Pulse · anchore/syft · GitHub

8000 Pulse · anchore/syft · GitHub

More Web Proxy on the site http://driver.im/

April 14, 2025 – May 14, 2025

Overview

77 Active pull requests

33 Active issues

3 Releases published by 1 person

v1.23.0
published Apr 24, 2025
v1.23.1
published Apr 25, 2025
v1.24.0
published May 14, 2025

72 Pull requests merged by 19 people

chore: update fixtures based on CI builds
#3894 merged May 14, 2025
chore: remove full-text field before it becomes breaking change
#3889 merged May 14, 2025
feat: improve dpkg cataloger license recognition for "license agreements"
#3888 merged May 14, 2025
Add cataloger for Dart pubspec
#3292 merged May 13, 2025
Detect license ID from full text when incidentally provided as a value
#3876 merged May 13, 2025
chore: update mimetype contact info
#3887 merged May 13, 2025
Add a homebrew cataloger
#3724 merged May 13, 2025
chore: fix some logging output
#3884 merged May 13, 2025
Order locations by container layer order
#3858 merged May 13, 2025
Translate Portage license strings to SPDX expressions
#1763 merged May 13, 2025
fix: stop emitting redis redis CPE for PHP PECL redis
#3881 merged May 12, 2025
feat: Add PURL list input/output format
#3853 merged May 12, 2025
chore(deps): update CPE dictionary index
#3877 merged May 12, 2025
chore(deps): update tools to latest versions
#3878 merged May 12, 2025
Do not search for main module versions within binary contents by default
#3874 merged May 9, 2025
fix: remove race when writing errors in generic cataloger
#3875 merged May 9, 2025
Clear (devel) version from go main modules
#3873 merged May 9, 2025
chore(deps): update tools to latest versions
#3871 merged May 9, 2025
chore(deps): bump actions/setup-go from 5.4.0 to 5.5.0
#3867 merged May 8, 2025
chore(deps): bump actions/setup-go from 5.4.0 to 5.5.0 in /.github/actions/bootstrap
#3868 merged May 8, 2025
Merge multiple targets for the same .NET package
#3869 merged May 8, 2025
Use package ID from decoded SBOMs when provided
#1872 merged May 8, 2025
Upgrade base docker image
#3862 merged May 7, 2025
chore(deps): bump github.com/github/go-spdx/v2 from 2.3.2 to 2.3.3
#3863 merged May 7, 2025
chore(deps): bump golang.org/x/net from 0.39.0 to 0.40.0
#3859 merged May 6, 2025
chore: update license sort to be stable with contents field
#3860 merged May 6, 2025
Annotate visible/hidden paths when all-layers scope
#3855 merged May 6, 2025
fix: use "contents" field and remove "fullText" license field
#3857 merged May 5, 2025
Add deep-squashed that shows all layers where a package exists
#3138 merged May 5, 2025
Propagate error in FileSourceProvider instead of warn log
#3845 merged May 5, 2025
Improve support for cataloging nix package relationships
#3837 merged May 5, 2025
chore(deps): update tools to latest versions
#3848 merged May 5, 2025
chore(deps): update CPE dictionary index
#3851 merged May 5, 2025
chore: update rust test fixtures to latest
#3852 merged May 5, 2025
chore(deps): bump github/codeql-action from 3.28.16 to 3.28.17
