* Support RPM distros with newer db formats
Recent RPM distros (Fedora 33+, CBL-Mariner 2.0+, amazonlinux 2022+)
use an sqlite package database in /var/lib/rpm/rpmdb.sqlite, or
"ndb" format (SUSE).
Remove anchore's fork in favour of the upstream,
https://github.com/knqyf263/go-rpmdb, to gain support for
these formats.
Signed-off-by: Tom Fay <tomfay@microsoft.com>
* add exception for modernc.org repos
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* shorten rpmdb helper function
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
* remove strong distro type
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* bump json schema to v3 (breaking distro shape)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix linting
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* allow for v2 decoding of distro idLikes field in v3 json decoder
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix casing in simple linux release name
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* use discovered name as pretty name in simple linux release
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* [wip] single sbom doc
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix more tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix linting
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update cli tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove scope in import path
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* swap SPDX tag-value formatter to single sbom document
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* bust CLI cache
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update fixture to byte diff
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* byte for byte
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* bust the cache
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* who needs cache
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* add jar for testing
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* no more bit flips
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* update apk with the delta for image and directory cases
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* restore cache workflow
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
Co-authored-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* add query by MIME type to source.FileResolver
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* import stereoscope lib changes to find mime type
- add bin cataloger
- add bin parser
- add mime type go utils
- import new resolver
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* add go std library code to unpack bin
- keep them in their own (original) files
- add note for "this code was copied from"
- comment the lines the required changing
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
* add marking package relations by file ownership
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* correct json schema version; ensure fileOwners dont return dups; pin test pkg versions
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* extract package relationships into separate section
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* pull in client-go features for import of PackageRelationships
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* move unit test for ownership by files relationship further down
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* rename relationship to "ownership-by-file-overlap"
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* Expand matching of requirements.txt file to include any prefixes or suffixes
Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com>
* Add some test cases to integration test (ensure syft can pick up multiple requirements files)
Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com>
* Run lint-fix
Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com>
* add check for app update; fix ETUI error handling
* validate user args
* add goreleaser support
* replace cgo dependencies (go-rpm) with go equivalents
* add acceptance tests against build snapshot
* add brew tap + acceptance test pipeline
* add mac acceptance tests
* fix compare makefile
* fix mac acceptance tests
* add release pipeline with wait checks
* add token to release step
* rm dir presenters int test
* enforce dpkg to be non interactive
Co-authored-by: Alfredo Deza <adeza@anchore.com>
* pin brew formulae
* pin skopeo to formulae url
* only run acceptance tests
Co-authored-by: Alfredo Deza <adeza@anchore.com>
