Skip to content

Update syft bootstrap tools to latest versions.#1204

Merged
kzantow merged 2 commits intomainfrom
auto/latest-bootstrap-tools
Sep 14, 2022
Merged

Update syft bootstrap tools to latest versions.#1204
kzantow merged 2 commits intomainfrom
auto/latest-bootstrap-tools

Conversation

@anchore-actions-token-generator
Copy link
Copy Markdown
Contributor

@anchore-actions-token-generator anchore-actions-token-generator Bot commented Sep 14, 2022
edited
Loading

@anchore-actions-token-generator anchore-actions-token-generator Bot added the dependencies dealing with project dependencies label Sep 14, 2022
@westonsteimel
Copy link
Copy Markdown
Contributor

westonsteimel commented Sep 14, 2022

To resolve CVE-2022-36056 in cosign

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Sep 14, 2022
edited
Loading

Benchmark Test Results

Benchmark results from the latest changes vs base branch 
name                                                       old time/op    new time/op    delta
ImagePackageCatalogers/alpmdb-cataloger-2                    11.4ms ± 0%    13.2ms ±10%  +15.52%  (p=0.008 n=5+5)
ImagePackageCatalogers/ruby-gemspec-cataloger-2              1.30ms ± 2%    1.60ms ±10%  +22.83%  (p=0.016 n=4+5)
ImagePackageCatalogers/python-package-cataloger-2            3.24ms ± 1%    4.06ms ± 7%  +25.21%  (p=0.008 n=5+5)
ImagePackageCatalogers/php-composer-installed-cataloger-2    1.07ms ± 1%    1.27ms ± 7%  +19.28%  (p=0.008 n=5+5)
ImagePackageCatalogers/javascript-package-cataloger-2         744µs ± 1%     871µs ± 1%  +17.07%  (p=0.008 n=5+5)
ImagePackageCatalogers/dpkgdb-cataloger-2                     876µs ± 0%    1040µs ± 4%  +18.68%  (p=0.008 n=5+5)
ImagePackageCatalogers/rpm-db-cataloger-2                    1.27ms ± 1%    1.47ms ± 2%  +15.81%  (p=0.008 n=5+5)
ImagePackageCatalogers/java-cataloger-2                      14.3ms ± 1%    16.3ms ± 1%  +14.17%  (p=0.008 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                     1.21ms ± 1%    1.40ms ± 2%  +15.47%  (p=0.008 n=5+5)
ImagePackageCatalogers/go-module-binary-cataloger-2          2.21µs ± 1%    2.46µs ± 5%  +11.40%  (p=0.008 n=5+5)
ImagePackageCatalogers/dotnet-deps-cataloger-2               1.36ms ± 1%    1.60ms ± 6%  +17.37%  (p=0.008 n=5+5)
ImagePackageCatalogers/portage-cataloger-2                    707µs ± 0%     895µs ± 2%  +26.45%  (p=0.008 n=5+5)

name                                                       old alloc/op   new alloc/op   delta
ImagePackageCatalogers/alpmdb-cataloger-2                    5.26MB ± 0%    5.26MB ± 0%     ~     (p=0.310 n=5+5)
ImagePackageCatalogers/ruby-gemspec-cataloger-2               202kB ± 0%     202kB ± 0%     ~     (p=0.690 n=5+5)
ImagePackageCatalogers/python-package-cataloger-2             944kB ± 0%     945kB ± 0%     ~     (p=0.151 n=5+5)
ImagePackageCatalogers/php-composer-installed-cataloger-2     214kB ± 0%     214kB ± 0%     ~     (p=0.690 n=5+5)
ImagePackageCatalogers/javascript-package-cataloger-2         158kB ± 0%     158kB ± 0%     ~     (p=0.841 n=5+5)
ImagePackageCatalogers/dpkgdb-cataloger-2                     203kB ± 0%     203kB ± 0%     ~     (p=1.000 n=5+5)
ImagePackageCatalogers/rpm-db-cataloger-2                     302kB ± 0%     301kB ± 0%   -0.17%  (p=0.008 n=5+5)
ImagePackageCatalogers/java-cataloger-2                      3.44MB ± 0%    3.44MB ± 0%     ~     (p=0.841 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                     1.25MB ± 0%    1.25MB ± 0%     ~     (p=1.000 n=5+5)
ImagePackageCatalogers/go-module-binary-cataloger-2            672B ± 0%      672B ± 0%     ~     (all equal)
ImagePackageCatalogers/dotnet-deps-cataloger-2                369kB ± 0%     369kB ± 0%     ~     (p=0.905 n=5+4)
ImagePackageCatalogers/portage-cataloger-2                    136kB ± 0%     136kB ± 0%     ~     (p=0.151 n=5+5)

