oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2026-03-29 21:23:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • d8538e7d8b
         chore(deps): update tools to latest versions (#4420) anchore-actions-token-generator[bot] 2025-12-01 16:34:18 -05:00
  • cd19ac956c
         chore(deps): bump github.com/olekukonko/tablewriter from 1.1.1 to 1.1.2 (#4427) dependabot[bot] 2025-12-01 16:34:07 -05:00
  • d1a523fef5
         chore(deps): bump github/codeql-action from 4.31.4 to 4.31.6 (#4424) dependabot[bot] 2025-12-01 16:34:03 -05:00
  • e1e3d002bc
         chore(deps): bump github.com/goccy/go-yaml from 1.18.0 to 1.19.0 (#4426) dependabot[bot] 2025-12-01 16:33:48 -05:00
  • 57ec3a6561
         feat: apply HandleCompundArchiveAliases across syft Christopher Phillips 2025-12-01 11:05:59 -05:00
  • a0f7148608
         chore: ignore .DS_Store in test fixtures (#4422) Will Murphy 2025-12-01 10:15:35 -05:00
  • 4bbceb09c1 handle compound aliases like tar.gz when cataloging archives Yuntao Hu 2025-12-01 21:44:30 +08:00
  • 5b96d1d69d
         chore: rename test func for CPE decoder (#4379) Adam Chovanec 2025-11-26 05:05:31 +01:00
  • 6c666383e7
         chore(deps): bump anchore/sbom-action from 0.20.9 to 0.20.10 (#4381) dependabot[bot] 2025-11-25 23:05:05 -05:00
  • b9710a1e79
         chore(deps): bump modernc.org/sqlite from 1.40.0 to 1.40.1 (#4382) dependabot[bot] 2025-11-25 23:04:56 -05:00
  • 023a14f869
         chore(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#4396) dependabot[bot] 2025-11-25 23:03:02 -05:00
  • 439a063d08
         chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.7.3 to 6.7.5 (#4397) dependabot[bot] 2025-11-25 10:20:59 -05:00
  • c95893209d
         fix: normalize python package names from dependency lists (#4408) Will Murphy 2025-11-25 10:20:21 -05:00
  • 7e02bdfe45
         chore(deps): update tools to latest versions (#4398) anchore-actions-token-generator[bot] 2025-11-25 10:17:33 -05:00
  • 479cf5aff2
         chore(deps): bump github.com/google/go-containerregistry (#4409) dependabot[bot] 2025-11-25 10:16:54 -05:00
  • 65e58ba33d feat: add support for detecting packages in JARs Patrick Pichler 2025-09-04 15:36:05 +02:00
  • f12788da78
         chore(deps): bump github/codeql-action from 4.31.3 to 4.31.4 (#4386) dependabot[bot] 2025-11-20 12:40:21 -05:00
  • 67709362b6
         chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.7.2 to 6.7.3 (#4387) dependabot[bot] 2025-11-20 12:01:21 -05:00
  • 55526dbde0
         chore(deps): bump golang.org/x/crypto from 0.44.0 to 0.45.0 (#4391) dependabot[bot] 2025-11-20 12:01:05 -05:00
  • af167ba0c1
         chore(deps): bump actions/setup-go from 6.0.0 to 6.1.0 (#4392) dependabot[bot] 2025-11-20 12:00:56 -05:00
  • 00e1329bd1
         chore(deps): bump actions/setup-go in /.github/actions/bootstrap (#4393) dependabot[bot] 2025-11-20 12:00:44 -05:00
  • 9aca8167b8
         chore: drop cpe from gguf (#4383) Christopher Angelo Phillips 2025-11-19 05:37:40 -05:00
  • 759909f611
         fix: emit lua rockspec dependencies in metadata (#4376) Will Murphy 2025-11-18 09:19:41 -05:00
  • 7014cb023f
         chore: options to run release-install-script without release (#4377) Keith Zantow 2025-11-17 17:12:04 -05:00
