Proto commits in google/osv-scalibr

These 82 commits are when the Protocol Buffers files have changed:

Commit:a8f51e1
Author:alowayed
Committer:Copybara-Service

Add base image enricher to enricherlist. PiperOrigin-RevId: 755389113

The documentation is generated from this commit.

Commit:f28c2af
Author:alowayed
Committer:Copybara-Service

Enable enrichers through CLI. PiperOrigin-RevId: 754438729

The documentation is generated from this commit.

Commit:fbbf5a7
Author:alowayed
Committer:Copybara-Service

Add enrichers to top level scalibr.ScanConfig and Scanner.Run(). PiperOrigin-RevId: 754430034

The documentation is generated from this commit.

Commit:e530aed
Author:alowayed
Committer:Copybara-Service

Add base image enricher to enricherlist. PiperOrigin-RevId: 754415037

The documentation is generated from this commit.

Commit:eec50b6
Author:alowayed
Committer:Copybara-Service

Add deps.dev base image enricher. PiperOrigin-RevId: 754383474

The documentation is generated from this commit.

Commit:f1f3bff
Author:Erik Varga
Committer:Copybara-Service

Add chain_id to LayerDetails proto PiperOrigin-RevId: 754006830

Commit:e05f138
Author:Erik Varga
Committer:Copybara-Service

Add chain_id to LayerDetails proto PiperOrigin-RevId: 753909390

Commit:a7c28a5
Author:Yousef S Alowayed

Add chain_id to LayerDetails proto

Commit:d73ec9a
Author:alowayed
Committer:Copybara-Service

Add layer ChainID. PiperOrigin-RevId: 753670393

Commit:c3b40e2
Author:SCALIBR Team
Committer:Copybara-Service

Internal PiperOrigin-RevId: 753227189

Commit:8051ed2
Author:Copybara-Service

Merge pull request #650 from doyensec:docker-ports-extractor PiperOrigin-RevId: 752763960

Commit:9196294
Author:alessandro-Doyensec

Merge remote-tracking branch 'origin/main' into docker-ports-extractor

Commit:b00eb8b
Author:Erik Varga
Committer:Copybara-Service

Move inventories + findings under a top-level struct inside ScanResults. This allows us to add new result types for things that are not software packages or security findings (e.g. running processes, open ports). Instead of returning just packages, extractor plugins now return the generic inventory type which allows them to extract more inventory types such as secrets in the future. Note that we still use the software package struct to store non-software inventory such as containerd runtimes. Moving that to a separate type will be done in a follow-up change. PiperOrigin-RevId: 745113389

Commit:eb66328
Author:alessandro-Doyensec

Merge remote-tracking branch 'origin/main' into docker-ports-extractor

Commit:836dce7
Author:Xueqin Cui
Committer:Xueqin Cui

feat: include requirements string in Python requirements metadata

Commit:7fd1498
Author:alessandro-Doyensec

add: docker metadata to proto

Commit:c53a4a2
Author:Copybara-Service

Merge pull request #534 from doyensec:chrome-extensions-support PiperOrigin-RevId: 738205735

Commit:fea7652
Author:alessandro-Doyensec

Merge remote-tracking branch 'origin/main' into chrome-extensions-support

Commit:942eff9
Author:SCALIBR Team
Committer:Copybara-Service

Add Pod namespace extraction to SCALIBR filesystem containerd plugin PiperOrigin-RevId: 736204402

Commit:7085920
Author:SCALIBR Team
Committer:Copybara-Service

internal PiperOrigin-RevId: 735973349

Commit:35bf176
Author:Copybara-Service

Merge pull request #533 from doyensec:vscode-extensions-support PiperOrigin-RevId: 736016022

Commit:5ed0ac6
Author:SCALIBR Team
Committer:Copybara-Service

internal PiperOrigin-RevId: 735973350

Commit:9e8a36f
Author:Xueqin Cui

isTransitive

Commit:c616896
Author:Xueqin Cui
Committer:GitHub

Merge branch 'main' into pomxmlnet

Commit:b59e90c
Author:alessandro-Doyensec

remove: PreRelease field since is duplicate and is call HasPrerelease in windows

Commit:9f06170
Author:alessandro-Doyensec

add: vscode metadata to proto definition

Commit:f6079e0
Author:alessandro-Doyensec

Merge remote-tracking branch 'origin/main' into chrome-extensions-support

Commit:1d81e96
Author:alessandro-Doyensec

add: chrome extensions metadata in protobuf

Commit:e23d5cb
Author:SCALIBR Team
Committer:Copybara-Service

Add Pod name extraction to SCALIBR filesystem containerd plugin PiperOrigin-RevId: 732958667

