oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-18 08:53:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,788 Commits 60 Branches 244 Tags
Commit Graph

777 Commits

Author SHA1 Message Date
Colm O hEigeartaigh
d39ef44e40
Parse Python licenses from LicenseFile entry in the Wheel Metadata (#2331) 
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
 2023-12-13 17:46:56 -05:00
Wayne Starr
8bca0ac39e
fix: use filepath instead of path for file source exclusions (#2411) 
Signed-off-by: Wayne Starr <me@racer159.com>
 2023-12-13 17:45:34 -05:00
Colm O hEigeartaigh
e789e0714d
feat: add the option to retrieve remote licenses for projects defined in a maven pom (#2409) 
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
 2023-12-12 14:02:36 -05:00
anchore-actions-token-generator[bot]
68f35815d6
chore(deps): update CPE dictionary index (#2412) 
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
 2023-12-11 06:35:58 -05:00
Weston Steimel
4d4b502174
fix(java): improve identification for org.codehaus.groovy artifacts (#2404) 
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
 2023-12-08 05:02:01 -05:00
Weston Steimel
ea80f94c0e
fix(java): improve identification for commons-jelly artifacts (#2399) 
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
 2023-12-07 12:28:21 -05:00
Weston Steimel
2c145f70b2
fix(java): improve identification for io.minio artifacts (#2398) 
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
 2023-12-06 16:58:07 -05:00
Weston Steimel
bcc7e90fcc
fix(java): improve identification for com.graphql-java artifacts (#2397) 
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
 2023-12-06 18:04:43 +00:00
Colm O hEigeartaigh
16dee41b4b
feat: add ability to retrieve remote licenses for yarn.lock (#2338) 
---------

Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
 2023-12-05 13:38:28 -05:00
Colm O hEigeartaigh
3ba9df4ff3
Retrieve remote licenses using pom.properties when there is no pom.xml (#2315) 
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
 2023-12-05 09:47:40 -05:00
Weston Steimel
bbf223b2c9
fix(java): improve identification for org.apache.tapestry artifacts (#2384) 
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
 2023-12-04 11:23:40 -05:00
Weston Steimel
b126276f97
fix(java): improve identification for io.ratpack artifacts (#2379) 
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
 2023-12-04 11:23:26 -05:00
Weston Steimel
40d766a257
fix(java): improve identification for org.apache.cassandra artifacts (#2386) 
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
 2023-12-01 10:51:14 -05:00
Weston Steimel
814960f65a
fix(java): improve identification for org.neo4j.procedure artifacts (#2388) 
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
 2023-12-01 10:50:24 -05:00
Weston Steimel
11039f4b4e
fix(java): improve identification for org.elasticsearch artifacts (#2383) 
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
 2023-12-01 09:22:33 -05:00
Weston Steimel
413ffdb233
fix(java): improve identification for org.apache.geode artifacts (#2382) 
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
 2023-12-01 12:48:15 +00:00
Weston Steimel
e53fe51612
fix(java): improve identification for org.apache.tomcat.embed artifacts (#2381) 
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
 2023-12-01 07:13:13 -05:00
Weston Steimel
facbc486a8
fix(java): improve identification for io.projectreactor.netty artifacts (#2378) 
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
 2023-12-01 07:09:06 -05:00
Weston Steimel
5d42a349e6
fix(java): improve identification for org.eclipse.platform artifacts (#2349) 
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
 2023-11-30 16:02:03 -05:00
Alex Goodman
4adfbeb5f0
Generalize UI events for cataloging tasks (#2369) 
* generalize ui events for cataloging tasks

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* moderate review comments

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* incorporate review comments

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* rename cataloger task progress object

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* migrate cataloger task fn to bus helper

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-11-30 16:25:50 +00:00
Laurent Goderre
06b9a79e3d
chore: fix tests failing due to Mac Rosetta cache (#2374) 
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
 2023-11-29 18:39:28 +00:00
Keith Zantow
ef5c1651ef
fix: improve dotnet portable executable identification (#2133) 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
 2023-11-29 12:51:24 -05:00
Alex Goodman
5c8dd4c3a7
fix file metadata cataloger to use resolved locations (#2370) 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-11-29 09:42:34 -05:00
Keith Zantow
f5a6b5a02f
fix: logging level for parsing potential PE files (#2367) 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
 2023-11-29 03:42:22 +00:00
William Murphy
ea4a6747eb
fix: hardcode xalan group ID (#2368) 
According to maven central, the package called "xalan" should just have
the group ID xalan, but currently syft isn't able to find that.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
 2023-11-28 14:40:03 -05:00
Alex Goodman
1cfc4c7387
Normalize cataloger configuration patterns (#2365) 
* normalize cataloger patterns

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* remove central reference for maven configurable

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-11-28 17:02:43 +00:00
Alex Goodman
4d0da703bf
normalize enums to lowercase with hyphens (#2363) 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-11-28 11:02:20 -05:00
William Murphy
ce4b31757a
fix: index file itself when file scan path has symlink (#2359) 
Previously, building the index of the filesystem when source was file
would fail if part of the path syft was passed to the file included a
symlinked directory, resulting in cataloging misses.