  • a033ae525f
         chore(deps): update anchore dependencies (#4374) v1.38.0 anchore-actions-token-generator[bot] 2025-11-17 12:17:15 -05:00
  • 1c22325385
         ci: output oras path (#4373) Will Murphy 2025-11-17 10:36:45 -05:00
  • 75ad5c6c74
         chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.7.1 to 6.7.2 (#4372) dependabot[bot] 2025-11-17 08:47:47 -05:00
  • d2641dfa39
         chore(deps): bump golang.org/x/tools from 0.38.0 to 0.39.0 (#4364) dependabot[bot] 2025-11-17 13:41:45 +00:00
  • 365325376a
         chore(deps): update tools to latest versions (#4370) anchore-actions-token-generator[bot] 2025-11-15 06:47:23 -05:00
  • 153f2321ce
         Fix test-fixture publish (#4369) Alex Goodman 2025-11-14 15:41:23 -05:00
  • 7bf7bcc461
         Support extras statements in Python PDM cataloger (#4352) Alex Goodman 2025-11-14 15:13:10 -05:00
  • 6a21b5e5e2
         chore(deps): update tools to latest versions (#4365) anchore-actions-token-generator[bot] 2025-11-14 09:25:27 -05:00
  • 6480c8a425
         chore(deps): bump github/codeql-action from 4.31.2 to 4.31.3 (#4366) dependabot[bot] 2025-11-14 09:25:08 -05:00
  • 89842bd2f6
         chore: migrate syft to use mholt/archives instead of anchore fork (#4029) Kudryavcev Nikolay 2025-11-14 02:04:43 +03:00
  • 4a60c41f38
         feat: 4184 gguf parser (ai artifact cataloger) part 1 (#4279) Christopher Angelo Phillips 2025-11-13 17:43:48 -05:00
  • 2e100f33f3
         chore(deps): update tools to latest versions (#4358) anchore-actions-token-generator[bot] 2025-11-12 13:27:47 -05:00
  • b444f0c2ed
         chore(deps): bump golang.org/x/mod from 0.29.0 to 0.30.0 (#4359) dependabot[bot] 2025-11-12 13:27:33 -05:00
  • 102d362daf
         feat: CPEs format decoder (#4207) Adam Chovanec 2025-11-12 16:45:09 +01:00
  • 66c78d44af
         Document additional json schema fields (#4356) Alex Goodman 2025-11-10 16:29:06 -05:00
  • 78a4ab8ced
         chore(deps): bump github.com/olekukonko/tablewriter from 1.0.9 to 1.1.1 (#4354) dependabot[bot] 2025-11-10 13:31:15 -05:00
  • 25ca33d20e
         chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.7.0 to 6.7.1 (#4355) dependabot[bot] 2025-11-10 13:30:56 -05:00
  • 60ca241593
         chore(deps): update tools to latest versions (#4347) anchore-actions-token-generator[bot] 2025-11-07 20:56:44 +00:00
  • 0f475c8bcd
         chore(deps): bump github.com/opencontainers/selinux (#4349) dependabot[bot] 2025-11-07 15:21:35 -05:00
  • 199394934d
         preserve --from order (#4350) Alex Goodman 2025-11-07 10:17:10 -05:00
  • 8a22d394ed
         chore(deps): bump golang.org/x/time from 0.12.0 to 0.14.0 (#4348) dependabot[bot] 2025-11-07 08:48:20 -05:00
  • bbef262b8f
         feat: Add license enrichment from pypi to python packages (#4295) Tim Olshansky 2025-11-06 13:05:08 -08:00
  • 4e06a7ab32
         feat(javascript): Add dependency parsing (#4304) Tim Olshansky 2025-11-06 13:03:43 -08:00
  • e5711e9b42
         Update CPE processing to use NVD API (#4332) Alex Goodman 2025-11-06 16:02:26 -05:00
  • f69b1db099
         feat: detect elixir bin (#4334) Rez Moss 2025-11-06 16:02:02 -05:00
  • efe8905d3e
