oss/syft - syft - Sa' Rocí Solutions

oss/syft

mirror of https://github.com/anchore/syft.git synced 2025-11-17 16:33:21 +01:00

Author	SHA1	Message	Date
Weston Steimel	d9aa54cd00	support .par for java ecosystems (#727 ) Signed-off-by: Weston Steimel <weston.steimel@gmail.com>	2022-01-04 16:40:27 -05:00
David Shay	697bad02ac	Add arm64 support to install script (#729 ) Signed-off-by: David Shay <davideshay@gmail.com>	2022-01-03 20:28:48 -05:00
Alex Goodman	a18fbacae7	Revert "bump goreleaser to v1.2 (#720 )" (#731 ) This reverts commit 8535ee5b2e0f2c279e8407bfa4ce3d96d37a2fde. Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2022-01-03 15:19:00 +00:00
Sambhav Kothari	7168dc7473	Add a version flag (#722 )	2021-12-23 18:56:07 -05:00
Jonas Galvão Xavier	211b188120	Add lpkg as java package format (#694 ) * add lpkg support to java cataloger linter clean up Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix comment formatting Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add filename test for lpkg Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * commment on lpkg file extension tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix comment typo Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix import format Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * simpler test validation Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2021-12-22 16:34:52 -08:00
Alex Goodman	7f8cb0bd80	remove unstable CLI test (bad binaries) (#721 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com> v0.34.0	2021-12-22 15:55:37 -05:00
Alex Goodman	8535ee5b2e	bump goreleaser to v1.2 (#720 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-12-22 20:37:48 +00:00
Christopher Angelo Phillips	a689fb1213	update cp statement for core_utils_upgrade (#719 ) Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>	2021-12-22 20:01:34 +00:00
Sambhav Kothari	4903b4d73f	Bump syft JSON schema and add v2.0.2 (#716 ) Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net>	2021-12-22 13:55:34 -05:00
Dan Luhring	7de5e1288f	Fix unhelpful error message for oci-archive scheme (#705 ) * Improve error message Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Return error from stereoscope immediately Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Bump version of stereoscope Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Conditionally retry image retrieval Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Update error message for source construction failure Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Update stereoscope Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Retry image pull without predetermined image source Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Add comment to image pull source determination Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2021-12-22 18:53:23 +00:00
Jonas Galvão Xavier	474ed682bc	add version to logs (#715 )	2021-12-21 23:18:49 -08:00
Keith Zantow	b7979dbc7d	exclusions does not need to be variadic (#711 )	2021-12-21 10:13:15 -05:00
Sambhav Kothari	cc20a8f341	Add tests for direct-url information and add it to the output purl (#708 ) * add direct_url.json fields to python metadata Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com> * rename DirectURLOrigin struct; add stub for file Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com> * add detection for direct_url.json Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com> * Add tests for direct-url information and add it to the output purl Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net> * Update golden snapshot ids after adding new python package metadata field Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net> * Add test names for packageurl tests Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net> Co-authored-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>	2021-12-20 15:54:25 -05:00
Keith Zantow	006ba9b557	Add --exclude flag (#695 )	2021-12-20 10:35:25 -05:00
Alex Goodman	a27907659d	Performance improvements around package ID (#698 ) * set package ID in catalogers and improve hashing performance Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update setting ID + tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> v0.33.0	2021-12-16 08:55:53 -05:00
Alex Goodman	727b84ce0d	prefer warning over erroring out when parsing java manifests (#688 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com> v0.32.2	2021-12-14 12:17:05 -05:00
Dan Luhring	85ac5bcbf8	Handle extra empty lines in Java manifest parsing (#687 ) * Add failing test for extra empty lines in manifest Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Handle extra empty lines in Java manifests Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2021-12-14 11:53:50 -05:00
Alex Goodman	3d8c16649d	Fix M1 install (#686 ) * M1 install.sh script should use zip Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add arm64 binary extraction Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-12-14 15:54:46 +00:00
Davide Icardi	ecbfbe6896	update readme for possible output types (#669 ) Signed-off-by: Davide Icardi <davide.icardi@gmail.com>	2021-12-14 07:11:48 -05:00
Jonas Galvão Xavier	d3804d1a82	ignore target link files based on path (#667 ) * ignore target link files based on path log when files are actually indexed add test for sym link resolution golang test nits Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * nil catalog should act like an empty catalog Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove dir path filtering in favor of file type filtering Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * split out addPathToIndex into specialized functions Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add test for nul catalog enumeration Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * conditionally discover MIME types for file based on file resolver index Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * change logging around cataloging Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add tests to cover possible infinite symlink loop for resolver Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com> v0.32.1	2021-12-13 20:49:11 -05:00
Keith Zantow	3a10ca7e6a	Catalog java bundle-version if nothing else found (#677 )	2021-12-13 17:38:25 -05:00
