oss/syft - syft - Sa' Rocí Solutions

oss/syft

mirror of https://github.com/anchore/syft.git synced 2025-11-17 16:33:21 +01:00

Author	SHA1	Message	Date
dependabot[bot]	499e7c4e16	chore(deps): bump github.com/spf13/viper from 1.14.0 to 1.15.0 (#1495 ) Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.14.0 to 1.15.0. - [Release notes](https://github.com/spf13/viper/releases) - [Commits](https://github.com/spf13/viper/compare/v1.14.0...v1.15.0) --- updated-dependencies: - dependency-name: github.com/spf13/viper dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-20 08:50:19 -05:00
Alex Goodman	0f75f975c8	Relax error conditions for catalogers (#1492 ) * binary cataloger should continue on errors Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * test: add redirect for cmd stderr stdout Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * test: image update for test failure Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-01-19 19:28:42 -05:00
witchcraze	7427445fe9	feat: add memcached classifier (#1486 ) Signed-off-by: witchcraze <witchcraze@gmail.com>	2023-01-19 11:22:11 -05:00
dependabot[bot]	09a5baf523	chore(deps): bump github.com/spf13/viper from 1.13.0 to 1.14.0 (#1488 ) Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.13.0 to 1.14.0. - [Release notes](https://github.com/spf13/viper/releases) - [Commits](https://github.com/spf13/viper/compare/v1.13.0...v1.14.0) --- updated-dependencies: - dependency-name: github.com/spf13/viper dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-19 10:39:04 -05:00
dependabot[bot]	33c08c8545	chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.0.2 to 4.6.0 (#1489 ) Bumps [github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar) from 4.0.2 to 4.6.0. - [Release notes](https://github.com/bmatcuk/doublestar/releases) - [Commits](https://github.com/bmatcuk/doublestar/compare/v4.0.2...v4.6.0) --- updated-dependencies: - dependency-name: github.com/bmatcuk/doublestar/v4 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-19 10:38:50 -05:00
dependabot[bot]	fd002db802	chore(deps): bump github.com/spf13/cobra from 1.6.0 to 1.6.1 (#1490 ) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.6.0 to 1.6.1. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.6.0...v1.6.1) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-19 14:16:50 +00:00
dependabot[bot]	cb3e4b8e49	chore(deps): bump github.com/go-test/deep from 1.0.8 to 1.1.0 (#1491 ) Bumps [github.com/go-test/deep](https://github.com/go-test/deep) from 1.0.8 to 1.1.0. - [Release notes](https://github.com/go-test/deep/releases) - [Changelog](https://github.com/go-test/deep/blob/master/CHANGES.md) - [Commits](https://github.com/go-test/deep/compare/v1.0.8...v1.1.0) --- updated-dependencies: - dependency-name: github.com/go-test/deep dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-19 14:01:33 +00:00
dependabot[bot]	5917f8d8f9	chore(deps): bump github.com/google/go-containerregistry (#1487 ) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.11.0 to 0.12.1. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.11.0...v0.12.1) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-19 13:47:36 +00:00
dependabot[bot]	70e6d0f2e3	chore(deps): bump golang.org/x/net from 0.4.0 to 0.5.0 (#1475 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.4.0 to 0.5.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](https://github.com/golang/net/compare/v0.4.0...v0.5.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-18 14:39:50 +00:00
dependabot[bot]	31a763c46d	chore(deps): bump github.com/adrg/xdg from 0.3.3 to 0.4.0 (#1477 ) Bumps [github.com/adrg/xdg](https://github.com/adrg/xdg) from 0.3.3 to 0.4.0. - [Release notes](https://github.com/adrg/xdg/releases) - [Commits](https://github.com/adrg/xdg/compare/v0.3.3...v0.4.0) --- updated-dependencies: - dependency-name: github.com/adrg/xdg dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-18 09:39:35 -05:00
dependabot[bot]	ae6c9c2e97	chore(deps): bump github.com/sergi/go-diff from 1.2.0 to 1.3.1 (#1476 ) Bumps [github.com/sergi/go-diff](https://github.com/sergi/go-diff) from 1.2.0 to 1.3.1. - [Release notes](https://github.com/sergi/go-diff/releases) - [Commits](https://github.com/sergi/go-diff/compare/v1.2.0...v1.3.1) --- updated-dependencies: - dependency-name: github.com/sergi/go-diff dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-18 09:39:15 -05:00
