syft
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
APACHE-2.0 License
Bot releases are visible (Hide)
Published by anchoreops over 2 years ago
Changelog
v0.44.0 (2022-04-12)
Added Features
- Detect Java Namespaces/Group IDs by hash [Issue #887]
- Add additional Vendors for Springframework [PR #947 ]
Published by anchoreops over 2 years ago
Changelog
v0.43.2 (2022-04-06)
Bug Fixes
- Pulls from private DockerHub repo fails with 0.43.0 when working with 0.42.4 [Issue #936]
Published by anchoreops over 2 years ago
Changelog
v0.43.0 (2022-03-31)
Added Features
- Add dart support [PR #919] [ericlarssen-wf]
- Add list of supported package managers or catalogers to the README for simpler reference [Issue #913]
Bug Fixes
- Pull from DockerHub fails for public images when using SSO [PR #928] [wagoodman]
- Panic in DirectoryResolver indexPath due to null info parameter [Issue #872]
Published by anchoreops over 2 years ago
Changelog
v0.42.0 (2022-03-17)
Added Features
- Capture additional go 1.18 based binary information [Issue #718] [jonasagx]
Bug Fixes
Published by anchoreops over 2 years ago
Published by anchoreops over 2 years ago
Changelog
v0.41.4 (2022-03-11)
Added Features
- Support Yarn v3 [PR #868] [cipher-ardvark]
- Update to CycloneDX 1.4 [Issue #744] [samj1912]
Bug Fixes
Published by anchoreops over 2 years ago
Changelog
v0.40.0 (2022-03-02)
Added Features
- Add support for multiple CPEs in CycloneDX [Issue #818]
- Use syft property namespace in CycloneDX [Issue #842]
Bug Fixes
- Wrong digest used for in-toto statement subject when using Docker daemon source [Issue #855]
Published by anchoreops over 2 years ago
Changelog
v0.39.3 (2022-02-26)
Added Features
- Allow for CPE strings that can later be sanitized [PR #844] [wagoodman]
- Ability to sign or attest the generated SBOM [Issue #510]
Bug Fixes
- Resolve symlinks when fetching file contents [PR #782] [wagoodman]
- Add exception for handlebars java package to generate nodejs CPE [PR #837] [wagoodman]
- Do not generate empty CPEs for non-compliant CPE fields [PR #850] [spiffcs]
- unable to catalog dpkg package=/var/lib/dpkg/status [Issue #733]
- Deduplicate docker image manifests [Issue #825]
- scan crash with panic: runtime error: index out of range [1] with length 1 when parsing invalid formatted requirements.txt file [Issue #831]
Published by anchoreops over 2 years ago
Changelog
v0.38.0 (2022-02-15)
Added Features
- Upgrade golang to 1.17 [PR #809] [spiffcs]
- Add pURL generation for java packages + fix NPM pURL generation [PR #812] [wagoodman]
Bug Fixes
- use SYFT_LOG_FILE env var [PR #805] [jonasagx]
- Syft stuck on some images (also affecting grype) [Issue #764]
- Missing the metadata field for Kubernetes pod usage [Issue #787]
Published by anchoreops over 2 years ago
Changelog
v0.37.10 (2022-02-08)
Added Features
- Add distro information to package URLs for OS packages [PR #754] [wagoodman]
- Encode upstream qualifier on OS package pURLs [PR #769] [wagoodman]
- Extract language and package type from pURLs on SBOM decode [PR #777] [wagoodman]
- Update SPDX license list to 3.16 [PR #801] [kzantow]
- Extend CycloneDX presenters with syft-specific values [Issue #154]
- Extend CycloneDX presenter with dependency graph [Issue #155]
Published by anchoreops over 2 years ago
Changelog
v0.36.0 (2022-01-19)
Added Features
- Add additional PHP metadata [PR #753] [wagoodman]
- Remove strong distro type [Issue #342]
- Support more java artifact extensions [Issue #728]
- Upgrade CycloneDX Output [Issue #710]
- Make syft JSON metadataType and metadata fields optional [PR #752]
Bug Fixes
- Missing checksums for other than Linux in 0.35.0 release [Issue #739]
- Add support for "file" source type in syftjson unmarshaling [PR #750]
Docker images
docker pull anchore/syft:v0.36.0