Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add support for new Copyrights and schema updates #2

Open
wants to merge 12 commits into
base: main
Choose a base branch
from
Open

feat: Add support for new Copyrights and schema updates #2

wants to merge 12 commits into from

Conversation

dor-hayun
Copy link
Owner

@dor-hayun dor-hayun commented Aug 27, 2024
edited
Loading

JSON Schema

  • Added: New JSON schema version 16.0.16 with support for the new Copyrights.
  • Modified: Updated the JSONSchemaVersion parameter to use the new schema.

Package Structs

  • Added: New Copyrights field to the Package and PackageBasicData structs, similar to the existing Licenses field.
  • Added: New Copyright struct.
  • Implemented: Sorting methods for the Copyright struct.

toPackages Function

  • Changed: Updated the PackageCopyrightText to use helpers.GetCopyrights(p.Copyrights), which formats the copyright text and returns a string. Example output: "Copyright 2014-2014 Matt Zabriskie & Collaborators".

toSyftPackage Function

  • Added: Copyrights assignment to the toSyftPackage function.

Signed-off-by: dor-hayun dor.hayun@mend.io

@dor-hayun dor-hayun force-pushed the support-copyrights branch 2 times, most recently from 18aea9c to 1a60f72 Compare August 27, 2024 10:33
@dor-hayun dor-hayun force-pushed the support-copyrights branch 3 times, most recently from c0d17ac to b003b36 Compare August 27, 2024 11:38
westonsteimel and others added 2 commits August 27, 2024 14:03
@westonsteimel
fix: use official CPE for curl binary cataloger (anchore#3164)
99be365 
The official CPE for curl is `cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*`

Signed-off-by: Weston Steimel <commits@weston.slmail.me>
@wagoodman
set cataloger names within package cataloger task (anchore#3165)
4ee6c17 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
@dor-hayun dor-hayun force-pushed the support-copyrights branch 2 times, most recently from 80c2386 to 9043e0c Compare August 27, 2024 14:07
@wagoodman
respond to authoratative CPEs from catalogers (anchore#3166)
e9a8c27 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
@westonsteimel
fix: improve known CPEs and set NVD as source for all current binary …
5ab43ba 
…classifiers (anchore#3167)

Signed-off-by: Weston Steimel <commits@weston.slmail.me>
@dor-hayun dor-hayun force-pushed the support-copyrights branch 5 times, most recently from 43aeb7a to 1e121e8 Compare August 28, 2024 12:20
@dor-hayun dor-hayun force-pushed the support-copyrights branch 2 times, most recently from b113b35 to 052f526 Compare August 28, 2024 12:57
@dor-hayun dor-hayun force-pushed the support-copyrights branch 2 times, most recently from d27e313 to abf35cc Compare August 28, 2024 13:41
tomersein and others added 6 commits August 28, 2024 11:04
@tomersein
fix: add log time of task (anchore#3105)
04e3371 
Signed-off-by: tomersein <tomersein@gmail.com>
@westonsteimel
fix: improve generated cpes for binaries with existing classifiers (a…
2c25f81 
…nchore#3169)

The existing syft binary classifiers already specify any known CPEs for
the defined binary; however, sometimes these end up getting suppressed
(such as when there are ELF notes extracted) and the CPE generator ends
up being used instead.  This adds enough detail to at least ensure the
correct ones get appended to the generation list for the currently
covered classifiers.

Signed-off-by: Weston Steimel <commits@weston.slmail.me>
@kzantow
fix: cycles resolving relative path parent poms with parent-defined v…
11d77b4 
…ariables (anchore#3170)

Signed-off-by: Keith Zantow <kzantow@gmail.com>
@dependabot
chore(deps): bump github/codeql-action from 3.26.5 to 3.26.6 (anchore…
19d2735 
…#3173)
@dependabot
chore(deps): bump github.com/charmbracelet/bubbletea (anchore#3171)
3499d92
@dependabot
chore(deps): bump github.com/docker/docker (anchore#3168)
731fc77
feat: Add support for new Copyrights and schema updates
b75dd28 
- **Added**: New JSON schema version `16.0.16` with support for the new `Copyrights`.
- **Modified**: Updated the `JSONSchemaVersion` parameter to use the new schema.

- **Added**: New `Copyrights` field to the `Package` and `PackageBasicData` structs, similar to the existing `Licenses` field.
- **Added**: New `Copyright` struct.
- **Implemented**: Sorting methods for the `Copyright` struct.

- **Changed**: Updated the `PackageCopyrightText` to use `helpers.GetCopyrights(p.Copyrights)`, which formats the copyright text and returns a string. Example output: "Copyright 2014-2014 Matt Zabriskie & Collaborators".

- **Added**: `Copyrights` assignment to the `toSyftPackage` function.

Signed-off-by: dor-hayun <dor.hayun@mend.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
json-schema
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@dor-hayun @westonsteimel @wagoodman @tomersein @kzantow @NyanKiyoshi