anchore-actions-token-generator[bot]
3f28480b3d
chore(deps): update CPE dictionary index ( #4083 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-07-28 10:51:16 -04:00
Alex Goodman
f0a990b85f
chore: add source completion tester ( #4077 )
...
* add source completion tester
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add missing t.Helper calls
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-07-23 13:49:47 +00:00
Keith Zantow
48bf81cf7f
fix: align binary java detection with jvm cataloger + support IBM ( #4046 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-07-22 12:06:32 -04:00
dependabot[bot]
5b14d160cf
chore(deps): bump pygments ( #4064 )
...
Bumps [pygments](https://github.com/pygments/pygments ) from 1.6 to 2.15.0.
- [Release notes](https://github.com/pygments/pygments/releases )
- [Changelog](https://github.com/pygments/pygments/blob/master/CHANGES )
- [Commits](https://github.com/pygments/pygments/compare/1.6...2.15.0 )
---
updated-dependencies:
- dependency-name: pygments
dependency-version: 2.15.0
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-21 13:07:27 -04:00
anchore-actions-token-generator[bot]
64b62c086c
chore(deps): update CPE dictionary index ( #4067 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-07-21 07:57:39 -04:00
Joshua Kugler
c491dab35b
feat: add parsing for uv.lock ( #3763 )
...
* feat: add parsing for uv.lock (#3268 )
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* Still no tests, but much more complete
Next up: start writing tests! :)
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* chore: finish out functionality and write tests
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* Merge the .NET deps.json and PE binary catalogers (#3563 )
* add combined deps.json + pe binary cataloger
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* deprecate pe and deps standalone catalogers
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* parse resource names + add tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix integration and CLI tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add some helpful code comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* allow for dropping Dep packages that are missing DLLs
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* migrate json schema changes to 24
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* keep application configuration
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* correct config help
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* [wip] detect claims of dlls within deps.json
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* [wip] fix tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add assembly repack detection
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* .net package count is lower due to dll claim requirement
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* better .NET cpe generation (#3764 )
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* Better represent .NET runtime packages (#3768 )
* clean up .NET runtime packages
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add runtime relationships
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove runtime references from binary package name
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* chore(deps): update CPE dictionary index (#3769 )
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* chore(deps): bump modernc.org/sqlite from 1.36.1 to 1.37.0 (#3771 )
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.36.1 to 1.37.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.36.1...v1.37.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* chore(deps): bump 8398a7/action-slack from 3.16.2 to 3.18.0 (#3767 )
Bumps [8398a7/action-slack](https://github.com/8398a7/action-slack ) from 3.16.2 to 3.18.0.
- [Release notes](https://github.com/8398a7/action-slack/releases )
- [Commits](28ba43ae48...1750b5085f#3766 )
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.37.0 to 0.38.0.
- [Commits](https://github.com/golang/net/compare/v0.37.0...v0.38.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* chore: move/modify code for lint issues
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* chore: make sure private structs are not exported
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* fix tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* generate json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* chore: update readme to include uv
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* chore: use uv as the package manager name
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
---------
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: anchore-actions-token-generator[bot] <102182147+anchore-actions-token-generator[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-17 18:26:56 +00:00
mikey strauss
9caad26ee5
Pkg Metadata type unmarshal bug ( #4043 )
...
Signed-off-by: houdini91 <mdstrauss91@gmail.com>
2025-07-14 10:28:38 -04:00
anchore-actions-token-generator[bot]
75db6527bc
chore(deps): update CPE dictionary index ( #4058 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-07-14 10:27:01 -04:00
anchore-actions-token-generator[bot]
9928386d38
chore(deps): update CPE dictionary index ( #4050 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-07-08 15:26:50 -04:00
Keith Zantow
02703d5c80
feat: RHEL EUS detection ( #4023 )
...
* feat: rhel eus detection
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* chore: update tests
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* chore: update more tests
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* rename feature detection functions
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-07-07 14:11:20 +00:00
Carlos Tadeu Panato Junior
2111d4d0e4
chore: upgrade tablewriter dependency to use new API ( #3990 )
...
* upgrade tablewriter
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
* remove header line whitespace
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix static analysis
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-07-01 16:16:16 -04:00
dependabot[bot]
179cc70a36
chore(deps): bump github.com/Masterminds/semver/v3 from 3.3.1 to 3.4.0 ( #4040 )
...
* chore(deps): bump github.com/Masterminds/semver/v3 from 3.3.1 to 3.4.0
Bumps [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver ) from 3.3.1 to 3.4.0.
- [Release notes](https://github.com/Masterminds/semver/releases )
- [Changelog](https://github.com/Masterminds/semver/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Masterminds/semver/compare/v3.3.1...v3.4.0 )
---
updated-dependencies:
- dependency-name: github.com/Masterminds/semver/v3
dependency-version: 3.4.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* update error message expectations
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-07-01 19:21:02 +00:00
Christopher Angelo Phillips
1e3d2a2927
chore: update tests to read from latest test-fixture-cache and fix cache publish ( #4042 )
...
