oss/syft - syft - Sa' Rocí Solutions

oss/syft

mirror of https://github.com/anchore/syft.git synced 2025-11-17 16:33:21 +01:00

Author	SHA1	Message	Date
Christopher Phillips	b1c8478d55	chore: pr comments Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>	2025-11-13 14:57:07 -05:00
Christopher Phillips	9609ce2b36	chore: remove test-binary Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>	2025-11-13 00:46:38 -05:00
Christopher Phillips	56761cee6f	fix: raise model version on package Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>	2025-11-13 00:44:19 -05:00
Christopher Phillips	b80592f735	chore: pr comments Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>	2025-11-13 00:32:08 -05:00
Christopher Phillips	cdb41b0c76	chore: ignore local agent files Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>	2025-11-13 00:12:15 -05:00
Christopher Phillips	b18f7bb7a8	chore: regenerate json schema Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>	2025-11-13 00:02:44 -05:00
Christopher Phillips	6daea43c32	fix: pr comments Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>	2025-11-13 00:02:21 -05:00
Christopher Phillips	9b31c0480f	wip: wip Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>	2025-11-13 00:01:27 -05:00
Christopher Phillips	9a2a45f91d	chore: pr feedback Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>	2025-11-13 00:01:27 -05:00
Christopher Phillips	38c0e6e899	chore: warn -> debug Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>	2025-11-13 00:01:26 -05:00
Christopher Phillips	64dc451345	fix: update gguf data to be GGUFFileHeader Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>	2025-11-12 23:59:56 -05:00
Christopher Phillips	c689dcfeef	chore: refactor to use gguf-parser-go; 50mb limit Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>	2025-11-12 23:59:13 -05:00
Christopher Phillips	f664f9eaf2	fix: first pass pr fixes Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>	2025-11-12 23:58:44 -05:00
Christopher Phillips	08c0572fb7	test: fix local flake Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>	2025-11-12 23:58:44 -05:00
Christopher Phillips	b702952c8c	tests: account for epoch in dedupe test Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>	2025-11-12 23:58:44 -05:00
Christopher Phillips	bcd47d109a	chore: schema and test additions Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>	2025-11-12 23:58:39 -05:00
Christopher Phillips	1ad4a2752a	test: migrate gguf tests over Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>	2025-11-12 23:56:52 -05:00
Christopher Phillips	f92b7d2fc9	chore: lint-fix Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>	2025-11-12 23:56:52 -05:00
Christopher Phillips	6ceef5fe4a	feat: migrate gguf parser to separate PR from oci Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>	2025-11-12 23:56:52 -05:00
anchore-actions-token-generator[bot]	2e100f33f3	chore(deps): update tools to latest versions (#4358 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>	2025-11-12 13:27:47 -05:00
dependabot[bot]	b444f0c2ed	chore(deps): bump golang.org/x/mod from 0.29.0 to 0.30.0 (#4359 ) Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.29.0 to 0.30.0. - [Commits](https://github.com/golang/mod/compare/v0.29.0...v0.30.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-version: 0.30.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-12 13:27:33 -05:00
Adam Chovanec	102d362daf	feat: CPEs format decoder (#4207 ) Signed-off-by: Adam Chovanec <git@adamchovanec.cz>	2025-11-12 10:45:09 -05:00
Alex Goodman	66c78d44af	Document additional json schema fields (#4356 ) * add documentation to key fields Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * regenerate json schema Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2025-11-10 16:29:06 -05:00
dependabot[bot]	78a4ab8ced	chore(deps): bump github.com/olekukonko/tablewriter from 1.0.9 to 1.1.1 (#4354 ) Bumps [github.com/olekukonko/tablewriter](https://github.com/olekukonko/tablewriter) from 1.0.9 to 1.1.1. - [Commits](https://github.com/olekukonko/tablewriter/compare/v1.0.9...v1.1.1) --- updated-dependencies: - dependency-name: github.com/olekukonko/tablewriter dependency-version: 1.1.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-10 13:31:15 -05:00
dependabot[bot]	25ca33d20e	chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.7.0 to 6.7.1 (#4355 ) Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty) from 6.7.0 to 6.7.1. - [Release notes](https://github.com/jedib0t/go-pretty/releases) - [Commits](https://github.com/jedib0t/go-pretty/compare/v6.7.0...v6.7.1) --- updated-dependencies: - dependency-name: github.com/jedib0t/go-pretty/v6 dependency-version: 6.7.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-10 13:30:56 -05:00
