syft
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
APACHE-2.0 License
Bot releases are hidden (Show)
Published by anchoreops over 2 years ago
Changelog
v0.39.3 (2022-02-26)
Added Features
- Allow for CPE strings that can later be sanitized [PR #844] [wagoodman]
- Ability to sign or attest the generated SBOM [Issue #510]
Bug Fixes
- Resolve symlinks when fetching file contents [PR #782] [wagoodman]
- Add exception for handlebars java package to generate nodejs CPE [PR #837] [wagoodman]
- Do not generate empty CPEs for non-compliant CPE fields [PR #850] [spiffcs]
- unable to catalog dpkg package=/var/lib/dpkg/status [Issue #733]
- Deduplicate docker image manifests [Issue #825]
- scan crash with panic: runtime error: index out of range [1] with length 1 when parsing invalid formatted requirements.txt file [Issue #831]
Published by anchoreops over 2 years ago
Changelog
v0.38.0 (2022-02-15)
Added Features
- Upgrade golang to 1.17 [PR #809] [spiffcs]
- Add pURL generation for java packages + fix NPM pURL generation [PR #812] [wagoodman]
Bug Fixes
- use SYFT_LOG_FILE env var [PR #805] [jonasagx]
- Syft stuck on some images (also affecting grype) [Issue #764]
- Missing the metadata field for Kubernetes pod usage [Issue #787]
Published by anchoreops over 2 years ago
Changelog
v0.37.10 (2022-02-08)
Added Features
- Add distro information to package URLs for OS packages [PR #754] [wagoodman]
- Encode upstream qualifier on OS package pURLs [PR #769] [wagoodman]
- Extract language and package type from pURLs on SBOM decode [PR #777] [wagoodman]
- Update SPDX license list to 3.16 [PR #801] [kzantow]
- Extend CycloneDX presenters with syft-specific values [Issue #154]
- Extend CycloneDX presenter with dependency graph [Issue #155]
Published by anchoreops over 2 years ago
Changelog
v0.36.0 (2022-01-19)
Added Features
- Add additional PHP metadata [PR #753] [wagoodman]
- Remove strong distro type [Issue #342]
- Support more java artifact extensions [Issue #728]
- Upgrade CycloneDX Output [Issue #710]
- Make syft JSON metadataType and metadata fields optional [PR #752]
Bug Fixes
- Missing checksums for other than Linux in 0.35.0 release [Issue #739]
- Add support for "file" source type in syftjson unmarshaling [PR #750]
Docker images
docker pull anchore/syft:v0.36.0
Published by anchoreops almost 3 years ago
Changelog
v0.35.0 (2022-01-07)
Added Features
- support .par for java ecosystems [PR #727] [westonsteimel]
- Add support for searching for jars within archives [PR #734] [wagoodman]
- Add lpkg as java package format [Issue #682]
- Add alias for --version flag [Issue #700]
- Support generating multiple BOM files in different formats within a run [Issue #325]
Bug Fixes
- Failed to parse CPE - unbind formatted string [Issue #426]
- Unable to catalog .jar files on Windows [Issue #683]
- Generating invalid CPEs for debs and rpms with epochs [Issue #712]
Docker images
docker pull anchore/syft:v0.35.0
Published by anchoreops almost 3 years ago
Changelog
v0.34.0 (2021-12-22)
Added Features
- Exclude path option [Issue #221]
- Syft verbose log version [Issue #664]
- pip should support vcs url [Issue #679]
Bug Fixes
- Misleading error message when oci-archive scheme used on non-OCI archives [Issue #701]
Published by anchoreops almost 3 years ago
Changelog
v0.33.0 (2021-12-16)
Bug Fixes
- Cataloging large images is taking too long [Issue #688]
Docker images
docker pull anchore/syft:v0.33.0
Published by anchoreops almost 3 years ago
Changelog
v0.32.2 (2021-12-14)
Bug Fixes
- Handle extra empty lines in Java manifest parsing [PR #687] [luhring]
- Installation via install.sh on Mac M1 is not working [Issue #684]
- Prefer warning over erroring out when parsing java manifests [PR #688] [wagoodman]
Docker images
docker pull anchore/syft:v0.32.2
Published by anchoreops almost 3 years ago
Changelog
v0.32.1 (2021-12-14)
Bug Fixes
- Missing versions for java packages [Issue #666]
- Hang when encountering symlink (in /run/udev/) to a character device (in /dev/) [Issue #665]
- Indexing should ignore non-regular files [Issue #615]
