diff --git a/go.mod b/go.mod index d289ea2d49..2884d88a08 100644 --- a/go.mod +++ b/go.mod @@ -12,9 +12,9 @@ require ( github.com/AlecAivazis/survey/v2 v2.3.7 github.com/Masterminds/semver/v3 v3.3.0 github.com/agnivade/levenshtein v1.2.0 - github.com/anchore/clio v0.0.0-20240705045624-ac88e09ad9d0 + github.com/anchore/clio v0.0.0-20241015191535-f538a9016e10 github.com/anchore/stereoscope v0.0.5 - github.com/anchore/syft v1.14.2 + github.com/anchore/syft v1.15.0 github.com/avast/retry-go/v4 v4.6.0 github.com/defenseunicorns/pkg/helpers/v2 v2.0.1 github.com/defenseunicorns/pkg/oci v1.0.2 @@ -73,7 +73,7 @@ require ( github.com/anchore/go-collections v0.0.0-20240216171411-9321230ce537 // indirect github.com/bshuster-repo/logrus-logstash-hook v1.0.0 // indirect github.com/buildkite/roko v1.2.0 // indirect - github.com/charmbracelet/x/ansi v0.2.3 // indirect + github.com/charmbracelet/x/ansi v0.4.0 // indirect github.com/charmbracelet/x/term v0.2.0 // indirect github.com/containerd/containerd/api v1.7.19 // indirect github.com/containerd/errdefs v0.3.0 // indirect @@ -184,7 +184,7 @@ require ( github.com/alibabacloud-go/tea-xml v1.1.3 // indirect github.com/aliyun/credentials-go v1.3.2 // indirect github.com/anchore/bubbly v0.0.0-20231115134915-def0aba654a9 // indirect - github.com/anchore/fangs v0.0.0-20240903175602-e716ef12c23d // indirect + github.com/anchore/fangs v0.0.0-20241014201141-b6e4b3469f10 // indirect github.com/anchore/go-logger v0.0.0-20230725134548-c21dafa1ec5a // indirect github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb // indirect github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 // indirect @@ -232,9 +232,9 @@ require ( github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/chai2010/gettext-go v1.0.2 // indirect github.com/charmbracelet/bubbles v0.20.0 // indirect - github.com/charmbracelet/bubbletea v1.1.1 // indirect + github.com/charmbracelet/bubbletea v1.1.2 // indirect github.com/charmbracelet/harmonica v0.2.0 // indirect - github.com/charmbracelet/lipgloss v0.13.0 // indirect + github.com/charmbracelet/lipgloss v0.13.1 // indirect github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 // indirect github.com/clbanning/mxj/v2 v2.7.0 // indirect github.com/cloudflare/circl v1.3.8 // indirect diff --git a/go.sum b/go.sum index 74eff1214d..c27f0d53c5 100644 --- a/go.sum +++ b/go.sum @@ -375,10 +375,10 @@ github.com/aliyun/credentials-go v1.3.2 h1:L4WppI9rctC8PdlMgyTkF8bBsy9pyKQEzBD1b github.com/aliyun/credentials-go v1.3.2/go.mod h1:tlpz4uys4Rn7Ik4/piGRrTbXy2uLKvePgQJJduE+Y5c= github.com/anchore/bubbly v0.0.0-20231115134915-def0aba654a9 h1:p0ZIe0htYOX284Y4axJaGBvXHU0VCCzLN5Wf5XbKStU= github.com/anchore/bubbly v0.0.0-20231115134915-def0aba654a9/go.mod h1:3ZsFB9tzW3vl4gEiUeuSOMDnwroWxIxJelOOHUp8dSw= -github.com/anchore/clio v0.0.0-20240705045624-ac88e09ad9d0 h1:rtO6Bcc5KX1i6Ndj4pFcFUkE5PaiKv0J4hKSlmbEIXQ= -github.com/anchore/clio v0.0.0-20240705045624-ac88e09ad9d0/go.mod h1:U3M+opzBUkSBUIRUXsQj6ZgrX9i7Nn0YLn4CjmhKMNI= -github.com/anchore/fangs v0.0.0-20240903175602-e716ef12c23d h1:ZD4wdCBgJJzJybjTUIEiiupLF7B9H3WLuBTjspBO2Mc= -github.com/anchore/fangs v0.0.0-20240903175602-e716ef12c23d/go.mod h1:Xh4ObY3fmoMzOEVXwDtS1uK44JC7+nRD0n29/1KYFYg= +github.com/anchore/clio v0.0.0-20241015191535-f538a9016e10 h1:3xmanFdoQEH0REvPA+gLm3Km0/981F4z2a/7ADTlv8k= +github.com/anchore/clio