Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue #1227 - Get licenses for NuGet packages #3329

Open
wants to merge 62 commits into
base: main
Choose a base branch
from
Open

Issue #1227 - Get licenses for NuGet packages #3329

wants to merge 62 commits into from
+1,385 −26

Commits on Oct 15, 2024

  1. - Add new DotNet- / Nuget-Cataloger-Configuration. 

    Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 15, 2024
    Configuration menu
    Copy the full SHA
    102fe66 View commit details
    Browse the repository at this point in the history

  2. - Added NuGet license resolver. 

    Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 15, 2024
    Configuration menu
    Copy the full SHA
    df81198 View commit details
    Browse the repository at this point in the history

  3. - Inject NuGet license parser into DotNet catalogers. 

    Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 15, 2024
    Configuration menu
    Copy the full SHA
    49ad147 View commit details
    Browse the repository at this point in the history

  4. fix: improve go binary semver extraction for traefik (anchore#3325) 

    Improves the go cataloger semver extraction logic to include getting the
release version of traefik.  This is based off of the regex pattern that
already existed in the traefik binary classifier.

Signed-off-by: Weston Steimel <[email protected]>
Signed-off-by: HeyeOpenSource <[email protected]>
    @westonsteimel @HeyeOpenSource
    westonsteimel authored and HeyeOpenSource committed Oct 15, 2024
    Configuration menu
    Copy the full SHA
    a0d4098 View commit details
    Browse the repository at this point in the history

  5. chore(deps): update CPE dictionary index (anchore#3323) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <[email protected]>
Signed-off-by: HeyeOpenSource <[email protected]>
    @anchore-actions-token-generator @wagoodman @HeyeOpenSource
    2 people authored and HeyeOpenSource committed Oct 15, 2024
    Configuration menu
    Copy the full SHA
    276c734 View commit details
    Browse the repository at this point in the history

  6. - Implemented the FieldDescriber interface for the cmd/syft/internal/… 

    …options dotnetConfig struct.

Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 15, 2024
    Configuration menu
    Copy the full SHA
    61b5a83 View commit details
    Browse the repository at this point in the history

  7. - Added the missing DotNet config field to the cmd/syft/internal/opti… 

    …ons Catalog struct.

Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 15, 2024
    Configuration menu
    Copy the full SHA
    1659c46 View commit details
    Browse the repository at this point in the history

  8. chore(deps): bump github/codeql-action from 3.26.12 to 3.26.13 (ancho… 

    …re#3327)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.12 to 3.26.13.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@c36620d...f779452)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: HeyeOpenSource <[email protected]>
    @dependabot @HeyeOpenSource
    dependabot[bot] authored and HeyeOpenSource committed Oct 15, 2024
    Configuration menu
    Copy the full SHA
    50e75eb View commit details
    Browse the repository at this point in the history

  9. chore(deps): bump anchore/sbom-action from 0.17.2 to 0.17.3 (anchore#… 

    …3326)

Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.17.2 to 0.17.3.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md)
- [Commits](anchore/sbom-action@61119d4...f5e124a)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: HeyeOpenSource <[email protected]>
    @dependabot @HeyeOpenSource
    dependabot[bot] authored and HeyeOpenSource committed Oct 15, 2024
    Configuration menu
    Copy the full SHA
    5566af1 View commit details
    Browse the repository at this point in the history

  10. chore(deps): update stereoscope to 93f8a11331e3d50f751e4d0ec5b63f3df3… 

    …09e9e5 (anchore#3331)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <[email protected]>
Signed-off-by: HeyeOpenSource <[email protected]>
    @anchore-actions-token-generator @willmurphyscode @HeyeOpenSource
    2 people authored and HeyeOpenSource committed Oct 15, 2024
    Configuration menu
    Copy the full SHA
    81edaa9 View commit details
    Browse the repository at this point in the history

  11. chore(deps): update stereoscope to 1cc8a41d447d0d092699be2b700b8ba62e… 

    …870434 (anchore#3332)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <[email protected]>
Signed-off-by: HeyeOpenSource <[email protected]>
    @anchore-actions-token-generator @willmurphyscode @HeyeOpenSource
    2 people authored and HeyeOpenSource committed Oct 15, 2024
    Configuration menu
    Copy the full SHA
    1a69e5e View commit details
    Browse the repository at this point in the history

  12. - Corrected DotNet config field description. 

    Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 15, 2024
    Configuration menu
    Copy the full SHA
    4644a0b View commit details
    Browse the repository at this point in the history

  13. - Added more safeguards and comments to the private getDefaultProvide… 

    …rs() function in syft/pkg/cataloger/dotnet.

Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 15, 2024
    Configuration menu
    Copy the full SHA
    37fbd5f View commit details
    Browse the repository at this point in the history

  14. - Refactored NuGet license resolver. 

    Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 15, 2024
    Configuration menu
    Copy the full SHA
    00e2895 View commit details
    Browse the repository at this point in the history

  15. Merge branch 'main' into Issue_1227_Take_II

    @HeyeOpenSource
    HeyeOpenSource committed Oct 15, 2024
    Configuration menu
    Copy the full SHA
    21a29dd View commit details
    Browse the repository at this point in the history

Commits on Oct 16, 2024

  1. - Refactored dotnet cataloger package to mitigate static analysis err… 

    …ors.

Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 16, 2024
    Configuration menu
    Copy the full SHA
    60badab View commit details
    Browse the repository at this point in the history

  2. Merge branch 'main' into Issue_1227_Take_II

    @HeyeOpenSource
    HeyeOpenSource committed Oct 16, 2024
    Configuration menu
    Copy the full SHA
    ba2c571 View commit details
    Browse the repository at this point in the history

  3. - Corrected DefaultCatalogerConfig() comment. 

    Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 16, 2024
    Configuration menu
    Copy the full SHA
    5a7f484 View commit details
    Browse the repository at this point in the history

  4. - Minor correction for remote NuGet license retrieval from NuGet pack… 

    …age provider URLs terminated by '/'.

Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 16, 2024
    Configuration menu
    Copy the full SHA
    47928c9 View commit details
    Browse the repository at this point in the history

  5. - Extended dotnet configuration to allow for the use of credentials w… 

    …hen accessing remote NuGet package repositories.

Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 16, 2024
    Configuration menu
    Copy the full SHA
    97bb64a View commit details
    Browse the repository at this point in the history

  6. - Heavily restructured the license resolver in order to: 

      - Fix remote NuGet license retrieval.
  - Allow for NuGet package retrieval from package repositories requiring authentication.

Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 16, 2024
    Configuration menu
    Copy the full SHA
    3b27e85 View commit details
    Browse the repository at this point in the history

  7. - Some more refactoring of the license resolver. 

    Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 16, 2024
    Configuration menu
    Copy the full SHA
    037b96b View commit details
    Browse the repository at this point in the history

  8. - Adapt dotnet cataloger config Unit Tests to commit 97bb64a. 

    Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 16, 2024
    Configuration menu
    Copy the full SHA
    10cf9dd View commit details
    Browse the repository at this point in the history

Commits on Oct 17, 2024

  1. Merge branch 'main' into Issue_1227_Take_II

    @HeyeOpenSource
    HeyeOpenSource committed Oct 17, 2024
    Configuration menu
    Copy the full SHA
    eb28e1a View commit details
    Browse the repository at this point in the history

Commits on Oct 18, 2024

  1. - Correct the package cataloger conventions for the dotnet catalogers. 

    Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 18, 2024
    Configuration menu
    Copy the full SHA
    e5e288e View commit details
    Browse the repository at this point in the history

  2. - Refactored and corrected license parser. 

    Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 18, 2024
    Configuration menu
    Copy the full SHA
    3c4e091 View commit details
    Browse the repository at this point in the history

  3. - Extended config Unit Tests to include credentials. 

    Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 18, 2024
    Configuration menu
    Copy the full SHA
    9406809 View commit details
    Browse the repository at this point in the history

  4. - Added some license parser related Unit Tests. 

    Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 18, 2024
    Configuration menu
    Copy the full SHA
    1286e44 View commit details
    Browse the repository at this point in the history

  5. Merge branch 'main' into Issue_1227_Take_II

    @HeyeOpenSource
    HeyeOpenSource committed Oct 18, 2024
    Configuration menu
    Copy the full SHA
    edde453 View commit details
    Browse the repository at this point in the history

Commits on Oct 21, 2024

  1. Merge branch 'anchore:main' into Issue_1227_Take_II

    @HeyeOpenSource
    HeyeOpenSource authored Oct 21, 2024
    Configuration menu
    Copy the full SHA
    0f5d505 View commit details
    Browse the repository at this point in the history

Commits on Oct 22, 2024

  1. Merge branch 'anchore:main' into Issue_1227_Take_II

    @HeyeOpenSource
    HeyeOpenSource authored Oct 22, 2024
    Configuration menu
    Copy the full SHA
    c769b7f View commit details
    Browse the repository at this point in the history

  2. - Adapted to changes in [Create single license scanner for all catalo… 

    …gers (anchore#3348)](anchore@e4e985b) by Alex Goodman <[email protected]>

Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 22, 2024
    Configuration menu
    Copy the full SHA
    4dfac93 View commit details
    Browse the repository at this point in the history

Commits on Oct 23, 2024

  1. Merge branch 'main' into Issue_1227_Take_II

    @HeyeOpenSource
    HeyeOpenSource committed Oct 23, 2024
    Configuration menu
    Copy the full SHA
    d362e77 View commit details
    Browse the repository at this point in the history

  2. - Refactoring. 

    Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 23, 2024
    Configuration menu
    Copy the full SHA
    4e4dc67 View commit details
    Browse the repository at this point in the history

  3. - More refactoring. 

    Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 23, 2024
    Configuration menu
    Copy the full SHA
    69d307d View commit details
    Browse the repository at this point in the history

  4. - Try to fix static analysis by refactoring again. 

    Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 23, 2024
    Configuration menu
    Copy the full SHA
    ab9ea30 View commit details
    Browse the repository at this point in the history

  5. - Try to fix static analysis by refactoring again. 

    Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 23, 2024
    Configuration menu
    Copy the full SHA
    d66b934 View commit details
    Browse the repository at this point in the history

  6. - Remove the use of special environment variables for the dotnet cata… 

    …loger configuration.

Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 23, 2024
    Configuration menu
    Copy the full SHA
    fda1188 View commit details
    Browse the repository at this point in the history

  7. - Make local NuGet cache folder configurable. 

    Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 23, 2024
    Configuration menu
    Copy the full SHA
    a745223 View commit details
    Browse the repository at this point in the history

Commits on Oct 24, 2024

  1. - Adapted dotnet cataloger options to improve credential security. 

    Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 24, 2024
    Configuration menu
    Copy the full SHA
    3ce5adf View commit details
    Browse the repository at this point in the history

  2. - Corrections for static analysis regressions. 

    Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 24, 2024
    Configuration menu
    Copy the full SHA
    a92a4da View commit details
    Browse the repository at this point in the history

  3. - Corrected test cases for the dotnet executable cataloger. 

    Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 24, 2024
    Configuration menu
    Copy the full SHA
    ae360d2 View commit details
    Browse the repository at this point in the history

  4. - Properly reverted the original test case input. 

    Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 24, 2024
    Configuration menu
    Copy the full SHA
    f7017a1 View commit details
    Browse the repository at this point in the history

  5. - Tie the dotnet search locally and -remotely options in to the ```en… 

    …rich``` functionality.

Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 24, 2024
    Configuration menu
    Copy the full SHA
    979b8ec View commit details
    Browse the repository at this point in the history

  6. - Compile fix. 

    Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 24, 2024
    Configuration menu
    Copy the full SHA
    f734ca7 View commit details
    Browse the repository at this point in the history

  7. - Logic correction *facepalm*. 

    Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 24, 2024
    Configuration menu
    Copy the full SHA
    e234a78 View commit details
    Browse the repository at this point in the history

  8. - Removed obsolete text-fixture files. 

    Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 24, 2024
    Configuration menu
    Copy the full SHA
    ca0e822 View commit details
    Browse the repository at this point in the history

Commits on Oct 25, 2024

  1. Merge branch 'anchore:main' into Issue_1227_Take_II

    @HeyeOpenSource
    HeyeOpenSource authored Oct 25, 2024
    Configuration menu
    Copy the full SHA
    7379dca View commit details
    Browse the repository at this point in the history

Commits on Oct 29, 2024

  1. Merge branch 'anchore:main' into Issue_1227_Take_II

    @HeyeOpenSource
    HeyeOpenSource authored Oct 29, 2024
    Configuration menu
    Copy the full SHA
    49e2710 View commit details
    Browse the repository at this point in the history

Commits on Oct 30, 2024

  1. - Adaptation for review by [@kzantow](https://github.com/kzantow) on … 

    …Oct 29th 2024.

Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    bab3d97 View commit details
    Browse the repository at this point in the history

  2. fix: stack overflow in spyingIoReadCloser (anchore#3392) 

    Signed-off-by: Keith Zantow <[email protected]>
Signed-off-by: HeyeOpenSource <[email protected]>
    @kzantow @HeyeOpenSource
    kzantow authored and HeyeOpenSource committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    bfeb2bd View commit details
    Browse the repository at this point in the history

  3. chore(deps): bump anchore/sbom-action from 0.17.5 to 0.17.6 (anchore#… 

    …3393)

Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.17.5 to 0.17.6.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md)
- [Commits](anchore/sbom-action@1ca97d9...251a468)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: HeyeOpenSource <[email protected]>
    @dependabot @HeyeOpenSource
    dependabot[bot] authored and HeyeOpenSource committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    ab4279a View commit details
    Browse the repository at this point in the history

  4. chore(deps): bump github.com/adrg/xdg from 0.5.1 to 0.5.2 (anchore#3394) 

    Signed-off-by: HeyeOpenSource <[email protected]>
    @dependabot @HeyeOpenSource
    dependabot[bot] authored and HeyeOpenSource committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    c4d7ba5 View commit details
    Browse the repository at this point in the history

  5. - Added generic 'SimpleCredential' struct. 

    Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    990b077 View commit details
    Browse the repository at this point in the history

  6. - Removed unneccessary check. 

    Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    464e11e View commit details
    Browse the repository at this point in the history

  7. - Correction due to integration tests. 

    Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    438d94f View commit details
    Browse the repository at this point in the history

Commits on Nov 2, 2024

  1. - Adaptations for 2nd review of DotNet license handling. 

    Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Nov 2, 2024
    Configuration menu
    Copy the full SHA
    e12d96a View commit details
    Browse the repository at this point in the history

  2. Merge branch 'main' into Issue_1227_Take_II 

    Signed-off-by: HeyeOpenSource <[email protected]>
    @HeyeOpenSource
    HeyeOpenSource committed Nov 2, 2024
    Configuration menu
    Copy the full SHA
    4936e53 View commit details
    Browse the repository at this point in the history

Commits on Nov 5, 2024

  1. Merge branch 'anchore:main' into Issue_1227_Take_II

    @HeyeOpenSource
    HeyeOpenSource authored Nov 5, 2024
    Configuration menu
    Copy the full SHA
    e9cc5cd View commit details
    Browse the repository at this point in the history

Commits on Nov 6, 2024

  1. Merge branch 'anchore:main' into Issue_1227_Take_II

    @HeyeOpenSource
    HeyeOpenSource authored Nov 6, 2024
    Configuration menu
    Copy the full SHA
    09423de View commit details
    Browse the repository at this point in the history

Commits on Nov 12, 2024

  1. Merge branch 'anchore:main' into Issue_1227_Take_II

    @HeyeOpenSource
    HeyeOpenSource authored Nov 12, 2024
    Configuration menu
    Copy the full SHA
    fbc0cf5 View commit details
    Browse the repository at this point in the history

Commits on Nov 15, 2024

  1. Merge branch 'anchore:main' into Issue_1227_Take_II

    @HeyeOpenSource
    HeyeOpenSource authored Nov 15, 2024
    Configuration menu
    Copy the full SHA
    7d99c4f View commit details
    Browse the repository at this point in the history