57cd3	update README with OSS Meetup information (#890 ) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-03-15 11:37:56 -04:00
Kenny Moens	7cd3201fe9	Support the .be top-level domain (#873 ) Signed-off-by: Kenny Moens <kenny.moens@cipalschaubroeck.be>	2022-03-15 10:59:13 -04:00
Keith Zantow	c7cf8b0b26	Brew install gon failed (#885 ) v0.41.4 v0.41.3	2022-03-11 13:17:57 -05:00
Frankie G-J	44a6e00f7a	Include vendored modules in Go Module package list (#883 ) * include vendored modules in package slice Signed-off-by: Frankie Gallina-Jones <frankieg@vmware.com> * add explanatory comments Signed-off-by: Frankie Gallina-Jones <frankieg@vmware.com>	2022-03-11 12:57:33 -05:00
Keith Zantow	6c8102bf28	Correct CycloneDX distro decoding (#745 )	2022-03-11 09:27:18 -05:00
Keith Zantow	7789506dc6	Experimental GitHub export (#836 ) v0.41.2	2022-03-10 22:38:12 -05:00
Christopher Angelo Phillips	fa03723617	Upgrade vault api from v1.3.1 to v1.4.1 (#878 ) * move v1.3.1 => v1.4.1 * go mod tidy Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-03-09 15:11:07 -05:00
Alex Goodman	2946813a74	RPM Epoch should be optional in the json schema (#880 )	2022-03-09 14:51:43 -05:00
Christopher Angelo Phillips	003d28ad48	Add SchemaVersion to version command output (#877 ) * make JsonSchemaVersion available programmatically via syft version command Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-03-09 13:12:52 -05:00
Alex Goodman	9d9669e62f	Add artifacthub owner (#876 )	2022-03-09 12:50:31 +00:00
Sambhav Kothari	39737a2825	Update cyclonedx to v1.4 (#820 )	2022-03-08 12:09:55 -05:00
cipher-ardvark	f2617285d0	Update yarn.lock parser to support latest (berry v3) format (#868 ) * add test cases for yarn parser regex Signed-off-by: Patrick Glass <patrickglass@gmail.com> * update yarn.lock parser to support yarn berry Add support for Yarn v3 (berry) which changes the output Collapse regex for parsing scoped and non-scoped packages Add tests for the regex to ensure backwards compatability and to catch issues with future changes. Signed-off-by: Patrick Glass <patrickglass@gmail.com> * simplify yarn test expressions Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Patrick Glass <patrickglass@gmail.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2022-03-08 12:07:54 -05:00
Alex Goodman	07d3c9af52	Fix file creation for output options (#875 ) v0.41.1	2022-03-08 15:37:28 +00:00
Alex Goodman	5123f073c7	Update containerd via stereoscope (#870 ) Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com> v0.41.0	2022-03-07 17:37:20 +00:00
Alex Goodman	991af0d857	Include root path in directory resolve index (#869 )	2022-03-07 11:34:16 -05:00
Alex Goodman	a86dd3704e	Add platform selection (#866 )	2022-03-04 22:41:38 +00:00
Alex Goodman	4af32c5bee	Migrate format definitions to sbom package (#864 )	2022-03-04 17:22:40 -05:00
Jonas Xavier	640099ce2e	tiny aligment fix in example template (#867 ) Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-03-04 09:34:05 -08:00
Keith Zantow	b2ab4671b9	Correct SPDX-JSON checksum algorithm (#863 ) v0.40.1	2022-03-03 17:13:13 -05:00
Christopher Angelo Phillips	ad322b3314	bump error language and remove panic (#862 ) * bump error language and remove panic Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-03-03 10:37:18 -05:00
Jonas Xavier	4a8a9ce290	add podman scheme to doc examples (#860 )	2022-03-02 14:39:05 -08:00
Alex Goodman	635904fcb6	Reduce PR check failures (#858 )	2022-03-02 17:51:37 +00:00
Dan Luhring	1e75cb0418	Update to cosign v1.5.2 (#857 ) v0.40.0	2022-03-02 15:09:47 +00:00
Christopher Angelo Phillips	afc0c1acd9	855 attest registry source only (#856 ) Add source.NewFromRegistry function so that the syft attest command can always explicitly ask for an OCIRegistry provider rather than rely on local daemon detection for image sources. Attestation can not be used where local images loaded in a daemon are the source. Digest values for the layer identification step in attestation can sometimes vary across workstations. This fix makes it so that attest is generating an SBOM for, and attesting to, a source that exists in an OCI registry. It should never load a source from a local user docker/podman daemon. Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2022-03-01 23:16:42 -05:00
Keith Zantow	edac8c7bf7	Update CycloneDX to use syft namespace and output multiple CPEs (#849 )	2022-03-01 17:37:52 -05:00
