oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 08:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
369 Commits 60 Branches 243 Tags
Commit Graph

369 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alfredo Deza
6ae3b47959 tests: update all tests to pass the IDLike value 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-11-10 12:40:50 -05:00
Alfredo Deza
10b55311df presenter: provide ID_LIKE information in json 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-11-10 12:40:17 -05:00
Alfredo Deza
64d5554144 include ID_LIKE in distro detection 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-11-10 12:37:35 -05:00
Alfredo Deza
b3098f3423
Merge pull request #250 from anchore/issue-169 
Add distro information to JSON presenter
v0.6.0 		2020-11-09 14:18:48 -05:00
Alfredo Deza
c2cf4eb7b0 update tests for the new distro information 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-11-09 12:16:00 -05:00
Alfredo Deza
1e79986188 json: update the document to include distro information 
Signed-off-by: Alfredo Deza <adeza@anchore.com>
 2020-11-09 12:16:00 -05:00
Dan Luhring
3699a917fd
Merge pull request #254 from anchore/updates-to-mac-releases 
Updates for macOS release process
 2020-11-06 13:49:54 -05:00
Dan Luhring
501870f89f
Update README for secure macOS releases 
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
 2020-11-06 13:40:31 -05:00
Dan Luhring
c878cc361c
Update install.sh to handle new macOS releases 
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
 2020-11-06 13:39:26 -05:00
Dan Luhring
8fb5b17dbd
Use .Version in place of .Tag for release asset name 
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
 2020-11-06 13:36:02 -05:00
Alex Goodman
b6eb589b78
Merge pull request #251 from anchore/add-rpm-file-info 
Add RPM file info sourced from the RPM DB
 2020-11-06 11:06:34 -05:00
Alex Goodman
6aba2f48d4
split out rpmdb file processing to helper + lint fixes 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-11-06 10:44:27 -05:00
Alex Goodman
0205e72be9
ensure resolvers ignore directories for "FilesBy*" methods 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-11-06 07:21:38 -05:00
Alex Goodman
8095cd9980
add rpmdb file info to cataloger 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-11-06 07:21:23 -05:00
Dan Luhring
ecfc471ce5
Resolve security warning for macOS users (#249) 
* Add support for macOS signing and notarization

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Use Docker to run the changelog generator locally

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
v0.5.1 		2020-11-04 15:47:55 -05:00
Alex Goodman
a52750bdd3
enhance alpine file discovery (#248) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-11-04 09:56:52 -05:00
Alex Goodman
773581704c
bump threshold for inline compare for jenkins image 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
v0.5.0 		2020-10-30 15:14:32 -04:00
Alex Goodman
6e98752c6b
Merge pull request #247 from anchore/syft-java-cataloger-integration 
General Java cataloger enhancements
 2020-10-30 13:55:16 -04:00
Alex Goodman
e2593cd6b7
remove extra fields from the compare script metadata namedtuple 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-10-30 10:59:53 -04:00
Alex Goodman
232cd13035
update tests for enhanced java pkg pairings 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-10-30 10:44:45 -04:00
Alex Goodman
2532928afa
bump java compare testing thresholds 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-10-30 10:06:47 -04:00
Alex Goodman
03dbfb8dfb
improve java name and version extraction as well as parent pkg pairing 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-10-30 08:12:25 -04:00
Alex Goodman
a5cba13ddf
enable more flexible java manifest structure (closer to the spec) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-10-29 16:26:04 -04:00
Alex Goodman
a4f22e65fc
expand compare testing images 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-10-29 13:52:51 -04:00
Alex Goodman
ab45be98b8
append java nested package names to the virtual path 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-10-29 13:52:34 -04:00
Alex Goodman
fc991bc62e
partial java comparison with extra metadata 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-10-29 12:40:49 -04:00
Alex Goodman
1230650771
allow for java manifest data to be optional 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-10-29 11:28:27 -04:00
Alex Goodman
452426d1d6
Merge pull request #245 from anchore/update-java-cataloger-for-engine 
Java cataloger miscellaneous fixes
 2020-10-28 17:36:44 -04:00
Alex Goodman
2675891110
remove parent java package from json && add java manifest section parsing 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-10-28 17:19:06 -04:00
Dan Luhring
bffc4713a7
Update zip archive handling to match globs as expected (#244) 
* Refactor zip file tests