Docker images
docker pull anchore/syft:v0.32.1
Published by anchoreops almost 3 years ago
Changelog
v0.32.0 (2021-12-08)
Added Features
- Add cataloging of macho multi-architecture binaries [PR #657] [wagoodman]
- Swap cycloneDX lib for an official lib [Issue #535]
- Add an output type for CycloneDX JSON format [Issue #631]
- Adding AlmaLinux OS Support [PR #652 ] [srbala]
Bug Fixes
Docker images
docker pull anchore/syft:v0.32.0
Published by anchoreops almost 3 years ago
Changelog
v0.31.0 (2021-12-03)
Added Features
- Catalog archive contents for single-file input [PR #637] [wagoodman]
- Promote cataloging task pattern [Issue #554]
- Prefer artifact relationships over package relationships [Issue #556]
- Media type for Syft SBoM JSON format [Issue #612]
- Support for PHP/composer installed.json files [Issue #642]
Bug Fixes
- SPDX2.2 JSON format should not use UUID random [Issue #622]
Docker images
docker pull anchore/syft:v0.31.0
Published by anchoreops almost 3 years ago
Changelog
v0.30.1 (2021-11-15)
Added Features
- support external registry configuration [Issue #502]
- Allow cataloging from a single file [Issue #541]
Bug Fixes
- Analysis of "docker" image fails [Issue #287]
- Indexing blocked on named pipe [Issue #568]
- Syft indexing should ignore non-regular files [Issue #615]
- Go module with AllLayers only giving RealPath information [Issue #619]
Docker images
docker pull anchore/syft:v0.30.1
Published by anchoreops almost 3 years ago
Changelog
v0.29.0 (2021-10-31)
Added Features
- Stabilize package identifier based on contents [Issue #363]
- Unhide auto-completion command [Issue #594]
Docker images
docker pull anchore/syft:v0.29.0
Published by anchoreops almost 3 years ago
Changelog
v0.28.0 (2021-10-28)
Added Features
- Replace changelog generator in release process [Issue #575]
- add auto-completion [Issue #594]
- add arm64 support for new version[Issue #597]
Docker images
docker pull anchore/syft:v0.28.0
Published by anchoreops almost 3 years ago
Changelog
v0.27.0 (2021-10-21)
Added Features
- Windows support [Issue #380]
Docker images
docker pull anchore/syft:v0.27.0docker pull anchore/syft:v0docker pull anchore/syft:v0.27
Published by anchoreops about 3 years ago
Changelog
v0.26.0 (2021-10-15)
Implemented enhancements:
Fixed bugs:
- Remove go and rust catalogers from image cataloger set #464
* This Changelog was automatically generated by github_changelog_generator
Docker images
docker pull anchore/syft:v0.26.0docker pull anchore/syft:v0docker pull anchore/syft:v0.26
Published by anchoreops about 3 years ago
Changelog
v0.25.0 (2021-10-07)
Implemented enhancements:
- Catalog Go modules used in Go binaries #434 (wagoodman) (spiffcs)
- Add option to output SBOM report to a file #530 (wagoodman)
- Extend license mapping for common SPDX license names #509 (spiffcs)
Fixed bugs:
- SPDX output is not consistently sorted #522 (spiffcs)
- Missing/incorrect SPDX fields: DocumentName, DocumentNamespace #528 (spiffcs)
- Allow file digests instances to be optional for alpine metadata #531 (wagoodman)
- Stable sort package CPE array (JSON and SPDX) #522 (spiffcs)
- Remove go and rust catalogers from image cataloger set #539 (spiffcs)
* This Changelog was automatically generated by github_changelog_generator
Docker images
docker pull anchore/syft:v0.25.0docker pull anchore/syft:v0docker pull anchore/syft:v0.25
Published by anchoreops about 3 years ago
Changelog
v0.24.1 (2021-09-27)
Fixed bugs:
* This Changelog was automatically generated by github_changelog_generator
Docker images
docker pull anchore/syft:v0.24.1docker pull anchore/syft:v0docker pull anchore/syft:v0.24
Published by anchoreops about 3 years ago
Changelog
v0.24.0 (2021-09-23)
Implemented enhancements:
Fixed bugs:
- Filter out CPE product candidates that are asterisks #513 (wagoodman)
- lower log file permissions to 0644 #511 (spiffcs)
* This Changelog was automatically generated by github_changelog_generator
Docker images
docker pull anchore/syft:v0.24.0docker pull anchore/syft:v0docker pull anchore/syft:v0.24