Alex Goodman
891499685a
fix pdm
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-11-07 15:42:46 -05:00
Alex Goodman
a97e1c6e1a
tweak diagram
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-29 15:18:36 -04:00
Alex Goodman
4a2d94b4b9
Merge remote-tracking branch 'origin/main' into ast-parse-cataloger-capabilities
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-29 14:06:59 -04:00
Stepan
efc2f0012c
fix: go binary replace handling in path ( #4156 )
...
* Fix issue with relative paths on go binary
Signed-off-by: Stepan <stepworm@yandex.ru>
* Linting
Signed-off-by: Stepan <stepworm@yandex.ru>
---------
Signed-off-by: Stepan <stepworm@yandex.ru>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-29 15:59:47 +00:00
Alex Goodman
c3e196bea5
restore goreleaser config
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-29 11:58:00 -04:00
Alex Goodman
16fb680b15
fix tests and linting
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-29 11:55:02 -04:00
kyounghoonJang
c5c1454848
feat(java): Add support for .far (Feature Archive) files ( #4193 )
...
* feat(java): add support for .far archivesEnables the Java cataloger to recognize and catalog dependencies within .far files, which are used in Apache Sling applications.
Signed-off-by: Kyounghoon Jang <matkimchi_@naver.com>
* feat(java): Add tests for .far (Feature Archive) file support
Signed-off-by: Kyounghoon Jang <matkimchi_@naver.com>
---------
Signed-off-by: Kyounghoon Jang <matkimchi_@naver.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-29 15:41:27 +00:00
Kudryavcev Nikolay
f5c765192c
Refactor fileresolver to not require base path ( #4298 )
...
* ref: close source in test and examples
Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com>
* ref: pretty file/directory source resolver (make them more similar)
Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com>
* ref: move absoluteSymlinkFreePathToParent to file resolver
Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com>
* revert breaking change
Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com>
---------
Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com>
2025-10-29 10:41:18 -04:00
Alex Goodman
d6512456b3
improve testing a docs
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-29 10:08:29 -04:00
Will Murphy
728feea620
ci: use apple creds before pushing tags ( #4313 )
...
We have had a few releases fail because the Apple credentials needed
some sort of fix. These release were operationally more interesting
because they failed after pushing a git tag (which effectively releases
the golagn package). Therefore, try to use these creds early, before
there's a tag pushed.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2025-10-29 10:07:47 -04:00
dependabot[bot]
45fb52dca1
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.8 to 6.6.9 ( #4315 )
...
Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty ) from 6.6.8 to 6.6.9.
- [Release notes](https://github.com/jedib0t/go-pretty/releases )
- [Commits](https://github.com/jedib0t/go-pretty/compare/v6.6.8...v6.6.9 )
---
updated-dependencies:
- dependency-name: github.com/jedib0t/go-pretty/v6
dependency-version: 6.6.9
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-29 10:06:37 -04:00
Rez Moss
45bf8b14ab
fix: omit records with empty PURL in GitHub format ( #4312 )
...
Signed-off-by: Rez Moss <hi@rezmoss.com>
2025-10-28 18:34:10 -04:00
Brian Muenzenmeyer
9478cd974b
docs: update template link in README.md ( #4306 )
...
Signed-off-by: Brian Muenzenmeyer <brian.muenzenmeyer@gmail.com>
2025-10-28 11:29:07 -04:00
Alex Goodman
0dd906b071
fix linting
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-28 10:38:24 -04:00
Will Murphy
0d9ea69a66
Respect "rpmmod" PURL qualifier ( #4314 )
...
