Change kebab case to camelCase, use updated syft version

Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com>

Ignore packageurl-go which is a dependency from syft, and has a weird license format

Signed-off-by: Samuel Dacanay <sam.dacanay@anchore.com>

.bouncer.yaml

@@ -3,4 +3,7 @@ permit:
   - MIT.*
   - Apache.*
   - MPL.*
-  - ISC
+  - ISC
+ignore-packages:
+  # packageurl-go is released under the MIT license located in the root of the repo at /mit.LICENSE
+  - github.com/package-url/packageurl-go

go.mod

@@ -8,7 +8,7 @@ require (
 	github.com/anchore/go-version v1.2.2-0.20200810141238-330bef18dbca
 	github.com/anchore/grype-db v0.0.0-20200909132108-9474dd8f080f
 	github.com/anchore/stereoscope v0.0.0-20200813152757-548b22c8a0b3
-	github.com/anchore/syft v0.1.0-beta.4.0.20200827121056-d85d0ac418a7
+	github.com/anchore/syft v0.1.0-beta.4.0.20200918175440-45b5cab49a8a
 	github.com/docker/docker v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible
 	github.com/dustin/go-humanize v1.0.0
 	github.com/facebookincubator/nvdtools v0.1.4-0.20200622182922-aed862a62ae6

go.sum

@@ -129,6 +129,8 @@ github.com/anchore/stereoscope v0.0.0-20200813152757-548b22c8a0b3 h1:pl+txuYlhK8
 github.com/anchore/stereoscope v0.0.0-20200813152757-548b22c8a0b3/go.mod h1:WntReQTI/I27FOQ87UgLVVzWgku6+ZsqfOTLxpIZFCs=
 github.com/anchore/syft v0.1.0-beta.4.0.20200827121056-d85d0ac418a7 h1:mK3orcgTjK1YPWaYKUDbrDq1CFmBT5dQFq0a0w1zq3s=
 github.com/anchore/syft v0.1.0-beta.4.0.20200827121056-d85d0ac418a7/go.mod h1:zy2x5Z9URqzmLdWHENTGxcsap7HoLisEsekOv5lr0Us=
+github.com/anchore/syft v0.1.0-beta.4.0.20200918175440-45b5cab49a8a h1:iuq3OFYmGlkG7/zaNNLD25vnScCe4jLjeSSTFRZYiyA=
+github.com/anchore/syft v0.1.0-beta.4.0.20200918175440-45b5cab49a8a/go.mod h1:Ne9mXL2d8LPldZxB1IQ6zM+VzG53tzwrInw1UMKVKbU=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNgfBlViaCIJKLlCJ6/fmUseuG0wVQ=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
 github.com/andybalholm/cascadia v1.1.0/go.mod h1:GsXiBklL0woXo1j/WYWtSYYC4ouU9PqHO0sqidkEA4Y=
@@ -650,6 +652,8 @@ github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5X
 github.com/opencontainers/runc v0.1.1 h1:GlxAyO6x8rfZYN9Tt0Kti5a/cP41iuiO2yYT0IJGY8Y=
 github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
 github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
+github.com/package-url/packageurl-go v0.1.0 h1:efWBc98O/dBZRg1pw2xiDzovnlMjCa9NPnfaiBduh8I=
+github.com/package-url/packageurl-go v0.1.0/go.mod h1:C/ApiuWpmbpni4DIOECf6WCjFUZV7O1Fx7VAzrZHgBw=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
 github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc=

grype/presenter/json/presenter.go

@@ -34,15 +34,15 @@ func NewPresenter(results match.Matches, catalog *pkg.Catalog, theScope scope.Sc
 // Finding is a single item for the JSON array reported
 type Finding struct {
 	Vulnerability Vulnerability     `json:"vulnerability"`
-	MatchDetails  MatchDetails      `json:"match-details"`
+	MatchDetails  MatchDetails      `json:"matchDetails"`
 	Artifact      syftJson.Artifact `json:"artifact"`
 }
 
 // MatchDetails contains all data that indicates how the result match was found
 type MatchDetails struct {
 	Matcher   string                 `json:"matcher"`
-	SearchKey map[string]interface{} `json:"search-key"`
-	MatchInfo map[string]interface{} `json:"matched-on"`
+	SearchKey map[string]interface{} `json:"searchKey"`
+	MatchInfo map[string]interface{} `json:"matchedOn"`
 }
 