v0.0.0-20241015191535-f538a9016e10/go.mod h1:h6Ly2hlKjQoPtI3rA8oB5afSmB/XimhcY55xbuW4Dwo= +github.com/anchore/fangs v0.0.0-20241014201141-b6e4b3469f10 h1:w+HibE+e/heP6ysADh7sWxg5LhYdVqrpB1A4Hmgjyx8= +github.com/anchore/fangs v0.0.0-20241014201141-b6e4b3469f10/go.mod h1:s0L1//Sxn6Rq0Dcxx+dmT/RRmD9HhsaJjJkPUJHLJLM= github.com/anchore/go-collections v0.0.0-20240216171411-9321230ce537 h1:GjNGuwK5jWjJMyVppBjYS54eOiiSNv4Ba869k4wh72Q= github.com/anchore/go-collections v0.0.0-20240216171411-9321230ce537/go.mod h1:1aiktV46ATCkuVg0O573ZrH56BUawTECPETbZyBcqT8= github.com/anchore/go-logger v0.0.0-20230725134548-c21dafa1ec5a h1:nJ2G8zWKASyVClGVgG7sfM5mwoZlZ2zYpIzN2OhjWkw= @@ -397,8 +397,8 @@ github.com/anchore/packageurl-go v0.1.1-0.20241018175412-5c22e6360c4f h1:dAQPIrQ github.com/anchore/packageurl-go v0.1.1-0.20241018175412-5c22e6360c4f/go.mod h1:KoYIv7tdP5+CC9VGkeZV4/vGCKsY55VvoG+5dadg4YI= github.com/anchore/stereoscope v0.0.5 h1:PILlvsQS3+dT5rNsDudRhi91jukR65y2itG1lQOLn0s= github.com/anchore/stereoscope v0.0.5/go.mod h1:jwK34VB049/iRE1DyWUv4ZWraOaFQ+FpurgvkWMGQzQ= -github.com/anchore/syft v1.14.2 h1:y/1QIsSUaVDzbT1Q29BkKAAyNivt+2wgWzpCxI0b5yc= -github.com/anchore/syft v1.14.2/go.mod h1:tyGQPeUSS9498A10nUF1kEVIObsvsnmrWt6hP25EjXE= +github.com/anchore/syft v1.15.0 h1:V2PKilik4ChuvQZ3kRGc41w62uVex+qDE3TxIR+lsoM= +github.com/anchore/syft v1.15.0/go.mod h1:z062WmfN0BMCDGIY8112PtxDgAmlWSDxgTOgpHpjxOM= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y= github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M= @@ -528,14 +528,14 @@ github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNS github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA= github.com/charmbracelet/bubbles v0.20.0 h1:jSZu6qD8cRQ6k9OMfR1WlM+ruM8fkPWkHvQWD9LIutE= github.com/charmbracelet/bubbles v0.20.0/go.mod h1:39slydyswPy+uVOHZ5x/GjwVAFkCsV8IIVy+4MhzwwU= -github.com/charmbracelet/bubbletea v1.1.1 h1:KJ2/DnmpfqFtDNVTvYZ6zpPFL9iRCRr0qqKOCvppbPY= -github.com/charmbracelet/bubbletea v1.1.1/go.mod h1:9Ogk0HrdbHolIKHdjfFpyXJmiCzGwy+FesYkZr7hYU4= +github.com/charmbracelet/bubbletea v1.1.2 h1:naQXF2laRxyLyil/i7fxdpiz1/k06IKquhm4vBfHsIc= +github.com/charmbracelet/bubbletea v1.1.2/go.mod h1:9HIU/hBV24qKjlehyj8z1r/tR9TYTQEag+cWZnuXo8E= github.com/charmbracelet/harmonica v0.2.0 h1:8NxJWRWg/bzKqqEaaeFNipOu77YR5t8aSwG4pgaUBiQ= github.com/charmbracelet/harmonica v0.2.0/go.mod h1:KSri/1RMQOZLbw7AHqgcBycp8pgJnQMYYT8QZRqZ1Ao= -github.com/charmbracelet/lipgloss v0.13.0 h1:4X3PPeoWEDCMvzDvGmTajSyYPcZM4+y8sCA/SsA3cjw= -github.com/charmbracelet/lipgloss v0.13.0/go.mod h1:nw4zy0SBX/F/eAO1cWdcvy6qnkDUxr8Lw7dvFrAIbbY= -github.com/charmbracelet/x/ansi v0.2.3 h1:VfFN0NUpcjBRd4DnKfRaIRo53KRgey/nhOoEqosGDEY= -github.com/charmbracelet/x/ansi v0.2.3/go.mod h1:dk73KoMTT5AX5BsX0KrqhsTqAnhZZoCBjs7dGWp4Ktw= +github.com/charmbracelet/lipgloss v0.13.1 h1:Oik/oqDTMVA01GetT4JdEC033dNzWoQHdWnHnQmXE2A= +github.com/charmbracelet/lipgloss v0.13.1/go.mod h1:zaYVJ2xKSKEnTEEbX6uAHabh2d975RJ+0yfkFpRBz5U= +github.com/charmbracelet/x/ansi v0.4.0 h1:NqwHA4B23VwsDn4H3VcNX1W1tOmgnvY1NDx5tOXdnOU= +github.com/charmbracelet/x/ansi v0.4.0/go.mod h1:dk73KoMTT5AX5BsX0KrqhsTqAnhZZoCBjs7dGWp4Ktw= github.com/charmbracelet/x/term v0.2.0 h1:cNB9Ot9q8I711MyZ7myUR5HFWL/lc3OpU8jZ4hwm0x0= github.com/charmbracelet/x/term v0.2.0/go.mod