Alex Goodman
a97e1c6e1a
tweak diagram
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-29 15:18:36 -04:00
Alex Goodman
4a2d94b4b9
Merge remote-tracking branch 'origin/main' into ast-parse-cataloger-capabilities
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-29 14:06:59 -04:00
Alex Goodman
16fb680b15
fix tests and linting
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-29 11:55:02 -04:00
Kudryavcev Nikolay
f5c765192c
Refactor fileresolver to not require base path ( #4298 )
...
* ref: close source in test and examples
Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com>
* ref: pretty file/directory source resolver (make them more similar)
Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com>
* ref: move absoluteSymlinkFreePathToParent to file resolver
Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com>
* revert breaking change
Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com>
---------
Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com>
2025-10-29 10:41:18 -04:00
Alex Goodman
d6512456b3
improve testing a docs
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-29 10:08:29 -04:00
Alex Goodman
0dd906b071
fix linting
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-28 10:38:24 -04:00
Alex Goodman
abfe73b3da
latest generation
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-27 14:51:14 -04:00
Alex Goodman
5d182ec5f1
add completeness tests for metadata types
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-26 06:44:32 -04:00
Alex Goodman
63832e5e5a
expose json schema types
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-24 09:21:07 -04:00
Alex Goodman
de111f4d5b
expose metadata and pacakge types in json
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-23 16:16:33 -04:00
Alex Goodman
95ba1b04a4
better binary cataloger description
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-21 13:02:04 -04:00
Alex Goodman
02f61abc62
rename os pkg types
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-20 10:22:11 -04:00
Alex Goodman
a92efd5b85
correct gentoo and arch ecosystems
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-17 14:12:55 -04:00
Pavel Buchart
e923db2a94
Add PDM parser ( #4234 )
...
Signed-off-by: Pavel Buchart <pavel@buchart.cz>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
2025-10-16 08:50:44 -04:00
Alex Goodman
d22914baf5
add docs to configs ( #4281 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-14 13:58:31 -04:00
Alex Goodman
1510db7c4e
add info command from generated capabilities
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-13 17:14:40 -04:00
Alex Goodman
4ae8f73583
migrate json schema generation ( #4270 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-10 14:16:28 +00:00
Sebastien Dionne
bd013fe99a
docs: Fix typos and linguistic errors in documentation ( #4257 )
...
Signed-off-by: Sebastien Dionne <survivant00@gmail.com>
2025-10-06 14:22:22 +00:00
Alan Pope
0a36dabf23
feat(cataloger): add snap package cataloger for metadata extraction ( #4151 )
...
---------
Signed-off-by: Alan Pope <alan.pope@anchore.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-09-26 10:42:29 -04:00
Christopher Angelo Phillips
13ffeeb3d0
feat: combine go module file and go source discovery into single cataloger ( #4127 )
...
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-08-26 19:35:44 +00:00
Simeon Stoykov
a433045d51
feat: basic Conda ecosystem support ( #4002 )
...
----------------------------------------------------------------
Signed-off-by: Simeon Stoykov <simeon.stoykov@quantco.com>
Signed-off-by: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-08-19 22:37:27 -04:00
Christopher Angelo Phillips
6b48bd4b5e
feat: add package supplier flag ( #4131 )
...
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-08-12 14:49:41 -04:00
Christopher Angelo Phillips
89470ecdd3
feat: update syft license construction to be able to look up by URL ( #4132 )
...
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-08-12 14:30:32 -04:00
Keith Zantow
48bf81cf7f
fix: align binary java detection with jvm cataloger + support IBM ( #4046 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-07-22 12:06:32 -04:00
Joshua Kugler
c491dab35b
feat: add parsing for uv.lock ( #3763 )
...
* feat: add parsing for uv.lock (#3268 )
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* Still no tests, but much more complete
Next up: start writing tests! :)
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* chore: finish out functionality and write tests
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* Merge the .NET deps.json and PE binary catalogers (#3563 )
* add combined deps.json + pe binary cataloger
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* deprecate pe and deps standalone catalogers
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* parse resource names + add tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix integration and CLI tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add some helpful code comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* allow for dropping Dep packages that are missing DLLs
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* migrate json schema changes to 24
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* keep application configuration
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* correct config help
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* [wip] detect claims of dlls within deps.json
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* [wip] fix tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add assembly repack detection
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* .net package count is lower due to dll claim requirement
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* better .NET cpe generation (#3764 )
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* Better represent .NET runtime packages (#3768 )
* clean up .NET runtime packages
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add runtime relationships
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove runtime references from binary package name
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* chore(deps): update CPE dictionary index (#3769 )
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* chore(deps): bump modernc.org/sqlite from 1.36.1 to 1.37.0 (#3771 )
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.36.1 to 1.37.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.36.1...v1.37.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* chore(deps): bump 8398a7/action-slack from 3.16.2 to 3.18.0 (#3767 )
Bumps [8398a7/action-slack](https://github.com/8398a7/action-slack ) from 3.16.2 to 3.18.0.