Commit:169bf71
Author:Xueqin Cui

proto

Commit:76442ae
Author:Erik Varga
Committer:Copybara-Service

Report versions with <= constraints in the python requirements.txt+setup.py extractors. PiperOrigin-RevId: 725973092

Commit:45ed617
Author:SCALIBR Team
Committer:Copybara-Service

FIX: Adding metadata template PiperOrigin-RevId: 722596946

Commit:b02bff6
Author:Mario Leyva
Committer:Copybara-Service

[Documentation] Add field descriptions for the `LayerDetails` message. PiperOrigin-RevId: 721617720

Commit:85f39de
Author:Erik Varga
Committer:Copybara-Service

Bump copyright year to 2025. PiperOrigin-RevId: 718865834

Commit:87eb04f
Author:Copybara-Service

Merge pull request #360 from mindedsecurity:extractor_kernel_vmlinuz PiperOrigin-RevId: 716215147

Commit:96fb222
Author:brnpl

Resolved merge conflicts

Commit:9491c94
Author:Copybara-Service

Merge pull request #359 from mindedsecurity:extractor_kernel_module PiperOrigin-RevId: 715349859

Commit:54882ab
Author:brnpl

Resolved merge conflicts

Commit:e7a7950
Author:brnpl

Resolved merge conflicts

Commit:d264daa
Author:brnpl

Resolved merge conflicts

Commit:8f12100
Author:Federico Loi

Resolve conflict and make lint happy

Commit:9e7c062
Author:brnpl

Fixes from code review

Commit:fca9cbe
Author:brnpl

Fixed merge conflicts

Commit:f1f061c
Author:brnpl

Fixed merge conflicts

Commit:be3ec2f
Author:brnpl

Fixes from code review

Commit:f008228
Author:Federico Loi
Committer:Federico Loi

Fix issues based on review

Commit:8da340b
Author:brnpl
Committer:brnpl

Updated scan_result.proto. Added dependency

Commit:3f9e2ae
Author:Federico Loi

Implementation of Portage extractor

Commit:51367fc
Author:brnpl

Implementation of kernel module extractor

Commit:928343d
Author:Federico Loi

Add type metadata and fix issues

Commit:54f3e7b
Author:Federico Loi

Adapting DPKG extractor to handle OPKG format

Commit:e0eb870
Author:brnpl

Implementation of nix extractor.

Commit:fa4b0b2
Author:Federico Loi

Implementation of OPKG Extractor

Commit:215ed4c
Author:brnpl

Implementation of pacman extractor.

Commit:52fd8c7
Author:Mario Leyva
Committer:Copybara-Service

Add the `LayerDetails` field to the scan result proto. This will be used to store layer information in each inventory package. PiperOrigin-RevId: 698884354

Commit:aef6503
Author:SCALIBR Team
Committer:Copybara-Service

Add Mac OS Applications extractor This extractor scans for the Info.plist files in /Applications/*.app/Contents/ directory and creates an inventory item for each installed application. Parses XML and Binary format of the plist files PiperOrigin-RevId: 696348932

Commit:9109e35
Author:SCALIBR Team
Committer:Copybara-Service

No public description PiperOrigin-RevId: 694459376

Commit:365b205
Author:SCALIBR Team
Committer:Copybara-Service

No public description PiperOrigin-RevId: 694046901

Commit:f973267
Author:Pierre Precourt
Committer:Copybara-Service

Internal change. PiperOrigin-RevId: 684826857

Commit:5945116
Author:Jessie Zhang
Committer:Copybara-Service

Update field names to be consistent with the design doc. PiperOrigin-RevId: 684186668

Commit:225efe1
Author:Jessie Zhang
Committer:Copybara-Service

Modified containerd snapshot extractor to make it work on VM's disk snapshots. PiperOrigin-RevId: 682971067

Commit:7ca8794
Author:Copybara-Service

Merge pull request #198 from another-rex:java-migration PiperOrigin-RevId: 680788459