* feat: update integration test with correct package for httpd
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
* chore: update integration and cli tests with new upstream expectations
- php interpreter 8.3.21 => 8.3.22
- runCycloneDXInDocker update for local arm64 qemu emulation CycloneDX
- getSyftBinaryLocationByOS update to detect arm64 v8.0 artifact path
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
* chore: add snalshot to test command for fixture builds
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
* chore: update cdx in docker for all GOOS
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-07-01 14:11:36 +00:00
anchore-actions-token-generator[bot]
841f963e70
chore(deps): update CPE dictionary index ( #4037 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-06-30 17:17:34 -04:00
Alex Goodman
2bda086423
Add ability to scan snaps (as a source) ( #3929 )
2025-06-25 16:53:35 -04:00
anchore-actions-token-generator[bot]
4eb8ba4575
chore(deps): update CPE dictionary index ( #4021 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-06-23 11:30:19 -04:00
anchore-actions-token-generator[bot]
0bfda2c514
chore(deps): update CPE dictionary index ( #4007 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-06-16 11:15:50 -04:00
Alex Goodman
96c34ffc43
account for non-import shapes ( #3997 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-06-11 13:11:40 -04:00
Alex Goodman
79b6d5daa4
Allow decoding of anchorectl json files ( #3973 )
...
* allow decoding of import sbom file shape
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* address formatting
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add file mode and type processing
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* use type to interpret the raw value
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* safe mode convert should use uint32
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* simpler decoder type
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-06-10 15:03:50 -04:00
Keith Zantow
9090c69708
fix: exclude packages with SPDX GENERATED_FROM source package indication ( #3981 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-06-09 14:12:23 -04:00
anchore-actions-token-generator[bot]
a196cc9215
chore(deps): update CPE dictionary index ( #3976 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-06-09 08:56:18 -04:00
Christoph Blessing
5ae11bd1f7
Fix Python package dependency detection ( #3965 )
...
Previously a dependency relationship between two Python packages was not
detected if there were no parentheses around the version specifier in
the wheel metadata of the parent package. This commit allows detection
of such relationships.
Signed-off-by: Christoph Blessing <chris24.blessing@gmail.com>
2025-06-06 09:46:16 -04:00
John Vandenberg
bc1cbde4f7
fix: Remove three Rust crate false positive CPE matches ( #3967 )
...
Signed-off-by: John Vandenberg <jayvdb@gmail.com>
2025-06-06 04:29:06 -04:00
John Vandenberg
bd894b9c4d
fix: Remove two Rust crate false positive CPE matches ( #3962 )
...
Rust crates opentelemetry and redis are being given CPEs that
match CVEs such as CVE-2023-45142 and CVE-2022-24735 respectively.
The vendor overrides added here prevent that.
Signed-off-by: John Vandenberg <jayvdb@gmail.com>
2025-06-05 10:28:54 -04:00
Keith Zantow
71d84603c1
fix: bump stereoscope to fix symlink performance issue ( #3953 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-06-04 15:50:03 +00:00
anchore-actions-token-generator[bot]
339fea9851
chore(deps): update CPE dictionary index ( #3947 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-06-02 10:43:31 -04:00
Keith Zantow
576e729c84
fix: revert incorrect graalvm unknown behavior ( #3944 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-05-30 11:36:57 -04:00
anchore-actions-token-generator[bot]
002ec4510a
chore(deps): update CPE dictionary index ( #3935 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-05-28 12:45:42 -04:00
Thomas Gosteli
684e1e963d
fix(terraform): parse provider lock entries without constraints ( #3934 )
...
In a .terraform.lock.hcl file in a provider block the `constraints` attribute is actually not required (=optional).
Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>
2025-05-27 14:55:19 -04:00
Keith Zantow
7bfb4c86a6
fix(dotnet-deps-cataloger): avoid repeated dependency resolution ( #3930 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-05-21 21:28:40 -04:00
Alex Goodman
ac883f52ed
add cdx group as purl namespace ( #3922 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-20 15:56:08 -04:00
Alex Goodman
e23ca43a83
add PE binary cataloger ( #3911 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-19 14:17:09 -04:00
anchore-actions-token-generator[bot]
828645ec27
chore(deps): update CPE dictionary index ( #3913 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-05-19 09:16:25 -04:00
Alex Goodman
db77b54c01
finalize go mod ref ( #3908 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-16 17:36:26 +00:00
Christopher Angelo Phillips
e1374f758e
fix: update license content filtering default case to be 'none' for no content returned
...
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-05-16 14:25:15 +00:00
sathiya06
8cbdd38a63
fix: Make Native Image contains no embedded SBOM Error Discoverable ( #3805 )
...