- [Release notes](https://github.com/8398a7/action-slack/releases )
- [Commits](28ba43ae48...1750b5085f#3766 )
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.37.0 to 0.38.0.
- [Commits](https://github.com/golang/net/compare/v0.37.0...v0.38.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* chore: move/modify code for lint issues
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* chore: make sure private structs are not exported
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* fix tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* generate json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* chore: update readme to include uv
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* chore: use uv as the package manager name
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
---------
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: anchore-actions-token-generator[bot] <102182147+anchore-actions-token-generator[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-17 18:26:56 +00:00
Keith Zantow
02703d5c80
feat: RHEL EUS detection ( #4023 )
...
* feat: rhel eus detection
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* chore: update tests
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* chore: update more tests
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* rename feature detection functions
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-07-07 14:11:20 +00:00
Alex Goodman
2bda086423
Add ability to scan snaps (as a source) ( #3929 )
2025-06-25 16:53:35 -04:00
Dan Luhring
bbf3bb5856
fix(relationship): favor real paths over symlinks for ownership by file ( #3923 )
...
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
2025-05-23 14:33:19 -04:00
Alex Goodman
e23ca43a83
add PE binary cataloger ( #3911 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-19 14:17:09 -04:00
Christopher Angelo Phillips
e1374f758e
fix: update license content filtering default case to be 'none' for no content returned
...
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-05-16 14:25:15 +00:00
Ralph Bean
b369b02f4f
Expose RPM signature information (for RPM DB and RPM archives) ( #3179 )
...
* feat: expose rpm signature information
This helps with more confident identification of an rpm.
In theory, two rpms can be built that have the same purl string, and
otherwise look identical in syft's output, but the PGP information
would distinguish them as signed either by different keys, or signed at
different times.
In practice, this usually makes no difference since rpms tend to have
unique name/version/release strings. This just gives increased
confidence about the identity of the rpm found in the db.
Signed-off-by: Ralph Bean <rbean@redhat.com>
* chore: generate json schema
Signed-off-by: Ralph Bean <rbean@redhat.com>
* re-generate json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* rename to a more generic signature field
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* rename rpm.pgp to rpm.signatures
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* split out signature fields
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bump json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* include RPM archives
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* dont fail on unknown signature type
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Ralph Bean <rbean@redhat.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-15 16:01:00 +00:00
Laurent Goderre
a8e5b25632
Add PHP interpreter + extensions cataloger ( #2585 )
...
* Add PHP extensions binary classifiers
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
* [wip] add php extensions cataloger
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix linting
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* find interpreters + extension
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* internalize binary cataloger utilities
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* default to linux/amd64 for test fixtures
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-15 08:22:50 -04:00
Christopher Angelo Phillips
3c7018a853
feat: remove full-text before release ( #3889 )
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-05-14 13:12:05 +00:00
Laurent Goderre
175a6719a9
Add cataloger for Dart pubspec ( #3292 )
...
* Add cataloger for Dart pubspec
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
* capture pubspec specific fields
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-13 21:51:49 +00:00
Christopher Angelo Phillips
f77d503892
detect license ID from full text when incidentally provided as a value ( #3876 )
...
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-13 16:37:18 -04:00
Rez Moss
12d91f47dc
Add a homebrew cataloger ( #3724 )
...
* Cataloger homebrew (#4 )
* homebrew cataloger
* uptd
* fixed test
* fixed test
* fixed tests
* fixed lint
* inc schema ver
* upt schema
* fixed integration test
* fixed integration tst
* fixed test
Signed-off-by: Rez Moss <hi@rezmoss.com>
* Update parse_homebrew_test.go
Signed-off-by: Rez Moss <hi@rezmoss.com>
* Update parse_homebrew_test.go
fixed DCO
Signed-off-by: Rez Moss <hi@rezmoss.com>
Signed-off-by: Rez Moss <hi@rezmoss.com>
* Update parse_homebrew_test.go
add evd anno to test
Signed-off-by: Rez Moss <hi@rezmoss.com>
* lint
Signed-off-by: Rez Moss <hi@rezmoss.com>
* fixed test
Signed-off-by: Rez Moss <hi@rezmoss.com>
* with PR refactors
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* regenerate json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* regenerate jsonschema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* refactor homebrew parser + add tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* more resiliant variable extraction
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Rez Moss <hi@rezmoss.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-13 13:01:41 -04:00
Alex Goodman
59b880f26a
order locations by container layer order ( #3858 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-13 00:02:07 -04:00
Alex Goodman
e3e69596bd
Translate Portage license strings to SPDX expressions ( #1763 )
...
* fix portage license handling
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* cover license_group file
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add licenses to portage metadata in json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-12 21:03:51 -04:00
James Neate
00c4a4e72a
Use package ID from decoded SBOMs when provided ( #1872 )
...
* fix: use package id from cyclonedx when provided
Signed-off-by: James Neate <jamesmneate@gmail.com>
* override package IDs from converted SBOMs
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix typo
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove extractSyftID function
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: James Neate <jamesmneate@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-08 11:25:30 -04:00
Christopher Angelo Phillips
6eff158ad3
chore: update license sort to be stable with contents field ( #3860 )
...
