oss/syft - syft - Sa' Rocí Solutions

oss/syft

mirror of https://github.com/anchore/syft.git synced 2025-11-17 16:33:21 +01:00

Author	SHA1	Message	Date
dependabot[bot]	b2be411f77	chore(deps): bump tibdex/github-app-token from 1 to 2 (#2116 ) Bumps [tibdex/github-app-token](https://github.com/tibdex/github-app-token) from 1 to 2. - [Release notes](https://github.com/tibdex/github-app-token/releases) - [Commits](https://github.com/tibdex/github-app-token/compare/v1...v2) --- updated-dependencies: - dependency-name: tibdex/github-app-token dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-11 09:56:22 -04:00
anchore-actions-token-generator[bot]	ec22f4b773	chore(deps): update CPE dictionary index (#2114 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>	2023-09-11 09:42:59 -04:00
anchore-actions-token-generator[bot]	e3c525b4b8	chore(deps): update stereoscope to 057dda3667e7f2b5e6ec6716747badd5f403c6de (#2109 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-09-08 14:10:00 -04:00
Christopher Angelo Phillips	3842d28e90	fix: update codeql-analysis for go 1.21 (#2108 ) * fix: update codeql-analysis for go 1.21 Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * nit: remove comment Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-09-07 15:54:42 -04:00
dlorenc	9f22ab6137	Bump the golang.org/x/exp dependency and fix a build breakage. (#2088 ) * Bump the golang.org/x/exp dependency and fix a build breakage. --------- Signed-off-by: Dan Lorenc <dlorenc@chainguard.dev> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-09-07 14:55:52 -04:00
dependabot[bot]	1315cfd787	chore(deps): bump actions/checkout from 3 to 4 (#2094 ) Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-07 09:57:51 -04:00
dependabot[bot]	212aa9b6cf	chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.7 to 0.4.10 (#2106 ) Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.4.7 to 0.4.10. - [Release notes](https://github.com/gkampitakis/go-snaps/releases) - [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.7...v0.4.10) --- updated-dependencies: - dependency-name: github.com/gkampitakis/go-snaps dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-07 09:56:41 -04:00
anchore-actions-token-generator[bot]	46e4ac1474	chore(deps): update bootstrap tools to latest versions (#2086 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>	2023-09-07 09:30:44 -04:00
anchore-actions-token-generator[bot]	6800a5f64b	chore(deps): update CPE dictionary index (#2089 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>	2023-09-07 09:30:18 -04:00
dependabot[bot]	9caf51596e	chore(deps): bump github.com/saferwall/pe from 1.4.4 to 1.4.5 (#2096 ) Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe) from 1.4.4 to 1.4.5. - [Release notes](https://github.com/saferwall/pe/releases) - [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md) - [Commits](https://github.com/saferwall/pe/compare/v1.4.4...v1.4.5) --- updated-dependencies: - dependency-name: github.com/saferwall/pe dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-07 09:29:06 -04:00
dependabot[bot]	7645d5759d	chore(deps): bump github.com/docker/docker (#2098 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.5+incompatible to 24.0.6+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v24.0.5...v24.0.6) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-07 09:27:21 -04:00
dependabot[bot]	ce32f8bb74	chore(deps): bump golang.org/x/net from 0.14.0 to 0.15.0 (#2099 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.14.0 to 0.15.0. - [Commits](https://github.com/golang/net/compare/v0.14.0...v0.15.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-07 09:26:56 -04:00
Đỗ Trọng Hải	f8ab7c4695	feat(cmd/update): add UA header with current ver when check for update (#2100 ) Signed-off-by: hainenber <dotronghai96@gmail.com>	2023-09-06 11:43:01 -04:00
Đỗ Trọng Hải	305ee87052	fix(cdx): validate external refs before encoding (#2091 ) Signed-off-by: hainenber <dotronghai96@gmail.com>	2023-09-05 14:39:51 +00:00
Alex Goodman	49e7f399f9	expose cobra command in cli package (#2097 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-09-05 14:33:38 +00:00
William Murphy	007b034ee3	fix: correct group IDs for commons-codec, okhttp, okio, and add integration tests for Java PURL generation (#2075 ) Add overall integration test for java PURL detection. Signed-off-by: Will Murphy <will.murphy@anchore.com>	2023-08-31 16:57:55 -04:00
Alex Goodman	b454160549	tidy gomod and gitignore (#2082 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> v0.89.0	2023-08-31 14:50:32 +00:00
Alex Goodman	36d794febe	fix quiet flag (#2081 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-08-31 10:40:11 -04:00
