oss/syft - syft - Sa' Rocí Solutions

oss/syft

mirror of https://github.com/anchore/syft.git synced 2025-11-19 09:23:15 +01:00

Author	SHA1	Message	Date
Keith Zantow	79a955b1a9	feat: source-version flag (#1859 )	2023-06-05 10:36:34 -04:00
Alex Goodman	07e76907f6	Migrate location-related structs to the file package (#1751 ) * migrate location structs to file package Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * replace source.Location refs with file package call Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove hardlink test for file based catalogers Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove hardlink test for all-regular-files testing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * migrate file resolver implementations to separate package Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * [wip] migrate resolvers to internal Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * migrate resolvers to syft/internal Signed-off-by: Alex Goodman <alex.goodman@anchore.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: <>	2023-05-24 17:06:38 -04:00
Idan Frimark	087a6356b9	chore: return both failures when failed to retrieve an image with a scheme (#1801 ) Signed-off-by: Idan Frimark <idanf@cisco.com>	2023-05-23 10:32:12 -04:00
Alex Goodman	334a775cb9	Keep original FileInfo persisted on file.Metadata structs (#1794 ) * pull in fileinfo changes from stereoscope #172 Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix CLI test assumption about the docker daemon Signed-off-by: Alex Goodman <alex.goodman@anchore.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: <>	2023-05-19 14:21:10 +00:00
Christopher Angelo Phillips	42fa9e4965	feat: update syft license concept to complex struct (#1743 ) this PR makes the following changes to update the underlying license model to have more expressive capabilities it also provides some guarantee's surrounding the license values themselves - Licenses are updated from string -> pkg.LicenseSet which contain pkg.License with the following fields: - original `Value` read by syft - If it's possible to construct licenses will always have a valid SPDX expression for downstream consumption - the above is run against a generated list of SPDX license ID to try and find the correct ID - SPDX concluded vs declared is added to the new struct - URL source for license is added to the new struct - Location source is added to the new struct to show where the expression was pulled from	2023-05-15 16:23:39 -04:00
Avi Deitcher	b69259534d	feat: Support scanning license files in golang packages over the network (#1630 ) Signed-off-by: Avi Deitcher <avi@deitcher.net> Signed-off-by: Keith Zantow <kzantow@gmail.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Keith Zantow <kzantow@gmail.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2023-04-14 15:13:29 -04:00
Alex Goodman	5d156b8241	Add annotations for evidence on package locations (#1723 ) * add location annotations + deb evidence annotations Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rename LocationData struct and Annotation helper function Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add failing integration test for evidence coverage Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add evidence to aplm cataloger locations Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * change location annotation helper to return a location copy Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add evidence to binary cataloger locations Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * updated remaining catalogers with location annotations Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix unit tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump json schema Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * partial addressing of review comments Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rename location.WithAnnotation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2023-04-13 17:02:29 -04:00
Shane Dell	661d256b85	Update tests to not fail on Mac M1's. (#1730 ) Closes #1673 Signed-off-by: Shane Dell <shanedell100@gmail.com>	2023-04-12 11:11:05 -04:00
Christopher Angelo Phillips	dfcc07e512	feat: Add config option to allow user to select the default image source location Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-03-31 10:04:10 -04:00
Avi Deitcher	9fd532246a	feat: scan local go mod cache for licenses of golang packages (#1645 ) Signed-off-by: Avi Deitcher <avi@deitcher.net> Co-authored-by: Keith Zantow <kzantow@gmail.com>	2023-03-23 10:38:15 -04:00
anchore-actions-token-generator[bot]	434aa7fd46	chore: Update syft bootstrap tools to latest versions. (#1682 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-03-20 13:20:48 -04:00
Christopher Angelo Phillips	61362c04fa	fix: move defer after error to protect panic case (#1670 ) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-03-15 15:29:10 -04:00
razzle	1d9ef34ec7	defer closing file (#1668 ) Signed-off-by: razzle <harry@razzle.cloud>	2023-03-15 14:50:42 -04:00
Keith Zantow	5f90d03718	fix: possible race condition (#1639 )	2023-03-01 15:35:01 -05:00
Keith Zantow	f5e20521e0	fix: merging of binary packages (#1583 )	2023-02-22 12:03:15 -05:00
Alex Goodman	988041ba6d	Speed up cataloging by replacing globs searching with index lookups (#1510 ) * replace raw globs with index equivelent operations Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add cataloger test for alpm cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix import sorting for binary cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting for mock resolver Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * separate portage cataloger parser impl from cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * enhance cataloger pkgtest utils to account for resolver responses Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for alpm cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for apkdb cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for dpkg cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for cpp cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for dart cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for dotnet cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for elixir cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for erlang cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for golang cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for haskell cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for java cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for javascript cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for php cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for portage cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for python cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for rpm cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for rust cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for sbom cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for swift cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * allow generic catloger to run all mimetype searches at once Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove stutter from php and javascript cataloger constructors Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump stereoscope Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add tests for generic.Search Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add exceptions for java archive git ignore entries Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * enhance basename and extension resolver methods to be variadic Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * dont allow * prefix on extension searches Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for ruby cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove unnecessary string casting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * incorporate surfacing of leaf link resolitions from stereoscope results Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * [wip] switch to stereoscope file metadata Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * [wip + failing] revert to old globs but keep new resolvers Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * index files, links, and dirs within the directory resolver Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix several resolver bugs and inconsistencies Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * move format testutils to internal package Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update syft json to account for file type string normalization Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * split up directory resolver from indexing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update docs to include details about searching Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * [wip] bump stereoscope to development version Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * adjust symlinks fixture to be fixed to digest Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix all-locations resolver tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix test fixture reference Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rename file.Type Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump stereoscope Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix PR comment to exclude extra * Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump to dev version of stereoscope Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump to final version of stereoscope Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * move observing resolver to pkgtest Signed-off-by: Alex Goodman <alex.goodman@anchore.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2023-02-09 16:19:47 +00:00
Justin Chadwell	6ba595344a	source: when base is set, responsePath should be absolute (#1542 ) When base is set, it should appear identically to when we scan the root filesystem - and as a result, the path should begin with the path separator. E.g. when scanning the root `./target/` with the same base, `target/bin/busybox` should appear in the output as `/bin/busybox`, not as previously as `bin/busybox`. Signed-off-by: Justin Chadwell <me@jedevc.com>	2023-02-06 12:06:04 -05:00
Justin Chadwell	b81c9805dc	Allow scanning unpacked container filesystems (#1485 ) * source: avoid second-step of symlink resolution in directory resolver We can use the already existing file tree to peform symlink resolution for FilesByPath, instead of traversing the symlinks again. This moves all of the symlink logic into the indexing code, and then we can rely on syft's resolution algorithm over the index in this part of the codebase. Signed-off-by: Justin Chadwell <me@jedevc.com> * source: add base parameter to directory resolver The new base parameter is an optional parameter for the directory resolver that resolves all symlinks relative to this root. There are two intended use cases: - base = "/". The previous behavior, symlinks are resolved relative to the root filesystem. - base = path. Symlinks are resolved relative to the target filesystem, allowing correct behavior when scanning unpacked container filesystems on disk. Signed-off-by: Justin Chadwell <me@jedevc.com> * source: add tests for new base parameter Signed-off-by: Justin Chadwell <me@jedevc.com> --------- Signed-off-by: Justin Chadwell <me@jedevc.com>	2023-01-30 13:47:24 -05:00
Alex Goodman	36a0945c95	push detailed log statements to trace-level (#1500 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2023-01-20 14:33:23 +00:00
Keith Zantow	725529f43f	fix: duplicate file in tar archive causes read to fail (#1445 )	2023-01-10 14:55:02 -05:00
Justin Chadwell	e3d6ffd30e	fix: typo in os.Getwd error message (#1433 ) Signed-off-by: Justin Chadwell <me@jedevc.com>	2023-01-03 14:56:20 +00:00
Thomas Klausner	8b38549b79	Add NetBSD support. (#1412 )	2022-12-19 16:59:50 -05:00
Keith Zantow	5dbb3fc41d	chore: fix test busybox image sha (#1393 )	2022-12-07 20:15:39 -05:00
Justin Chadwell	10f43d75e0	feat: Add `--name` option to override name in output (#1269 )	2022-11-10 14:03:23 -05:00
Alex Goodman	b44f441c82	Upgrade generic cataloger (#1281 ) * add second generation of generic cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * upgrade aplm cataloger to use generic.Cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove pacakge found-by attribute from the definition of a package ID Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-10-24 11:12:12 -04:00
Christopher Angelo Phillips	89575199b8	feat: add RelationshipsBySourceOwnership to syft json output (#1248 )	2022-10-11 15:11:03 -04:00
Christopher Angelo Phillips	7d2fe9d95e	feat: add identifiable field to source object (#1243 )	2022-10-05 14:01:40 -04:00
Keith Zantow	4d2f18218c	fix: Follow symlinks when searching for globs in all-layers scope (#1221 )	2022-09-30 13:01:08 -04:00
Keith Zantow	16c62a1378	fix: support exclude patterns on Windows (#1228 )	2022-09-26 10:59:19 -04:00
Keith Zantow	b20310eaf8	Add gosimports (#1205 )	2022-09-14 13:38:18 -04:00
Christopher Angelo Phillips	615f933d98	Bug fix for 1095 - syft conversion option error (#1177 ) Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2022-08-25 17:36:15 -04:00
Dan Luhring	0bd3558fb2	reduce noise of log output (#976 )	2022-05-02 14:54:30 +00:00
Alex Goodman	f24bbc1838	Deduplicate packages across multiple container image layers (#930 )	2022-03-31 15:45:51 -04:00
Dan Luhring	028cd9e27e	Fix nil pointer dereference in directory resolver's `indexPath` method (#924 ) * Add failing test for dir resolver panic Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Fix panic Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2022-03-28 13:15:09 -04:00