Dan Luhring	f98868b55e	Find Java package versions in additional manifest sections (#673 ) * Add failing test for missing versions Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Look through all named sections for version Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Consistent installation of yajsv Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Adjust output text for test assertion Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2021-12-13 15:39:42 -05:00
Alex Goodman	ab9fe53ff2	Recover from panics from the stdlib when cataloging malformed binaries (#663 ) * recover from panics in stdlib binary parsing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add CLI test to cover regression case Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-12-10 11:49:50 -05:00
Alex Goodman	da0b17b719	Add cataloging of macho multi-architecture binaries (#657 ) * add cataloging within universal binaries Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update json test fixtures Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add comments + correct 32 bit multi arch magic check Signed-off-by: Alex Goodman <alex.goodman@anchore.com> v0.32.0	2021-12-08 16:25:24 -05:00
Alex Goodman	c7752f0f6c	fix panic from reading nonexistent reader (#658 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-12-08 20:28:47 +00:00
Bala Raman	7a359dc16b	Adding AlmaLinux OS Support (#652 ) * Adding AlmaLinux Support Signed-off-by: Bala Raman <srbala@gmail.com> * Adding AlmaLinux Support Signed-off-by: Bala Raman <srbala@gmail.com>	2021-12-07 15:59:31 -05:00
Dan Luhring	7957294b26	Add section for community meetings (#655 ) Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2021-12-06 12:18:34 -05:00
Jonas Galvão Xavier	5374a1dc6f	add cyclone-json output format (#635 ) * add cyclone json format Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * adapt format to sbom.SBOM structure Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * cycloneDX json output with official lib Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add cycloneDX 1.3 schema output in xml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix lints errors Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * tidying go mod Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove cycloneDX 1.2 format Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * update cycloneDX xml schema Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix cyclone according to schema Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * use RFC 2141 URN form of uuid for serial number add schema validation for cycloneDX 1.3 JSON output add yajsv cli for JSON schema validation during tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * tidying go mod up Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go get json schema validator Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * install yajsv without mess with go mod Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * reuse code between cycloneDX json & xml encoders Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add output options for cyclone XML add bom.json to .gitignore Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add cyclone json format Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * adapt format to sbom.SBOM structure Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * cycloneDX json output with official lib Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add cycloneDX 1.3 schema output in xml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix lints errors Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * tidying go mod Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove cycloneDX 1.2 format Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * update cycloneDX xml schema Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix cyclone according to schema Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * use RFC 2141 URN form of uuid for serial number add schema validation for cycloneDX 1.3 JSON output add yajsv cli for JSON schema validation during tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * tidying go mod up Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go get json schema validator Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * install yajsv without mess with go mod Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * reuse code between cycloneDX json & xml encoders Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add output options for cyclone XML add bom.json to .gitignore Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix cyclone12xml removal Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2021-12-03 17:06:23 -08:00
Alex Goodman	22c4b275e7	bump containerd and image-spec (#654 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com> v0.31.0	2021-12-03 16:12:43 +00:00
Alex Goodman	ffccfc8f3f	update stereoscope to bump docker dependency (#648 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-12-02 11:18:00 -05:00
Alex Goodman	5aec918683	reduce relationship noise (#653 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-12-02 09:51:18 -05:00
Alex Goodman	da62387545	Fix SPDX namespace value (#649 ) * fix spdx namespace and add scheme range assertions Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * validate SPDX document name from source metadata Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * comment why namespace tests only check prefix Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-12-02 14:10:40 +00:00
Alex Goodman	21d1738b27	fix directory content fetching (#651 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-12-02 09:02:54 -05:00
Dan Luhring	ed84e43d67	Remove webinar announcement (#650 ) Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2021-12-01 19:07:10 +00:00
Alex Goodman	fe616acd98	directory resolver should account for the proc cwd relative to the root path (#644 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-11-30 15:34:37 -05:00
