* bump cosign to v1.10.1 (#1144)
Signed-off-by: Daniel Nurmi <nurmi@anchore.com>
* Add modularitylabel metadata to RPM type records generated by syft. Fixes#1145.
Signed-off-by: Daniel Nurmi <nurmi@anchore.com>
* update to address lint failures
Signed-off-by: Daniel Nurmi <nurmi@anchore.com>
* Update syft/pkg/rpmdb_metadata.go
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Daniel Nurmi <nurmi@anchore.com>
* update json schema to match camel case
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Weston Steimel <weston.steimel@anchore.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
* Option to enable specific language or ecosystem cataloger
Signed-off-by: ramanan-ravi <ramanan@deepfence.io>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* Disable dotnet cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* Option to enable specific language or ecosystem cataloger
Signed-off-by: Ramanan Ravikumar <ramanan@deepfence.io>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* rename "enable-cataloger" option to "catalogers"
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add cli test for --catalogers option
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update readme with latest cataloger names
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* enable dotnet cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix linting
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix cataloger imports
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update readme with alpmdb cataloger config example
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: ramanan-ravi <ramanan@deepfence.io>
* add template output
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* remove dead code
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* fix template cli flag
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* implement template's own format type
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* simpler code
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* fix readme link to Go template
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* feedback changes
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* simpler func signature patter
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* nit
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* fix linter error
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* add main module field to go bin metadata
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* udpate json ouput schema to 3.2.4
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* clean up fixture
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* Add filters to package cataloger
This PR adds filters so a package without name or version doesn't go in
the list of all discovered packages.
Integration and cli tests were added to validate the feature.
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* add nolint:funlen to cataloger/catalog.go
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* don't require package version
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* add package filtering to generic and python cataloger
also removes cli tests in favor of integration and unit tests
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* drop nolint:funlen
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* check for no-removal operation
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* remove unused fixtures
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* rename no-version file to hide semantic version
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* drop integration tests and add pkg func for validation
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* python cataloger use global pkg validation
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* check for valid packages on deb/go/rpm catalogers
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* update rpm cataloger after rebase
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* nit with pointers
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* simpler use of package validation
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* remmove double pkg validations
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* rename func param to artifactsToExclude
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* add test for relationships and bug fix
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* feedback changes
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* Support RPM distros with newer db formats
Recent RPM distros (Fedora 33+, CBL-Mariner 2.0+, amazonlinux 2022+)
use an sqlite package database in /var/lib/rpm/rpmdb.sqlite, or
"ndb" format (SUSE).
Remove anchore's fork in favour of the upstream,
https://github.com/knqyf263/go-rpmdb, to gain support for
these formats.
Signed-off-by: Tom Fay <tomfay@microsoft.com>
* add exception for modernc.org repos
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* shorten rpmdb helper function
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
* golang module CPE with full path
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* add note on longer Golang CPEs
Signed-off-by: Jonas Xavier <jonasx@anchore.com>
* Fix "bad output format" for `github-json` output
Signed-off-by: Steven Maude <git@stevenmaude.co.uk>
* Update formats in README
Signed-off-by: Steven Maude <git@stevenmaude.co.uk>
* Run `make lint-fix`
Signed-off-by: Steven Maude <git@stevenmaude.co.uk>
* read Go main module version as is - (devel)
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
* fix package test with default (devel) main module
Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
The Official CPE dictionary currently contains entries for springframework with three different vendors: springsource, vmware, and pivotal_software. This appears to be because ownership has changed over time.
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