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-05-06 11:45:47 -04:00
GGMU
6db60c5975
Add deep-squashed scope to annotate all layers where a package exists ( #3138 )
...
* add squash all layers resolver
Signed-off-by: tomersein <tomersein@gmail.com>
* squashed all layers
Signed-off-by: tomersein <tomersein@gmail.com>
* squashed all layers
Signed-off-by: tomersein <tomersein@gmail.com>
* squashed all layers
Signed-off-by: tomersein <tomersein@gmail.com>
* squashed all layers
Signed-off-by: tomersein <tomersein@gmail.com>
* add squash with all layers logic
Signed-off-by: tomersein <tomersein@gmail.com>
* add squash with all layers logic
Signed-off-by: tomersein <tomersein@gmail.com>
* squashed all layers
Signed-off-by: tomersein <tomersein@gmail.com>
* squashed all layers
Signed-off-by: tomersein <tomersein@gmail.com>
* squashed all layers
Signed-off-by: tomersein <tomersein@gmail.com>
* squashed all layers
Signed-off-by: tomersein <tomersein@gmail.com>
* squashed all layers
Signed-off-by: tomersein <tomersein@gmail.com>
* squashed all layers
Signed-off-by: tomersein <tomersein@gmail.com>
* squashed all layers
Signed-off-by: tomersein <tomersein@gmail.com>
* squashed all layers
Signed-off-by: tomersein <tomersein@gmail.com>
* squashed all layers
Signed-off-by: tomersein <tomersein@gmail.com>
* squashed all layers
Signed-off-by: tomersein <tomersein@gmail.com>
* squashed all layers
Signed-off-by: tomersein <tomersein@gmail.com>
* squashed all layers
Signed-off-by: tomersein <tomersein@gmail.com>
* squashed all layers
Signed-off-by: tomersein <tomersein@gmail.com>
* squashed all layers
Signed-off-by: tomersein <tomersein@gmail.com>
* squash with all layers
Signed-off-by: tomersein <tomersein@gmail.com>
* squash with all layers
Signed-off-by: tomersein <tomersein@gmail.com>
* adjust resolver to strictly return squash paths only
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* show all packages have locations + primary evidence
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix race condition in test
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* consider access paths
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: tomersein <tomersein@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-05 14:35:57 -04:00
Alex Goodman
d47a6c3a6d
Improve support for cataloging nix package relationships ( #3837 )
...
* add nix DB cataloger
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add derivation path to nix store pkg metadata
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* go mod tidy
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* allow for derivation path to be optional
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* repin build image and disable syscall filtering
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bump storage capacity
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* track nix derivation details on packages
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* image fixture should have derivation examples
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* address comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-05 15:35:13 +00:00
Christopher Angelo Phillips
94e63eb367
feat: detect when full license text has been provided and preserve as separate field ( #3450 )
...
* feat: add full text field to syft license struct
---------
Signed-off-by: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com>
2025-05-01 15:00:46 -04:00
Laurent Goderre
529840bfc0
Add support for PHP Pear ( #2775 )
...
* Add support for PHP Pear and unify PECL with it
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove log statements
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix struct comment
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-04-30 20:16:58 +00:00
Alex Goodman
03fa142de9
Resolve owned file paths when searching for overlaps ( #3828 )
...
* resolve owned file paths when searching for overlaps
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* dont remove empty paths
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-04-24 21:59:45 +00:00
Alex Goodman
df18edf905
Consider DLL claims for dependencies of .NET packages from deps.json ( #3822 )
...
* consider child dll claims for .NET packages from deps.json
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* make dll claim propagation configurable
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-04-24 11:59:16 -04:00
Adam McClenaghan
f6d4a7d27a
Perf: skip license scanner injection ( #3796 )
...
* (perf): allow library users to skip default scanner injection
Signed-off-by: Adam McClenaghan <adam@mcclenaghan.co.uk>
* (perf): remove prints
Signed-off-by: Adam McClenaghan <adam@mcclenaghan.co.uk>
* perf: move to cataloging licenses.go
Signed-off-by: adammcclenaghan <adam.mcclenaghan@upwind.io>
* perf: Simplify to expose a SetContextLicenseScanner func
Signed-off-by: adammcclenaghan <adam.mcclenaghan@upwind.io>
---------
Signed-off-by: Adam McClenaghan <adam@mcclenaghan.co.uk>
Signed-off-by: adammcclenaghan <adam.mcclenaghan@upwind.io>
2025-04-23 16:01:10 -04:00
anchore-actions-token-generator[bot]
f11377fe30
chore(deps): update tools to latest versions ( #3775 )
...
---------
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-04-03 17:35:26 +00:00
Alex Goodman
12f36420dd
Parse GitHub actions comments ( #3776 )
...
* add version comment parsing support to github actions
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update json schema with github actions metadata
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add originator processing for github actions type
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-04-03 14:46:27 +00:00
Christopher Angelo Phillips
da62a82413
feat: adds the DirectoryTag to the r cataloger ( #3774 )
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-04-01 11:46:51 -04:00
