oss/syft - syft - Sa' Rocí Solutions

oss/syft

mirror of https://github.com/anchore/syft.git synced 2026-02-12 18:46:41 +01:00

Author	SHA1	Message	Date
Alex Goodman	e5711e9b42	Update CPE processing to use NVD API (#4332 ) * update NVD CPE dictionary processor to use API Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * pass linting with exceptions Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2025-11-06 16:02:26 -05:00
Keith Zantow	a400c675fc	feat: license file search (#4327 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2025-11-03 14:16:05 -05:00
Alex Goodman	d22914baf5	add docs to configs (#4281 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2025-10-14 13:58:31 -04:00
Alex Goodman	d47a6c3a6d	Improve support for cataloging nix package relationships (#3837 ) * add nix DB cataloger Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add derivation path to nix store pkg metadata Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * go mod tidy Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * allow for derivation path to be optional Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * repin build image and disable syscall filtering Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * bump storage capacity Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * track nix derivation details on packages Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * image fixture should have derivation examples Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * address comments Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2025-05-05 15:35:13 +00:00
Keith Zantow	2328b20082	fix: reduce warn levels to debug for non-actionable errors (#3645 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2025-02-07 13:22:55 -05:00
Alex Goodman	11c0b1c234	Unexport types and functions cataloger packages (#2530 ) * unexport as many types and functions from cataloger packages as possible Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * capture type and signature information in convention test Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * check that we return pkg.Cataloger from constructors Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2024-01-24 16:12:46 -05:00
Alex Goodman	cdad5e767a	plumb context through catalogers (#2528 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2024-01-22 15:54:51 -05:00
William Murphy	c6ce1de928	make AllLocations accept a context (#2518 ) The previous implementation would leak a goroutine if the caller of AllLocations stopped iterating early. Now, accept a context so that the caller can cancel the AllLocations iterator rather than leak the goroutine. Signed-off-by: Will Murphy <will.murphy@anchore.com>	2024-01-22 11:05:59 -05:00
Alex Goodman	1cfc4c7387	Normalize cataloger configuration patterns (#2365 ) * normalize cataloger patterns Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * remove central reference for maven configurable Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-11-28 17:02:43 +00:00
Alex Goodman	b2f4d7eda2	Follow convention for naming catalogers (#2277 ) * follow convention for naming catalogers Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix cataloger name example Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-11-02 12:39:42 +00:00
Alex Goodman	1aaa644007	Remove MetadataType from core package object and normalize JSON metadataType values (#1983 ) * [wip] Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * distinct the package metadata functions Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * remove metadata type from package core model Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * incorporate review feedback for names Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add RPM archive metadata and split parser helpers Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * clarify the python package metadata type Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * rename the KB metadata type Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * break hackage and composer types by use case Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * linting fix Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix encoding and decoding for syft-json and cyclonedx Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * bump json schema to 11 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update cyclonedx-json snapshots Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update cyclonedx-xml snapshots Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update spdx-json snapshots Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update spdx-tv snapshots Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update syft-json snapshots Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * correct metadata type in stack yaml parser test Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix bom-ref redactor for cyclonedx-xml Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add tests for legacy package metadata names Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * regenerate json schema v11 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix legacy HackageMetadataType reflect type value check Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix linting Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * packagemetadata discovery should account for type shadowing Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix linting Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix cli tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * bump json schema version to v12 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update json schema to incorporate changes from main Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add syft-json legacy config option Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add tests around v11-v12 json decoding Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add docs for SYFT_JSON_LEGACY Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * rename structs to be compliant with new naming scheme Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-10-30 12:12:04 -04:00
Christopher Angelo Phillips	541c8d339b	1948-filter-pkg-by-type (#2011 ) --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-08-09 16:05:52 -04:00
Christopher Angelo Phillips	466da7cbda	931: binary cataloger exclusion defaults for ownership by overlap (#1948 ) Fixes #931 PR #1948 introduces a new implicit exclusion for binary packages that overlap by file ownership and have certain characteristics: 1) the relationship between packages is OwnershipByFileOverlap 2) the parent package is an "os" package - see changelog for included catalogers 3) the child is a synthetic package generated by the binary cataloger - see changelog for included catalogers 4) the package names are identical --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-08-08 13:00:52 -04:00
Alex Goodman	07e76907f6	Migrate location-related structs to the file package (#1751 ) * migrate location structs to file package Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * replace source.Location refs with file package call Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove hardlink test for file based catalogers Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove hardlink test for all-regular-files testing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * migrate file resolver implementations to separate package Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * [wip] migrate resolvers to internal Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * migrate resolvers to syft/internal Signed-off-by: Alex Goodman <alex.goodman@anchore.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: <>	2023-05-24 17:06:38 -04:00
Alex Goodman	5d156b8241	Add annotations for evidence on package locations (#1723 ) * add location annotations + deb evidence annotations Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rename LocationData struct and Annotation helper function Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add failing integration test for evidence coverage Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add evidence to aplm cataloger locations Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * change location annotation helper to return a location copy Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add evidence to binary cataloger locations Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * updated remaining catalogers with location annotations Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix unit tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump json schema Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * partial addressing of review comments Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rename location.WithAnnotation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2023-04-13 17:02:29 -04:00
Alex Goodman	7464079a09	Add Nix cataloger (#1696 ) * Add Basic Nix Cataloger Signed-off-by: Julio Tain Sueiras <juliosueiras@gmail.com> * Update nix def for the latest syft definition Signed-off-by: Julio Tain Sueiras <juliosueiras@gmail.com> * capture nix package files on pkg.NixStoreMetadata Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix unit tests and linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update JSON schema Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * address review comments Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * Update syft/pkg/cataloger/nix/parse_nix_store_path_test.go Co-authored-by: Florian Klink <flokli@flokli.de> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * support unstable version conventions Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update json schema relative to main branch Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update syft json with v7.1.1 schema Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix CLI tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove extra continue statement Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add Nix to list of supported ecosystems Signed-off-by: Alex Goodman <alex.goodman@anchore.com> --------- Signed-off-by: Julio Tain Sueiras <juliosueiras@gmail.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Julio Tain Sueiras <juliosueiras@gmail.com> Co-authored-by: Florian Klink <flokli@flokli.de>	2023-04-04 10:53:56 -04:00

16 Commits