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Add glob support for leading slashes

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Update zip testing to account for glob matching

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Ignore .DS_STORE

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Improve normalization of zip entry names

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Rename zip test helpers file

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
 2020-10-28 16:50:40 -04:00
Alex Goodman
62f6146c37
do not include optional fields 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-10-28 15:58:54 -04:00
Alex Goodman
8bcba7d830
update json schema and test for java virtualPath 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-10-28 15:25:30 -04:00
Alex Goodman
76c8f24090
add java virtual path 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-10-28 13:53:44 -04:00
Alex Goodman
cc466e47da
bump python version for acceptance tests 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-10-27 14:53:52 -04:00
Alex Goodman
f9407d0ce4
Add java/npm to inline comparison (#235) 
* Adds java and npm package comparison
* Adds probable matching of extra packages syft found and missing packages that syft did not find (but inline did). This way there is a section of output that fuzzy-matches the package names to get a better sense of "real" problems (actual missing packages) vs slightly mismatched metadata during troubleshooting.
* Adds a set or probable missing packages to the report based on the probable matches (again, to aid in troubleshooting)
* Fixes image reference clean function to support references with registries
* Only shows metadata differences when the package was found by both inline and syft
* Splits the inline-compare code into more manageable pieces

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-10-27 13:43:36 -04:00
Dan Luhring
f19cb03aa0
Update doublestar to include fix for open dirs issue (#240) 
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
v0.4.1 		2020-10-26 11:19:25 -04:00
Toure Dunnon
076454d7a8
Merge pull request #233 from anchore/javascript_parser_fix_author 
Javascript parser fix author
 2020-10-26 09:30:11 -04:00
Toure Dunnon
7c42a7441c Merge branch 'javascript_parser_fix_author' of https://github.com/anchore/syft into javascript_parser_fix_author 2020-10-23 16:49:51 -04:00
Toure Dunnon
cbb7e00a52 Cleaned up go.mod import. 
Signed-off-by: Toure Dunnon <toure.dunnon@anchore.com>
 2020-10-23 16:44:07 -04:00
Alex Goodman
6eb36bc3c8
allow for optional fields in npm metadata 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-10-23 15:00:55 -04:00
Toure Dunnon
94ffc2caa8 Merge branch 'main' into javascript_parser_fix_author 
Signed-off-by: Toure Dunnon <toure.dunnon@anchore.com>
 2020-10-23 12:05:30 -04:00
Alex Goodman
15e2e32103
Merge pull request #237 from anchore/update-future-plans 
Remove CycloneDX from future plans
v0.4.0 		2020-10-23 11:06:51 -04:00
Alex Goodman
1cdf2b9151
remove cyclonedx from future plans (already implemented) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-10-23 11:05:28 -04:00
Alex Goodman
fd65f363ce
Merge pull request #236 from anchore/fix-acceptance-test-pipeline 
Bootstrap cached dependencies and CI dependencies separately for acceptance tests
 2020-10-23 10:55:24 -04:00
Alex Goodman
103f0617f5
bootstrap cached deps and ci deps separately for acceptance tests 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-10-23 10:42:57 -04:00
Alex Goodman
de2e6a13b8
Merge pull request #234 from anchore/split-python-cataloger-with-cataloger-addition 
Split python cataloger by image/directory scanning + add more metadata
 2020-10-23 10:37:01 -04:00
Alex Goodman
7d55bca0a0
allow for python metadata fields to be optional 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2020-10-23 10:29:52 -04:00
Toure
48c7dee9da included additional support for older npm spec. 
Signed-off-by: Toure <tdunnon@gmail.com>
 2020-10-23 08:50:38 -04:00
Toure
94e448a818 Merge commit '15379d1' into javascript_parser_fix_author 
Signed-off-by: Toure <tdunnon@gmail.com>
 2020-10-22 14:08:33 -04:00
Toure Dunnon
15379d1075 Fix for errors+failures parsing package.json 
closes: #230

Signed-off-by: Toure Dunnon <toure.dunnon@anchore.com>
 2020-10-22 13:58:18 -04:00