William Murphy	51d38f8e59	fix: in some cases, try to use pom info to guess name and version to top level jar (#2080 ) Otherwise, small renames like 'hudson-war-2.2.1.war' to 'hudson.war', would cause syft to incorrectly catolog the archive. Signed-off-by: Will Murphy <will.murphy@anchore.com>	2023-08-31 10:19:55 -04:00
William Murphy	cfebae27f5	fix: don't panic on universal go binaries (#2078 ) If crypto settings or arch cannot be determined, still attempt to catalog packages from the build info, rather than panicking. Signed-off-by: Will Murphy <will.murphy@anchore.com>	2023-08-30 08:37:50 -04:00
Keith Zantow	2b7a9d0be3	chore: update CLI to CLIO (#2001 ) Signed-off-by: Keith Zantow <kzantow@gmail.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-08-29 15:52:26 -04:00
5p2O5pe25ouT	b03e9c6868	Add registry certificate verification support (#1734 ) * add registry certificate verification support * replace stereoscope version * modify go.mod * pull in stereoscope update Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * rename registry cert options, add docs, and add test Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update to account for changes in anchore/stereoscope#195 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix cli tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: lishituo <24578666@qq.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-08-29 11:45:20 -04:00
witchcraze	cedfa05e93	fix: CPE generation for django (#2068 ) Signed-off-by: witchcraze <witchcraze@gmail.com>	2023-08-28 08:28:01 -04:00
Keith Zantow	dd09e0362e	chore: update quill to the latest version (#2065 ) Signed-off-by: Keith Zantow <kzantow@gmail.com> v0.88.0	2023-08-25 20:45:04 +00:00
Keith Zantow	4ae94c37eb	fix: duplicate entries in cyclonedx dependency list (#2063 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-08-25 12:19:01 -04:00
William Murphy	d08e2be768	Fix panic in pom parsing (#2064 ) A recent update to gopom changed many fields to be omitted when empty, resulting in a number of nil pointers inside the nested structure of the pom that previously didn't exist. Defend against these in the search for the property value. Signed-off-by: Will Murphy <will.murphy@anchore.com>	2023-08-25 12:04:57 -04:00
William Murphy	faa902209e	Fix: don't validate pom declared group (#2054 ) Signed-off-by: Will Murphy <will.murphy@anchore.com>	2023-08-24 13:28:40 -04:00
William Murphy	9a2a988e7f	chore: trace log pom property reflect usage (#2059 ) This reflect code occasionally throws an obscure panic, but not enough information is logged before the panic to know why it panicked. Log enough to tell what property and package are being analyzed when the panic occurs. Signed-off-by: Will Murphy <will.murphy@anchore.com>	2023-08-24 11:28:44 -04:00
Chris Selzo	5ceef48949	fix: do not double-prefix symlink paths that already contain volume names (#2051 ) Signed-off-by: Joseph Palermo <jpalermo@vmware.com> Signed-off-by: Chris Selzo <cselzo@vmware.com> Co-authored-by: Joseph Palermo <jpalermo@vmware.com>	2023-08-24 10:45:22 -04:00
witchcraze	1848aa22cf	feat: add bash classifier (#2055 ) Signed-off-by: witchcraze <witchcraze@gmail.com>	2023-08-24 10:13:59 -04:00
Sirish Bathina	62f689824c	Detect golang boring crypto and fipsonly modules (#2021 ) * Extending build info to include crypto settings Signed-off-by: Sirish Bathina <sirish@kasten.io> * Use kasten fork for goversion module Signed-off-by: Sirish Bathina <sirish@kasten.io> * go mod tidy Signed-off-by: Sirish Bathina <sirish@kasten.io> * change key to GoCryptoSettings and lint fix Signed-off-by: Sirish Bathina <sirish@kasten.io> * Addressing feedback Signed-off-by: Sirish Bathina <sirish@kasten.io> --------- Signed-off-by: Sirish Bathina <sirish@kasten.io>	2023-08-24 09:49:59 -04:00
Stefan Profanter	07ac640ac5	fix: properly parse conan ref and include user and channel (#2034 ) * fix: properly parse conan ref and include user and channel Signed-off-by: Stefan Profanter <stefan.profanter@agile-robots.com> * unexport the conanRef type Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Stefan Profanter <stefan.profanter@agile-robots.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-08-23 17:51:07 +00:00
dependabot[bot]	a2b389523d	chore(deps): bump github.com/charmbracelet/lipgloss from 0.7.1 to 0.8.0 (#2053 ) Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.7.1 to 0.8.0. - [Release notes](https://github.com/charmbracelet/lipgloss/releases) - [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.7.1...v0.8.0) --- updated-dependencies: - dependency-name: github.com/charmbracelet/lipgloss dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-23 13:41:17 -04:00
Alex Goodman	17d4203bbb	Enable reading non-utf-8 encodings for java pom.xml files (#2047 ) * fix reading non utf8 encodings Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * in cases where we cant tell the encoding use the UTF8 replacement char Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * decompose the xml decoding func to get a valid utf8 reader first and test unknown encoding Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-08-23 10:06:34 -04:00