* fix: Make Native Image contains no embedded SBOM Error Discoverable
Signed-off-by: Sathiya Narayanan Venkatesan <sathiyavenkat06@gmail.com>
* adjust error phrasing + wrap error
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Sathiya Narayanan Venkatesan <sathiyavenkat06@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-16 13:54:40 +00:00
Adam McClenaghan
8f02bd85f6
fix: Distinguish openjdk vs jdk when using file source ( #3895 )
...
* fix: Distinguish openjdk vs jdk when using file source
Signed-off-by: adammcclenaghan <adam@mcclenaghan.co.uk>
* fix: Fix goimport order
Signed-off-by: adammcclenaghan <adam@mcclenaghan.co.uk>
* add comment
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: adammcclenaghan <adam@mcclenaghan.co.uk>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-16 13:29:53 +00:00
Christopher Angelo Phillips
4f73d35051
Include default config licenses ( #3900 )
...
* fix: the licenses config was not being carried through causing content to show by default
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-05-15 16:48:18 +00:00
Ralph Bean
b369b02f4f
Expose RPM signature information (for RPM DB and RPM archives) ( #3179 )
...
* feat: expose rpm signature information
This helps with more confident identification of an rpm.
In theory, two rpms can be built that have the same purl string, and
otherwise look identical in syft's output, but the PGP information
would distinguish them as signed either by different keys, or signed at
different times.
In practice, this usually makes no difference since rpms tend to have
unique name/version/release strings. This just gives increased
confidence about the identity of the rpm found in the db.
Signed-off-by: Ralph Bean <rbean@redhat.com>
* chore: generate json schema
Signed-off-by: Ralph Bean <rbean@redhat.com>
* re-generate json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* rename to a more generic signature field
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* rename rpm.pgp to rpm.signatures
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* split out signature fields
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bump json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* include RPM archives
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* dont fail on unknown signature type
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Ralph Bean <rbean@redhat.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-15 16:01:00 +00:00
Laurent Goderre
a8e5b25632
Add PHP interpreter + extensions cataloger ( #2585 )
...
* Add PHP extensions binary classifiers
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
* [wip] add php extensions cataloger
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix linting
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* find interpreters + extension
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* internalize binary cataloger utilities
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* default to linux/amd64 for test fixtures
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-15 08:22:50 -04:00
Alex Goodman
0521ccaf5e
chore: update fixtures based on CI builds ( #3894 )
...
* update fixtures based on ci builds
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix typo
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-14 21:30:20 +00:00
Christopher Angelo Phillips
3c7018a853
feat: remove full-text before release ( #3889 )
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-05-14 13:12:05 +00:00
Christopher Angelo Phillips
e5d7760bb8
feat: improve dpkg cataloger license recognition for "license agreements" ( #3888 )
2025-05-14 08:41:48 -04:00
Laurent Goderre
175a6719a9
Add cataloger for Dart pubspec ( #3292 )
...
* Add cataloger for Dart pubspec
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
* capture pubspec specific fields
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-13 21:51:49 +00:00
Christopher Angelo Phillips
f77d503892
detect license ID from full text when incidentally provided as a value ( #3876 )
...
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-13 16:37:18 -04:00
Rez Moss
12d91f47dc
Add a homebrew cataloger ( #3724 )
...
* Cataloger homebrew (#4 )
* homebrew cataloger
* uptd
* fixed test
* fixed test
* fixed tests
* fixed lint
* inc schema ver
* upt schema
* fixed integration test
* fixed integration tst
* fixed test
Signed-off-by: Rez Moss <hi@rezmoss.com>
* Update parse_homebrew_test.go
Signed-off-by: Rez Moss <hi@rezmoss.com>
* Update parse_homebrew_test.go
fixed DCO
Signed-off-by: Rez Moss <hi@rezmoss.com>
Signed-off-by: Rez Moss <hi@rezmoss.com>
* Update parse_homebrew_test.go
add evd anno to test
Signed-off-by: Rez Moss <hi@rezmoss.com>
* lint
Signed-off-by: Rez Moss <hi@rezmoss.com>
* fixed test
Signed-off-by: Rez Moss <hi@rezmoss.com>
* with PR refactors
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* regenerate json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* regenerate jsonschema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* refactor homebrew parser + add tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* more resiliant variable extraction
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Rez Moss <hi@rezmoss.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-13 13:01:41 -04:00
Weston Steimel
de88b973f8
chore: fix some logging output ( #3884 )
...
Signed-off-by: Weston Steimel <author@code.w.steimel.me.uk>
2025-05-13 13:15:19 +01:00
Alex Goodman
59b880f26a
order locations by container layer order ( #3858 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-13 00:02:07 -04:00
Alex Goodman
e3e69596bd
Translate Portage license strings to SPDX expressions ( #1763 )
...
* fix portage license handling
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* cover license_group file
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add licenses to portage metadata in json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-12 21:03:51 -04:00
Will Murphy
58392a9717
fix: stop emitting redis redis CPE for PHP PECL redis ( #3881 )
...
This prevents the cpe🅰️ redis:redis... from being emitted for the PHP
Pear / PECL package called redis.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2025-05-12 16:17:18 -04:00