anchore-actions-token-generator[bot]	60ca241593	chore(deps): update tools to latest versions (#4347 ) * chore: new tool checks --------- Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>	2025-11-07 20:56:44 +00:00
dependabot[bot]	0f475c8bcd	chore(deps): bump github.com/opencontainers/selinux (#4349 ) Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.11.0 to 1.13.0. - [Release notes](https://github.com/opencontainers/selinux/releases) - [Commits](https://github.com/opencontainers/selinux/compare/v1.11.0...v1.13.0) --- updated-dependencies: - dependency-name: github.com/opencontainers/selinux dependency-version: 1.13.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-07 15:21:35 -05:00
Alex Goodman	199394934d	preserve --from order (#4350 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2025-11-07 10:17:10 -05:00
dependabot[bot]	8a22d394ed	chore(deps): bump golang.org/x/time from 0.12.0 to 0.14.0 (#4348 ) Bumps [golang.org/x/time](https://github.com/golang/time) from 0.12.0 to 0.14.0. - [Commits](https://github.com/golang/time/compare/v0.12.0...v0.14.0) --- updated-dependencies: - dependency-name: golang.org/x/time dependency-version: 0.14.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-07 08:48:20 -05:00
Tim Olshansky	bbef262b8f	feat: Add license enrichment from pypi to python packages (#4295 ) * feat: Add license enrichment from pypi to python packages * Implement license caching and improve test coverage --------- Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com>	2025-11-06 16:05:08 -05:00
Tim Olshansky	4e06a7ab32	feat(javascript): Add dependency parsing (#4304 ) * feat: Add dependency parsing to javascript package locks Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com> * Bump schema version Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com> * Add support for yarn and pnpm, excl. yarn v1 Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com> * Add support for dependencies for v1 yarn lock files Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com> * Ensure schema is correctly generated Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com> * Fix tests Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com> * PR feedback Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com> --------- Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com>	2025-11-06 16:03:43 -05:00
Alex Goodman	e5711e9b42	Update CPE processing to use NVD API (#4332 ) * update NVD CPE dictionary processor to use API Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * pass linting with exceptions Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2025-11-06 16:02:26 -05:00
Rez Moss	f69b1db099	feat: detect elixir bin (#4334 ) * Elixir detection, fixed #4333 --------- Signed-off-by: Rez Moss <hi@rezmoss.com>	2025-11-06 16:02:02 -05:00
dependabot[bot]	fe1ea443c2	chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.9 to 6.7.0 (#4337 ) Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty) from 6.6.9 to 6.7.0. - [Release notes](https://github.com/jedib0t/go-pretty/releases) - [Commits](https://github.com/jedib0t/go-pretty/compare/v6.6.9...v6.7.0) --- updated-dependencies: - dependency-name: github.com/jedib0t/go-pretty/v6 dependency-version: 6.7.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-06 15:47:49 -05:00
dependabot[bot]	bfcbf266df	chore(deps): bump github.com/containerd/containerd from 1.7.28 to 1.7.29 (#4340 ) Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.28 to 1.7.29. - [Release notes](https://github.com/containerd/containerd/releases) - [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md) - [Commits](https://github.com/containerd/containerd/compare/v1.7.28...v1.7.29) --- updated-dependencies: - dependency-name: github.com/containerd/containerd dependency-version: 1.7.29 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-06 15:46:32 -05:00
Keith Zantow	a400c675fc	feat: license file search (#4327 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2025-11-03 14:16:05 -05:00
Alex Goodman	7c154e7c37	use official action for token generation (#4331 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2025-11-03 13:08:42 -05:00
anchore-actions-token-generator[bot]	4c93394bc2	chore(deps): update anchore dependencies (#4330 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com> v1.37.0	2025-11-03 12:44:07 -05:00
