oss/syft - syft - Sa' Rocí Solutions

oss/syft

mirror of https://github.com/anchore/syft.git synced 2025-11-18 00:43:20 +01:00

Author	SHA1	Message	Date
anchore-actions-token-generator[bot]	f14742b3f3	chore(deps): update stereoscope to d1f3d766295ed3c8362ac1be68070e2a1dba4d03 (#1975 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com> v0.86.0	2023-07-31 12:02:33 -04:00
Christopher Angelo Phillips	3aae316456	chore: update to latest commit in tools-golang (#1969 ) * chore: update to latest commit in tools-golang --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-07-27 15:29:22 -04:00
Alex Goodman	063e9da65d	Guess unpinned versions in python requirements.txt (#1966 ) * feat: python requirements.txt parsing inclusive Signed-off-by: manifestori <ori@manifestcyber.com> * refactor: parseVersion Signed-off-by: manifestori <ori@manifestcyber.com> * add python config for optional requirements version constraint resolution Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * allow for python requirements metadata to be optional Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * restore cyclonedx dependency Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: manifestori <ori@manifestcyber.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: manifestori <ori@manifestcyber.com>	2023-07-27 14:26:59 -04:00
dependabot[bot]	bf1102c3f1	chore(deps): bump github.com/vifraa/gopom from 0.2.1 to 0.2.2 (#1965 ) Bumps [github.com/vifraa/gopom](https://github.com/vifraa/gopom) from 0.2.1 to 0.2.2. - [Release notes](https://github.com/vifraa/gopom/releases) - [Commits](https://github.com/vifraa/gopom/compare/v0.2.1...v0.2.2) --- updated-dependencies: - dependency-name: github.com/vifraa/gopom dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-27 13:28:42 -04:00
Alex Goodman	bbd2d42dbb	Fix panic condition on docker pull failure (#1968 ) * [wip] add image pull error handlers Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix panic and ui hang on docker pull failure Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * linter fix Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-07-27 11:32:02 -04:00
Alex Goodman	d84120f499	bump JSON schema to account for simplified python env markers (#1967 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-07-27 14:13:17 +00:00
Keith Zantow	9480f10ccd	feat: support top-level SPDX package and graph (#1934 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-07-26 13:54:32 -04:00
dependabot[bot]	1e4d26f526	chore(deps): bump github.com/go-git/go-git/v5 from 5.8.0 to 5.8.1 (#1959 ) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.8.0 to 5.8.1. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.8.0...v5.8.1) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-26 13:34:03 +00:00
Tristan Farkas	e1c1832f84	Add cataloger for Swift Package Manager. (#1919 ) Signed-off-by: Tristan Farkas <Tristan.Farkas@axis.com>	2023-07-25 14:35:21 -04:00
anchore-actions-token-generator[bot]	9a73380f29	chore(deps): update stereoscope to d515761c6ca2743a67d7d08053db69235ae76d1d (#1953 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-07-25 10:49:21 -04:00
dependabot[bot]	2e718cf865	chore(deps): bump github.com/docker/docker (#1955 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.2+incompatible to 24.0.5+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v24.0.2...v24.0.5) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-25 10:37:16 -04:00
dependabot[bot]	4000a84624	chore(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to 5.8.0 (#1951 ) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.7.0 to 5.8.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.7.0...v5.8.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-24 11:28:54 -04:00
Dan Luhring	99d172f0d1	Introduce indexed embedded CPE dictionary (#1897 ) * Introduce indexed embedded CPE dictionary Signed-off-by: Dan Luhring <dluhring@chainguard.dev> * Don't generate cpe-index on make snapshot Signed-off-by: Dan Luhring <dluhring@chainguard.dev> * Add unit tests for individual addEntry funcs Signed-off-by: Dan Luhring <dluhring@chainguard.dev> * migrate CPE index build to go generate and add periodic workflow Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add test to ensure generated cpe index is wired up to function that uses it Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Dan Luhring <dluhring@chainguard.dev> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-07-21 13:54:19 +00:00
dependabot[bot]	3f5c601620	chore(deps): bump github.com/gookit/color from 1.5.3 to 1.5.4 (#1949 ) Bumps [github.com/gookit/color](https://github.com/gookit/color) from 1.5.3 to 1.5.4. - [Release notes](https://github.com/gookit/color/releases) - [Commits](https://github.com/gookit/color/compare/v1.5.3...v1.5.4) --- updated-dependencies: - dependency-name: github.com/gookit/color dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-21 08:50:47 -04:00