Blaize Kaye	6af132e088	Adds composer installed.json parser (#643 ) * Adds installed.json functionality and tests Signed-off-by: Blaize Kaye <blaize.kaye@amazee.com> * Adds php-installed-cataloger Signed-off-by: Blaize Kaye <blaize.kaye@amazee.com> * Changes fallback logic Signed-off-by: Blaize Kaye <blaize.kaye@amazee.com> * Adds image tests for installed.json composer packages Signed-off-by: Blaize Kaye <blaize.kaye@amazee.com> * tweak PHP cataloger names Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * unexport PHP types and fix CLI tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rename PHP cataloger file Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2021-11-30 11:36:08 -05:00
Alex Goodman	00206233e6	use smaller jotframe event buffer (#647 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-11-30 11:23:16 -05:00
Alex Goodman	bd9007fc0e	Migrate SPDX-JSON relationships to SBOM model (#634 ) * remove power-user document shape Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add power-user specific fields to syft-json format Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * port remaining spdx-json relationships to sbom model Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add coordinate set Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add SBOM file path helper Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * use internal mimetype helper in go binary cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add new package-of relationship Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update json schema to v2 Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * replace power-user presenter with syft-json format Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix tests and linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove "package-of" relationship (in favor of "contains") Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add tests for spdx22json format encoding enhancements Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update TODO and log entries Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * introduce sbom.Descriptor Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-11-23 14:54:17 -05:00
Alex Goodman	e3b34813d7	ignore partybus unsubscribe errors (#641 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-11-22 16:07:55 -05:00
Dan Luhring	f0b2d81599	Announce meetup on 2021-12-01 (#640 ) Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2021-11-22 10:13:18 -05:00
Christopher Angelo Phillips	0849539729	Update concurrency primitives for relationships in command layer (#639 ) * update concurrency primitives for relationships in command layer Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>	2021-11-20 03:44:17 -05:00
Christopher Angelo Phillips	4f0099583a	promote catalog task pattern to all commands (#636 ) Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>	2021-11-19 13:26:23 -05:00
Alex Goodman	d76c868481	Catalog archive contents for single-file input (#637 ) * add first-level archive processing when input is a file Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add license exception for github.com/xi2/xz Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * always return cleanup function Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * change source.NewFromFile log entry to warn Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * ensure file source always has cleanup function Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * ensure we are always preferring the unarchive cleanup function for source Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-11-19 14:16:25 +00:00
Alex Goodman	e38cde35ed	Introduce minimal source coordinates (#623 ) * split source.Location and create source.Coordinates for minimal path addressing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * move coordinates into separate file Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * Update syft/source/coordinates.go Co-authored-by: Dan Luhring <luhring@users.noreply.github.com>	2021-11-18 18:13:22 +00:00
Alex Goodman	9090c3a772	bump stereoscope, docker, and GGCR (#633 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-11-16 19:43:46 +00:00
Alex Goodman	ef627d82ef	Introduce relationships as first-class objects (#607 ) * migrate pkg.ID and pkg.Relationship to artifact package Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * return relationships from tasks Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix more tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add artifact.Identifiable by Identity() method Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove catalog ID assignment Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * adjust spdx helpers to use copy of packages Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * stabilize package ID relative to encode-decode format cycles Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rename Identity() to ID() Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * use zero value for nils in ID generation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * enable source.Location to be identifiable Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * hoist up package relationship discovery to analysis stage Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update ownership-by-file-overlap relationship description Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add test reminders to put new relationships under test Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * adjust PHP composer.lock parser function to return relationships Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-11-16 14:14:13 -05:00
Christopher Angelo Phillips	45ea4177e8	update SPDX license list => 3.15 (#630 ) * update SPDX license list Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com> v0.30.1	2021-11-15 14:41:46 -05:00
Alex Goodman	e28b7b53b0	bump chronicle to v0.3.0 (#627 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-11-13 18:56:25 -08:00
Christopher Angelo Phillips	fc39710d06	287 - Add retry for image fetch using user's input (#626 ) * add fallback to user input if source hint fails Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com> * refactor for smaller functions Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>	2021-11-12 17:57:04 -05:00
Swathi Gangisetty	e732f419f8	Add new distro and mapping to support Rocky Linux distro identification (#624 ) Signed-off-by: Swathi Gangisetty <swathi@anchore.com>	2021-11-12 13:10:21 -08:00

... 4 5 6 7 8 ...

1060 Commits