dependabot[bot]	f6a0dd33d1	chore(deps): bump github.com/vifraa/gopom from 0.1.0 to 0.2.1 (#1474 ) Bumps [github.com/vifraa/gopom](https://github.com/vifraa/gopom) from 0.1.0 to 0.2.1. - [Release notes](https://github.com/vifraa/gopom/releases) - [Commits](https://github.com/vifraa/gopom/compare/v0.1.0...v0.2.1) --- updated-dependencies: - dependency-name: github.com/vifraa/gopom dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-18 09:38:30 -05:00
dependabot[bot]	b77c104aa6	chore(deps): bump github/codeql-action from 1 to 2 (#1473 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v1...v2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-18 09:38:06 -05:00
dependabot[bot]	10ca7f56ab	chore(deps): bump actions/setup-go from 2 to 3 (#1472 ) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 2 to 3. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-18 09:37:45 -05:00
Luca Comellini	6b2dc08ffb	Add dependabot (#1451 ) Signed-off-by: Luca Comellini <luca.com@gmail.com> Signed-off-by: Luca Comellini <luca.com@gmail.com>	2023-01-18 09:29:24 -05:00
Christopher Angelo Phillips	03971ace43	chore: use checkout v3 with new depth (#1471 ) v0.66.2	2023-01-17 21:26:39 +00:00
Christopher Angelo Phillips	07aee798b0	chore: use checkout v2 for tag depth (#1470 )	2023-01-17 21:03:29 +00:00
Keith Zantow	6cf668f749	fix: nil panic in graalvm cataloger (#1468 ) * normalize error handling and recover from panics while parsing binaries Signed-off-by: Keith Zantow <kzantow@gmail.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2023-01-17 19:06:24 +00:00
Alex Goodman	2ec4371c95	add linter for type assertion checks (#1469 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2023-01-17 14:00:03 -05:00
Weston Steimel	fc4d28f365	fix: bump golang.org/x/net to v0.4.0 (#1467 ) resolves reporting of CVE-2022-41717 Signed-off-by: Weston Steimel <weston.steimel@anchore.com>	2023-01-17 17:02:34 +00:00
Weston Steimel	5290dfb9c2	fix: bump golang.org/x/text to v0.3.8 (#1466 ) This resolves reporting of GHSA-69ch-w2m2-3vjp Signed-off-by: Weston Steimel <weston.steimel@anchore.com>	2023-01-17 15:50:02 +00:00
Alex Goodman	05611c283d	bootstrap within composite action (#1461 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2023-01-17 10:04:22 -05:00
Keith Zantow	934644232a	chore: revert GolangBinMetadata name and make analogous GolangModMetadata (#1458 )	2023-01-13 16:46:12 -05:00
Florian Klink	641bccc79b	README: update Nix installation instructions (#1455 ) 22.05 has been released, update the instructions. Signed-off-by: Florian Klink <flokli@flokli.de>	2023-01-13 15:43:25 +00:00
Keith Zantow	ac94bf530c	fix: update graalvm cataloger to fix panic (#1454 ) Fixes https://github.com/anchore/syft/issues/1453 v0.66.1	2023-01-12 17:42:13 -05:00
Weston Steimel	e87cfe7319	chore: remove bumping cosign in go.mod when updating bootstrap tools (#1452 )	2023-01-12 16:21:01 -05:00
Asi Greenholts	260cb4c72d	feat: Add the origin field to the output format of syftjson (#1327 ) * moved the relevant fields to the Metadata field Signed-off-by: Asaf Greenholts <asaf@cidersecurity.io> * added metadata types Signed-off-by: Asaf Greenholts <asaf@cidersecurity.io> * Added hashes to metadata of packge-lock.json and Pipfile.lock Signed-off-by: Asaf Greenholts <asaf@cidersecurity.io> * move package metadata types to "pkg" package Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * re-generate json schema to include new npm, python, and binary metadatas Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Asaf Greenholts <asaf@cidersecurity.io> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com> v0.66.0	2023-01-12 15:03:05 -05:00
Keith Zantow	85bddaa43d	chore: update schema (#1449 )	2023-01-12 14:25:47 -05:00
Arnout Engelen	a864dc9505	feat: prefer known CPE vendors over other candidates (#1294 ) * feat: prefer known CPE vendors over other candidates All ASF projects will be under the `apache` vendor in CPE, and indeed this is already one of the candidates, but the logic for selecting the 'most specific' CPE string would select for example `apache_software_foundation` or `commons-text`. This is not necessarily 'wrong' in the CPE candidate selection logic: there is no way to reliably determine the right candidate. I think it makes sense to use specific data around the vendor candidate generation, somewhat similar to 'defaultCandidateAdditions'. Unfortunately there are still a few CVE's for old (pre-5.x, long unsupported) tomcat versions that are actually tagged with `apache_software_foundation`, but I'm not sure those are worth spending time on. Signed-off-by: Arnout Engelen <arnout@bzzt.net> * chore: swap out array of vendors for set data structure Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Arnout Engelen <arnout@bzzt.net> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2023-01-12 19:16:53 +00:00
