oss/syft - syft - Sa' Rocí Solutions

oss/syft

mirror of https://github.com/anchore/syft.git synced 2025-11-17 16:33:21 +01:00

Author	SHA1	Message	Date
witchcraze	263ea6b1bb	feat: update haproxy classifier (#3277 ) Signed-off-by: witchcraze <witchcraze@gmail.com>	2024-10-02 15:10:39 -04:00
anchore-actions-token-generator[bot]	93beceb4a2	chore(deps): update CPE dictionary index (#3288 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>	2024-10-01 10:50:15 -04:00
witchcraze	f5f8005fe0	update redis classifier (#3281 ) * update redis classifier Signed-off-by: witchcraze <witchcraze@gmail.com> * Remove snippets to pass Validation. In this case, 9000 byte was required... Signed-off-by: witchcraze <witchcraze@gmail.com>	2024-09-30 15:37:47 -04:00
witchcraze	2a3d171c10	fix: improve node classifier version matching (#3284 ) Signed-off-by: witchcraze <witchcraze@gmail.com>	2024-09-27 08:53:35 -04:00
witchcraze	1a746b2c05	fix: update ruby classifier for -rc, -dev, etc. versions (#3285 ) Signed-off-by: witchcraze <witchcraze@gmail.com>	2024-09-27 08:51:50 -04:00
anchore-actions-token-generator[bot]	e37c4686c2	chore(deps): update CPE dictionary index (#3262 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>	2024-09-26 13:49:18 -04:00
Christian Dupuis	92c1ddec5a	fix: correct excluded mount point comparison to file paths (#3269 ) Signed-off-by: Christian Dupuis <cd@docker.com>	2024-09-24 17:05:16 -04:00
Alex Goodman	01de99b253	Add JVM cataloger (#3217 ) * add jvm cataloger Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * simplify version selection Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * CPEs from JVM cataloger should be declared Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * ensure package overlap is enabled for sensitive use cases Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * more permissive glob Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2024-09-23 17:21:38 -04:00
Laurent Goderre	7815d8e4d9	feat: classifier for Dart lang binaries (#3265 ) Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>	2024-09-23 14:21:31 -04:00
Alex Goodman	963ea594c8	Add compliance policy for empty name and version (#3257 ) * add policy for empty name and version Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * default stub version Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * modifying ids requires augmenting relationships Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2024-09-20 12:50:47 -04:00
Krystian G.	6a95a5f2ed	feat: add binary classifiers for lighttp, proftpd, zstd, xz, gzip, jq, and sqlcipher (#3252 ) * feat: detect lighttpd binaries Signed-off-by: Krystian Gorny <krystian.gorny@wipotec.com> * feat: detect proftpd binaries Signed-off-by: Krystian Gorny <krystian.gorny@wipotec.com> * feat: detect zstd binaries Signed-off-by: Krystian Gorny <krystian.gorny@wipotec.com> * feat: detect xz utils binarie Signed-off-by: Krystian Gorny <krystian.gorny@wipotec.com> * feat: detect gzip binaries Signed-off-by: Krystian Gorny <krystian.gorny@wipotec.com> * feat: detect sqlcipher binaries Signed-off-by: Krystian Gorny <krystian.gorny@wipotec.com> * feat: detect jq binaries Signed-off-by: Krystian Gorny <krystian.gorny@wipotec.com> * add tests + snippets Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Krystian Gorny <krystian.gorny@wipotec.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: Krystian Gorny <krystian.gorny@wipotec.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2024-09-19 13:21:02 +00:00
Krystian G.	cb0de97bc3	fix: capture-snippet.sh can handle leading whitespaces now (#3249 ) (#3250 ) Signed-off-by: Gorny Krystian <krystian.gorny@wipotec.com> Co-authored-by: Gorny Krystian <krystian.gorny@wipotec.com>	2024-09-19 09:15:54 -04:00
anchore-actions-token-generator[bot]	41e9630409	chore(deps): update CPE dictionary index (#3232 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>	2024-09-16 09:08:50 -04:00
anchore-actions-token-generator[bot]	58100fec9f	chore(deps): update tools to latest versions (#3205 ) * chore(deps): update tools to latest versions Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore: disable gosec(G115) A change to the rule gosec(G115) made a large amount of FP for gosec appear when updating to the latest golang-ci linter. https://github.com/securego/gosec/issues/1185 https://github.com/securego/gosec/pull/1149 We're going to ignore this rule for the time being while waiting for gosec to get updates so that bound checking and example snippets of `valid` code is added for this rule Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>	2024-09-13 15:05:50 -04:00
