oss/syft - syft - Sa' Rocí Solutions

oss/syft

mirror of https://github.com/anchore/syft.git synced 2025-11-19 17:33:18 +01:00

Author	SHA1	Message	Date
Laurent Goderre	bf39456fbc	fix: add missing purl for busybox (#2457 ) Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>	2024-01-04 14:51:56 -05:00
Laurent Goderre	c72d295719	Fix diff error obfuscating binary test failures message (#2468 ) Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>	2024-01-04 12:54:52 -05:00
Alex Goodman	4c20a74d2f	Replace `packages` command with `scan` (#2446 ) * replace packages command with scan Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add tests for packages alias Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update comments with referenes to the packages command Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * rename valiadte args function Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2024-01-04 16:56:57 +00:00
William Murphy	7c67df397e	fix: PURLs with "nuget" type are dotnet packages (#2466 ) Otherwise, Grype won't match on well-formed .NET purls from other SBOM tools. Signed-off-by: Will Murphy <will.murphy@anchore.com>	2024-01-03 16:50:42 -05:00
anchore-actions-token-generator[bot]	8ea2425c97	chore(deps): update CPE dictionary index (#2458 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>	2024-01-02 06:12:32 -05:00
Christopher Angelo Phillips	2a04e06cbc	chore: update binary to -x (#2456 ) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-12-22 09:50:32 -05:00
Laurent Goderre	3a6b6562d1	Add more functionality to the ErLang parser (#2390 ) * ERLang parser support for empty lists * ERLang add support for single quote strings * ERLang parser support for comments --------- Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>	2023-12-22 09:45:20 -05:00
Laurent Goderre	63e7a004cb	Added OpenSSL binary matcher (#2416 ) * Added OpenSSL binary matcher Signed-off-by: Laurent Goderre <laurent.goderre@docker.com> * chore: strip binary to smaller detection Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> --------- Signed-off-by: Laurent Goderre <laurent.goderre@docker.com> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-12-22 09:37:09 -05:00
Christopher Angelo Phillips	3cffa0b7fd	chore: remove execute from test fixtures (#2450 ) * chore: remove execute from test fixtures Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * chore: add back ignored file Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-12-20 22:34:29 +00:00
William Murphy	4aa2d8c0af	fix: don't panic when hackage missing in haskell stack yaml lock (#2448 ) Fixes a bug where previously the haskell cataloger would panic when parsing a stack.yaml.lock file that had an entry with an empty hackage string. Signed-off-by: houdini91 <mdstrauss91@gmail.com> Signed-off-by: Will Murphy <will.murphy@anchore.com> Co-authored-by: houdini91 <mdstrauss91@gmail.com>	2023-12-20 10:57:06 -05:00
Laurent Goderre	a635d66657	Add binary classifier for the ERLang interpretter (#2417 ) Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>	2023-12-18 15:00:49 -05:00
Laurent Goderre	51d3cd0066	Add binary classifier for Julia lang (#2427 ) Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>	2023-12-18 15:00:21 -05:00
Laurent Goderre	4846639ee4	Add binary detection for PHP composer (#2432 ) Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>	2023-12-18 14:59:45 -05:00
anchore-actions-token-generator[bot]	8b9194eb81	chore(deps): update CPE dictionary index (#2442 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>	2023-12-18 07:01:21 -05:00
Alex Goodman	f4dd36ca9d	fix syft-json test to use pretty json for snapshot testing (#2441 ) without this fix, capturing fixtures will result in hard-to-read failures in testing. Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-12-15 17:23:21 -05:00
Alex Goodman	17c605822e	refactor pkg.Collection (#2439 ) - remove "catalog" references - add a separate add() function for readability Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-12-15 17:11:11 -05:00
Alex Goodman	4eace4b141	refactor javascript cataloger to use configuration options when creating packages (#2438 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-12-15 17:11:02 -05:00
Alex Goodman	05660da8d7	use single source of truth for archive options (#2437 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-12-15 17:07:55 -05:00
Alex Goodman	2f378d806e	fix file digest cataloger when passed coordinates (#2436 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-12-15 14:43:09 -05:00
dependabot[bot]	b83cc8485a	chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.2 to 0.8.0 (#2413 )	2023-12-14 17:18:37 -05:00
Colm O hEigeartaigh	38a12bd91a	Look for a maven version in a pom from a parent dependency management section (#2423 ) Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>	2023-12-14 13:15:14 -05:00
Colm O hEigeartaigh	649d152548	Parse Python licenses from LicenseExpression entry in the Wheel Metadata (#2431 ) Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>	2023-12-14 12:41:41 -05:00
Colm O hEigeartaigh	d39ef44e40	Parse Python licenses from LicenseFile entry in the Wheel Metadata (#2331 ) Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>	2023-12-13 17:46:56 -05:00
Wayne Starr	8bca0ac39e	fix: use filepath instead of path for file source exclusions (#2411 ) Signed-off-by: Wayne Starr <me@racer159.com>	2023-12-13 17:45:34 -05:00