h1:GVxgxAbjUrmpvIINHIQnJJKpMlHiZ4cktEQCN6GWyF0= github.com/cheggaaa/pb v1.0.27/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXHm81s= diff --git a/site/src/content/docs/commands/zarf_tools_sbom.md b/site/src/content/docs/commands/zarf_tools_sbom.md index 544b727f47..c726647224 100644 --- a/site/src/content/docs/commands/zarf_tools_sbom.md +++ b/site/src/content/docs/commands/zarf_tools_sbom.md @@ -22,7 +22,7 @@ zarf tools sbom [flags] ``` --base-path string base directory for scanning, no links will be followed above this directory, and all paths will be reported relative to this directory - -c, --config string syft configuration file + -c, --config stringArray syft configuration file(s) to use --enrich stringArray enable package data enrichment from local and online sources (options: all, golang, java, javascript) --exclude stringArray exclude paths from being scanned using a glob expression --file string file to write the default report output to (default is STDOUT) (DEPRECATED: use: --output FORMAT=PATH) @@ -31,6 +31,7 @@ zarf tools sbom [flags] -o, --output stringArray report output format (= to output to a file), formats=[cyclonedx-json cyclonedx-xml github-json spdx-json spdx-tag-value syft-json syft-table syft-text template] (default [syft-table]) --override-default-catalogers stringArray set the base set of catalogers to use (defaults to 'image' or 'directory' depending on the scan source) --platform string an optional platform specifier for container image sources (e.g. 'linux/arm64', 'linux/arm64/v8', 'arm64', 'linux') + --profile stringArray configuration profiles to use -q, --quiet suppress all logging output -s, --scope string selection of layers to catalog, options=[squashed all-layers] --select-catalogers stringArray add, remove, and filter the catalogers to be used diff --git a/site/src/content/docs/commands/zarf_tools_sbom_attest.md b/site/src/content/docs/commands/zarf_tools_sbom_attest.md index e16d898963..ebbb818bab 100644 --- a/site/src/content/docs/commands/zarf_tools_sbom_attest.md +++ b/site/src/content/docs/commands/zarf_tools_sbom_attest.md @@ -39,9 +39,10 @@ zarf tools sbom attest --output [FORMAT] [flags] ### Options inherited from parent commands ``` - -c, --config string syft configuration file + -c, --config stringArray syft configuration file(s) to use --insecure-skip-tls-verify Skip checking server's certificate for validity. This flag should only be used if you have a specific reason and accept the reduced security posture. --plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture. + --profile stringArray configuration profiles to use -q, --quiet suppress all logging output -v, --verbose count increase verbosity (-v = info, -vv = debug) ``` diff --git a/site/src/content/docs/commands/zarf_tools_sbom_cataloger.md b/site/src/content/docs/commands/zarf_tools_sbom_cataloger.md index 42ae09a3f7..f7b7505caa 100644 --- a/site/src/content/docs/commands/zarf_tools_sbom_cataloger.md +++ b/site/src/content/docs/commands/zarf_tools_sbom_cataloger.md @@ -19,9 +19,10 @@ Show available catalogers and configuration ### Options inherited from parent commands ``` - -c, --config string syft configuration file + -c, --config stringArray syft configuration file(s) to use --insecure-skip-tls-verify Skip checking server's certificate for validity. This flag should only be used if you have a specific