oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-18 00:43:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,606 Commits 60 Branches 244 Tags
Commit Graph

1606 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Keith Zantow
42cb0a47a4
feat: SPDX 2.3 support (#1311) 2022-11-18 08:54:39 -05:00
patrikbeno
0c4b99c1c2
SBOM cataloger (#1029) 
* SBOM cataloger

Signed-off-by: Patrik Beno <patrik.beno@greenhorn.sk>

* sbom-cataloger: turn off by default

and add integration test

Signed-off-by: Patrik Beno <patrik.beno@greenhorn.sk>

* SBOM cataloger

Signed-off-by: Patrik Beno <patrik.beno@greenhorn.sk>

* SBOM cataloger (optimize)

Signed-off-by: Patrik Beno <patrik.beno@greenhorn.sk>

* SBOM cataloger (fix)

Signed-off-by: Patrik Beno <patrik.beno@greenhorn.sk>

* SBOM cataloger (fix imports #1172)

Signed-off-by: Patrik Beno <patrik.beno@greenhorn.sk>

* SBOM cataloger (fix: support group attribute in CDX SBOMs)

Signed-off-by: Patrik Beno <patrik.beno@greenhorn.sk>

* port to generic cataloger and add relationship to original file

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* generalize parser for all format globs

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Patrik Beno <patrik.beno@greenhorn.sk>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Tom Fay <tomfay@microsoft.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
 2022-11-16 14:11:45 -05:00
Christopher Angelo Phillips
0774ad15e2
chore: clean up linting configuration (#1343) 2022-11-16 16:28:09 +00:00
Keith Zantow
f8be64d312
fix: Unmarshal Syft JSON with missing metadata (#1338) 2022-11-15 13:00:10 -05:00
Alex Goodman
1ae577a035
fix apk decode for older data shapes (#1341) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2022-11-15 16:38:31 +00:00
Weston Steimel
09bf5b062c
chore: add unit test for wolfi os release identification (#1340) 
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
 2022-11-14 18:57:31 -05:00
Keith Zantow
c1fdfce5f1
fix: Output only valid CPEs for CycloneDX OS components (#1339) 2022-11-14 15:24:19 -05:00
Justin Chadwell
10f43d75e0
feat: Add --name option to override name in output (#1269) 2022-11-10 14:03:23 -05:00
Dan Luhring
949cff158d
Add support for dependency relationships for alpine (apk) (#1063) 
* Fix type of pull deps and add support for provides

Signed-off-by: Dan Luhring <dan+github@luhrings.com>

* [wip] apk dependency lookup

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* update whitespace for linter

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* adjust test conditions

Signed-off-by: Timothy Gerla <tim@gerla.net>

* fix TODOs and improve Provides parser

* run simports after main merge

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* add tests to cover apk relationship parsing cases

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* generate JSON schema for breaking changes to apk metadata

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* update tests to account for additional dependencies

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* [wip] fix relationship encoding for cyclonedx

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* simplify package relationships that can be expressed

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Dan Luhring <dan+github@luhrings.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Timothy Gerla <tim@gerla.net>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Timothy Gerla <tim@gerla.net>
 2022-11-09 15:43:37 +00:00
Alex Goodman
e58d0aecb8
normalize alpm md5 refs (#1333) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2022-11-09 15:04:15 +00:00
Alex Goodman
d7a51a69dd
Update java generic cataloger (#1329) 
* remove centralize pURL generation

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* port java cataloger to new generic cataloger pattern

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* remove common.GenericCataloger

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* update format test fixtures to reflect ID updates

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* fix package sort instability for encode-decode-encode cycles

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2022-11-09 14:55:54 +00:00
Keith Zantow
f3528132a7
Support encoding map types to CycloneDX properties (#1332) 2022-11-08 18:59:37 -05:00
Alex Goodman
5ed002e1a9
Update swift cataloger to generic cataloger (#1324) 
* port swift cataloger to new generic cataloger pattern

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add cocopods metadata to json schema defs

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* update json test fixture with latest schema version

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2022-11-04 13:51:59 -04:00
Alex Goodman
f319713821
port rust cataloger to new generic cataloger pattern (#1323) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2022-11-04 16:07:36 +00:00
Alex Goodman
41464bbd7f
port ruby cataloger to new generic cataloger pattern (#1322) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2022-11-04 11:33:55 -04:00
Alex Goodman
3048382bbd
port rpm cataloger to new generic cataloger pattern (#1321) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2022-11-04 10:41:04 -04:00
Alex Goodman
1076281566
port python cataloger to new generic cataloger pattern (#1319) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2022-11-04 08:59:03 -04:00
Alex Goodman
2deb96a801
Update portage cataloger to new generic cataloger (#1316) 
* port portage (ha) cataloger to new generic cataloger pattern

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* update JSON schema to account for removing portage fields