name                                                       old allocs/op  new allocs/op  delta
ImagePackageCatalogers/alpmdb-cataloger-2                     85.7k ± 0%     85.7k ± 0%     ~     (p=0.365 n=5+5)
ImagePackageCatalogers/ruby-gemspec-cataloger-2               4.25k ± 0%     4.25k ± 0%     ~     (p=0.444 n=5+5)
ImagePackageCatalogers/python-package-cataloger-2             16.6k ± 0%     16.6k ± 0%     ~     (p=0.294 n=5+5)
ImagePackageCatalogers/php-composer-installed-cataloger-2     5.53k ± 0%     5.53k ± 0%     ~     (p=0.651 n=5+4)
ImagePackageCatalogers/javascript-package-cataloger-2         3.32k ± 0%     3.32k ± 0%     ~     (p=0.444 n=5+5)
ImagePackageCatalogers/dpkgdb-cataloger-2                     4.60k ± 0%     4.60k ± 0%     ~     (all equal)
ImagePackageCatalogers/rpm-db-cataloger-2                     8.13k ± 0%     8.13k ± 0%     ~     (all equal)
ImagePackageCatalogers/java-cataloger-2                       57.5k ± 0%     57.5k ± 0%   +0.02%  (p=0.024 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                      5.43k ± 0%     5.43k ± 0%     ~     (p=0.444 n=5+5)
ImagePackageCatalogers/go-module-binary-cataloger-2            15.0 ± 0%      15.0 ± 0%     ~     (all equal)
ImagePackageCatalogers/dotnet-deps-cataloger-2                7.27k ± 0%     7.27k ± 0%     ~     (all equal)
ImagePackageCatalogers/portage-cataloger-2                    3.59k ± 0%     3.59k ± 0%     ~     (all equal)

@westonsteimel
Copy link
Copy Markdown
Contributor

westonsteimel commented Sep 14, 2022

Looks like there are some license issues with some deps getting flagged by bouncer

@kzantow
Copy link
Copy Markdown
Contributor

kzantow commented Sep 14, 2022

Yeah:

Unallowable license () from "github.com/alibabacloud-go/cr-20160607/client"
Unallowable license () from "github.com/alibabacloud-go/tea-xml/service"

@kzantow
Update syft bootstrap tools to latest versions.
5db60a9 
Signed-off-by: GitHub <noreply@github.com>
@kzantow
Add exclusions for dependencies that state Apache-2.0
a4d54dc 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
@kzantow kzantow force-pushed the auto/latest-bootstrap-tools branch from 918be7a to a4d54dc Compare September 14, 2022 19:00
@kzantow kzantow merged commit 0a1cd25 into main Sep 14, 2022
@kzantow kzantow deleted the auto/latest-bootstrap-tools branch September 14, 2022 19:28
spiffcs added a commit to luhring/syft that referenced this pull request Sep 19, 2022
@spiffcs
Merge branch 'main' into apk-dependencies
2773d08 
* main:
  bug: remove chance for panic; provide default attestation path (anchore#1214)
  refactor: update Makefile organization; update DEVELOPING.md instructions (anchore#1212)
  refactor: replace ioutil=>io; update linter (anchore#1211)
  Update bootstrap tools to latest versions. (anchore#1204)
  Add gosimports (anchore#1205)
  refactor: move formats from internal into syft module (anchore#1172)
  warn on errors from RPM DB parsing (anchore#1200)
  docs: improve Singularity image source docs (anchore#1190)

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
spiffcs pushed a commit that referenced this pull request Sep 19, 2022
@anchore-actions-token-generator @spiffcs
Update bootstrap tools to latest versions. (#1204)
0886bcc 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
aiwantaozi pushed a commit to aiwantaozi/syft that referenced this pull request Oct 20, 2022
@anchore-actions-token-generator @aiwantaozi
Update bootstrap tools to latest versions. (anchore#1204)
df7cfa1
spiffcs pushed a commit that referenced this pull request Oct 21, 2022
@anchore-actions-token-generator @spiffcs
Update bootstrap tools to latest versions. (#1204)
3e16b52 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
spiffcs pushed a commit that referenced this pull request Oct 21, 2022
@anchore-actions-token-generator @spiffcs
Update bootstrap tools to latest versions. (#1204)
22eb657 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@anchore-actions-token-generator
Update bootstrap tools to latest versions. (anchore#1204)
ac1c560
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kzantow kzantow kzantow approved these changes

Assignees

No one assigned

Labels

dependencies dealing with project dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@westonsteimel @kzantow