Laurent Goderre	dbc4238f63	Add haskell binaries cataloger (#3078 ) Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>	2024-09-10 10:58:20 -04:00
anchore-actions-token-generator[bot]	fce14fd537	chore(deps): update CPE dictionary index (#3206 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>	2024-09-10 10:36:50 -04:00
Laurent Goderre	9c2799e379	Add the Ocaml ecosystem (#3112 ) Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>	2024-09-10 10:35:18 -04:00
Alex Goodman	b153b1d594	less verbose java logging when non-fatal issues arise (#3208 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2024-09-09 15:27:59 +00:00
Alex Goodman	0a3f513f92	Slim down docker cache size (#3190 ) * slim down docker cache size Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * remove old centos images Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * troubleshoot test failure Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix wget version ref Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * refactor caching mechanisms Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add cache cleanup steps Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * simplify deleting cache Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix first clone issue Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add tool dep Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2024-09-09 11:15:13 -04:00
witchcraze	a343825685	fix: haproxy classifier for versions with -dev suffix (#3180 ) Signed-off-by: witchcraze <witchcraze@gmail.com>	2024-09-05 14:52:19 -04:00
anchore-actions-token-generator[bot]	8c690d000d	chore(deps): update CPE dictionary index (#3183 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>	2024-09-03 12:22:30 -04:00
Mikail	f2caf45695	fix: properly decode SPDX license expressions in CycloneDX format (#3175 ) Signed-off-by: Mikail Kocak <mikail-gh@pm.me>	2024-08-29 11:05:43 -04:00
Keith Zantow	11d77b4a94	fix: cycles resolving relative path parent poms with parent-defined variables (#3170 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2024-08-28 15:12:13 -04:00
Weston Steimel	2c25f81b68	fix: improve generated cpes for binaries with existing classifiers (#3169 ) The existing syft binary classifiers already specify any known CPEs for the defined binary; however, sometimes these end up getting suppressed (such as when there are ELF notes extracted) and the CPE generator ends up being used instead. This adds enough detail to at least ensure the correct ones get appended to the generation list for the currently covered classifiers. Signed-off-by: Weston Steimel <commits@weston.slmail.me>	2024-08-28 16:46:35 +01:00
Weston Steimel	5ab43bafec	fix: improve known CPEs and set NVD as source for all current binary classifiers (#3167 ) Signed-off-by: Weston Steimel <commits@weston.slmail.me>	2024-08-27 17:36:34 +01:00
Alex Goodman	e9a8c27be1	respond to authoratative CPEs from catalogers (#3166 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2024-08-27 10:26:35 -04:00
Weston Steimel	99be365f62	fix: use official CPE for curl binary cataloger (#3164 ) The official CPE for curl is `cpe:2.3🅰️haxx:curl::::::::` Signed-off-by: Weston Steimel <commits@weston.slmail.me>	2024-08-27 14:03:19 +01:00
anchore-actions-token-generator[bot]	0cd6185716	chore(deps): update CPE dictionary index (#3161 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>	2024-08-26 10:07:44 -04:00
anchore-actions-token-generator[bot]	dad253785e	chore(deps): update tools to latest versions (#3144 )	2024-08-23 14:42:12 -04:00
KrysGor	cff9d494df	feat: detect curl binaries (#3146 )	2024-08-23 14:41:08 -04:00
Keith Zantow	73b9d5aa42	fix: mysql 8.0.3x binary detection (#3142 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2024-08-21 09:48:28 -04:00
Keith Zantow	95b4a88256	fix: logging for remote network calls (#3140 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2024-08-20 11:45:33 -04:00
anchore-actions-token-generator[bot]	511cc9c2d5	chore(deps): update CPE dictionary index (#3135 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>	2024-08-19 12:49:43 -04:00
