* split source.Location and create source.Coordinates for minimal path addressing
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* move coordinates into separate file
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* Update syft/source/coordinates.go
Co-authored-by: Dan Luhring <luhring@users.noreply.github.com>
* migrate pkg.ID and pkg.Relationship to artifact package
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* return relationships from tasks
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix more tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add artifact.Identifiable by Identity() method
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix linting
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove catalog ID assignment
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* adjust spdx helpers to use copy of packages
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* stabilize package ID relative to encode-decode format cycles
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* rename Identity() to ID()
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* use zero value for nils in ID generation
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* enable source.Location to be identifiable
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* hoist up package relationship discovery to analysis stage
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update ownership-by-file-overlap relationship description
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add test reminders to put new relationships under test
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* adjust PHP composer.lock parser function to return relationships
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* [wip] single sbom doc
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix more tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix linting
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update cli tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove scope in import path
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* swap SPDX tag-value formatter to single sbom document
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* bust CLI cache
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update fixture to byte diff
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* byte for byte
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* bust the cache
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* who needs cache
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* add jar for testing
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* no more bit flips
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* update apk with the delta for image and directory cases
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* restore cache workflow
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
Co-authored-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
* add new spdx tag-value format
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove public presenter package
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove existing spdxjson presenter + helpers
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add new spdx22json format
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add common sdpxhelpers (migrated)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* use new common spdx helpers
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* wire up new spdx22json format object
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove lossless syft-specific property bags
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove spdxjson decoder and validator
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add nil checks in spdx test helpers
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove empty default case
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* use explicit golden snapshot
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add new cyclonedx format object
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove cyclonedx presenter
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove cyclonedx presenter call
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove dependence on golden images for format tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* wire up new formt + rename all-presenters ref
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add CLI test to ensure that all formats can be expressed as report output
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add cyclonedx version and encoding format to package name
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* optionally preserve format snapshot images
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix linting + text unit tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add new format pattern
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add syftjson format
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add internal formats helper
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add SBOM encode/decode to lib API
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove json presenter + update presenter tests to use common utils
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove presenter format enum type + add formats shim in presenter helper
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add MustCPE helper for tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update usage of format enum
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add test fixtures for encode/decode tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix integration test
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* migrate format detection to use reader
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* address review comments
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add query by MIME type to source.FileResolver
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* pull in stereoscope MIME type feature
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add output to file option
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* log errors on close of the report destination
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove file option from persistent args
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update file option comments and logging
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* allow for multiple UI fallback options
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update UI select signatures + tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update SPDX license list from 3.13 to 3.14
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove license list version from spdx snapshot unit tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add initial spdx support
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* expose FileOwner and use in SPDX presenter
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add initial json support for SPDX
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add remaining package fields
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add spdx license list generation + tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* keep fileOwner unexported from pkg
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* restore cli test util
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add external refs to spdx tag-value format
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add golang support to CPE generation
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* use tag-value format as default "spdx" format flavor
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add tests around spdx presenters + refactor presenter tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add bouncer exception for spdx tools-golang repo
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove spdx model questions
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add registry image source
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* use explicit source for fetching image + add scheme and registry tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* adjust test variable name and add credential helper function
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add initial secrets cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update ETUI elements with new catalogers (file metadata, digests, and secrets)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update secrets cataloger to read full contents into memory for searching
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* quick prototype of parallelization secret regex search
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* quick prototype with single aggregated regex
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* quick prototype for secret search line-by-line
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* quick prototype hybrid secrets search
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add secrets cataloger with line strategy
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* adjust verbiage towards SearchResults instead of Secrets + add tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update json schema with secrets cataloger results
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* address PR comments
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update readme with secrets config options
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* ensure file catalogers call AllLocations once
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Also adds artifact location to sort key for Sorted() to ensure
consistent sorts when artifacts of same name, version, and type are
found in different locations in the image. Location should be sufficient
since we assume only one package of a given name and version can exist
in one location, even if that location is an package-db like rpmdb.
Signed-off-by: Zach Hill <zach@anchore.com>
