* Vcpkg cataloger for vcpkg "Manifest Mode"
Find and parse vcpkg-lock.json to get HEAD commit hash
Signed-off-by: Gabriel Rau <gabetrau@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* just use local vcpkg git repo if it exists, clone it if it doesn't
Signed-off-by: Gabriel Rau <gabetrau@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* Config opt for git remote clones for vcpkg and README update
Signed-off-by: Gabriel Rau <gabetrau@gmail.com>
* Look in vcpkg cache git repo for custom git repos
Signed-off-by: Gabriel Rau <gabetrau@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add triplet to metadata and support overlay-ports from config file
Signed-off-by: Gabriel Rau <gabetrau@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* Add PURL to packages (not sure if this is correct)
Signed-off-by: Gabriel Rau <gabetrau@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* flatten structs in pkg module and move vcpkg structs to resolver
Signed-off-by: Gabriel Rau <gabetrau@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* account for overriden versions in toplevel manifest
Signed-off-by: Gabriel Rau <gabetrau@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* generate json schema for vcpkg metadata
Signed-off-by: Gabriel Rau <gabetrau@gmail.com>
* test for basic vcpkg project
dependencies for vcpkg registry to be pulled in
add tree hashes and use correct git hash in builtin-baseline for helloworld test
vcpkg-registry for testing that uses object hashes from syft repo
fix broken tests
Signed-off-by: Gabriel Rau <gabetrau@gmail.com>
* formatting
Signed-off-by: Gabriel Rau <gabetrau@gmail.com>
* fix static-analysis violations
Signed-off-by: Gabriel Rau <gabetrau@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix integration test failure
Signed-off-by: Gabriel Rau <gabetrau@gmail.com>
* remove uneeded files from vcpkg test fixture and use custom registry
Signed-off-by: Gabriel Rau <gabetrau@gmail.com>
* change vcpkg registry to anchore one
Signed-off-by: Gabriel Rau <gabetrau@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* purl spec based on open PR
Signed-off-by: Gabriel Rau <gabetrau@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* generate-json-schema
Signed-off-by: Gabriel Rau <gabetrau@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* rebased and generate json schema 16.0.40
Signed-off-by: Gabriel Rau <gabetrau@gmail.com>
* address low hanging fruit
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* handle additional comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* migrate to testdata
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* improve docs and testing
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix static analysis
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove license from pkg metadata
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix capabilities claim
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Gabriel Rau <gabetrau@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Yoonho Hann <hnnynh125@gmail.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
* feat: Add dependency parsing to javascript package locks
Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com>
* Bump schema version
Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com>
* Add support for yarn and pnpm, excl. yarn v1
Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com>
* Add support for dependencies for v1 yarn lock files
Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com>
* Ensure schema is correctly generated
Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com>
* Fix tests
Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com>
* PR feedback
Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com>
---------
Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com>