Red Hat purls the RPM modularity info in a query param in the PURLs in
their vulnerability data. It would be nice if Syft respected this
qualifier so that Grype can use it when a Red Hat purl is passed.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2025-10-28 09:35:11 -04:00
Alex Goodman
abfe73b3da
latest generation
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-27 14:51:14 -04:00
dependabot[bot]
bee78c0b16
chore(deps): bump github/codeql-action from 4.30.9 to 4.31.0 ( #4310 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.30.9 to 4.31.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](16140ae1a1...4e94bd11f7
2025-10-27 10:43:04 -04:00
dependabot[bot]
88bbcbe9c6
chore(deps): bump anchore/sbom-action from 0.20.8 to 0.20.9 ( #4305 )
2025-10-27 02:03:09 -04:00
anchore-actions-token-generator[bot]
e0680eb704
chore(deps): update tools to latest versions ( #4307 )
2025-10-27 02:02:47 -04:00
Alex Goodman
5d182ec5f1
add completeness tests for metadata types
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-26 06:44:32 -04:00
Marc
16f851c5d9
feat: include .rar files as Java archives for Java resource adapters ( #4137 )
...
Signed-off-by: Marc Thomas <marc.thomas@t-systems.com>
2025-10-24 11:55:02 -04:00
Alex Goodman
63832e5e5a
expose json schema types
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-24 09:21:07 -04:00
Ross Kirk
d5ca1ad543
fix: ignore dpkg entries with "deinstall" status ( #4231 )
...
Signed-off-by: Ross Kirk <ross.kirk@upwind.io>
2025-10-23 16:23:58 -04:00
Alex Goodman
de111f4d5b
expose metadata and pacakge types in json
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-23 16:16:33 -04:00
anchore-actions-token-generator[bot]
8be463911c
chore(deps): update tools to latest versions ( #4302 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-10-22 09:38:18 -04:00
Alex Goodman
95ba1b04a4
better binary cataloger description
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-21 13:02:04 -04:00
dependabot[bot]
44b7b0947c
chore(deps): bump github.com/github/go-spdx/v2 from 2.3.3 to 2.3.4 ( #4301 )
2025-10-21 09:34:26 -04:00
Alex Goodman
02f61abc62
rename os pkg types
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-20 10:22:11 -04:00
dependabot[bot]
675075e882
chore(deps): bump github/codeql-action from 4.30.8 to 4.30.9 ( #4299 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.30.8 to 4.30.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f443b600d9...16140ae1a1
2025-10-20 10:08:39 -04:00
Alex Goodman
a92efd5b85
correct gentoo and arch ecosystems
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-17 14:12:55 -04:00
JoeyShapiro
31b2c4c090
support universal (fat) mach-o binary files ( #4278 )
...
Signed-off-by: Joseph Shapiro <joeyashapiro@gmail.com>
2025-10-17 13:41:59 -04:00
dependabot[bot]
07029ead8a
chore(deps): bump sigstore/cosign-installer from 3.10.0 to 4.0.0 ( #4296 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.10.0 to 4.0.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](d7543c93d8...faadad0cce
2025-10-17 10:22:20 -04:00
dependabot[bot]
f4de1e863c
chore(deps): bump anchore/sbom-action from 0.20.7 to 0.20.8 ( #4297 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.7 to 0.20.8.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](d8a2c01300...aa0e114b2e
2025-10-17 10:22:10 -04:00
JoeyShapiro
538b4a2194
convert posix path back to windows ( #4285 )
...
Signed-off-by: Joseph Shapiro <joeyashapiro@gmail.com>
2025-10-17 09:29:06 -04:00
Kudryavcev Nikolay
fc74b07369
Remove duplicate image source providers ( #4289 )
...
Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com>
2025-10-16 16:19:11 -04:00
dependabot[bot]
6627c5214c
chore(deps): bump anchore/sbom-action from 0.20.6 to 0.20.7 ( #4293 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.6 to 0.20.7.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](f8bdd1d8ac...d8a2c01300
2025-10-16 13:57:17 -04:00
Tim Olshansky
c0f32e1dba
feat: add option to fetch remote licenses for pnpm-lock.yaml files ( #4286 )
...
Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com>
2025-10-16 12:23:06 -04:00
Pavel Buchart
e923db2a94
Add PDM parser ( #4234 )
...