Jonas Xavier	6ef3e45ffc	Use go 1.18 buildinfo to catalog binaries (#827 ) * initial working version Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * added build settings to pkg metadata wip - unit tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * handle mach-O FatFiles Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add support to mod replace fixed golang catalger tests trying GH Actions with go 1.18rc1 Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * log error Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * use go-macholibre for extraction Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * cleaner tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add version to main module Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * check macho file with macholibre Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * run golangci in its own workflow Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip - golangci workflow Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix golangci wf yml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix golangci wf yml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip - golangci wf Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip - golangci wf Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * get arch from bin file headers upgrade macholibre Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * test new stereoscope lazy reader interface Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove devel version from golang cataloger Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * switch github workflows to go1.18 stable Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add union reader interface in golang cataloger update stereoscope Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * simpler golangci validation Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix makefile Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * get archs refactor Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * nolint for golang version Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix go bin tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * golangci nolint needs a \n before package Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * cleanup Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * move golangci-lint to its own jobs again Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix ci yaml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add support for xcoff files add arch assets to test bin file types Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * clean up golangci-lint config Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * nolint for xcoff Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * explain nolints Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove unused xcoff testdata assets Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * make go bin test-fixtures in docker Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix make clean with -f Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * update json output schema Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * update schema version in test fixture Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * explain possible empty main module Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-03-16 17:07:02 -07:00
Alex Goodman	991af0d857	Include root path in directory resolve index (#869 )	2022-03-07 11:34:16 -05:00
Alex Goodman	a86dd3704e	Add platform selection (#866 )	2022-03-04 22:41:38 +00:00
Christopher Angelo Phillips	afc0c1acd9	855 attest registry source only (#856 ) Add source.NewFromRegistry function so that the syft attest command can always explicitly ask for an OCIRegistry provider rather than rely on local daemon detection for image sources. Attestation can not be used where local images loaded in a daemon are the source. Digest values for the layer identification step in attestation can sometimes vary across workstations. This fix makes it so that attest is generating an SBOM for, and attesting to, a source that exists in an OCI registry. It should never load a source from a local user docker/podman daemon. Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2022-03-01 23:16:42 -05:00
Keith Zantow	edac8c7bf7	Update CycloneDX to use syft namespace and output multiple CPEs (#849 )	2022-03-01 17:37:52 -05:00
Alex Goodman	99bb93d0fe	Resolve symlinks when fetching file contents (#782 )	2022-02-24 10:01:59 -05:00
Christopher Angelo Phillips	256e85bc12	510 - SBOM attestation stdout (#785 ) add syft attest command to produce an attestation as application/vnd.in-toto+json to standard out using on disk PKI Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-02-22 21:45:12 -05:00
Alex Goodman	51c6eb30f5	bump stereoscope to include functional options (#823 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-02-14 20:40:51 -05:00
Jonas Xavier	a04fa68539	Ensure completion of UI progress bar (#810 ) * update stereoscope fetches latest fixes for UI Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * use context when getting image Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-02-09 11:23:58 -08:00
Jonas Xavier	40423d8eee	update stereoscope version - include Podman support (#781 ) * update stereoscope Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix FilesByMIMEType tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * change expected mime types in unit tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * test stereoscope fix Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove mod replace and use latest stereoscope Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-02-01 14:47:15 -08:00
Sambhav Kothari	aebe843c6f	Improve CycloneDX format output (#710 ) * Improve CycloneDX format output ## Additions to CycloneDX output * CPEs * Authors * Publishers * External References (Website, Distribution, VCS) * Description Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net>	2022-01-19 11:43:16 -05:00
Alex Goodman	38c4b17847	Add support for searching for jars within archives (#734 ) * add support for searching jars within archives Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add package cataloger config options Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * address review comments + factor out safeCopy helper Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update config docs regarding package archive search options Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * show that unindexed archive cataloging defaults to false Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove lies about -s Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * address review comments Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update search archive note about java Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-01-06 21:40:51 +00:00
Christopher Angelo Phillips	01dc78ccc3	683 windows filepath (#735 ) Support Windows Directory Resolver Add function that converts windows to posix functionality Add function that converts posix to windows Add build tags to remove windows developer environment errors redact carriage return specific windows issues Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-01-06 11:39:04 -05:00
Dan Luhring	7de5e1288f	Fix unhelpful error message for oci-archive scheme (#705 ) * Improve error message Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Return error from stereoscope immediately Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Bump version of stereoscope Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Conditionally retry image retrieval Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Update error message for source construction failure Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Update stereoscope Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Retry image pull without predetermined image source Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Add comment to image pull source determination Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2021-12-22 18:53:23 +00:00
Keith Zantow	b7979dbc7d	exclusions does not need to be variadic (#711 )	2021-12-21 10:13:15 -05:00
Keith Zantow	006ba9b557	Add --exclude flag (#695 )	2021-12-20 10:35:25 -05:00

1 2 3

101 Commits