Colm O hEigeartaigh	e789e0714d	feat: add the option to retrieve remote licenses for projects defined in a maven pom (#2409 ) Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>	2023-12-12 14:02:36 -05:00
anchore-actions-token-generator[bot]	68f35815d6	chore(deps): update CPE dictionary index (#2412 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>	2023-12-11 06:35:58 -05:00
Weston Steimel	4d4b502174	fix(java): improve identification for org.codehaus.groovy artifacts (#2404 ) Signed-off-by: Weston Steimel <weston.steimel@proton.me>	2023-12-08 05:02:01 -05:00
Weston Steimel	ea80f94c0e	fix(java): improve identification for commons-jelly artifacts (#2399 ) Signed-off-by: Weston Steimel <weston.steimel@proton.me>	2023-12-07 12:28:21 -05:00
Weston Steimel	2c145f70b2	fix(java): improve identification for io.minio artifacts (#2398 ) Signed-off-by: Weston Steimel <weston.steimel@proton.me>	2023-12-06 16:58:07 -05:00
Weston Steimel	bcc7e90fcc	fix(java): improve identification for com.graphql-java artifacts (#2397 ) Signed-off-by: Weston Steimel <weston.steimel@proton.me>	2023-12-06 18:04:43 +00:00
Colm O hEigeartaigh	16dee41b4b	feat: add ability to retrieve remote licenses for yarn.lock (#2338 ) --------- Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-12-05 13:38:28 -05:00
Colm O hEigeartaigh	3ba9df4ff3	Retrieve remote licenses using pom.properties when there is no pom.xml (#2315 ) Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>	2023-12-05 09:47:40 -05:00
Weston Steimel	bbf223b2c9	fix(java): improve identification for org.apache.tapestry artifacts (#2384 ) Signed-off-by: Weston Steimel <weston.steimel@proton.me>	2023-12-04 11:23:40 -05:00
Weston Steimel	b126276f97	fix(java): improve identification for io.ratpack artifacts (#2379 ) Signed-off-by: Weston Steimel <weston.steimel@proton.me>	2023-12-04 11:23:26 -05:00
Weston Steimel	40d766a257	fix(java): improve identification for org.apache.cassandra artifacts (#2386 ) Signed-off-by: Weston Steimel <weston.steimel@proton.me>	2023-12-01 10:51:14 -05:00
Weston Steimel	814960f65a	fix(java): improve identification for org.neo4j.procedure artifacts (#2388 ) Signed-off-by: Weston Steimel <weston.steimel@proton.me>	2023-12-01 10:50:24 -05:00
Weston Steimel	11039f4b4e	fix(java): improve identification for org.elasticsearch artifacts (#2383 ) Signed-off-by: Weston Steimel <weston.steimel@proton.me>	2023-12-01 09:22:33 -05:00
Weston Steimel	413ffdb233	fix(java): improve identification for org.apache.geode artifacts (#2382 ) Signed-off-by: Weston Steimel <weston.steimel@proton.me>	2023-12-01 12:48:15 +00:00
Weston Steimel	e53fe51612	fix(java): improve identification for org.apache.tomcat.embed artifacts (#2381 ) Signed-off-by: Weston Steimel <weston.steimel@proton.me>	2023-12-01 07:13:13 -05:00
Weston Steimel	facbc486a8	fix(java): improve identification for io.projectreactor.netty artifacts (#2378 ) Signed-off-by: Weston Steimel <weston.steimel@proton.me>	2023-12-01 07:09:06 -05:00
Weston Steimel	5d42a349e6	fix(java): improve identification for org.eclipse.platform artifacts (#2349 ) Signed-off-by: Weston Steimel <weston.steimel@proton.me>	2023-11-30 16:02:03 -05:00
Alex Goodman	4adfbeb5f0	Generalize UI events for cataloging tasks (#2369 ) * generalize ui events for cataloging tasks Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * moderate review comments Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * incorporate review comments Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * rename cataloger task progress object Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * migrate cataloger task fn to bus helper Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-11-30 16:25:50 +00:00
Laurent Goderre	06b9a79e3d	chore: fix tests failing due to Mac Rosetta cache (#2374 ) Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>	2023-11-29 18:39:28 +00:00
Keith Zantow	ef5c1651ef	fix: improve dotnet portable executable identification (#2133 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-11-29 12:51:24 -05:00
Alex Goodman	5c8dd4c3a7	fix file metadata cataloger to use resolved locations (#2370 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-11-29 09:42:34 -05:00
Keith Zantow	f5a6b5a02f	fix: logging level for parsing potential PE files (#2367 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-11-29 03:42:22 +00:00
William Murphy	ea4a6747eb	fix: hardcode xalan group ID (#2368 ) According to maven central, the package called "xalan" should just have the group ID xalan, but currently syft isn't able to find that. Signed-off-by: Will Murphy <will.murphy@anchore.com>	2023-11-28 14:40:03 -05:00
Alex Goodman	1cfc4c7387	Normalize cataloger configuration patterns (#2365 ) * normalize cataloger patterns Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * remove central reference for maven configurable Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-11-28 17:02:43 +00:00
Alex Goodman	4d0da703bf	normalize enums to lowercase with hyphens (#2363 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-11-28 11:02:20 -05:00
William Murphy	ce4b31757a	fix: index file itself when file scan path has symlink (#2359 ) Previously, building the index of the filesystem when source was file would fail if part of the path syft was passed to the file included a symlinked directory, resulting in cataloging misses. --------- Signed-off-by: Will Murphy <will.murphy@anchore.com>	2023-11-28 09:41:28 -05:00

... 7 8 9 10 11 ...

1199 Commits