Pulse · anchore/syft · GitHub

8000 Pulse · anchore/syft · GitHub

More Web Proxy on the site http://driver.im/

May 7, 2025 – May 14, 2025

Overview

23 Active pull requests

17 Active issues

1 Release published by 1 person

v1.24.0
published May 14, 2025

22 Pull requests merged by 10 people

chore: update fixtures based on CI builds
#3894 merged May 14, 2025
chore: remove full-text field before it becomes breaking change
#3889 merged May 14, 2025
feat: improve dpkg cataloger license recognition for "license agreements"
#3888 merged May 14, 2025
Add cataloger for Dart pubspec
#3292 merged May 13, 2025
Detect license ID from full text when incidentally provided as a value
#3876 merged May 13, 2025
chore: update mimetype contact info
#3887 merged May 13, 2025
Add a homebrew cataloger
#3724 merged May 13, 2025
chore: fix some logging output
#3884 merged May 13, 2025
Order locations by container layer order
#3858 merged May 13, 2025
Translate Portage license strings to SPDX expressions
#1763 merged May 13, 2025
fix: stop emitting redis redis CPE for PHP PECL redis
#3881 merged May 12, 2025
feat: Add PURL list input/output format
#3853 merged May 12, 2025
chore(deps): update CPE dictionary index
#3877 merged May 12, 2025
chore(deps): update tools to latest versions
#3878 merged May 12, 2025
Do not search for main module versions within binary contents by default
#3874 merged May 9, 2025
fix: remove race when writing errors in generic cataloger
#3875 merged May 9, 2025
Clear (devel) version from go main modules
#3873 merged May 9, 2025
chore(deps): update tools to latest versions
#3871 merged May 9, 2025
chore(deps): bump actions/setup-go from 5.4.0 to 5.5.0
#3867 merged May 8, 2025
chore(deps): bump actions/setup-go from 5.4.0 to 5.5.0 in /.github/actions/bootstrap
#3868 merged May 8, 2025
Merge multiple targets for the same .NET package
#3869 merged May 8, 2025
Use package ID from decoded SBOMs when provided
#1872 merged May 8, 2025

1 Pull request opened by 1 person

feat: add support for encoding hashes in CycloneDX format
#3883 opened May 13, 2025

11 Issues closed by 4 people

feat: dpkg license improvement for non SPDX licenses
#3090 closed May 14, 2025
Detect whether full license text or a license name has been provided
#3088 8000 closed May 13, 2025
Add Cataloger for Homebrew on macOS
#3632 closed May 13, 2025
Provide a way to get the LayerID the package was first found in
#435 closed May 13, 2025
CycloneDX group field not symmetrically handled by encoder/decoders
#2981 closed May 12, 2025
Syft does not return the actual error message from Cosign when attestation with a private key fails
#1527 closed May 12, 2025
Security scans
#3810 closed May 12, 2025
Syft 1.23.1 shows version (devel) for grafana 12.0.0
#3864 closed May 9, 2025
Syft crash [signal SIGSEGV: segmentation violation code=0x80 addr=0x0 pc=0x123a0da]
#3872 closed May 9, 2025
Go binaries that currently get `(devel)` as the version should instead stub `UNKNOWN` based on the compliance policy
#3324 closed May 9, 2025
.NET cataloger does not always pair up PE binaries and deps.json packages, resulting in duplicate packages on some runs
#3866 closed May 8, 2025

6 Issues opened by 6 people

Azul JDK classified as Oracle JRE
#3893 opened May 14, 2025
syft convert: users should be able to selectively filter an SBOM on conversion
#3892 opened May 14, 2025
syft 1.24.0 debug container - wget fails TLS
#3891 opened May 14, 2025
Support scanning a list of CPEs
#3890 opened May 13, 2025
Ownership and automation and of external published repos in release process
#3885 opened May 13, 2025
Syft generates wrong externalReferences.url
#3882 opened May 13, 2025

16 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

feat:parse golang test binaries and resolve deps
#3854 commented on May 14, 2025 • 5 new comments
fix: [WIP]introduce Component Type Unknown in Cyclone DX for better conversion
#3833 commented on May 13, 2025 • 2 new comments
feat: add parsing for uv.lock
#3763 commented on May 9, 2025 • 1 new comment
package.json authors keyword parsing
#2250 commented on May 8, 2025 • 0 new comments
Add support for GraalVM and OracleJDK in parse_jvm_release
#3762 commented on May 9, 2025 • 0 new comments
Duplicate OpenSSL detection as both deb and binary
#3481 commented on May 9, 2025 • 0 new comments
Bubble coordinate errors from stereoscope
#3415 commented on May 13, 2025 • 0 new comments
Unable to extract licenses for some NPM packages
#2611 commented on May 14, 2025 • 0 new comments
Support CycloneDX evidence for file locations
#3880 commented on May 14, 2025 • 0 new comments
Syft incorrectly reports multiple APKs as parents of symlinked files
#3847 commented on May 14, 2025 • 0 new comments
Read version resources from non-.NET DLLs and executables
#3842 commented on May 14, 2025 • 0 new comments
Add PHP interpreter + extensions cataloger
#2585 commented on May 14, 2025 • 0 new comments
feat: expose rpm signature information
#3179 commented on May 12, 2025 • 0 new comments
chore: move cache to external library, add API-level configuration
#3248 commented on May 12, 2025 • 0 new comments
fix: Make Native Image contains no embedded SBOM Error Discoverable
#3805 commented on May 14, 2025 • 0 new comments
fix: indicate upstream packages for sbom cataloger
#3849 commented on May 14, 2025 • 0 new comments

0