oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 16:33:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,208 Commits 60 Branches 243 Tags
Commit Graph

1208 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Christopher Angelo Phillips
d2d532f4a8
835 - Keyless Support for SBOM Attestations (#910) 
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
 2022-05-06 18:06:32 -04:00
Christian Kotzbauer
1cea0ecd5c
feat: add initial dotnet-support (#951) 
* feat: add initial dotnet-support

Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>

* fix: add path, sha512 and hashpath

Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>

* fix: add missing dot

Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>

* fix: lint warnings

Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>

* fix CLI test package counts to account for dotnet

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* fix: updated packagurl-go

Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>

* tidy go.sum

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* update json schema

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
 2022-05-05 15:32:02 -04:00
Alex Goodman
d2f053bc71
unblock timeout for power-user select CLI tests (#985) 
* update to use shared secretsFixture to prevent race

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
 2022-05-05 15:12:11 +00:00
Jonas Xavier
2fc344aba4
golang cataloger - main module version as is (#986) 
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
 2022-05-05 00:01:00 -07:00
Steven Maude
8b6c576d78
Fix github-json output option (#967) 
* Fix "bad output format" for `github-json` output

Signed-off-by: Steven Maude <git@stevenmaude.co.uk>

* Update formats in README

Signed-off-by: Steven Maude <git@stevenmaude.co.uk>

* Run `make lint-fix`

Signed-off-by: Steven Maude <git@stevenmaude.co.uk>
 2022-05-04 17:25:40 -07:00
Jonas Xavier
ab289933da
read Go main module version as is - (devel) (#981) 
* read Go main module version as is - (devel)

Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>

* fix package test with default (devel) main module

Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
 2022-05-04 10:47:13 -07:00
Dan Luhring
37927b8b23
reduce logging severity for non-Go binaries (#983) v0.45.1 2022-05-03 09:38:14 -04:00
Christopher Angelo Phillips
03d51c36d0
golang.org/x/crypto upgrade (#979) 2022-05-02 21:33:40 +00:00
Dan Luhring
0bd3558fb2
reduce noise of log output (#976) 2022-05-02 14:54:30 +00:00
Christopher Angelo Phillips
4ce2edda9e
add version info and remove double config call (#977) 2022-05-02 14:54:10 +00:00
Sambhav Kothari
36973021fa
Rename syft-id to package-id (#970) 
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
v0.45.0 		2022-04-29 11:18:45 -04:00
Christian Köberl
7d8ea39ee5
update to cyclonedx-go 0.5.2 (#971) 2022-04-28 10:42:12 -04:00
Christopher Angelo Phillips
6029dd7c2e
refactor command package to remove globals and add dependency injection 2022-04-26 18:23:03 +00:00
Jon McEwen
7304bbf8ee
fix: #953 Derive language from pURL - https://github.com/anchore/syft… (#957) 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
 2022-04-26 11:51:24 -04:00
Rob Dimsdale-Zucker
c270ee2a02
Fix typo in CPE-parsing error (#966) 2022-04-22 12:08:44 -04:00
Alex Goodman
172ecc0d77
Preserve syft IDs on SBOM decode (#963) 2022-04-18 18:10:55 +00:00
Keith Zantow
248023baaf
Update GitHub format package_url and correlator (#961) v0.44.1 2022-04-15 13:00:06 -04:00
Keith Zantow
b7295b79de
Ensure SPDXIDs are valid (#955) 2022-04-14 15:07:23 -04:00
Keith Zantow
321eddf874
Auto-PR needs to run go mod tidy (#958) 2022-04-13 16:30:35 -04:00
Keith Zantow
25bf679f8f
Add workflow for automatic PR for new stereoscope updates (#954) 2022-04-13 13:20:40 -04:00
Keith Zantow
02a8fb6f8c
Minor readme update to correct format information (#948) 2022-04-12 17:16:47 -04:00
Christopher Angelo Phillips
b46d044d7e
Update spdx22json to only take uppercase checksum algorithm (#946) v0.44.0 2022-04-11 14:56:04 -04:00
Weston Steimel
15e45a8ce1
add additional vendors for springframework (#945) 
The Official CPE dictionary currently contains entries for springframework with three different vendors: springsource, vmware, and pivotal_software.  This appears to be because ownership has changed over time.

Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
 2022-04-11 14:38:52 +01:00
Christopher Angelo Phillips
782b2e3348
Add digest property to parent and nested java package metadata (#941) 2022-04-08 15:12:32 -04:00
Alex Goodman
e415bb21e7
Update write permissions and log into ghcr.io for release (#942) v0.43.2 2022-04-06 21:15:55 +00:00
Alex Goodman
748cfbf006
Retry auth URL lookup without docker credentialhelper workaround (#939) v0.43.1 2022-04-06 16:27:13 +00:00
Sambhav Kothari
8bc5d84481
Ensure that all cyclonedx components have bom-refs (#914) 
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
 2022-04-01 12:19:30 -04:00
Alex Goodman
68b7ad9770
Additionally publish docker images to GHCR (#934) 2022-04-01 11:30:21 -04:00
Oscar Hallgren
1aeda6bb50
use filepath.Base() instead of path.Base() for temp files (#882) 2022-04-01 10:42:22 -04:00
Alex Goodman
f24bbc1838
Deduplicate packages across multiple container image layers (#930) v0.43.0 2022-03-31 15:45:51 -04:00
Eric Larssen
cb3e73e308
Add dart support (#919) 
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
 2022-03-31 15:44:55 -04:00
Alex Goodman
f157d7a862
Pull from DockerHub fails for public images when using SSO (#928) 2022-03-30 17:32:49 +00:00
Dan Luhring
028cd9e27e
Fix nil pointer dereference in directory resolver's indexPath method (#924) 
* Add failing test for dir resolver panic

Signed-off-by: Dan Luhring <dan+github@luhrings.com>

* Fix panic

Signed-off-by: Dan Luhring <dan+github@luhrings.com>
 2022-03-28 13:15:09 -04:00
Dan Luhring
5549939cc6
Fixups and clarifications in README (#920) 
Signed-off-by: Dan Luhring <dan+github@luhrings.com>
 2022-03-25 11:36:43 -04:00
briankoe741
47ea910868
Remove announcement for OSS Meetup (#915) 
Proposing changes to remove our 3/23 meetup

Signed-off-by: Dan Luhring <dan+github@luhrings.com>
 2022-03-25 00:17:14 +00:00
Dan Luhring
a7db43f5ec
Fix panic on empty sbom (#917) 
* Implement fmt.Stringer with format.ID

Signed-off-by: Dan Luhring <dan+github@luhrings.com>

* Add failing test for formats processing empty SBOMs

Signed-off-by: Dan Luhring <dan+github@luhrings.com>

* Account for nil SPDX document during Syft model conversion

Signed-off-by: Dan Luhring <dan+github@luhrings.com>
v0.42.4 		2022-03-24 10:11:51 -04:00
Alex Goodman
cc2c0e57a0
bump strset version to fix 386 builds (#911) v0.42.3 2022-03-23 14:34:54 -04:00
Alex Goodman
5253da4b36
Rollback referencing docker config items (#912) 2022-03-23 18:33:41 +00:00
Jonas Xavier
c0b547bdb2
Less verbose logging in Golang Cataloger (#904) 
* Less verbose logging in Golang Cataloger

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* debug for known gray errors

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* only show warnings when a binary is not a go executable

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
v0.42.2 		2022-03-22 10:19:18 -07:00
Alex Goodman
cffcaf5984
Improve docker config support (#906) 2022-03-22 11:02:54 -04:00
Alex Goodman
7f9edf346a
Bump golangci-lint to 1.45.0 (#909) 2022-03-22 11:02:36 -04:00
j-k
a644a45ef4
Correct go.mod to enforce go 1.18 (#897) 
Since syft now depends on debug/buildinfo go 1.18 is required to build
syft and as such go.mod needs updating

Signed-off-by: 06kellyjac <jack@control-plane.io>
 2022-03-21 15:38:32 -04:00
Jonas Xavier
283db88dc4
Omit H1Digest when empty (#902) 
* Omit HD1Field when empty

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* update test-fixtures

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
v0.42.1 		2022-03-21 11:59:10 -07:00
Alex Goodman
03e193e577
Add platform option to the README (#889) 2022-03-21 12:02:15 -04:00
Alex Goodman
069aa68b63
Fix image cleanup when there is an error (#905) 2022-03-21 14:48:11 +00:00
Keith Zantow
9240860f44
Correct ID handling during Syft JSON decoding (#900) 2022-03-18 17:03:26 -04:00
Christopher Angelo Phillips
4231f38fa2
add case to decode GolangBinMetadata for syftjson model (#901) 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
 2022-03-18 15:15:10 -04:00
Dan Luhring
752b03b2d6
Remove commit signing requirement (#899) 
Signed-off-by: Dan Luhring <dan+github@luhrings.com>
 2022-03-18 12:48:00 -04:00
Keith Zantow
99c3339810
Fix CycloneDX license decoding panic (#898) 2022-03-18 09:44:51 -04:00
Keith Zantow
f4734d28b3
Fix panic when CycloneDX BOM missing metadata.component (#895) v0.42.0 2022-03-17 10:22:35 -04:00