oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-21 10:23:18 +01:00
Code Issues Packages Projects Releases Wiki Activity
syft/syft/pkg/cataloger/common/cpe
History
Christopher Angelo Phillips ee121cff21
feat: 1944 - update purl generation to use a consistent groupID (#2033) 
Separate the logic for CPE and PURL generation. 

PURL generation needs a single answer for groupID based on a priority of discovering the field. 
CPE generation still uses multiple potential groupID to populate the candidate cpe.

Improve GroupID detection. 

Currently syft does not use any hierarchy for GroupID detection and treats all sources as equal. 
It treats fields from the manifest file with priority. This change adds a hierarchy to the fields and returns a single answer based on that hierarchy.
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
2023-08-22 10:47:07 -04:00
..
dictionary
chore(deps): update CPE dictionary index (#2043)
2023-08-21 09:33:41 -04:00
apk_test.go
fix: remove APK OriginPackage cpe candidates (#1637)
2023-03-01 17:24:43 +00:00
apk.go
fix: remove APK OriginPackage cpe candidates (#1637)
2023-03-01 17:24:43 +00:00
candidate_by_package_type_test.go
fix: add manual vendor/product removal to fix false flags (#1070)
2022-12-08 09:57:42 -05:00
candidate_by_package_type.go
Fix CPE gen for k8s python client (#1921)
2023-07-10 15:54:19 +00:00
field_candidate_filter.go
Prevent invalid CPE field values (#514)
2021-09-24 09:23:58 -04:00
field_candidate_test.go
Add vendor + product known good CPE field values (#517)
2021-09-27 18:31:59 -04:00
field_candidate.go
Add vendor + product known good CPE field values (#517)
2021-09-27 18:31:59 -04:00
filter_test.go
chore: refactor basic CPE functionality to its own package (#1436)
2023-01-04 11:26:28 -05:00
filter.go
chore: refactor basic CPE functionality to its own package (#1436)
2023-01-04 11:26:28 -05:00
generate_test.go
add metadata types to all cpe test fixtures (#1982)
2023-07-31 16:35:09 -04:00
generate.go
Introduce indexed embedded CPE dictionary (#1897)
2023-07-21 13:54:19 +00:00
go_test.go
Longer CPEs for golang modules to avoid false positives (#1006)
2022-05-23 10:39:34 -07:00
go.go
Longer CPEs for golang modules to avoid false positives (#1006)
2022-05-23 10:39:34 -07:00
java_groupid_map.go
feat: 1944 - update purl generation to use a consistent groupID (#2033)
2023-08-22 10:47:07 -04:00
java_test.go
feat: use java package names to determine known groupids (#2032)
2023-08-17 12:55:25 -04:00
java.go
feat: 1944 - update purl generation to use a consistent groupID (#2033)
2023-08-22 10:47:07 -04:00
javascript.go
fix: remove author contributing to javascript CPEs (#1669)
2023-03-14 14:10:24 +00:00
python.go
fix: improve CPE and upstream generation logic for Alpine packages (#1567)
2023-02-13 17:23:13 +00:00
rpm.go
Add RPM file scanning support (#1188)
2022-09-07 14:16:30 -04:00
ruby.go
feat: disable cpe vendor wildcards to reduce false positives (#1647)
2023-03-03 17:26:46 +00:00
utils_test.go
Modify CPE vendor candidate generation approach (#484)
2021-09-03 14:21:25 -04:00
utils.go
Modify CPE vendor candidate generation approach (#484)
2021-09-03 14:21:25 -04:00
vendors_from_url_test.go
feat: disable cpe vendor wildcards to reduce false positives (#1647)
2023-03-03 17:26:46 +00:00
vendors_from_url.go
feat: disable cpe vendor wildcards to reduce false positives (#1647)
2023-03-03 17:26:46 +00:00