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2022-11-03 14:49:18 -04:00
Alex Goodman
891f2c576b
port php cataloger to new generic cataloger pattern (#1315) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2022-11-03 13:00:44 -04:00
Kenny Moens
bc9740d50a
javascript cataloger: node binary: nil pointer dereference (#1313) 
Co-authored-by: Keith Zantow <kzantow@gmail.com>
v0.60.3 		2022-11-03 14:38:49 +00:00
Keith Zantow
3e99c4d7d8
Fix: Include version information in binary cataloger CPEs (#1310) 2022-11-03 10:17:15 -04:00
Christopher Angelo Phillips
10464642e9
fix: only generate PURL on empty string (#1312) 2022-11-03 10:00:14 -04:00
Alex Goodman
e0acfa98c7
add s3 credentials to release (#1309) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2022-11-02 15:48:37 +00:00
Alex Goodman
9634b42746
port javascript cataloger to new generic cataloger pattern (#1308) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2022-11-02 11:31:57 -04:00
Keith Zantow
35f0f2931e
chore: update goreleaser brew token (#1306) v0.60.2 2022-11-02 10:05:20 -04:00
Keith Zantow
95c7378109
fix: Decode binary and unknown metadata (#1307) 2022-11-01 21:26:00 +00:00
Keith Zantow
ba57f3db51
chore: update github token permissions for goreleaser (#1305) v0.60.1 2022-11-01 16:28:37 +00:00
Christopher Angelo Phillips
4c5c6f6319
fix: update ci secret to use new password (#1304) v0.60.0 2022-11-01 14:30:29 +00:00
Christopher Angelo Phillips
1b69fbd566
fix: update secret value to use new cert cahin (#1303) 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
 2022-11-01 00:05:40 +00:00
Christopher Angelo Phillips
7ed91c0e31
fix: verbose quill release failures (#1302) 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
 2022-10-31 22:21:30 +00:00
Christopher Angelo Phillips
8e2fc29bc7
fix: unterminated quoted string (#1300) 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
 2022-10-31 20:07:43 +00:00
Christopher Angelo Phillips
e9fbc38064
fix: update Makefile to remove old signing arch (#1299) 2022-10-31 18:56:30 +00:00
Christopher Angelo Phillips
edeba9c01c
feat: add nodejs-binary package classifier (#1296) 2022-10-31 16:45:11 +00:00
Weston Steimel
919c929798
update go-rpmdb to improve parsing of installed files (#1297) 2022-10-30 23:55:17 -04:00
Nick Piper
91f4467a1f
docs: update attestation directions with new cosign changes 2022-10-29 20:18:53 +00:00
Keith Zantow
c489c37e35
fix: Continue parsing Python RECORD files when bad lines encountered (#1295) 2022-10-29 15:45:59 -04:00
Marc-Etienne Vargenau
dd89461ba3
Fix #1245 Update SPDX license list to 3.18 (#1259) 
* Fix #1245 Update SPDX license list to 3.18

Signed-off-by: Marc-Etienne Vargenau <marc-etienne.vargenau@nokia.com>
 2022-10-27 23:46:54 -04:00
Rob Tompkins
fb388c0f25
fix: Resolve Maven POM expressions (#1251) (#1278) 2022-10-27 13:01:07 -04:00
Alex Goodman
e52aa3bc03
port haskell cataloger to new generic cataloger pattern (#1290) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2022-10-27 11:30:22 -04:00
Alex Goodman
6826d7603b
port golang cataloger to new generic cataloger pattern (#1289) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2022-10-25 16:42:50 +00:00
Alex Goodman
52cb7269bf
port deb/dpkg cataloger to new generic cataloger pattern (#1288) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2022-10-25 15:47:32 +00:00
Alex Goodman
bd5adbc9b3
update cataloger tests to use pkgtest utils (#1287) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2022-10-25 11:20:02 -04:00
Alex Goodman
c7a653060d
port dotnet cataloger to new generic cataloger pattern (#1286) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2022-10-24 21:17:27 +00:00
Alex Goodman
fbdde6d4f4
port dart cataloger to new generic cataloger pattern (#1285) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2022-10-24 20:37:42 +00:00
Alex Goodman
eb8ebd9ffc
port conan cataloger to new generic cataloger pattern (#1284) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2022-10-24 20:11:20 +00:00
Alex Goodman
f36c0ca971
port apk cataloger to new generic cataloger pattern (#1283) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2022-10-24 13:51:09 -04:00
Alex Goodman
28cadfdb5d
replace signing tooling with quill (#1280) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2022-10-24 13:03:10 -04:00
Alex Goodman
b44f441c82
Upgrade generic cataloger (#1281) 
* add second generation of generic cataloger

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* upgrade aplm cataloger to use generic.Cataloger

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* remove pacakge found-by attribute from the definition of a package ID

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2022-10-24 11:12:12 -04:00
anchore-actions-token-generator[bot]
7a8b96abc2
Update syft bootstrap tools to latest versions. (#1282) 
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
 2022-10-24 10:17:06 -04:00
Alex Goodman
d8c659b65b
replace logger interface with anchore/go-logger (#1279) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2022-10-21 15:12:14 +00:00