reason and accept the reduced security posture. --plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture. + --profile stringArray configuration profiles to use -q, --quiet suppress all logging output -v, --verbose count increase verbosity (-v = info, -vv = debug) ``` diff --git a/site/src/content/docs/commands/zarf_tools_sbom_cataloger_list.md b/site/src/content/docs/commands/zarf_tools_sbom_cataloger_list.md index 157c5d98af..f10b8f2400 100644 --- a/site/src/content/docs/commands/zarf_tools_sbom_cataloger_list.md +++ b/site/src/content/docs/commands/zarf_tools_sbom_cataloger_list.md @@ -27,9 +27,10 @@ zarf tools sbom cataloger list [OPTIONS] [flags] ### Options inherited from parent commands ``` - -c, --config string syft configuration file + -c, --config stringArray syft configuration file(s) to use --insecure-skip-tls-verify Skip checking server's certificate for validity. This flag should only be used if you have a specific reason and accept the reduced security posture. --plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture. + --profile stringArray configuration profiles to use -q, --quiet suppress all logging output -v, --verbose count increase verbosity (-v = info, -vv = debug) ``` diff --git a/site/src/content/docs/commands/zarf_tools_sbom_config.md b/site/src/content/docs/commands/zarf_tools_sbom_config.md index 50f7d5edc2..29037cd5d4 100644 --- a/site/src/content/docs/commands/zarf_tools_sbom_config.md +++ b/site/src/content/docs/commands/zarf_tools_sbom_config.md @@ -24,9 +24,10 @@ zarf tools sbom config [flags] ### Options inherited from parent commands ``` - -c, --config string syft configuration file + -c, --config stringArray syft configuration file(s) to use --insecure-skip-tls-verify Skip checking server's certificate for validity. This flag should only be used if you have a specific reason and accept the reduced security posture. --plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture. + --profile stringArray configuration profiles to use -q, --quiet suppress all logging output -v, --verbose count increase verbosity (-v = info, -vv = debug) ``` diff --git a/site/src/content/docs/commands/zarf_tools_sbom_config_locations.md b/site/src/content/docs/commands/zarf_tools_sbom_config_locations.md index c2c58b38be..52c9e8026f 100644 --- a/site/src/content/docs/commands/zarf_tools_sbom_config_locations.md +++ b/site/src/content/docs/commands/zarf_tools_sbom_config_locations.md @@ -24,9 +24,10 @@ zarf tools sbom config locations [flags] ### Options inherited from parent commands ``` - -c, --config string syft configuration file + -c, --config stringArray syft configuration file(s) to use --insecure-skip-tls-verify Skip checking server's certificate for validity. This flag should only be used if you have a specific reason and accept the reduced security posture. --plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture. + --profile stringArray configuration profiles to use -q, --quiet suppress all logging output -v, --verbose count increase verbosity (-v = info, -vv = debug) ``` diff --git a/site/src/content/docs/commands/zarf_tools_sbom_convert.md b/site/src/content/docs/commands/zarf_tools_sbom_convert.md index e239863e6c..6243bd4734 100644 --- a/site/src/content/docs/commands/zarf_tools_sbom_convert.md +++ b/site/src/content/docs/commands/zarf_tools_sbom_convert.md @@ -30,9 +30,10 @@ zarf tools sbom convert [SOURCE-SBOM] -o [FORMAT] [flags] ### Options inherited from parent commands ``` - -c, --config string syft configuration file + -c, --config stringArray syft configuration file(s) to use --insecure-skip-tls-verify Skip checking server's certificate for validity. This flag should only be used if you have a specific reason and accept the reduced security posture. --plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture. + --profile stringArray configuration profiles to use -q, --quiet suppress all logging output -v, --verbose count increase verbosity (-v = info, -vv = debug) ``` diff --git a/site/src/content/docs/commands/zarf_tools_sbom_login.md b/site/src/content/docs/commands/zarf_tools_sbom_login.md index 4555edc1a8..bada24d17c 100644 --- a/site/src/content/docs/commands/zarf_tools_sbom_login.md +++ b/site/src/content/docs/commands/zarf_tools_sbom_login.md @@ -26,9 +26,10 @@ zarf tools sbom login [OPTIONS] [SERVER] [flags] ### Options inherited from parent commands ``` - -c, --config string syft configuration file + -c, --config stringArray syft configuration file(s) to use --insecure-skip-tls-verify Skip checking server's certificate for validity. This flag should only be used if you have a specific reason and accept the reduced security posture. --plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture. + --profile stringArray configuration profiles to use -q, --quiet suppress all logging output -v, --verbose count increase verbosity (-v = info, -vv = debug) ``` diff --git a/site/src/content/docs/commands/zarf_tools_sbom_scan.md b/site/src/content/docs/commands/zarf_tools_sbom_scan.md index e2098828ad..97411867d7 100644 --- a/site/src/content/docs/commands/zarf_tools_sbom_scan.md +++ b/site/src/content/docs/commands/zarf_tools_sbom_scan.md @@ -40,9 +40,10 @@ zarf tools sbom scan [SOURCE] [flags] ### Options inherited from parent commands ``` - -c, --config string syft configuration file + -c, --config stringArray syft configuration file(s) to use --insecure-skip-tls-verify Skip checking server's certificate for validity. This flag should only be used if you have a specific reason and accept the reduced security posture. --plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture. + --profile stringArray configuration profiles to use -q, --quiet suppress all logging output -v, --verbose count increase verbosity (-v = info, -vv = debug) ``` diff --git a/site/src/content/docs/commands/zarf_tools_sbom_version.md b/site/src/content/docs/commands/zarf_tools_sbom_version.md index 3530449fc7..49bc4643bb 100644 --- a/site/src/content/docs/commands/zarf_tools_sbom_version.md +++ b/site/src/content/docs/commands/zarf_tools_sbom_version.md @@ -24,9 +24,10 @@ zarf tools sbom version [flags] ### Options inherited from parent commands ``` - -c, --config string syft configuration file + -c, --config stringArray syft configuration file(s) to use --insecure-skip-tls-verify Skip checking server's certificate for validity. This flag should only be used if you have a specific reason and accept the reduced security posture. --plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture. + --profile stringArray configuration profiles to use -q, --quiet suppress all logging output -v, --verbose count increase verbosity (-v = info, -vv = debug) ```