* feat: add preRun func to version to restore stdout
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: add test to capture version in output
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* change stdout buffering to log to be opt-in per command
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
- Add a new Java configuration option to recursively search parent poms for licenses
---------
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
* Read a license from a parent pom stored in Maven Central
---------
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
* [wip]
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* distinct the package metadata functions
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove metadata type from package core model
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* incorporate review feedback for names
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add RPM archive metadata and split parser helpers
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* clarify the python package metadata type
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* rename the KB metadata type
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* break hackage and composer types by use case
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* linting fix
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix encoding and decoding for syft-json and cyclonedx
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bump json schema to 11
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update cyclonedx-json snapshots
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update cyclonedx-xml snapshots
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update spdx-json snapshots
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update spdx-tv snapshots
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update syft-json snapshots
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* correct metadata type in stack yaml parser test
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix bom-ref redactor for cyclonedx-xml
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add tests for legacy package metadata names
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* regenerate json schema v11
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix legacy HackageMetadataType reflect type value check
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix linting
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* packagemetadata discovery should account for type shadowing
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix linting
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix cli tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bump json schema version to v12
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update json schema to incorporate changes from main
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add syft-json legacy config option
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add tests around v11-v12 json decoding
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add docs for SYFT_JSON_LEGACY
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* rename structs to be compliant with new naming scheme
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* split up sbom.Format into encode and decode ops
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update cmd pkg to inject format configs
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bump cyclonedx schema to 1.5
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* redact image metadata from github encoder tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add more testing around format decoder identify
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add test case for format version options
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix cli tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix CLI test
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* [wip] - review comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* keep encoder creation out of post load function
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* keep decider and identify functions
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add a few more doc comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove format encoder default function helpers
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* address PR feedback
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* move back to streaming based decode functions
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* with common convention for encoder constructors
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix tests and allow for encoders to be created from cli options
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix cli tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix linting
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* buffer reads from stdin to support seeking
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove internal string set
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* incorporate changes from #2227
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* beef up the pkg.License.Merg() doc string
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add bubbletea UI
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* swap pipeline to go 1.20.x and add attest guard for cosign binary
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update note in developing.md about the required golang version
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix merge conflict for windows path handling
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* temp test for attest handler
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add addtional test iterations for background reader
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* refactor source API and syft json source block
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update source detection and format test utils
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* generate list of all source metadata types
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* extract base and root normalization into helper functions
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* preserve syftjson model package name import ref
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* alias should not be a pointer
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove sbom.writer bytes call and consolidate helpers to options pkg
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* dont close stdout
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove close operation from multiwriter
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
---------
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* migrate location structs to file package
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* replace source.Location refs with file package call
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix linting
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove hardlink test for file based catalogers
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove hardlink test for all-regular-files testing
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* migrate file resolver implementations to separate package
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix linting
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* [wip] migrate resolvers to internal
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* migrate resolvers to syft/internal
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
---------
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: <>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