Signed-off-by: Pavel Buchart <pavel@buchart.cz>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
2025-10-16 08:50:44 -04:00
anchore-actions-token-generator[bot]
0c98a364d5
chore(deps): update tools to latest versions ( #4291 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-10-16 07:02:32 -04:00
Keith Zantow
4343d04652
fix: panic during java archive maven resolution ( #4290 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-10-16 07:00:31 -04:00
Kudryavcev Nikolay
065ac13ab7
Extract zip archive with multiple entries ( #4283 )
...
* extract zip archive with multiple entries
Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com>
* set OverwriteExisting by type assertion switch case
Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com>
---------
Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com>
2025-10-15 12:05:05 -04:00
Christopher Angelo Phillips
e9a8bc5ab9
chore: update to use old configuration on new cosign ( #4287 )
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-10-15 15:12:20 +00:00
anchore-actions-token-generator[bot]
6d790ec6ec
chore(deps): update anchore dependencies ( #4282 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-10-14 22:09:17 +00:00
dependabot[bot]
1d5bcc553a
chore(deps): bump github.com/mholt/archives from 0.1.3 to 0.1.5 ( #4280 )
...
* chore(deps): bump github.com/mholt/archives from 0.1.3 to 0.1.5
Bumps [github.com/mholt/archives](https://github.com/mholt/archives ) from 0.1.3 to 0.1.5.
- [Release notes](https://github.com/mholt/archives/releases )
- [Commits](https://github.com/mholt/archives/compare/v0.1.3...v0.1.5 )
---
updated-dependencies:
- dependency-name: github.com/mholt/archives
dependency-version: 0.1.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore: allow lzip-go in bouncer yaml
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2025-10-14 14:22:00 -04:00
Alex Goodman
d22914baf5
add docs to configs ( #4281 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-14 13:58:31 -04:00
Alex Goodman
1510db7c4e
add info command from generated capabilities
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-13 17:14:40 -04:00
Doug Clarke
760bd9a50a
feat: Pom xml only archive parser ( #4272 )
...
fix: identifying jar files with a single pom.xml and no pom.properties file
fix: test works with pom.xml being found, used and reported in metadata
Signed-off-by: Doug Clarke <douglas.clarke@oracle.com>
test: check for current project path and use
Signed-off-by: Christopher Phillips <spiffcs@users.noreply.github.com>
---------
Signed-off-by: Doug Clarke <douglas.clarke@oracle.com>
Signed-off-by: Christopher Phillips <spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <spiffcs@users.noreply.github.com>
2025-10-13 15:59:08 -04:00
Hala Ali
2d1ada1d00
fix: enhance setup.py parser to handle unquoted dependencies ( #4255 )
...
* fix: add support for unquoted Python dependencies in setup.py
- Add regex pattern to match unquoted package==version format
- Handles common .split() pattern used in projects like mayan-edms
- Maintains backward compatibility with quoted dependencies
- Prevents duplicate package detection
Signed-off-by: Hala Ali alih16@vcu.edu
Signed-off-by: HalaAli198 <alih16@vcu.edu>
* fix: apply gofmt formatting
Signed-off-by: HalaAli198 <alih16@vcu.edu>
* lint: incorporate new changes and refactor complexity
Signed-off-by: Christopher Phillips <spiffcs@users.noreply.github.com>
---------
Signed-off-by: HalaAli198 <alih16@vcu.edu>
Signed-off-by: Christopher Phillips <spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <spiffcs@users.noreply.github.com>
2025-10-13 15:10:42 -04:00
dependabot[bot]
8ffe15c710
chore(deps): bump golang.org/x/tools from 0.37.0 to 0.38.0 ( #4265 )
...
Bumps [golang.org/x/tools](https://github.com/golang/tools ) from 0.37.0 to 0.38.0.
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.37.0...v0.38.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-version: 0.38.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-13 11:50:59 -04:00
dependabot[bot]
89948dfa51
chore(deps): bump golang.org/x/mod from 0.28.0 to 0.29.0 ( #4266 )
...
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.28.0 to 0.29.0.
- [Commits](https://github.com/golang/mod/compare/v0.28.0...v0.29.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-version: 0.29.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-13 11:50:49 -04:00