Christopher Angelo Phillips	44e8ae2577	fix: update attestation code to remove library dependencies and shellout for keyless flow (#1442 ) Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2023-01-12 17:22:05 +00:00
Chapman Pendery	ac8f72fdd1	feat: add BeamVM Hex support (#1073 ) * feat: initial commit providing mix support Signed-off-by: cpendery <cpendery@vt.edu> * feat: add rebar parser Signed-off-by: cpendery <cpendery@vt.edu> * fix: add beam/hex everywhere else required for Syft runtime Signed-off-by: cpendery <cpendery@vt.edu> * style: fix lints Signed-off-by: cpendery <cpendery@vt.edu> * ci: fix failing tests Signed-off-by: cpendery <cpendery@vt.edu> * docs: update with new supported languages Signed-off-by: cpendery <cpendery@vt.edu> * chore: update elixir/erlang catalogers to generic cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: cpendery <cpendery@vt.edu> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2023-01-12 12:10:46 -05:00
witchcraze	e063471c66	feat: add apache httpd binary classifier (#1448 ) Signed-off-by: witchcraze <witchcraze@gmail.com>	2023-01-12 10:50:01 -05:00
Batuhan Apaydın	645debe7a4	chore: claim artifacthub package ownership from developer-guy (#881 ) Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>	2023-01-11 15:25:42 -05:00
mikcl	4bfb849310	Parallel package catalog processing (#1355 ) * catalog: run cataloggers concurrently Signed-off-by: mikcl <mikesmikes400@gmail.com> * frontend: expose workers as a configurable option Signed-off-by: mikcl <mikesmikes400@gmail.com> * fixup! frontend: expose workers as a configurable option Signed-off-by: mikcl <mikesmikes400@gmail.com> * update logging statements Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * test: assert for debug logging Signed-off-by: mikcl <mikesmikes400@gmail.com> Signed-off-by: mikcl <mikesmikes400@gmail.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2023-01-11 15:18:02 -05:00
witchcraze	d524bd5fc3	feat: Add php binary catalogers (#1444 ) * add php classifier Signed-off-by: witchcraze <witchcraze@gmail.com> * make lint-fix Signed-off-by: witchcraze <witchcraze@gmail.com>	2023-01-11 13:46:20 -05:00
anchore-actions-token-generator[bot]	a8416d674b	Update syft bootstrap tools to latest versions. (#1443 ) Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>	2023-01-11 12:50:40 -05:00
Keith Zantow	725529f43f	fix: duplicate file in tar archive causes read to fail (#1445 )	2023-01-10 14:55:02 -05:00
William Blair	e480443c8c	Add support for GraalVM Native Image executables. (#1276 ) Signed-off-by: William Blair <william.blair@oracle.com>	2023-01-06 18:31:22 -05:00
Benji Visser	db386baf81	Add redis binary classifier (#1438 ) Signed-off-by: Benji Visser <benji@093b.org>	2023-01-06 12:50:48 -05:00
Christopher Angelo Phillips	795a63f1c9	docs: add cataloger construction summary (#1434 )	2023-01-05 17:03:00 +00:00
anchore-actions-token-generator[bot]	d4f9993b8d	chore: update bootstrap tools to latest versions. (#1428 )	2023-01-05 10:20:58 -05:00
Benji Visser	bb6fc6525c	Add alpine type to purl (#1431 ) Signed-off-by: Benji Visser <benji@093b.org>	2023-01-04 17:35:46 -05:00
Benji Visser	bc1edb9c8a	adding purl types for binary classifiers (#1435 ) Signed-off-by: Benji Visser <benji@093b.org> v0.65.0	2023-01-04 11:34:37 -05:00
Keith Zantow	64be0a1072	chore: refactor basic CPE functionality to its own package (#1436 )	2023-01-04 11:26:28 -05:00
Justin Chadwell	e3d6ffd30e	fix: typo in os.Getwd error message (#1433 ) Signed-off-by: Justin Chadwell <me@jedevc.com>	2023-01-03 14:56:20 +00:00
Justin Chadwell	8d36b21237	fix: additional excessive go binary warnings (#1432 ) The original fix b125ea83baa30dc981e82f4ddd384602f778f090 didn't catch all the excessive warnings, it seems like getArches can also be called on binaries that aren't neccessarily go binaries, so the messages from this should also be Trace instead of Warn. Signed-off-by: Justin Chadwell <me@jedevc.com>	2023-01-03 09:54:08 -05:00
Rui Chen	6a7d6e6071	docs: migrate to homebrew-core (#1427 )	2023-01-02 08:16:32 -05:00
Keith Zantow	e1e489a284	fix: unicode output in cyclonedx-json format (#1420 ) v0.64.0	2022-12-23 08:37:47 -05:00
Keith Zantow	b125ea83ba	fix: excessive go binary warnings (#1424 )	2022-12-23 08:36:49 -05:00
Christopher Angelo Phillips	3690f979b3	feat: update spdx format model to produce valid spdx json documents (#1418 )	2022-12-21 15:56:03 -05:00

1 2 3 4 5 ...

1340 Commits