Dan Luhring	8478e0bef7	Add support for parsing .NET assemblies (#1943 ) * Add support for parsing .NET assemblies Signed-off-by: Dan Luhring <dluhring@chainguard.dev> Former-commit-id: 69c33fe4d77357d843c11590f3b07825bc6249ac * Add dll and exe files Signed-off-by: Dan Luhring <dluhring@chainguard.dev> Former-commit-id: b9d204efa6d2ef385b5fbb7a59a3474ecabea641 * Add PE cataloger to directory catalogers Signed-off-by: Dan Luhring <dluhring@chainguard.dev> Former-commit-id: 9711c00d9da92e2887e0c1f92edd740ea5345849 * Don't set language to dotnet for PEs Signed-off-by: Dan Luhring <dluhring@chainguard.dev> Former-commit-id: 368313fddac9160d8a06a01ebe8c5ac7990232f5 * Fix spelling of cataloger in constructor Signed-off-by: Dan Luhring <dluhring@chainguard.dev> Former-commit-id: e42fd77b2f8b6d42e076a84f6cce386861260941 * Adjust which cases in PE parsing return errors Signed-off-by: Dan Luhring <dluhring@chainguard.dev> Former-commit-id: 95b25f8fc3a7d4e18fe30e489b09851f316795ff * remove build binary from branch Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Former-commit-id: fa54c0d0aef0998d5520e9f44cae51f5f9cd38a2 * Fix failing CLI tests Signed-off-by: Dan Luhring <dluhring@chainguard.dev> --------- Signed-off-by: Dan Luhring <dluhring@chainguard.dev> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-07-19 15:34:07 -04:00
Christopher Angelo Phillips	0327fdc88a	docs: capture artifactory dev settings from 1895 (#1947 ) * docs: capture artifactory dev settings from 1895 --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-07-19 16:54:18 +00:00
Alex Goodman	88b3d1e9bb	remove build binary and add explicit git ignore Former-commit-id: 6455f2d8a5f1910b4a8b681ddef79919886d638d	2023-07-18 14:06:34 -04:00
Christopher Angelo Phillips	204b790012	docs: update docs with new docker specific instructions (#1941 ) * docs: update docs with new docker specific instructions --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Former-commit-id: c67c76e84df84e3e24aa307637d884ca8b7e3eea	2023-07-17 18:19:21 +00:00
Alex Goodman	35699f6fdc	remove jotframe UI (#1932 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-07-13 13:21:52 -04:00
Christopher Angelo Phillips	2e7fd031d4	fix: remove indirect dependency of circl v1.1.0 (#1940 ) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-07-13 12:30:37 -04:00
Christopher Angelo Phillips	32296f5943	chore: move wait before iteration to guarantee read before tea (#1931 ) * chore: move wait before iteration to guarantee read before tea --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-07-12 13:59:31 -04:00
Alex Goodman	4fc17edd14	implement ui handle waiter (#1930 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> v0.85.0	2023-07-12 13:14:54 -04:00
Christopher Angelo Phillips	38efe4ec5f	fix: background reader apart from global handler for testing (#1929 ) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-07-12 12:37:19 -04:00
dependabot[bot]	05a61897f2	chore(deps): bump modernc.org/sqlite from 1.23.1 to 1.24.0 (#1928 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.23.1 to 1.24.0. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.23.1...v1.24.0) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-11 14:01:48 -04:00
James Neate	5a7c200911	fix: allow valid cyclonedx input with no components (#1873 ) fix: allow valid cyclonedx input with no components --------- Signed-off-by: James Neate <jamesmneate@gmail.com> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-07-11 13:56:36 -04:00
Christopher Angelo Phillips	72616db81f	fix: "or-later" suffix updated to consider deprecated "+" operator (#1907 ) * fix: or-later suffix has been updated to consider deprecated + If a given license has the suffix "or-later" it previously could have been considered or represented with a "+". Example "GFDL-1.0-or-later" could have been represented as "GFDL-1.0+". This PR allows the license list generation to consider "or-later" as == to "+" when generating permutations for upgrading deprecated licenses. --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-07-11 16:21:29 +00:00
Avi Deitcher	4ab9f393fc	feat: CLI flag for directory base (#1867 ) Signed-off-by: Avi Deitcher <avi@deitcher.net> Signed-off-by: Keith Zantow <kzantow@gmail.com> Co-authored-by: Keith Zantow <kzantow@gmail.com>	2023-07-10 13:36:41 -04:00
Dan Luhring	9744f4c009	Fix CPE gen for k8s python client (#1921 ) Signed-off-by: Dan Luhring <dluhring@chainguard.dev> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-07-10 15:54:19 +00:00
Christopher Angelo Phillips	d21fa84335	chore: update iterations to protect against race (#1927 ) * chore: update iterations to protect against race --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-07-10 11:44:54 -04:00
anchore-actions-token-generator[bot]	d5d95da3b6	chore(deps): update bootstrap tools to latest versions (#1922 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>	2023-07-10 11:03:09 -04:00
Dan Luhring	c0c089ffd5	fix: Don't use the actual redis or grpc CPEs for gems (#1926 ) Signed-off-by: Dan Luhring <dluhring@chainguard.dev>	2023-07-10 10:24:42 -04:00