 // Present creates a JSON-based reporting

grype/presenter/json/test-fixtures/snapshot/TestJsonPresenter.golden

@@ -3,35 +3,35 @@
   "vulnerability": {
    "id": "CVE-1999-0001",
    "description": "1999-01 description",
-   "cvss-v3": {
-    "base-score": 4,
+   "cvssV3": {
+    "baseScore": 4,
     "vector": "another vector"
    },
-   "fixed-in-version": "the-next-version"
+   "fixedInVersion": "the-next-version"
   },
-  "match-details": {
+  "matchDetails": {
    "matcher": "dpkg-matcher",
-   "search-key": {
+   "searchKey": {
     "distro": {
      "type": "ubuntu",
      "version": "20.04"
     }
    },
-   "matched-on": {
+   "matchedOn": {
     "constraint": ">= 20"
    }
   },
   "artifact": {
    "name": "package-1",
    "version": "1.0.1",
    "type": "deb",
-   "found-by": [
+   "foundBy": [
     "the-cataloger-1"
    ],
    "locations": [
     {
      "path": "/somefile-1.txt",
-     "layer-index": 0
+     "layerIndex": 0
     }
    ]
   }
@@ -40,33 +40,33 @@
   "vulnerability": {
    "id": "CVE-1999-0002",
    "description": "1999-02 description",
-   "cvss-v2": {
-    "base-score": 1,
-    "exploitability-score": 2,
-    "impact-score": 3,
+   "cvssV2": {
+    "baseScore": 1,
+    "exploitabilityScore": 2,
+    "impactScore": 3,
     "vector": "vector"
    }
   },
-  "match-details": {
+  "matchDetails": {
    "matcher": "dpkg-matcher",
-   "search-key": {
+   "searchKey": {
     "cpe": "somecpe"
    },
-   "matched-on": {
+   "matchedOn": {
     "constraint": "somecpe"
    }
   },
   "artifact": {
    "name": "package-1",
    "version": "1.0.1",
    "type": "deb",
-   "found-by": [
+   "foundBy": [
     "the-cataloger-1"
    ],
    "locations": [
     {
      "path": "/somefile-1.txt",
-     "layer-index": 0
+     "layerIndex": 0
     }
    ]
   }
@@ -75,28 +75,28 @@
   "vulnerability": {
    "id": "CVE-1999-0003",
    "description": "1999-03 description",
-   "fixed-in-version": "the-other-next-version"
+   "fixedInVersion": "the-other-next-version"
   },
-  "match-details": {
+  "matchDetails": {
    "matcher": "dpkg-matcher",
-   "search-key": {
+   "searchKey": {
     "language": "java"
    },
-   "matched-on": {
+   "matchedOn": {
     "constraint": "< 2.0.0"
    }
   },
   "artifact": {
    "name": "package-1",
    "version": "1.0.1",
    "type": "deb",
-   "found-by": [
+   "foundBy": [
     "the-cataloger-1"
    ],
    "locations": [
     {
      "path": "/somefile-1.txt",
-     "layer-index": 0
+     "layerIndex": 0
     }
    ]
   }

grype/presenter/json/vulnerability.go

@@ -6,9 +6,9 @@ import (
 )
 
 type Cvss struct {
-	BaseScore           float64  `json:"base-score"`
-	ExploitabilityScore *float64 `json:"exploitability-score,omitempty"`
-	ImpactScore         *float64 `json:"impact-score,omitempty"`
+	BaseScore           float64  `json:"baseScore"`
+	ExploitabilityScore *float64 `json:"exploitabilityScore,omitempty"`
+	ImpactScore         *float64 `json:"impactScore,omitempty"`
 	Vector              string   `json:"vector"`
 }
 
@@ -17,9 +17,9 @@ type Vulnerability struct {
 	Severity       string   `json:"severity,omitempty"`
 	Links          []string `json:"links,omitempty"`
 	Description    string   `json:"description,omitempty"`
-	CvssV2         *Cvss    `json:"cvss-v2,omitempty"`
-	CvssV3         *Cvss    `json:"cvss-v3,omitempty"`
-	FixedInVersion string   `json:"fixed-in-version,omitempty"`
+	CvssV2         *Cvss    `json:"cvssV2,omitempty"`
+	CvssV3         *Cvss    `json:"cvssV3,omitempty"`
+	FixedInVersion string   `json:"fixedInVersion,omitempty"`
 }
 
 func NewVulnerability(m match.Match, metadata *vulnerability.Metadata) Vulnerability {

grype/vulnerability/namespace_test.go

@@ -59,6 +59,16 @@ func TestDistroNamespace_AllDistros(t *testing.T) {
 			version:  "18.04",
 			expected: "ubuntu:18.04",
 		},
+		{
+			dist:     distro.ArchLinux,
+			version:  "", // ArchLinux doesn't expose a version
+			expected: "archlinux:",
+		},
+		{
+			dist:     distro.OpenSuseLeap,
+			version:  "15.2",
+			expected: "opensuse-leap:15.2",
+		},
 	}
 
 	for _, test := range tests {