anchore-actions-token-generator[bot]	4b7ae0ed3b	chore(deps): update tools to latest versions (#3121 ) * chore(deps): update tools to latest versions Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore: update code to reflect new linter settings for error messages Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>	2024-08-16 17:56:36 +00:00
Lucas Rodriguez	cd3b828905	fix: add nil check to CycloneDX toBomProperties (#3119 ) Signed-off-by: Lucas Rodriguez <lucas.rodriguez9616@gmail.com>	2024-08-13 16:02:15 -04:00
Lukas Voetmand	3161e1847e	fix: read CycloneDX BOM components from metadata (#3092 ) Signed-off-by: dervoeti <lukas.voetmand@stackable.tech>	2024-08-12 16:37:23 -04:00
Weston Steimel	df1e5b57fe	fix: improve groupid extraction for Jenkins plugins (#2815 ) * fix: improve groupid extraction for Jenkins plugins Consider the `Group-Id` java manifest property as this is typically set for Jenkins plugins if there is no pom file Signed-off-by: Weston Steimel <commits@weston.slmail.me> * test: update java purl integration test image Signed-off-by: Weston Steimel <commits@weston.slmail.me> --------- Signed-off-by: Weston Steimel <commits@weston.slmail.me>	2024-08-12 13:01:44 -04:00
anchore-actions-token-generator[bot]	d2b33f1acb	chore(deps): update CPE dictionary index (#3116 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com> Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>	2024-08-12 16:57:47 +00:00
GGMU	91cf066db6	support .kar files (#3113 ) * add kar Signed-off-by: tomersein <tomersein@gmail.com>	2024-08-12 12:10:03 -04:00
Keith Zantow	cf85450e08	chore: fix failing python relationship test (#3117 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2024-08-12 12:07:47 -04:00
anchore-actions-token-generator[bot]	214a0498e0	chore(deps): update CPE dictionary index (#3094 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>	2024-08-06 13:07:48 -04:00
Gijs Calis	9d40d1152e	feat: improved java maven property resolution (#2769 ) Signed-off-by: Gijs Calis <51088038+GijsCalis@users.noreply.github.com> Signed-off-by: Keith Zantow <kzantow@gmail.com> Co-authored-by: Keith Zantow <kzantow@gmail.com>	2024-08-05 11:30:47 -04:00
Harippriya Sivapatham	cc15edca62	fix: use organization for package supplier when reading Java vendor fields (#3093 ) Signed-off-by: Harippriya Sivapatham <harippriyasivapatham@gmail.com>	2024-08-03 16:00:55 -04:00
Dor Hayun	48f1e975f0	fix: update 'guessMainPackageNameAndVersionFromPomInfo' and 'artifactIDMatchesFilename' (#3054 ) - Correct retrieval of package name when main POM file exists - Address issue where wrong package name was retrieved for certain jars - Example case: 'jansi' jar containing multiple jars like 'jansi-win32' - Ensure true is returned when filename matches the artifact ID, prevent random retrieval by checking prefix and suffix - Use fallback check with suffix and prefix if no POM properties file matches the exact artifact name Signed-off-by: dor-hayun <dor.hayun@mend.io> Co-authored-by: dor-hayun <dor.hayun@mend.io>	2024-08-01 13:47:15 -04:00
Christopher Angelo Phillips	c84cb2cf84	fix: update mainModuleVersion function to always prefix `v` to findings (#3087 ) * chore: basic fix Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> * test: make sure ldflags are prefixed with v --------- Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>	2024-08-01 11:29:07 -04:00
Laurent Goderre	92d63df6f5	Added the SWI Prolog (swipl) ecosystem (#3076 ) * Add binary classifier for swipl Signed-off-by: Laurent Goderre <laurent.goderre@docker.com> * Added cataloger for SWI Prolog Pack packages Signed-off-by: Laurent Goderre <laurent.goderre@docker.com> --------- Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>	2024-07-31 16:13:26 -04:00
Keith Zantow	a4b5dcd0df	fix: improve determinism in java archive identification (#3085 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2024-07-30 12:02:52 -04:00
anchore-actions-token-generator[bot]	a2042e629c	chore(deps): update CPE dictionary index (#3079 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>	2024-07-29 10:03:59 -04:00
witchcraze	490e05adb2	fix: traefik classifier (#3077 ) Signed-off-by: witchcraze <witchcraze@gmail.com>	2024-07-29 09:46:51 -04:00
mikcl	1cd75b7d68	python-cataloger: fix normalization test (#3073 ) Signed-off-by: mikcl <mikesmikes400@gmail.com>	2024-07-25 15:45:14 -04:00

... 3 4 5 6 7 ...

1204 Commits