Christopher Angelo Phillips	ee121cff21	feat: 1944 - update purl generation to use a consistent groupID (#2033 ) Separate the logic for CPE and PURL generation. PURL generation needs a single answer for groupID based on a priority of discovering the field. CPE generation still uses multiple potential groupID to populate the candidate cpe. Improve GroupID detection. Currently syft does not use any hierarchy for GroupID detection and treats all sources as equal. It treats fields from the manifest file with priority. This change adds a hierarchy to the fields and returns a single answer based on that hierarchy. --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Signed-off-by: Keith Zantow <kzantow@gmail.com> Co-authored-by: Keith Zantow <kzantow@gmail.com>	2023-08-22 10:47:07 -04:00
dependabot[bot]	cf37b17869	chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 (#2049 ) Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.3.0 to 1.3.1. - [Release notes](https://github.com/google/uuid/releases) - [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md) - [Commits](https://github.com/google/uuid/compare/v1.3.0...v1.3.1) --- updated-dependencies: - dependency-name: github.com/google/uuid dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-22 10:42:19 -04:00
anchore-actions-token-generator[bot]	ee656fe088	chore(deps): update bootstrap tools to latest versions (#2048 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>	2023-08-22 08:48:42 -04:00
dependabot[bot]	f58425a305	chore(deps): bump github.com/jinzhu/copier from 0.3.5 to 0.4.0 (#2045 ) Bumps [github.com/jinzhu/copier](https://github.com/jinzhu/copier) from 0.3.5 to 0.4.0. - [Commits](https://github.com/jinzhu/copier/compare/v0.3.5...v0.4.0) --- updated-dependencies: - dependency-name: github.com/jinzhu/copier dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-21 10:37:11 -04:00
anchore-actions-token-generator[bot]	01c7709e0d	chore(deps): update CPE dictionary index (#2043 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>	2023-08-21 09:33:41 -04:00
Alex Goodman	cb0214ec1d	fill out new version notice (#2042 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-08-18 16:03:11 -04:00
Keith Zantow	4762ba0943	feat: use java package names to determine known groupids (#2032 ) Signed-off-by: Keith Zantow <kzantow@gmail.com> v0.87.1	2023-08-17 12:55:25 -04:00
Keith Zantow	d1635971a1	fix: inconsistent removal of binaries by overlap (#2036 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-08-17 15:27:31 +00:00
Mark Galpin	9467bd66c2	fix: CycloneDX relationships not output or decoded properly (#1974 ) Signed-off-by: Mark Galpin <mark@tidelift.com> Signed-off-by: Keith Zantow <kzantow@gmail.com> Co-authored-by: Mark Galpin <mark@tidelift.com> Co-authored-by: Keith Zantow <kzantow@gmail.com>	2023-08-17 11:02:12 -04:00
Keith Zantow	59107324ce	chore: restore cataloger.DefaultConfig (#2028 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-08-14 20:28:07 +00:00
Keith Zantow	b3d7ba569b	fix: read direct package files when decoding SPDX tag-value (#2014 ) * fix: read direct package files when decoding SPDX tag-value --------- Signed-off-by: Keith Zantow <kzantow@gmail.com> v0.87.0	2023-08-14 11:37:24 -04:00
anchore-actions-token-generator[bot]	c7fe58683d	chore(deps): update bootstrap tools to latest versions (#2022 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>	2023-08-14 11:36:15 -04:00
anchore-actions-token-generator[bot]	28b06dae25	chore(deps): update CPE dictionary index (#2025 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>	2023-08-14 11:35:57 -04:00
anchore-actions-token-generator[bot]	a90cff1cd2	chore(deps): update bootstrap tools to latest versions (#2012 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>	2023-08-10 13:20:09 -04:00
dependabot[bot]	82eafeaf4a	chore(deps): bump github.com/vifraa/gopom from 0.2.2 to 1.0.0 (#2008 ) * chore(deps): bump github.com/vifraa/gopom from 0.2.2 to 1.0.0 * refactor: update consumer code to use new optional values Bumps [github.com/vifraa/gopom](https://github.com/vifraa/gopom) from 0.2.2 to 1.0.0. - [Release notes](https://github.com/vifraa/gopom/releases) - [Commits](https://github.com/vifraa/gopom/compare/v0.2.2...v1.0.0) --- updated-dependencies: - dependency-name: github.com/vifraa/gopom dependency-type: direct:production update-type: version-update:semver-major ... --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-08-09 17:22:51 -04:00
Christopher Angelo Phillips	541c8d339b	1948-filter-pkg-by-type (#2011 ) --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-08-09 16:05:52 -04:00

1 2 3 4 5 ...

1594 Commits