         chore: move syft forward to latest golang golang-version-bump Christopher Phillips 2025-11-06 15:56:10 -05:00
  • fe1ea443c2
         chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.9 to 6.7.0 (#4337) dependabot[bot] 2025-11-06 15:47:49 -05:00
  • bfcbf266df
         chore(deps): bump github.com/containerd/containerd from 1.7.28 to 1.7.29 (#4340) dependabot[bot] 2025-11-06 15:46:32 -05:00
  • a400c675fc
         feat: license file search (#4327) Keith Zantow 2025-11-03 14:16:05 -05:00
  • 7c154e7c37
         use official action for token generation (#4331) Alex Goodman 2025-11-03 13:08:42 -05:00
  • 4c93394bc2
         chore(deps): update anchore dependencies (#4330) v1.37.0 anchore-actions-token-generator[bot] 2025-11-03 12:44:07 -05:00
  • 3e4e82f03e
         Canonicalize Ghostscript CPE/PURL for ghostscript packages from PE Binaries (#4308) kdt523 2025-11-03 20:24:48 +05:30
  • 793b0a346f
         chore(deps): bump github/codeql-action from 4.31.1 to 4.31.2 (#4325) dependabot[bot] 2025-11-03 09:11:20 -05:00
  • a0dac519db
         chore(deps): bump github.com/hashicorp/go-getter from 1.8.2 to 1.8.3 (#4326) dependabot[bot] 2025-11-03 09:11:12 -05:00
  • 34f5e521c1
         chore(deps): bump modernc.org/sqlite from 1.39.1 to 1.40.0 (#4329) dependabot[bot] 2025-11-03 09:11:05 -05:00
  • 774b1e97b9
         chore(deps): bump github/codeql-action from 4.31.0 to 4.31.1 (#4321) dependabot[bot] 2025-10-30 13:19:57 -04:00
  • 538430d65d
         describe cataloger capabilities via test observations (#4318) Alex Goodman 2025-10-30 13:19:42 -04:00
  • 5db3a9bf55
         add workflow to create PR for spdx license list updates (#4319) Alex Goodman 2025-10-30 12:14:13 -04:00
  • efc2f0012c
         fix: go binary replace handling in path (#4156) Stepan 2025-10-29 18:59:47 +03:00
  • c5c1454848
         feat(java): Add support for .far (Feature Archive) files (#4193) kyounghoonJang 2025-10-30 00:41:27 +09:00
  • f5c765192c
         Refactor fileresolver to not require base path (#4298) Kudryavcev Nikolay 2025-10-29 17:41:18 +03:00
  • 728feea620
         ci: use apple creds before pushing tags (#4313) Will Murphy 2025-10-29 10:07:47 -04:00
  • 45fb52dca1
         chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.8 to 6.6.9 (#4315) dependabot[bot] 2025-10-29 10:06:37 -04:00
  • 45bf8b14ab
         fix: omit records with empty PURL in GitHub format (#4312) Rez Moss 2025-10-28 18:34:10 -04:00
  • 9478cd974b
         docs: update template link in README.md (#4306) Brian Muenzenmeyer 2025-10-28 10:29:07 -05:00
  • 0d9ea69a66
         Respect "rpmmod" PURL qualifier (#4314) Will Murphy 2025-10-28 09:35:11 -04:00
  • bee78c0b16
         chore(deps): bump github/codeql-action from 4.30.9 to 4.31.0 (#4310) dependabot[bot] 2025-10-27 10:43:04 -04:00
  • 88bbcbe9c6
         chore(deps): bump anchore/sbom-action from 0.20.8 to 0.20.9 (#4305) dependabot[bot] 2025-10-27 02:03:09 -04:00
  • e0680eb704
         chore(deps): update tools to latest versions (#4307) anchore-actions-token-generator[bot] 2025-10-27 02:02:47 -04:00
  • 16f851c5d9
         feat: include .rar files as Java archives for Java resource adapters (#4137) Marc 2025-10-24 17:55:02 +02:00
  • d5ca1ad543