#3846 merged May 5, 2025
Do not use hashes for SPDX license names/expressions
#3844 merged May 2, 2025
Detect when full license text has been provided and preserve as separate field
#3450 merged May 1, 2025
chore(deps): bump github.com/Masterminds/semver/v3 from 3.3.0 to 3.3.1
#3843 merged May 1, 2025
chore(deps): update tools to latest versions
#3841 merged May 1, 2025
Update github.com/Masterminds/semver to v3
#3836 merged Apr 30, 2025
Add support for PHP Pear
#2775 merged Apr 30, 2025
fix: Improve detection of erlang binary in alpine Linux
#3839 merged Apr 30, 2025
fix:Resolve ancestral symlinks correctly
#3783 merged Apr 30, 2025
chore(deps): update CPE dictionary index
#3834 merged Apr 30, 2025
chore(deps): update tools to latest versions
#3835 merged Apr 30, 2025
chore(deps): bump github.com/charmbracelet/bubbletea from 1.3.4 to 1.3.5
#3838 merged Apr 30, 2025
fix the fluent-bit regex detection pattern
#3817 merged Apr 25, 2025
chore(deps): bump anchore/sbom-action from 0.18.0 to 0.19.0
#3832 merged Apr 25, 2025
chore(deps): update tools to latest versions
#3830 merged Apr 25, 2025
Resolve owned file paths when searching for overlaps
#3828 merged Apr 24, 2025
chore(deps): update anchore dependencies
#3827 merged Apr 24, 2025
fix: Make the fileresolver Support Prefix Match of Files
#3820 merged Apr 24, 2025
Add support for detecting javascript assets in .NET projects using libman
#3825 merged Apr 24, 2025
chore(deps): update tools to latest versions
#3823 merged Apr 24, 2025
feat: Support skipping archive extraction with file source
#3795 merged Apr 24, 2025
Consider DLL claims for dependencies of .NET packages from deps.json
#3822 merged Apr 24, 2025
.NET cataloger should consider compile target paths from deps.json
#3821 merged Apr 24, 2025
Perf: Skip license scanner injection
#3796 merged Apr 23, 2025
chore(deps): bump sigstore/cosign-installer from 3.8.1 to 3.8.2
#3818 merged Apr 23, 2025
chore(deps): bump github/codeql-action from 3.28.15 to 3.28.16
#3819 merged Apr 23, 2025
chore(deps): update tools to latest versions
#3815 merged Apr 22, 2025
docs: document test commands
#3816 merged Apr 22, 2025
Support detection of Chrome binaries
#3136 merged Apr 21, 2025
fix:allow golang tip image detection regex pattern
#3757 merged Apr 21, 2025
fix: Use module name over relative paths in go.mod replace directives
#3812 merged Apr 21, 2025
fix: Delete collection name/type key entries when empty
#3797 merged Apr 21, 2025
chore(deps): update CPE dictionary index
#3813 merged Apr 21, 2025
chore(deps): update tools to latest versions
#3806 merged Apr 17, 2025
chore(deps): bump github.com/go-git/go-git/v5 from 5.15.0 to 5.16.0
#3807 merged Apr 17, 2025
fix: comma separated selectors in cataloger list command
#3804 merged Apr 16, 2025
chore(deps): bump github.com/anchore/stereoscope from 0.1.2 to 0.1.3
#3803 merged Apr 15, 2025
Fix: Correct variable names for Conan lock parsing version handling
#3802 merged Apr 15, 2025