Commit:2f7945f
Author:Copybara-Service

Merge pull request #175 from schischi:cdx_extractor PiperOrigin-RevId: 675893601

Commit:16c15a4
Author:Adrien Schildknecht
Committer:Adrien Schildknecht

Add CycloneDX SBOM extractor Add a new `sbom/cdx` extractor to handle CycloneDX BOM files just like we handle the SPDX ones. Note that SBOM extractors are not enabled by default, so need to pass the flag `-extractors sbom/cdx` to use it. Test plan: added unit tests Manual testing: ``` $ ./scalibr -o cdx-json=/tmp/out.cdx.json --root /tmp/test -extractors sbom/cdx 2024/09/10 13:13:53 Running scan with 1 extractors and 0 detectors 2024/09/10 13:13:53 Starting filesystem walk for root: /tmp/test 2024/09/10 13:13:53 End status: 2 inodes visited, 1 Extract calls, 2.227053ms elapsed 2024/09/10 13:13:53 Scan status: SUCCEEDED 2024/09/10 13:13:53 Found 2 software inventories, 0 security findings 2024/09/10 13:13:53 Writing scan results to /tmp/out.cdx.json $ grep 'purl\|cpe' /tmp/out.cdx.json "cpe": "cpe:2.3:a:nginx:nginx:1.21.1", "purl": "pkg:generic/openssl@1.1.1", ```

Commit:3e13be3
Author:Jessie Zhang
Committer:Copybara-Service

Add rootfs to the containerd inventory PiperOrigin-RevId: 670640344

Commit:0eca054
Author:Victor Pfautz
Committer:Copybara-Service

Add annotations to the inventory. PiperOrigin-RevId: 670951700

Commit:d2f8714
Author:Erik Varga
Committer:Copybara-Service

Parse more version range matches in the requirements.txt extractor. PiperOrigin-RevId: 670499012

Commit:89f036e
Author:Erik Varga
Committer:Copybara-Service

Change the plugin interface to prepare moving some of the osv-scanner code into scalibr. PiperOrigin-RevId: 665846193

Commit:13abff0
Author:Andrey Kovalev
Committer:Copybara-Service

Added containerd container runtime inventory metadata to scan results. PiperOrigin-RevId: 665342215

Commit:266243c
Author:Andrey Kovalev
Committer:Copybara-Service

Added containerd container runtime inventory metadata to scan results. PiperOrigin-RevId: 658143097

Commit:cc0bdaf
Author:Andrey Kovalev
Committer:Copybara-Service

Added containerd container runtime inventory metadata to scan results. PiperOrigin-RevId: 657289604

Commit:7886996
Author:SCALIBR Team
Committer:Copybara-Service

Add flatpak package extractor for Linux hosts This extractor scans the file system for the metainfo.xml file in both the global (/var/lib/flatpak) and the local (~/.local/share/flatpak) directories and creates an Inventory item for each of the flatpak packages. PiperOrigin-RevId: 655899021

Commit:2d5f409
Author:SCALIBR Team
Committer:Copybara-Service

Add snap package extractor This extractor scans for the snap.yaml files in /snap/ directory and creates an inventory item for each revision of an app. PiperOrigin-RevId: 655082326

Commit:46a7a93
Author:Andrey Kovalev
Committer:Copybara-Service

Added containerd container inventory metadata to scan results. PiperOrigin-RevId: 651405829

Commit:08612f7
Author:SCALIBR Team
Committer:Copybara-Service

Add the --hash per-requirement options to a metadata field instead of to the version. These flags were previously included in the version, resulting in very large purls. PiperOrigin-RevId: 641885756

Commit:192ae6e
Author:SCALIBR Team
Committer:Erik Varga

Add the generated scan results proto file in the source to make "go install" work. FolderOrigin-RevId: /google/src/cloud/erikvarga/empty/google3/third_party/scalibr/../../..

Commit:0fd8c79
Author:Erik Varga
Committer:Copybara-Service

Add the generated scan results proto file in the source to make "go install" work. PiperOrigin-RevId: 641206156

Commit:79fc0a2
Author:Erik Varga
Committer:Copybara-Service

Change Inventory.Extractor from a string to the actual extractor struct. Since there are two kinds of extractors we have to create a new interface for them that contains their common files. I added this to scalibr/extractor/extractor.go Also rename some ScanConfig values to be more consistent about there being two different Extractor types. PiperOrigin-RevId: 634688463

Commit:749e835
Author:Yousef Alowayed
Committer:Copybara-Service

Extract all dpkg packages regardless of the Status field and store the value of Status in the metadata. PiperOrigin-RevId: 631046857

Commit:8ab2583
Author:Yousef Alowayed
Committer:Copybara-Service

Add license extraction to RPM extractor and proto. PiperOrigin-RevId: 625629658

Commit:c6ee8ad
Author:Yousef Alowayed
Committer:Copybara-Service

Add license extraction to APK extractor and proto. PiperOrigin-RevId: 625628913

Commit:5364cfc
Author:SCALIBR Team
Committer:Erik Varga

Initial commit. PiperOrigin-RevId: 623458391