oss/syft - syft - Sa' Rocí Solutions

oss/syft

mirror of https://github.com/anchore/syft.git synced 2025-11-17 16:33:21 +01:00

Author	SHA1	Message	Date
Alex Goodman	f24bbc1838	Deduplicate packages across multiple container image layers (#930 ) v0.43.0	2022-03-31 15:45:51 -04:00
Eric Larssen	cb3e73e308	Add dart support (#919 ) Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2022-03-31 15:44:55 -04:00
Alex Goodman	f157d7a862	Pull from DockerHub fails for public images when using SSO (#928 )	2022-03-30 17:32:49 +00:00
Dan Luhring	028cd9e27e	Fix nil pointer dereference in directory resolver's `indexPath` method (#924 ) * Add failing test for dir resolver panic Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Fix panic Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2022-03-28 13:15:09 -04:00
Dan Luhring	5549939cc6	Fixups and clarifications in README (#920 ) Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2022-03-25 11:36:43 -04:00
briankoe741	47ea910868	Remove announcement for OSS Meetup (#915 ) Proposing changes to remove our 3/23 meetup Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2022-03-25 00:17:14 +00:00
Dan Luhring	a7db43f5ec	Fix panic on empty sbom (#917 ) * Implement fmt.Stringer with format.ID Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Add failing test for formats processing empty SBOMs Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Account for nil SPDX document during Syft model conversion Signed-off-by: Dan Luhring <dan+github@luhrings.com> v0.42.4	2022-03-24 10:11:51 -04:00
Alex Goodman	cc2c0e57a0	bump strset version to fix 386 builds (#911 ) v0.42.3	2022-03-23 14:34:54 -04:00
Alex Goodman	5253da4b36	Rollback referencing docker config items (#912 )	2022-03-23 18:33:41 +00:00
Jonas Xavier	c0b547bdb2	Less verbose logging in Golang Cataloger (#904 ) * Less verbose logging in Golang Cataloger Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * debug for known gray errors Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * only show warnings when a binary is not a go executable Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com> v0.42.2	2022-03-22 10:19:18 -07:00
Alex Goodman	cffcaf5984	Improve docker config support (#906 )	2022-03-22 11:02:54 -04:00
Alex Goodman	7f9edf346a	Bump golangci-lint to 1.45.0 (#909 )	2022-03-22 11:02:36 -04:00
j-k	a644a45ef4	Correct go.mod to enforce go 1.18 (#897 ) Since syft now depends on debug/buildinfo go 1.18 is required to build syft and as such go.mod needs updating Signed-off-by: 06kellyjac <jack@control-plane.io>	2022-03-21 15:38:32 -04:00
Jonas Xavier	283db88dc4	Omit H1Digest when empty (#902 ) * Omit HD1Field when empty Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * update test-fixtures Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> v0.42.1	2022-03-21 11:59:10 -07:00
Alex Goodman	03e193e577	Add platform option to the README (#889 )	2022-03-21 12:02:15 -04:00
Alex Goodman	069aa68b63	Fix image cleanup when there is an error (#905 )	2022-03-21 14:48:11 +00:00
Keith Zantow	9240860f44	Correct ID handling during Syft JSON decoding (#900 )	2022-03-18 17:03:26 -04:00
Christopher Angelo Phillips	4231f38fa2	add case to decode GolangBinMetadata for syftjson model (#901 ) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-03-18 15:15:10 -04:00
Dan Luhring	752b03b2d6	Remove commit signing requirement (#899 ) Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2022-03-18 12:48:00 -04:00
Keith Zantow	99c3339810	Fix CycloneDX license decoding panic (#898 )	2022-03-18 09:44:51 -04:00
Keith Zantow	f4734d28b3	Fix panic when CycloneDX BOM missing metadata.component (#895 ) v0.42.0	2022-03-17 10:22:35 -04:00
Jonas Xavier	6ef3e45ffc	Use go 1.18 buildinfo to catalog binaries (#827 ) * initial working version Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * added build settings to pkg metadata wip - unit tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * handle mach-O FatFiles Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add support to mod replace fixed golang catalger tests trying GH Actions with go 1.18rc1 Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * log error Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * use go-macholibre for extraction Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * cleaner tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add version to main module Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * check macho file with macholibre Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * run golangci in its own workflow Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip - golangci workflow Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix golangci wf yml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix golangci wf yml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip - golangci wf Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip - golangci wf Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * get arch from bin file headers upgrade macholibre Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * test new stereoscope lazy reader interface Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove devel version from golang cataloger Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * switch github workflows to go1.18 stable Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add union reader interface in golang cataloger update stereoscope Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * simpler golangci validation Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix makefile Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * get archs refactor Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * nolint for golang version Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix go bin tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * golangci nolint needs a \n before package Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * cleanup Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * move golangci-lint to its own jobs again Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix ci yaml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add support for xcoff files add arch assets to test bin file types Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * clean up golangci-lint config Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * nolint for xcoff Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * explain nolints Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove unused xcoff testdata assets Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * make go bin test-fixtures in docker Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix make clean with -f Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * update json output schema Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * update schema version in test fixture Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * explain possible empty main module Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-03-16 17:07:02 -07:00
Keith Zantow	ee0a1d172c	panic parsing cyclonedx (#892 ) v0.41.6	2022-03-16 09:10:44 -04:00
Keith Zantow	b9b3ccecf9	Update register link text (#891 ) v0.41.5	2022-03-15 17:02:33 +00:00
mikey strauss	95271fb10d	NPM PURLs are invalid (#832 ) Signed-off-by: houdini91 <mdstrauss91@gmail.com>	2022-03-15 11:54:33 -04:00
Christopher Angelo Phillips	93d2d57cd3	update README with OSS Meetup information (#890 ) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-03-15 11:37:56 -04:00
Kenny Moens	7cd3201fe9	Support the .be top-level domain (#873 ) Signed-off-by: Kenny Moens <kenny.moens@cipalschaubroeck.be>	2022-03-15 10:59:13 -04:00
Keith Zantow	c7cf8b0b26	Brew install gon failed (#885 ) v0.41.4 v0.41.3	2022-03-11 13:17:57 -05:00
Frankie G-J	44a6e00f7a	Include vendored modules in Go Module package list (#883 ) * include vendored modules in package slice Signed-off-by: Frankie Gallina-Jones <frankieg@vmware.com> * add explanatory comments Signed-off-by: Frankie Gallina-Jones <frankieg@vmware.com>	2022-03-11 12:57:33 -05:00
Keith Zantow	6c8102bf28	Correct CycloneDX distro decoding (#745 )	2022-03-11 09:27:18 -05:00
Keith Zantow	7789506dc6	Experimental GitHub export (#836 ) v0.41.2	2022-03-10 22:38:12 -05:00
Christopher Angelo Phillips	fa03723617	Upgrade vault api from v1.3.1 to v1.4.1 (#878 ) * move v1.3.1 => v1.4.1 * go mod tidy Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-03-09 15:11:07 -05:00
Alex Goodman	2946813a74	RPM Epoch should be optional in the json schema (#880 )	2022-03-09 14:51:43 -05:00
Christopher Angelo Phillips	003d28ad48	Add SchemaVersion to version command output (#877 ) * make JsonSchemaVersion available programmatically via syft version command Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-03-09 13:12:52 -05:00
Alex Goodman	9d9669e62f	Add artifacthub owner (#876 )	2022-03-09 12:50:31 +00:00
Sambhav Kothari	39737a2825	Update cyclonedx to v1.4 (#820 )	2022-03-08 12:09:55 -05:00
cipher-ardvark	f2617285d0	Update yarn.lock parser to support latest (berry v3) format (#868 ) * add test cases for yarn parser regex Signed-off-by: Patrick Glass <patrickglass@gmail.com> * update yarn.lock parser to support yarn berry Add support for Yarn v3 (berry) which changes the output Collapse regex for parsing scoped and non-scoped packages Add tests for the regex to ensure backwards compatability and to catch issues with future changes. Signed-off-by: Patrick Glass <patrickglass@gmail.com> * simplify yarn test expressions Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Patrick Glass <patrickglass@gmail.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2022-03-08 12:07:54 -05:00
Alex Goodman	07d3c9af52	Fix file creation for output options (#875 ) v0.41.1	2022-03-08 15:37:28 +00:00
Alex Goodman	5123f073c7	Update containerd via stereoscope (#870 ) Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com> v0.41.0	2022-03-07 17:37:20 +00:00
Alex Goodman	991af0d857	Include root path in directory resolve index (#869 )	2022-03-07 11:34:16 -05:00
Alex Goodman	a86dd3704e	Add platform selection (#866 )	2022-03-04 22:41:38 +00:00
Alex Goodman	4af32c5bee	Migrate format definitions to sbom package (#864 )	2022-03-04 17:22:40 -05:00
Jonas Xavier	640099ce2e	tiny aligment fix in example template (#867 ) Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-03-04 09:34:05 -08:00
Keith Zantow	b2ab4671b9	Correct SPDX-JSON checksum algorithm (#863 ) v0.40.1	2022-03-03 17:13:13 -05:00
Christopher Angelo Phillips	ad322b3314	bump error language and remove panic (#862 ) * bump error language and remove panic Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-03-03 10:37:18 -05:00
Jonas Xavier	4a8a9ce290	add podman scheme to doc examples (#860 )	2022-03-02 14:39:05 -08:00
Alex Goodman	635904fcb6	Reduce PR check failures (#858 )	2022-03-02 17:51:37 +00:00
Dan Luhring	1e75cb0418	Update to cosign v1.5.2 (#857 ) v0.40.0	2022-03-02 15:09:47 +00:00
Christopher Angelo Phillips	afc0c1acd9	855 attest registry source only (#856 ) Add source.NewFromRegistry function so that the syft attest command can always explicitly ask for an OCIRegistry provider rather than rely on local daemon detection for image sources. Attestation can not be used where local images loaded in a daemon are the source. Digest values for the layer identification step in attestation can sometimes vary across workstations. This fix makes it so that attest is generating an SBOM for, and attesting to, a source that exists in an OCI registry. It should never load a source from a local user docker/podman daemon. Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2022-03-01 23:16:42 -05:00
Keith Zantow	edac8c7bf7	Update CycloneDX to use syft namespace and output multiple CPEs (#849 )	2022-03-01 17:37:52 -05:00

1 2 3 4 5 ...

929 Commits