Keith Zantow
a400c675fc
feat: license file search ( #4327 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-11-03 14:16:05 -05:00
kdt523
3e4e82f03e
Canonicalize Ghostscript CPE/PURL for ghostscript packages from PE Binaries ( #4308 )
...
* binary(pe): canonicalize Ghostscript CPE to artifex:ghostscript and add generic purl for PE (#4275 )\n\n- Detect Ghostscript via PE version resources and set purl pkg:generic/ghostscript@<version>\n- Add PE-specific CPE candidates: vendor 'artifex', product 'ghostscript'\n- Add focused unit tests for purl and CPE generation
Signed-off-by: kdt523 <krushna.datir231@vit.edu>
* fix: gofmt formatting for static analysis pass (pe-ghostscript-cpe-purl-4275)
Signed-off-by: kdt523 <krushna.datir231@vit.edu>
---------
Signed-off-by: kdt523 <krushna.datir231@vit.edu>
2025-11-03 14:54:48 +00:00
Alex Goodman
538430d65d
describe cataloger capabilities via test observations ( #4318 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-30 13:19:42 -04:00
Stepan
efc2f0012c
fix: go binary replace handling in path ( #4156 )
...
* Fix issue with relative paths on go binary
Signed-off-by: Stepan <stepworm@yandex.ru>
* Linting
Signed-off-by: Stepan <stepworm@yandex.ru>
---------
Signed-off-by: Stepan <stepworm@yandex.ru>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-29 15:59:47 +00:00
kyounghoonJang
c5c1454848
feat(java): Add support for .far (Feature Archive) files ( #4193 )
...
* feat(java): add support for .far archivesEnables the Java cataloger to recognize and catalog dependencies within .far files, which are used in Apache Sling applications.
Signed-off-by: Kyounghoon Jang <matkimchi_@naver.com>
* feat(java): Add tests for .far (Feature Archive) file support
Signed-off-by: Kyounghoon Jang <matkimchi_@naver.com>
---------
Signed-off-by: Kyounghoon Jang <matkimchi_@naver.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-29 15:41:27 +00:00
Kudryavcev Nikolay
f5c765192c
Refactor fileresolver to not require base path ( #4298 )
...
* ref: close source in test and examples
Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com>
* ref: pretty file/directory source resolver (make them more similar)
Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com>
* ref: move absoluteSymlinkFreePathToParent to file resolver
Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com>
* revert breaking change
Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com>
---------
Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com>
2025-10-29 10:41:18 -04:00
Rez Moss
45bf8b14ab
fix: omit records with empty PURL in GitHub format ( #4312 )
...
Signed-off-by: Rez Moss <hi@rezmoss.com>
2025-10-28 18:34:10 -04:00
Will Murphy
0d9ea69a66
Respect "rpmmod" PURL qualifier ( #4314 )
...
Red Hat purls the RPM modularity info in a query param in the PURLs in
their vulnerability data. It would be nice if Syft respected this
qualifier so that Grype can use it when a Red Hat purl is passed.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2025-10-28 09:35:11 -04:00
Marc
16f851c5d9
feat: include .rar files as Java archives for Java resource adapters ( #4137 )
...
Signed-off-by: Marc Thomas <marc.thomas@t-systems.com>
2025-10-24 11:55:02 -04:00
Ross Kirk
d5ca1ad543
fix: ignore dpkg entries with "deinstall" status ( #4231 )
...
Signed-off-by: Ross Kirk <ross.kirk@upwind.io>
2025-10-23 16:23:58 -04:00
JoeyShapiro
31b2c4c090
support universal (fat) mach-o binary files ( #4278 )
...
Signed-off-by: Joseph Shapiro <joeyashapiro@gmail.com>
2025-10-17 13:41:59 -04:00
JoeyShapiro
538b4a2194
convert posix path back to windows ( #4285 )
...
Signed-off-by: Joseph Shapiro <joeyashapiro@gmail.com>
2025-10-17 09:29:06 -04:00
Kudryavcev Nikolay
fc74b07369
Remove duplicate image source providers ( #4289 )
...
Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com>
2025-10-16 16:19:11 -04:00
Tim Olshansky
c0f32e1dba
feat: add option to fetch remote licenses for pnpm-lock.yaml files ( #4286 )
...
Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com>
2025-10-16 12:23:06 -04:00
Pavel Buchart
e923db2a94
Add PDM parser ( #4234 )
...
Signed-off-by: Pavel Buchart <pavel@buchart.cz>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
2025-10-16 08:50:44 -04:00
Keith Zantow
4343d04652
fix: panic during java archive maven resolution ( #4290 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-10-16 07:00:31 -04:00
Kudryavcev Nikolay
065ac13ab7
Extract zip archive with multiple entries ( #4283 )
...
