oss/syft - syft - Sa' Rocí Solutions

oss/syft

mirror of https://github.com/anchore/syft.git synced 2025-11-17 08:23:15 +01:00

Author	SHA1	Message	Date
Keith Zantow	91e2fd8532	Fix potential race condition during event subscription (#993 ) v0.46.0	2022-05-11 18:35:55 -04:00
Jonas Xavier	24f08e7738	Convert between SBOM formats (#964 ) * add convert command Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * mvp Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix hanging bug Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * validate SBOM formats for conversion Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * move convert cmd to new structure Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * remove bin Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * drop event loop from convert cmd extract SBOM type from document namespace Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * validate SPDX in tests Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * documenting convert cmd Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * support output format=file.json notation Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * test convertible formats Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix typo Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * clean up Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * more clean up and docs Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * nit Signed-off-by: Jonas Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Xavier <jonasx@anchore.com> * re-use more code Signed-off-by: Jonas Xavier <jonasx@anchore.com> * undo encode-decode cycle test Signed-off-by: Jonas Xavier <jonasx@anchore.com> * remove unnecessary test constraint Signed-off-by: Jonas Xavier <jonasx@anchore.com> * fix readme Signed-off-by: Jonas Xavier <jonasx@anchore.com> * try verbose Signed-off-by: Jonas Xavier <jonasx@anchore.com> * cleaner README and no table conversion Signed-off-by: Jonas Xavier <jonasx@anchore.com> * simpler conversion Signed-off-by: Jonas Xavier <jonasx@anchore.com> * feedback changes and cleanup Signed-off-by: Jonas Xavier <jonasx@anchore.com> * nit space fix Signed-off-by: Jonas Xavier <jonasx@anchore.com> * use defer Signed-off-by: Jonas Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Xavier <jonasx@anchore.com> Co-authored-by: Keith Zantow <kzantow@gmail.com>	2022-05-09 17:28:33 -07:00
Christopher Angelo Phillips	a83506628c	Add README updates for Keyless features (#988 )	2022-05-09 16:07:28 +00:00
Jonas Xavier	42f8601919	Fix tests: add timeout to long-running failures, update SPDX license list (#989 )	2022-05-09 11:48:44 -04:00
Christopher Angelo Phillips	d2d532f4a8	835 - Keyless Support for SBOM Attestations (#910 ) Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2022-05-06 18:06:32 -04:00
Christian Kotzbauer	1cea0ecd5c	feat: add initial dotnet-support (#951 ) * feat: add initial dotnet-support Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de> * fix: add path, sha512 and hashpath Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de> * fix: add missing dot Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de> * fix: lint warnings Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de> * fix CLI test package counts to account for dotnet Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix: updated packagurl-go Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de> * tidy go.sum Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update json schema Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2022-05-05 15:32:02 -04:00
Alex Goodman	d2f053bc71	unblock timeout for power-user select CLI tests (#985 ) * update to use shared secretsFixture to prevent race Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-05-05 15:12:11 +00:00
Jonas Xavier	2fc344aba4	golang cataloger - main module version as is (#986 ) Signed-off-by: Jonas Xavier <jonasx@anchore.com>	2022-05-05 00:01:00 -07:00
Steven Maude	8b6c576d78	Fix `github-json` output option (#967 ) * Fix "bad output format" for `github-json` output Signed-off-by: Steven Maude <git@stevenmaude.co.uk> * Update formats in README Signed-off-by: Steven Maude <git@stevenmaude.co.uk> * Run `make lint-fix` Signed-off-by: Steven Maude <git@stevenmaude.co.uk>	2022-05-04 17:25:40 -07:00
Jonas Xavier	ab289933da	read Go main module version as is - (devel) (#981 ) * read Go main module version as is - (devel) Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix package test with default (devel) main module Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>	2022-05-04 10:47:13 -07:00
Dan Luhring	37927b8b23	reduce logging severity for non-Go binaries (#983 ) v0.45.1	2022-05-03 09:38:14 -04:00
Christopher Angelo Phillips	03d51c36d0	golang.org/x/crypto upgrade (#979 )	2022-05-02 21:33:40 +00:00
Dan Luhring	0bd3558fb2	reduce noise of log output (#976 )	2022-05-02 14:54:30 +00:00
Christopher Angelo Phillips	4ce2edda9e	add version info and remove double config call (#977 )	2022-05-02 14:54:10 +00:00
Sambhav Kothari	36973021fa	Rename syft-id to package-id (#970 ) Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com> v0.45.0	2022-04-29 11:18:45 -04:00
Christian Köberl	7d8ea39ee5	update to cyclonedx-go 0.5.2 (#971 )	2022-04-28 10:42:12 -04:00
