---------
Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com>
Signed-off-by: Christopher Phillips <spiffcs@users.noreply.github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* feat: Add dependency parsing to javascript package locks
Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com>
* Bump schema version
Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com>
* Add support for yarn and pnpm, excl. yarn v1
Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com>
* Add support for dependencies for v1 yarn lock files
Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com>
* Ensure schema is correctly generated
Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com>
* Fix tests
Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com>
* PR feedback
Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com>
---------
Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com>
Red Hat purls the RPM modularity info in a query param in the PURLs in
their vulnerability data. It would be nice if Syft respected this
qualifier so that Grype can use it when a Red Hat purl is passed.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
---------
Signed-off-by: Alan Pope <alan.pope@anchore.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
* allow decoding of import sbom file shape
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* address formatting
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add file mode and type processing
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* use type to interpret the raw value
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* safe mode convert should use uint32
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* simpler decoder type
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update fixtures based on ci builds
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix typo
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix: use package id from cyclonedx when provided
Signed-off-by: James Neate <jamesmneate@gmail.com>
* override package IDs from converted SBOMs
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix typo
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove extractSyftID function
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: James Neate <jamesmneate@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
* Update semver to v3. Fixes#3829
Signed-off-by: Alan Pope <alan.pope@anchore.com>
* use single instance of regex obj
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alan Pope <alan.pope@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
* Add support for PHP Pear and unify PECL with it
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove log statements
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix struct comment
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add version comment parsing support to github actions
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update json schema with github actions metadata
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add originator processing for github actions type
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* feat: add Debian archive (.deb) file cataloger
Add a cataloger that parses Debian package (.deb) archive files directly,
allowing Syft to discover packages from .deb files without requiring
them to be installed on the system. This implements issue #3315.
Key features:
- Parse .deb AR archives to extract package metadata
- Support for gzip, xz, and zstd compressed control files
- Extract package metadata from control files
- Process file information from md5sums files
- Mark configuration files from conffiles entries
- Handle trailing slashes in archive member names
Signed-off-by: Alan Pope <alan.pope@anchore.com>
* chore: run go mod tidy to fix failing workflow
Signed-off-by: Alan Pope <alan.pope@anchore.com>
* add license processing to dpkg archive cataloger + add tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update json schema with dpkg archive type
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alan Pope <alan.pope@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
* Add downloadLocation URI validation
Signed-off-by: Stef Graces <stefgraces@hotmail.com>
* Update function names
Signed-off-by: Stef Graces <stefgraces@hotmail.com>
* Fixes for make lint-fix + Changes to when NONE and NOASSERTION in downloadLocation
Signed-off-by: Stef Graces <stefgraces@hotmail.com>
---------
Signed-off-by: Stef Graces <stefgraces@hotmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