* extract zip archive with multiple entries
Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com>
* set OverwriteExisting by type assertion switch case
Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com>
---------
Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com>
2025-10-15 12:05:05 -04:00
Alex Goodman
d22914baf5
add docs to configs ( #4281 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-14 13:58:31 -04:00
Doug Clarke
760bd9a50a
feat: Pom xml only archive parser ( #4272 )
...
fix: identifying jar files with a single pom.xml and no pom.properties file
fix: test works with pom.xml being found, used and reported in metadata
Signed-off-by: Doug Clarke <douglas.clarke@oracle.com>
test: check for current project path and use
Signed-off-by: Christopher Phillips <spiffcs@users.noreply.github.com>
---------
Signed-off-by: Doug Clarke <douglas.clarke@oracle.com>
Signed-off-by: Christopher Phillips <spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <spiffcs@users.noreply.github.com>
2025-10-13 15:59:08 -04:00
Hala Ali
2d1ada1d00
fix: enhance setup.py parser to handle unquoted dependencies ( #4255 )
...
* fix: add support for unquoted Python dependencies in setup.py
- Add regex pattern to match unquoted package==version format
- Handles common .split() pattern used in projects like mayan-edms
- Maintains backward compatibility with quoted dependencies
- Prevents duplicate package detection
Signed-off-by: Hala Ali alih16@vcu.edu
Signed-off-by: HalaAli198 <alih16@vcu.edu>
* fix: apply gofmt formatting
Signed-off-by: HalaAli198 <alih16@vcu.edu>
* lint: incorporate new changes and refactor complexity
Signed-off-by: Christopher Phillips <spiffcs@users.noreply.github.com>
---------
Signed-off-by: HalaAli198 <alih16@vcu.edu>
Signed-off-by: Christopher Phillips <spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <spiffcs@users.noreply.github.com>
2025-10-13 15:10:42 -04:00
Alex Goodman
4ae8f73583
migrate json schema generation ( #4270 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-10 14:16:28 +00:00
Bernardo de Araujo
231f04ae0e
feat: Parse pnpm v9 lockfiles ( #4256 )
...
Signed-off-by: bernardoamc <bernardo.amc@gmail.com>
2025-10-09 15:07:59 -04:00
Sebastien Dionne
bd013fe99a
docs: Fix typos and linguistic errors in documentation ( #4257 )
...
Signed-off-by: Sebastien Dionne <survivant00@gmail.com>
2025-10-06 14:22:22 +00:00
Parthib Mukherjee
c732052cf1
feat(cpegenerate): add support for binary package digit-suffix variations in CPE generation ( #4093 )
...
* feat(cpegenerate): add support for binary package digit-suffix variations in CPE generation
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.13 to 0.5.14 (#4089 )
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) from 0.5.13 to 0.5.14.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.13...v0.5.14 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-version: 0.5.14
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump modernc.org/sqlite from 1.38.1 to 1.38.2 (#4088 )
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.38.1 to 1.38.2.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.38.1...v1.38.2 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-version: 1.38.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump github.com/docker/docker (#4092 )
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 28.2.2+incompatible to 28.3.3+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v28.2.2...v28.3.3 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-version: 28.3.3+incompatible
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump github.com/anchore/stereoscope (#4091 )
Bumps [github.com/anchore/stereoscope](https://github.com/anchore/stereoscope ) from 0.1.7-0.20250716200927-94c6f92877d4 to 0.1.7.
- [Release notes](https://github.com/anchore/stereoscope/releases )
- [Changelog](https://github.com/anchore/stereoscope/blob/main/RELEASE.md )
- [Commits](https://github.com/anchore/stereoscope/commits/v0.1.7 )
---
updated-dependencies:
- dependency-name: github.com/anchore/stereoscope
dependency-version: 0.1.7
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* migrate to get.anchore.io (#4095 )
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): update anchore dependencies (#4098 )
* chore(deps): update anchore dependencies
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* address reader close operations
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): update anchore dependencies (#4104 )
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump github/codeql-action from 3.29.4 to 3.29.5 (#4096 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.4 to 3.29.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](4e828ff8d4...51f77329af#4108 )
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): update CPE dictionary index (#4112 )
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): update tools to latest versions (#4111 )
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump actions/cache in /.github/actions/bootstrap (#4120 )
Bumps [actions/cache](https://github.com/actions/cache ) from 4.2.3 to 4.2.4.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](5a3ec84eff...0400d5f644#4119 )
Bumps [actions/cache](https://github.com/actions/cache ) from 4.2.3 to 4.2.4.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](5a3ec84eff...0400d5f644#4115 )
Bumps [docker/login-action](https://github.com/docker/login-action ) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](74a5d14239...184bdaa072#4118 )
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* feat: add binary classifier for hashicorp vault (#4121 )
* add binary classifier for hashicorp vault
The Go Binary Cataloger isn't able to parse the version out of the
binary shipped in the DockerHub images of hashicorp/vault because the
version of the main module isn't set in the binary. Therefore, add a
binary classifier cataloger for this binary.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* chore: add test fixtures, update vault
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* chore: set binary classifier package type based on PURL
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* chore: use github.com/hashicorp/vault as package name
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* chore: update tests
Signed-off-by: Keith Zantow <kzantow@gmail.com>
---------
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump github/codeql-action from 3.29.7 to 3.29.8 (#4124 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.7 to 3.29.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](51f77329af...76621b61de#4123 )
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.26.0 to 0.27.0.
