oss/syft

mirror of https://github.com/anchore/syft.git synced 2026-02-12 10:36:45 +01:00

History

* migrate to binny and taskfile

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* update binny to not require github token

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* added support for automatically building snapshots

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* detect source changes for snapshot builds

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fail workflow explicitly when snapshot cache restoral fails

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* match snapshot restoral paths

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

2023-10-25 09:08:43 -04:00

.gitignore

add cyclone-json output format (#635 )

2021-12-03 17:06:23 -08:00

cyclonedx.json

Update cyclonedx to v1.4 (#820 )

2022-03-08 12:09:55 -05:00

cyclonedx.xsd

Update cyclonedx to v1.4 (#820 )

2022-03-08 12:09:55 -05:00

Makefile

Upgrade tool management (#2188 )

2023-10-25 09:08:43 -04:00

README.md

feat: add cyclonedx schema version selection (#2123 )

2023-09-13 14:50:22 -04:00

spdx.xsd

Update cyclonedx to v1.4 (#820 )

2022-03-08 12:09:55 -05:00

README.md

CycloneDX Schemas

syft generates a CycloneDX Bom output. We want to be able to validate the CycloneDX schemas (and dependent schemas) against generated syft output. The best way to do this is with xmllint, however, this tool does not know how to deal with references from HTTP, only the local filesystem. For this reason we've included a copy of all schemas needed to validate syft output, modified to reference local copies of dependent schemas.