         fix: ignore dpkg entries with "deinstall" status (#4231) Ross Kirk 2025-10-23 21:23:58 +01:00
  • 51159ce204
         chore: update tests ignore_deinstall_status Keith Zantow 2025-10-23 15:00:05 -04:00
  • 7c644ea3d1
         chore: update tests & naming conventions Keith Zantow 2025-10-23 14:14:23 -04:00
  • 8be463911c
         chore(deps): update tools to latest versions (#4302) v1.36.0 v1.35.0 anchore-actions-token-generator[bot] 2025-10-22 09:38:18 -04:00
  • 44b7b0947c
         chore(deps): bump github.com/github/go-spdx/v2 from 2.3.3 to 2.3.4 (#4301) dependabot[bot] 2025-10-21 09:34:26 -04:00
  • 675075e882
         chore(deps): bump github/codeql-action from 4.30.8 to 4.30.9 (#4299) dependabot[bot] 2025-10-20 10:08:39 -04:00
  • 31b2c4c090
         support universal (fat) mach-o binary files (#4278) JoeyShapiro 2025-10-17 12:41:59 -05:00
  • 07029ead8a
         chore(deps): bump sigstore/cosign-installer from 3.10.0 to 4.0.0 (#4296) dependabot[bot] 2025-10-17 10:22:20 -04:00
  • f4de1e863c
         chore(deps): bump anchore/sbom-action from 0.20.7 to 0.20.8 (#4297) dependabot[bot] 2025-10-17 10:22:10 -04:00
  • 538b4a2194
         convert posix path back to windows (#4285) JoeyShapiro 2025-10-17 08:29:06 -05:00
  • fc74b07369
         Remove duplicate image source providers (#4289) Kudryavcev Nikolay 2025-10-16 23:19:11 +03:00
  • 6627c5214c
         chore(deps): bump anchore/sbom-action from 0.20.6 to 0.20.7 (#4293) dependabot[bot] 2025-10-16 13:57:17 -04:00
  • c0f32e1dba
         feat: add option to fetch remote licenses for pnpm-lock.yaml files (#4286) Tim Olshansky 2025-10-16 09:23:06 -07:00
  • e923db2a94
         Add PDM parser (#4234) Pavel Buchart 2025-10-16 14:50:44 +02:00
  • 0c98a364d5
         chore(deps): update tools to latest versions (#4291) v1.34.2 anchore-actions-token-generator[bot] 2025-10-16 07:02:32 -04:00
  • 4343d04652
         fix: panic during java archive maven resolution (#4290) Keith Zantow 2025-10-16 07:00:31 -04:00
  • 065ac13ab7
         Extract zip archive with multiple entries (#4283) Kudryavcev Nikolay 2025-10-15 19:05:05 +03:00
  • e9a8bc5ab9
         chore: update to use old configuration on new cosign (#4287) v1.34.1 Christopher Angelo Phillips 2025-10-15 11:12:20 -04:00
  • 6d790ec6ec
         chore(deps): update anchore dependencies (#4282) v1.34.0 anchore-actions-token-generator[bot] 2025-10-14 22:09:17 +00:00
  • 1d5bcc553a
         chore(deps): bump github.com/mholt/archives from 0.1.3 to 0.1.5 (#4280) dependabot[bot] 2025-10-14 14:22:00 -04:00
  • d22914baf5
         add docs to configs (#4281) Alex Goodman 2025-10-14 13:58:31 -04:00
  • 760bd9a50a
         feat: Pom xml only archive parser (#4272) Doug Clarke 2025-10-13 15:59:08 -04:00
  • 2d1ada1d00
         fix: enhance setup.py parser to handle unquoted dependencies (#4255) Hala Ali 2025-10-13 15:10:42 -04:00
  • acb244e15e
         fix: lint-fix upgrade-deprecated-archiver Christopher Phillips 2025-10-13 12:17:26 -04:00
  • 3f14eb7eaf
         fix: protect against traversal in file source Christopher Phillips 2025-10-13 12:11:59 -04:00
  • 8ffe15c710
         chore(deps): bump golang.org/x/tools from 0.37.0 to 0.38.0 (#4265) dependabot[bot] 2025-10-13 11:50:59 -04:00