- [Commits](https://github.com/golang/mod/compare/v0.26.0...v0.27.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-version: 0.27.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump golang.org/x/net from 0.42.0 to 0.43.0 (#4122 )
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.42.0 to 0.43.0.
- [Commits](https://github.com/golang/net/compare/v0.42.0...v0.43.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-version: 0.43.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): update CPE dictionary index (#4126 )
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore: update GoReleaser configurations (#4128 )
Signed-off-by: Emmanuel Ferdman <emmanuelferdman@gmail.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump actions/checkout from 4.2.2 to 5.0.0 (#4130 )
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.2.2 to 5.0.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](11bd71901b...08c6903cd8#4129 )
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* fix: support multiple letters in openssl patch version (#4106 )
Signed-off-by: honigbot <thesoftbear@gmail.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump github/codeql-action from 3.29.8 to 3.29.9 (#4134 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.8 to 3.29.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](76621b61de...df559355d5#4132 )
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* feat: add package supplier flag (#4131 )
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump zizmorcore/zizmor-action from 0.1.1 to 0.1.2 (#4135 )
Bumps [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action ) from 0.1.1 to 0.1.2.
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases )
- [Commits](f52a838cfa...5ca5fc7a47#4003 )
Fixes #2250
---------
Signed-off-by: Alan Pope <alan.pope@anchore.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* feat(cpegentereate): added test for the addBinaryPackageDigitVariation function
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* docs(cpegenerate): made the comment more verbose
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* nit: separate digit variation concerns from case of use
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---------
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
Signed-off-by: Emmanuel Ferdman <emmanuelferdman@gmail.com>
Signed-off-by: honigbot <thesoftbear@gmail.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Alan Pope <alan.pope@anchore.com>
Signed-off-by: Parthib Mukherjee <109328510+hawkaii@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: anchore-actions-token-generator[bot] <102182147+anchore-actions-token-generator[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Will Murphy <willmurphyscode@users.noreply.github.com>
Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com>
Co-authored-by: honigbot <34426443+honigbot@users.noreply.github.com>
Co-authored-by: Alan Pope <alan.pope@anchore.com>
2025-10-06 10:09:38 -04:00
Alex Goodman
a77d24e379
Improve struct and field comments and incorporate into json schema ( #4252 )
...
* improve struct and field comments and incorporate into json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* address review feedback
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-03 17:01:56 +00:00
Keith Zantow
9217f2099f
chore: update ffmpeg tests ( #4249 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-10-01 13:11:36 +00:00
Alan Pope
e1483e0285
Add support for identifying ffmpeg/libav libraries ( #4227 )
...
* Add support for identifying ffmpeg/libav libraries
Signed-off-by: Alan Pope <alan.pope@anchore.com>
* Undo my snippet-based confusion
Signed-off-by: Alan Pope <alan.pope@anchore.com>
* Put test fixture config back
Signed-off-by: Alan Pope <alan.pope@anchore.com>
---------
Signed-off-by: Alan Pope <alan.pope@anchore.com>
2025-09-26 10:43:47 -04:00
Alan Pope
0a36dabf23
feat(cataloger): add snap package cataloger for metadata extraction ( #4151 )
...
---------
Signed-off-by: Alan Pope <alan.pope@anchore.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-09-26 10:42:29 -04:00
Rafał Maj
c5cbc89cb1
fix: include RpmDBEntry modularityLabel in CycloneDX ( #4212 )
...
Signed-off-by: sfc-gh-rmaj <rafal.maj@snowflake.com>
2025-09-11 17:22:12 -04:00
Joel Rudsberg
7bc15e3d82
Native Image SBOM: Add Support for Locations Data ( #4186 )
...
Signed-off-by: Joel Rudsberg <joel.rudsberg@oracle.com>
2025-09-11 14:16:09 -04:00
Christopher Angelo Phillips
13ffeeb3d0
feat: combine go module file and go source discovery into single cataloger ( #4127 )
...
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-08-26 19:35:44 +00:00
n-bes
170c4c41f4
use go.yaml.in/yaml ( #4157 )
...