5 Pull requests opened by 3 people

fix: Make Native Image contains no embedded SBOM Error Discoverable
#3805 opened Apr 16, 2025
fix: [WIP]introduce Component Type Unknown in Cyclone DX for better conversion
#3833 opened Apr 27, 2025
fix: indicate upstream packages for sbom cataloger
#3849 opened May 4, 2025
feat:parse golang test binaries and resolve deps
#3854 opened May 5, 2025
feat: add support for encoding hashes in CycloneDX format
#3883 opened May 13, 2025

23 Issues closed by 4 people

feat: dpkg license improvement for non SPDX licenses
#3090 closed May 14, 2025
Detect whether full license text or a license name has been provided
#3088 closed May 13, 2025
Add Cataloger for Homebrew on macOS
#3632 closed May 13, 2025
Provide a way to get the LayerID the package was first found in
#435 closed May 13, 2025
CycloneDX group field not symmetrically handled by encoder/decoders
#2981 closed May 12, 2025
Syft does not return the actual error message from Cosign when attestation with a private key fails
#1527 closed May 12, 2025
Security scans
#3810 closed May 12, 2025
Syft 1.23.1 shows version (devel) for grafana 12.0.0
#3864 closed May 9, 2025
Syft crash [signal SIGSEGV: segmentation violation code=0x80 addr=0x0 pc=0x123a0da]
#3872 closed May 9, 2025
Go binaries that currently get `(devel)` as the version should instead stub `UNKNOWN` based on the compliance policy
#3324 closed May 9, 2025
.NET cataloger does not always pair up PE binaries and deps.json packages, resulting in duplicate packages on some runs
#3866 closed May 8, 2025
Upgrade base Docker image to gcr.io/distroless/static-debian12
#3840 closed May 7, 2025
Propagate error in FileSourceProvider instead of warn log
#3831 closed May 5, 2025
Detect nix dependencies
#3814 closed May 5, 2025
Return full license string instead of SHA256 hash when license string exceeds 64 characters.
#3780 closed May 2, 2025
Update github.com/Masterminds/semver package
#3829 closed Apr 30, 2025
go-module-file-cataloger fails if symlinks in path
#3614 closed Apr 30, 2025
Support fluent-bit some versions of arm/s390x images
#3793 closed Apr 25, 2025
Dpkg are not detected when scanning a directory
#3726 closed Apr 24, 2025
failing to run tests on a local fork due to .fingerprint file
#3809 closed Apr 22, 2025
Support chrome binary detection
#3174 closed Apr 21, 2025
Support golang tip image
#3681 closed Apr 21, 2025
syft cataloger list should flatten options
#3801 closed Apr 16, 2025

10 Issues opened by 8 people

Azul JDK classified as Oracle JRE
#3893 opened May 14, 2025
syft convert: users should be able to selectively filter an SBOM on conversion
#3892 opened May 14, 2025
syft 1.24.0 debug container - wget fails TLS
#3891 opened May 14, 2025
Support scanning a list of CPEs
#3890 opened May 13, 2025
Ownership and automation and of external published repos in release process
#3885 opened May 13, 2025
Syft generates wrong externalReferences.url
#3882 opened May 13, 2025
Syft incorrectly reports multiple APKs as parents of symlinked files
#3847 opened May 2, 2025
Read version resources from non-.NET DLLs and executables
#3842 opened May 1, 2025
Support for Canonical's "Chiseled Containers"
#3824 opened Apr 24, 2025
Add native support for flatpak packages
#3811 opened Apr 19, 2025

18 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

feat: add parsing for uv.lock
#3763 commented on May 9, 2025 • 1 new comment
feat: add support for user to flag root package supplier and package supplier inheritance
#3646 commented on May 2, 2025 • 1 new comment
chore: move cache to external library, add API-level configuration
#3248 commented on May 12, 2025 • 0 new comments
feat: expose rpm signature information
#3179 commented on May 12, 2025 • 0 new comments
Add PHP interpreter + extensions cataloger
#2585 commented on May 14, 2025 • 0 new comments
Support CycloneDX evidence for file locations
#3880 commented on May 14, 2025 • 0 new comments
Unable to extract licenses for some NPM packages
#2611 commented on May 14, 2025 • 0 new comments
Bubble coordinate errors from stereoscope
#3415 commented on May 13, 2025 • 0 new comments
Duplicate OpenSSL detection as both deb and binary
#3481 commented on May 9, 2025 • 0 new comments
Add support for GraalVM and OracleJDK in parse_jvm_release
#3762 commented on May 9, 2025 • 0 new comments
package.json authors keyword parsing
#2250 commented on May 8, 2025 • 0 new comments
purl is not deterministic in java-archive cataloger
#3521 commented on May 6, 2025 • 0 new comments
Add property to indicate whether a component is visible in a squashed image for an all-layer scan
#1818 commented on May 43B7 5, 2025 • 0 new comments
syft convert cycloneDx Metadata is lost after reconvert
#3575 commented on Apr 27, 2025 • 0 new comments
Support embedding file hashes directly within components in CycloneDX-JSON SBOM output
#3781 commented on Apr 24, 2025 • 0 new comments
out of memory exception when scanning images (here: fedora-bootc family)
#3800 commented on Apr 24, 2025 • 0 new comments
Add support for package dependency relationships
#572 commented on Apr 21, 2025 • 0 new comments
add native support for snap packages
#1088 commented on Apr 19, 2025 • 0 new comments

0