Lorenzo Orsatti	376c42893b	fix(install): return with right error code (#1915 ) This resolves #1566. Signed-off-by: Lorenzo Orsatti <49567430+lorsatti@users.noreply.github.com> Co-authored-by: Christopher Phillips <cphillips918@gmail.com>	2023-07-06 16:56:07 -04:00
Dan Luhring	81d8019207	Remove erroneous Java CPEs from generation (#1918 ) Signed-off-by: Dan Luhring <dluhring@chainguard.dev>	2023-07-06 16:12:55 -04:00
dependabot[bot]	8ce88e11fd	chore(deps): bump golang.org/x/net from 0.11.0 to 0.12.0 (#1916 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.11.0 to 0.12.0. - [Commits](https://github.com/golang/net/compare/v0.11.0...v0.12.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-06 16:02:44 -04:00
Alex Goodman	f8b832e6c3	Switch UI to bubbletea (#1888 ) * add bubbletea UI Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * swap pipeline to go 1.20.x and add attest guard for cosign binary Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update note in developing.md about the required golang version Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix merge conflict for windows path handling Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * temp test for attest handler Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add addtional test iterations for background reader Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-07-06 09:00:46 -04:00
DD (Devdatta) Deshpande	a00a3df10c	fix: use filepath.EvalSymlinks if os.Readlink fails to evaluate the link (#1884 ) Signed-off-by: DD (Devdatta) Deshpande <dd@codewits.in> Co-authored-by: Keith Zantow <kzantow@gmail.com>	2023-07-05 14:49:22 -04:00
Alex Goodman	cfbb9f703b	add file source digest support (#1914 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-07-05 13:47:13 -04:00
anchore-actions-token-generator[bot]	6280146c81	chore(deps): update bootstrap tools to latest versions (#1908 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>	2023-07-05 11:06:22 -04:00
dependabot[bot]	e8f7108e6e	chore(deps): bump golang.org/x/mod from 0.11.0 to 0.12.0 (#1912 ) Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.11.0 to 0.12.0. - [Commits](https://github.com/golang/mod/compare/v0.11.0...v0.12.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-05 11:06:05 -04:00
dependabot[bot]	023ca1be32	chore(deps): bump golang.org/x/term from 0.9.0 to 0.10.0 (#1913 ) Bumps [golang.org/x/term](https://github.com/golang/term) from 0.9.0 to 0.10.0. - [Commits](https://github.com/golang/term/compare/v0.9.0...v0.10.0) --- updated-dependencies: - dependency-name: golang.org/x/term dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-05 11:05:46 -04:00
Marco Damiani	2e3c7fa158	doc(readme): add installation section with scoop (#1909 ) Signed-off-by: drazen04 <hangtime23@hotmail.it>	2023-07-03 13:50:01 -04:00
Alex Goodman	4da3be864f	Refactor source API (#1846 ) * refactor source API and syft json source block Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update source detection and format test utils Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * generate list of all source metadata types Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * extract base and root normalization into helper functions Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * preserve syftjson model package name import ref Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * alias should not be a pointer Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-06-30 14:19:16 +00:00
anchore-actions-token-generator[bot]	608dbded06	chore(deps): update bootstrap tools to latest versions (#1905 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>	2023-06-29 14:10:30 -04:00
anchore-actions-token-generator[bot]	791d1f9552	chore(deps): update stereoscope to cd49355d934e9e09339e0b690398afe7bd9f63f1 (#1903 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com> v0.84.1	2023-06-28 12:05:12 -04:00
anchore-actions-token-generator[bot]	e5e97b5c4e	chore(deps): update bootstrap tools to latest versions (#1902 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>	2023-06-28 12:04:39 -04:00
Weston Steimel	8219f8d55b	fix: discover deb file relationships in distroless images (#1901 ) Signed-off-by: Weston Steimel <weston.steimel@anchore.com>	2023-06-28 13:28:20 +01:00
Alex Goodman	026be3c0f1	add oss community board auto-add workflow (#1898 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-06-27 15:53:59 -04:00
anchore-actions-token-generator[bot]	0d4f19043e	chore(deps): update stereoscope to 8c7173ebcf69187d480d4d8b0c6cafaa7aef7024 (#1890 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-06-26 13:58:44 -04:00
anchore-actions-token-generator[bot]	38b47e484c	chore(deps): update bootstrap tools to latest versions (#1894 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>	2023-06-26 13:58:17 -04:00
Stephane Rufer	7943c73d3f	fix: add support for Dart SDK package dependencies (#1891 ) Signed-off-by: Stephane Rufer <1128559+rufman@users.noreply.github.com>	2023-06-23 12:40:46 -04:00

... 6 7 8 9 10 ...

1875 Commits