---------

Signed-off-by: Will Murphy <will.murphy@anchore.com>
 2023-11-28 09:41:28 -05:00
Alex Goodman
8ee209a5ae
use read lock in pkg collection (#2341) 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-11-21 13:48:25 -05:00
Weston Steimel
ebeb768f59
fix: add manual namespace mapping for org.springframework jars (#2345) 
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
 2023-11-21 18:28:10 +00:00
Duane May
d4733fac1d
Add binary classifiers for MySQL and MariaDB (#2316) 
* Add MySQL and MariaDB binary classifiers

Signed-off-by: Duane May <duanemay@gmail.com>
Signed-off-by: Duane May <mduane@vmware.com>

* use smallest possible binary fixtures

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Duane May <duanemay@gmail.com>
Signed-off-by: Duane May <mduane@vmware.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-11-21 16:54:41 +00:00
David Dooling
34774a0e10
Enhance redis binary classifier (#2329) 
Allow existing matcher to match host identifiers longer than 12
characters. The binaries distributed by redis have the version before
payload, so add a matcher for that. Add test fixtures covering these
scenarios.

Signed-off-by: David Dooling <david.dooling@docker.com>
 2023-11-21 16:24:59 +00:00
Weston Steimel
9d766c0325
fix: add manual namespace mapping for org.springframework.security jars (#2343) 
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
 2023-11-21 13:46:34 +00:00
Weston Steimel
5751b43608
fix: add manual namespace mapping for org.bouncycastle jars (#2342) 
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
 2023-11-21 08:17:07 -05:00
Alex Goodman
5565bdef0c
Remove the power-user command and related catalogers (#2306) 
* remove the power-user command

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* remove secrets + classifier catalogers

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* bump json schema

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* regenerate json schema

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-11-20 15:44:28 +00:00
Alex Goodman
1676934c63
Add "pretty" json configuration and change default behavior to be space-efficient (#2275) 
* expose underlying format options

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* remove escape html options and address PR feedback

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* incorporate PR feedback

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix cli test

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-11-20 15:29:34 +00:00
Alex Goodman
11a8cde8e4
export metadata type helper (#2328) 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-11-15 19:05:18 +00:00
Weston Steimel
dcd062cffb
fix(java): add manual groupid mappings for org.apache.velocity jars (#2327) 
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
 2023-11-15 17:44:36 +00:00
Weston Steimel
b9294976ef
fix(java): skip maven bundle plugin logic if vendor id and symbolic name match (#2326) 
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
 2023-11-15 17:44:15 +00:00
Colm O hEigeartaigh
3e8a2304e8
Refine license searching from groupIDFromJavaMetadata to allow for having the artfactId in the groupId (#2313) 
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
 2023-11-15 10:04:31 -05:00
Colm O hEigeartaigh
0652998b9b
Add license for golang stdlib (#2317) 
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
 2023-11-14 11:53:07 -05:00
Colm O hEigeartaigh
7ccbadff34
Fall back to searching maven central using groupIDFromJavaMetadata (#2295) 
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
 2023-11-10 22:02:53 -05:00
Alex Goodman
3f13d209a5
rename file.Location.VirtualPath to AccessPath (#2288) 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-11-09 11:30:08 -06:00
Benji Visser
0891d35e07
include image labels in cycloneDX SBOM (#2294) 
* include image labels in SBOM

Signed-off-by: Benji Visser <benji@093b.org>

* update tests

Signed-off-by: Benji Visser <benji@093b.org>

* gocritic

Signed-off-by: Benji Visser <benji@093b.org>

* add properties

Signed-off-by: Benji Visser <benji@093b.org>

* add decoder

Signed-off-by: Benji Visser <benji@093b.org>

* update golden snapshots

Signed-off-by: Benji Visser <benji@093b.org>

* decodeProperties

Signed-off-by: Benji Visser <benji@093b.org>

* add test

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* remove the snapshot test changes

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* restore snapshots

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Benji Visser <benji@093b.org>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-11-08 23:13:04 +00:00
Alex Goodman
502971a1b2
Add accessPath on Location objects to syft-json output (#2287) 
* add accessPath on Location objects to syft-json output

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* generate json schema v12.0.1

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-11-08 17:05:30 -06:00
Colm O hEigeartaigh
dc14dbb326
SPDX file has duplicate sha256 tag in versionInfo (#2300) 
* SPDX file has duplicate sha256 tag in versionInfo

Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>

* add tests

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-11-08 22:49:31 +00:00
Colm O hEigeartaigh
bae5a2e741
Check maven central as well for licenses in parents poms for nested jars (#2302) 
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
 2023-11-08 10:26:12 -08:00
Keith Zantow
d91c2dd842
fix: identify cyclone-json without $schema (#2303) 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
 2023-11-08 11:54:22 -05:00
anchore-actions-token-generator[bot]
4ba92ac43b
chore(deps): update CPE dictionary index (#2290) 
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
 2023-11-06 09:23:24 -05:00
Colm O hEigeartaigh
9fa11f2339
Wire though maven-url to java config (#2291) 
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
 2023-11-06 09:08:03 -05:00