* feat: update golang to 1.19
Signed-off-by: Bradley Jones <bradley.jones@anchore.com>
* chore: break out json schema drift check into separate script
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* chore: update git index refresh
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: Bradley Jones <bradley.jones@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* initial working version
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* added build settings to pkg metadata
wip - unit tests
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* handle mach-O FatFiles
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* add support to mod replace
fixed golang catalger tests
trying GH Actions with go 1.18rc1
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* log error
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* use go-macholibre for extraction
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* cleaner tests
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* add version to main module
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* check macho file with macholibre
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* run golangci in its own workflow
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* wip - golangci workflow
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* fix golangci wf yml
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* fix golangci wf yml
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* wip - golangci wf
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* wip - golangci wf
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* get arch from bin file headers
upgrade macholibre
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* go mod tidy
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* test new stereoscope lazy reader interface
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* go mod tidy
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* remove devel version from golang cataloger
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* go mod tidy
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* switch github workflows to go1.18 stable
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* add union reader interface in golang cataloger
update stereoscope
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* go mod tidy
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* simpler golangci validation
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* fix makefile
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* get archs refactor
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* nolint for golang version
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* fix go bin tests
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* feedback changes
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* golangci nolint needs a \n before package
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* cleanup
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* move golangci-lint to its own jobs again
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* fix ci yaml
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* add support for xcoff files
add arch assets to test bin file types
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* clean up golangci-lint config
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* nolint for xcoff
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* explain nolints
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* remove unused xcoff testdata assets
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* make go bin test-fixtures in docker
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* fix make clean with -f
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* update json output schema
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* update schema version in test fixture
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* feedback changes
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
* explain possible empty main module
Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
Add source.NewFromRegistry function so that the syft attest command can always explicitly ask for an OCIRegistry provider rather than rely on local daemon detection for image sources.
Attestation can not be used where local images loaded in a daemon are the source. Digest values for the layer identification step in attestation can sometimes vary across workstations.
This fix makes it so that attest is generating an SBOM for, and attesting to, a source that exists in an OCI registry. It should never load a source from a local user docker/podman daemon.
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
add syft attest command to produce an attestation as application/vnd.in-toto+json to standard out using on disk PKI
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