Alex Goodman	d2f28e0eb1	Restore single goreleaser file (#853 )	2022-02-28 14:46:41 +00:00
Alex Goodman	1d1a7de314	Fix goreleaser generated config path (#852 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com> v0.39.3	2022-02-26 07:30:38 -05:00
Alex Goodman	24cd39089a	Share import mac code signing certificate steps for release (#851 ) v0.39.2	2022-02-25 20:07:03 -05:00
Christopher Angelo Phillips	bb3d713b97	cpe generation update (#850 ) * do not allow empty CPE to be returned as part of a packages list Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-02-25 17:06:05 -05:00
Alex Goodman	c89131bcf3	Bump release timeout (#848 ) v0.39.1	2022-02-25 16:32:57 +00:00
Batuhan Apaydın	6c306efed2	Enhance container image labels for ArtifactHub (#839 ) v0.39.0	2022-02-24 11:15:36 -05:00
Alex Goodman	99bb93d0fe	Resolve symlinks when fetching file contents (#782 )	2022-02-24 10:01:59 -05:00
Alex Goodman	7eea98fcc5	Allow for CPE strings that can later be sanitized (#844 )	2022-02-23 15:18:12 -05:00
Christopher Angelo Phillips	256e85bc12	510 - SBOM attestation stdout (#785 ) add syft attest command to produce an attestation as application/vnd.in-toto+json to standard out using on disk PKI Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-02-22 21:45:12 -05:00
Alex Goodman	738b3b60a5	Add exception for handlebars java package to generate nodejs CPE (#837 )	2022-02-22 17:29:28 -05:00
Keith Zantow	20c1d14f6e	Add CycloneDX decoder (#811 )	2022-02-18 11:19:02 -05:00
Jonas Xavier	4b16737b2f	ignore minor parsing error when reading dpkg status files (#786 ) * ignore minor parsing error when reading dpkg status files helps with https://github.com/anchore/syft/issues/733 Question: should we add a smarter parser to guess approximate installed-size value? Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add datasize lib to help dpkg parsing added unit tests to expand coverage of dpkg parsing Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * drop parse error added unit tests to handleNewKeyValue Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * don't return parsing errors from dpkg Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * test higher level functions Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * return parsing err to let cataloger handle it Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * ignore key parsing error log warning with relevant context Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add context info to log lines simpler error assertion Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * use error.As to assert error in chain Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-02-17 14:05:11 -08:00
mikey strauss	e6b5872bc8	Base64 encoder closing (#822 ) Signed-off-by: houdini91 <mdstrauss91@gmail.com>	2022-02-17 13:10:08 -05:00
Dan Luhring	641c44f449	Fix panic in requirements.txt parsing (#834 ) * Stable sort for pipfile.lock parsing Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Adjust python parsing tests to use go-cmp Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Add failing cases for requirements.txt parsing Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Fix failing cases for requirements.txt parsing Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Refactor parseRequirementsTxt Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Fix static-analysis failure Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Fix comment Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2022-02-17 10:00:16 -05:00
Alex Goodman	55c7f3d1e7	Upgrade install.sh to support installations for previous versions (#830 )	2022-02-15 22:23:11 +00:00
Christopher Angelo Phillips	52d2e62cdc	remove duplicate manifest lines (#828 ) v0.38.0	2022-02-15 12:51:02 -05:00
Alex Goodman	51c6eb30f5	bump stereoscope to include functional options (#823 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-02-14 20:40:51 -05:00
Christopher Angelo Phillips	e1e9ccb401	update golang crypto library dependency (#815 ) * bump golang crypto to resolve CVE-2020-29652 Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * go mod tidy Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-02-11 13:36:52 -05:00
Alex Goodman	220f3a24fd	deduplicate SPDX tag-value package IDs (#813 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-02-10 21:18:00 +00:00

... 2 3 4 5 6 ...

1060 Commits