Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add kernel handler
Signed-off-by: Avi Deitcher <avi@deitcher.net>
* [wip] combine kernel and kernel module cataloging
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* [wip] combine kernel and kernel module cataloging
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Avi Deitcher <avi@deitcher.net>
* rename Kernel package to LinuxKernel package
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* split kernel and module packages within cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* wire up application configuration with kernel cataloger options
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* dont use references for packages on relationships
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix linting and tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* kernel cataloger should be resistent to partial failure
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* log upon kernel module metadata missing
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add tests for linux kernel cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update integration tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update cli package test counts
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add evidence annotations for kernel packages
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* reduce noise in cli test output
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* missed cli test to reduce noise for
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix package counts
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update docs with linux kernel cataloging refs
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* bump json schema with new metadata fields
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
---------
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: <>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
Add source.NewFromRegistry function so that the syft attest command can always explicitly ask for an OCIRegistry provider rather than rely on local daemon detection for image sources.
Attestation can not be used where local images loaded in a daemon are the source. Digest values for the layer identification step in attestation can sometimes vary across workstations.
This fix makes it so that attest is generating an SBOM for, and attesting to, a source that exists in an OCI registry. It should never load a source from a local user docker/podman daemon.
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
add syft attest command to produce an attestation as application/vnd.in-toto+json to standard out using on disk PKI
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* refactor signing steps in release/snapshot workflows
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* show signing logs on snapshot or release failure
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update install.sh + tests to account for new goreleaser changes
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update cli tests to account for new goreleaser build names
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix acceptance test to use new snapshot bin path
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add notarization
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* address review comments
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* recover from panics in stdlib binary parsing
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add CLI test to cover regression case
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* show help text when no args are given
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* repurpose the input args validation function
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* ensure app does not check for update in cli tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* change directory resolver to ignore system runtime paths + drive by index
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add event/etui support for filesystem indexing (for dir resolver)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add warnings for path indexing problems
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add directory resolver index tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* improve testing around directory resolver
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* renamed p var to path when not conflicting with import
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* pull docker image in CLI dir scan timeout test
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* ensure file not exist errors do not stop directory resolver indexing
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add initial spdx support
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* expose FileOwner and use in SPDX presenter
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add initial json support for SPDX
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add remaining package fields
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add spdx license list generation + tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* keep fileOwner unexported from pkg
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* restore cli test util
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add external refs to spdx tag-value format
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add golang support to CPE generation
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* use tag-value format as default "spdx" format flavor
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add tests around spdx presenters + refactor presenter tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add bouncer exception for spdx tools-golang repo
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove spdx model questions
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