Christopher Angelo Phillips	6029dd7c2e	refactor command package to remove globals and add dependency injection	2022-04-26 18:23:03 +00:00
Jon McEwen	7304bbf8ee	fix: #953 Derive language from pURL - https://github.com/anchore/syft … (#957 ) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-04-26 11:51:24 -04:00
Rob Dimsdale-Zucker	c270ee2a02	Fix typo in CPE-parsing error (#966 )	2022-04-22 12:08:44 -04:00
Alex Goodman	172ecc0d77	Preserve syft IDs on SBOM decode (#963 )	2022-04-18 18:10:55 +00:00
Keith Zantow	248023baaf	Update GitHub format package_url and correlator (#961 ) v0.44.1	2022-04-15 13:00:06 -04:00
Keith Zantow	b7295b79de	Ensure SPDXIDs are valid (#955 )	2022-04-14 15:07:23 -04:00
Keith Zantow	321eddf874	Auto-PR needs to run go mod tidy (#958 )	2022-04-13 16:30:35 -04:00
Keith Zantow	25bf679f8f	Add workflow for automatic PR for new stereoscope updates (#954 )	2022-04-13 13:20:40 -04:00
Keith Zantow	02a8fb6f8c	Minor readme update to correct format information (#948 )	2022-04-12 17:16:47 -04:00
Christopher Angelo Phillips	b46d044d7e	Update spdx22json to only take uppercase checksum algorithm (#946 ) v0.44.0	2022-04-11 14:56:04 -04:00
Weston Steimel	15e45a8ce1	add additional vendors for springframework (#945 ) The Official CPE dictionary currently contains entries for springframework with three different vendors: springsource, vmware, and pivotal_software. This appears to be because ownership has changed over time. Signed-off-by: Weston Steimel <weston.steimel@anchore.com>	2022-04-11 14:38:52 +01:00
Christopher Angelo Phillips	782b2e3348	Add digest property to parent and nested java package metadata (#941 )	2022-04-08 15:12:32 -04:00
Alex Goodman	e415bb21e7	Update write permissions and log into ghcr.io for release (#942 ) v0.43.2	2022-04-06 21:15:55 +00:00
Alex Goodman	748cfbf006	Retry auth URL lookup without docker credentialhelper workaround (#939 ) v0.43.1	2022-04-06 16:27:13 +00:00
Sambhav Kothari	8bc5d84481	Ensure that all cyclonedx components have bom-refs (#914 ) Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2022-04-01 12:19:30 -04:00
Alex Goodman	68b7ad9770	Additionally publish docker images to GHCR (#934 )	2022-04-01 11:30:21 -04:00
Oscar Hallgren	1aeda6bb50	use filepath.Base() instead of path.Base() for temp files (#882 )	2022-04-01 10:42:22 -04:00
Alex Goodman	f24bbc1838	Deduplicate packages across multiple container image layers (#930 ) v0.43.0	2022-03-31 15:45:51 -04:00
Eric Larssen	cb3e73e308	Add dart support (#919 ) Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2022-03-31 15:44:55 -04:00
Alex Goodman	f157d7a862	Pull from DockerHub fails for public images when using SSO (#928 )	2022-03-30 17:32:49 +00:00
Dan Luhring	028cd9e27e	Fix nil pointer dereference in directory resolver's `indexPath` method (#924 ) * Add failing test for dir resolver panic Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Fix panic Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2022-03-28 13:15:09 -04:00
Dan Luhring	5549939cc6	Fixups and clarifications in README (#920 ) Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2022-03-25 11:36:43 -04:00
briankoe741	47ea910868	Remove announcement for OSS Meetup (#915 ) Proposing changes to remove our 3/23 meetup Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2022-03-25 00:17:14 +00:00
Dan Luhring	a7db43f5ec	Fix panic on empty sbom (#917 ) * Implement fmt.Stringer with format.ID Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Add failing test for formats processing empty SBOMs Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Account for nil SPDX document during Syft model conversion Signed-off-by: Dan Luhring <dan+github@luhrings.com> v0.42.4	2022-03-24 10:11:51 -04:00
Alex Goodman	cc2c0e57a0	bump strset version to fix 386 builds (#911 ) v0.42.3	2022-03-23 14:34:54 -04:00
Alex Goodman	5253da4b36	Rollback referencing docker config items (#912 )	2022-03-23 18:33:41 +00:00
Jonas Xavier	c0b547bdb2	Less verbose logging in Golang Cataloger (#904 ) * Less verbose logging in Golang Cataloger Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * debug for known gray errors Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * only show warnings when a binary is not a go executable Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com> v0.42.2	2022-03-22 10:19:18 -07:00
Alex Goodman	cffcaf5984	Improve docker config support (#906 )	2022-03-22 11:02:54 -04:00
Alex Goodman	7f9edf346a	Bump golangci-lint to 1.45.0 (#909 )	2022-03-22 11:02:36 -04:00
j-k	a644a45ef4	Correct go.mod to enforce go 1.18 (#897 ) Since syft now depends on debug/buildinfo go 1.18 is required to build syft and as such go.mod needs updating Signed-off-by: 06kellyjac <jack@control-plane.io>	2022-03-21 15:38:32 -04:00
Jonas Xavier	283db88dc4	Omit H1Digest when empty (#902 ) * Omit HD1Field when empty Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * update test-fixtures Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> v0.42.1	2022-03-21 11:59:10 -07:00
Alex Goodman	03e193e577	Add platform option to the README (#889 )	2022-03-21 12:02:15 -04:00
Alex Goodman	069aa68b63	Fix image cleanup when there is an error (#905 )	2022-03-21 14:48:11 +00:00
Keith Zantow	9240860f44	Correct ID handling during Syft JSON decoding (#900 )	2022-03-18 17:03:26 -04:00

1 2 3 4 5 ...

1012 Commits