kdt523	3e4e82f03e	Canonicalize Ghostscript CPE/PURL for ghostscript packages from PE Binaries (#4308 ) * binary(pe): canonicalize Ghostscript CPE to artifex:ghostscript and add generic purl for PE (#4275)\n\n- Detect Ghostscript via PE version resources and set purl pkg:generic/ghostscript@<version>\n- Add PE-specific CPE candidates: vendor 'artifex', product 'ghostscript'\n- Add focused unit tests for purl and CPE generation Signed-off-by: kdt523 <krushna.datir231@vit.edu> * fix: gofmt formatting for static analysis pass (pe-ghostscript-cpe-purl-4275) Signed-off-by: kdt523 <krushna.datir231@vit.edu> --------- Signed-off-by: kdt523 <krushna.datir231@vit.edu>	2025-11-03 14:54:48 +00:00
dependabot[bot]	793b0a346f	chore(deps): bump github/codeql-action from 4.31.1 to 4.31.2 (#4325 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.1 to 4.31.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`5fe9434cd2...0499de31b9`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-03 09:11:20 -05:00
dependabot[bot]	a0dac519db	chore(deps): bump github.com/hashicorp/go-getter from 1.8.2 to 1.8.3 (#4326 ) Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.8.2 to 1.8.3. - [Release notes](https://github.com/hashicorp/go-getter/releases) - [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml) - [Commits](https://github.com/hashicorp/go-getter/compare/v1.8.2...v1.8.3) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-getter dependency-version: 1.8.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-03 09:11:12 -05:00
dependabot[bot]	34f5e521c1	chore(deps): bump modernc.org/sqlite from 1.39.1 to 1.40.0 (#4329 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.39.1 to 1.40.0. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.39.1...v1.40.0) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-version: 1.40.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-03 09:11:05 -05:00
dependabot[bot]	774b1e97b9	chore(deps): bump github/codeql-action from 4.31.0 to 4.31.1 (#4321 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.0 to 4.31.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`4e94bd11f7...5fe9434cd2`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-10-30 13:19:57 -04:00
Alex Goodman	538430d65d	describe cataloger capabilities via test observations (#4318 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2025-10-30 13:19:42 -04:00
Alex Goodman	5db3a9bf55	add workflow to create PR for spdx license list updates (#4319 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2025-10-30 12:14:13 -04:00
Stepan	efc2f0012c	fix: go binary replace handling in path (#4156 ) * Fix issue with relative paths on go binary Signed-off-by: Stepan <stepworm@yandex.ru> * Linting Signed-off-by: Stepan <stepworm@yandex.ru> --------- Signed-off-by: Stepan <stepworm@yandex.ru> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2025-10-29 15:59:47 +00:00
kyounghoonJang	c5c1454848	feat(java): Add support for .far (Feature Archive) files (#4193 ) * feat(java): add support for .far archivesEnables the Java cataloger to recognize and catalog dependencies within .far files, which are used in Apache Sling applications. Signed-off-by: Kyounghoon Jang <matkimchi_@naver.com> * feat(java): Add tests for .far (Feature Archive) file support Signed-off-by: Kyounghoon Jang <matkimchi_@naver.com> --------- Signed-off-by: Kyounghoon Jang <matkimchi_@naver.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2025-10-29 15:41:27 +00:00
Kudryavcev Nikolay	f5c765192c	Refactor fileresolver to not require base path (#4298 ) * ref: close source in test and examples Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com> * ref: pretty file/directory source resolver (make them more similar) Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com> * ref: move absoluteSymlinkFreePathToParent to file resolver Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com> * revert breaking change Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com> --------- Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com>	2025-10-29 10:41:18 -04:00
Will Murphy	728feea620	ci: use apple creds before pushing tags (#4313 ) We have had a few releases fail because the Apple credentials needed some sort of fix. These release were operationally more interesting because they failed after pushing a git tag (which effectively releases the golagn package). Therefore, try to use these creds early, before there's a tag pushed. Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>	2025-10-29 10:07:47 -04:00
dependabot[bot]	45fb52dca1	chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.8 to 6.6.9 (#4315 ) Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty) from 6.6.8 to 6.6.9. - [Release notes](https://github.com/jedib0t/go-pretty/releases) - [Commits](https://github.com/jedib0t/go-pretty/compare/v6.6.8...v6.6.9) --- updated-dependencies: - dependency-name: github.com/jedib0t/go-pretty/v6 dependency-version: 6.6.9 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-10-29 10:06:37 -04:00

1 2 3 4 5 ...

3080 Commits