Signed-off-by: Nikita Besperstov <n.bes@pm.me>
2025-08-26 11:24:23 -04:00
Alan Pope
ada74a8121
Feature: Add ffmpeg binary cataloger ( #3994 )
...
* Add ffmpeg binary cataloger
Signed-off-by: Alan Pope <alan.pope@anchore.com>
* add linux-amd64 snippet and test
Signed-off-by: Alan Pope <alan.pope@anchore.com>
* Widen scope of regex to two digit version numbers
Signed-off-by: Alan Pope <alan.pope@anchore.com>
* Add full test fixtures for ffmpeg
Signed-off-by: Alan Pope <alan.pope@anchore.com>
---------
Signed-off-by: Alan Pope <alan.pope@anchore.com>
2025-08-25 07:50:04 -04:00
Keith Zantow
ca21ccf21d
chore: redhat cataloger error when sqlite not regsitered ( #4150 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-08-21 14:55:47 +00:00
Simeon Stoykov
a433045d51
feat: basic Conda ecosystem support ( #4002 )
...
----------------------------------------------------------------
Signed-off-by: Simeon Stoykov <simeon.stoykov@quantco.com>
Signed-off-by: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-08-19 22:37:27 -04:00
anchore-actions-token-generator[bot]
ba2eb5701f
chore(deps): update CPE dictionary index ( #4143 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-08-18 10:14:39 -04:00
Alan Pope
87e1d8cb87
feat: add support for authors, maintainers, and contributors in package.json. ( #4003 )
...
Fixes #2250
---------
Signed-off-by: Alan Pope <alan.pope@anchore.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-08-13 17:55:15 -04:00
Christopher Angelo Phillips
6b48bd4b5e
feat: add package supplier flag ( #4131 )
...
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-08-12 14:49:41 -04:00
Christopher Angelo Phillips
89470ecdd3
feat: update syft license construction to be able to look up by URL ( #4132 )
...
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-08-12 14:30:32 -04:00
honigbot
80e61175ad
fix: support multiple letters in openssl patch version ( #4106 )
...
Signed-off-by: honigbot <thesoftbear@gmail.com>
2025-08-12 10:30:41 -04:00
Keith Zantow
9f956dca8f
fix: closed reader during java binary detection ( #4129 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-08-12 08:58:28 -04:00
anchore-actions-token-generator[bot]
3e5befc267
chore(deps): update CPE dictionary index ( #4126 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-08-10 23:48:24 -04:00
Will Murphy
594b309cdf
feat: add binary classifier for hashicorp vault ( #4121 )
...
* add binary classifier for hashicorp vault
The Go Binary Cataloger isn't able to parse the version out of the
binary shipped in the DockerHub images of hashicorp/vault because the
version of the main module isn't set in the binary. Therefore, add a
binary classifier cataloger for this binary.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* chore: add test fixtures, update vault
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* chore: set binary classifier package type based on PURL
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* chore: use github.com/hashicorp/vault as package name
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* chore: update tests
Signed-off-by: Keith Zantow <kzantow@gmail.com>
---------
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
2025-08-08 13:26:15 -04:00
Keith Zantow
8c6a2bcbb6
fix: nondeterministic Java archive cataloging and improve groupID ( #4118 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-08-07 10:55:10 -04:00
anchore-actions-token-generator[bot]
3820cba0cd
chore(deps): update CPE dictionary index ( #4112 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-08-04 11:20:09 -04:00
anchore-actions-token-generator[bot]
bd79463e77
chore(deps): update anchore dependencies ( #4098 )
...
* chore(deps): update anchore dependencies
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* address reader close operations
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-07-30 17:23:07 +00:00
anchore-actions-token-generator[bot]
3f28480b3d
chore(deps): update CPE dictionary index ( #4083 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-07-28 10:51:16 -04:00
Alex Goodman
f0a990b85f
chore: add source completion tester ( #4077 )
...
* add source completion tester
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add missing t.Helper calls
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-07-23 13:49:47 +00:00
Keith Zantow
48bf81cf7f
fix: align binary java detection with jvm cataloger + support IBM ( #4046 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-07-22 12:06:32 -04:00
dependabot[bot]
5b14d160cf
chore(deps): bump pygments ( #4064 )
...
Bumps [pygments](https://github.com/pygments/pygments ) from 1.6 to 2.15.0.
- [Release notes](https://github.com/pygments/pygments/releases )
- [Changelog](https://github.com/pygments/pygments/blob/master/CHANGES )
- [Commits](https://github.com/pygments/pygments/compare/1.6...2.15.0 )
---
updated-dependencies:
- dependency-name: pygments
dependency-version: 2.15.0
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-21 13:07:27 -04:00
