xixishidibei
14398b776e
test: fix slice init length ( #2133 )
...
Signed-off-by: xixishidibei <xixishidibei@outlook.com>
2024-09-18 11:56:42 -04:00
Lucas Rodriguez
60c0682bb4
fix: hash vuln db only once on load ( #2054 )
...
Signed-off-by: Lucas Rodriguez <lucas.rodriguez9616@gmail.com>
2024-09-17 15:04:51 -04:00
William Murphy
1fb6199dd2
chore: include file specifier in help ( #2121 )
...
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2024-09-16 17:08:20 +00:00
Keith Zantow
f7e30dfe3f
docs: add mention of file scheme ( #2120 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-09-16 11:59:47 -04:00
Dan Luhring
c40aab240f
fix(apk): find secdb entries for origin packages ( #1602 )
...
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
2024-09-16 09:15:22 -04:00
anchore-actions-token-generator[bot]
78945be951
chore(deps): update tools to latest versions ( #2115 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-09-16 09:09:59 -04:00
dependabot[bot]
a68fbdd061
chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7 ( #2113 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.6 to 3.26.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](4dd16135b6...8214744c54
2024-09-13 16:13:36 +00:00
anchore-actions-token-generator[bot]
e0b2c9c6af
chore(deps): update tools to latest versions ( #2102 )
...
* chore(deps): update tools to latest versions
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---------
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-09-13 16:05:44 +00:00
dependabot[bot]
09a34d2ae8
chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.0 to 1.1.1 ( #2109 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 1.1.0 to 1.1.1.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/main/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v1.1.0...v1.1.1 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-13 11:31:39 -04:00
dependabot[bot]
785f04dd93
chore(deps): bump peter-evans/create-pull-request from 7.0.1 to 7.0.2 ( #2111 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.1 to 7.0.2.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](8867c4aba1...d121e62763
2024-09-13 11:31:28 -04:00
dependabot[bot]
9fb219495a
chore(deps): bump github.com/anchore/syft from 1.11.1 to 1.12.2 ( #2108 )
...
* chore(deps): bump github.com/anchore/syft from 1.11.1 to 1.12.2
Bumps [github.com/anchore/syft](https://github.com/anchore/syft ) from 1.11.1 to 1.12.2.
- [Release notes](https://github.com/anchore/syft/releases )
- [Changelog](https://github.com/anchore/syft/blob/main/.goreleaser.yaml )
- [Commits](https://github.com/anchore/syft/compare/v1.11.1...v1.12.2 )
---
updated-dependencies:
- dependency-name: github.com/anchore/syft
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* pin modernc/sqlite back due to build failure
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* account for new ocaml package
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update comment
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-09-11 16:57:20 +00:00
Alan Pope
e31567b8df
fix: Update gitmodule url ( #2106 )
...
As per #2100 - we should not use git protocol URIs for modules as it can be problematic for consumers behind restrictive or poorly configured proxies.
Signed-off-by: Alan Pope <alan.pope@anchore.com>
2024-09-11 10:59:59 -04:00
dependabot[bot]
ffebaee739
chore(deps): bump gorm.io/gorm from 1.25.11 to 1.25.12 ( #2103 )
...
Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm ) from 1.25.11 to 1.25.12.
- [Release notes](https://github.com/go-gorm/gorm/releases )
- [Commits](https://github.com/go-gorm/gorm/compare/v1.25.11...v1.25.12 )
---
updated-dependencies:
- dependency-name: gorm.io/gorm
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-10 11:24:21 -04:00
dependabot[bot]
8b30e0d9b6
chore(deps): bump github.com/dave/jennifer from 1.7.0 to 1.7.1 ( #2105 )
...
Bumps [github.com/dave/jennifer](https://github.com/dave/jennifer ) from 1.7.0 to 1.7.1.
- [Commits](https://github.com/dave/jennifer/compare/v1.7.0...v1.7.1 )
---
updated-dependencies:
- dependency-name: github.com/dave/jennifer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-10 11:23:37 -04:00
dependabot[bot]
6064cfd19b
chore(deps): bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 ( #2098 )
...
Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc ) from 1.1.13 to 1.1.14.
- [Release notes](https://github.com/opencontainers/runc/releases )
- [Changelog](https://github.com/opencontainers/runc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/opencontainers/runc/compare/v1.1.13...v1.1.14 )
---
updated-dependencies:
- dependency-name: github.com/opencontainers/runc
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-05 13:32:17 -04:00
dependabot[bot]
b0da488d52
chore(deps): bump peter-evans/create-pull-request from 7.0.0 to 7.0.1 ( #2099 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.0 to 7.0.1.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](4320041ed3...8867c4aba1
2024-09-05 13:32:06 -04:00
dependabot[bot]
fbdab6e1ec
chore(deps): bump github.com/anchore/stereoscope ( #2074 )
...
Bumps [github.com/anchore/stereoscope](https://github.com/anchore/stereoscope ) from 0.0.3-0.20240725180315-50ce3be7aa1f to 0.0.3.
- [Release notes](https://github.com/anchore/stereoscope/releases )
- [Changelog](https://github.com/anchore/stereoscope/blob/main/.goreleaser.yaml )
- [Commits](https://github.com/anchore/stereoscope/commits/v0.0.3 )
---
updated-dependencies:
- dependency-name: github.com/anchore/stereoscope
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-03 12:25:14 -04:00
dependabot[bot]
b8dc27ccac
chore(deps): bump github.com/docker/docker ( #2086 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 27.1.2+incompatible to 27.2.0+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v27.1.2...v27.2.0 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-03 12:25:07 -04:00
dependabot[bot]
fe4df49d11
chore(deps): bump github/codeql-action from 3.26.4 to 3.26.6 ( #2089 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.4 to 3.26.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f0f3afee80...4dd16135b6
2024-09-03 12:24:49 -04:00
Christopher Angelo Phillips
b1a0e8ccf2
chore(sec): update Golang and runc to latest releases ( #2091 )
...
* chore(deps): update tools to latest versions (#2082 )
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
* chore: update go version and runc version
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: anchore-actions-token-generator[bot] <102182147+anchore-actions-token-generator[bot]@users.noreply.github.com>
2024-09-03 12:24:39 -04:00
dependabot[bot]
a80ce02a69
chore(deps): bump github.com/charmbracelet/bubbletea ( #2092 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 0.27.0 to 1.1.0.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/main/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.27.0...v1.1.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-03 12:24:13 -04:00
dependabot[bot]
1f852d43e7
chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.3 to 3.3.0 ( #2093 )
...
Bumps [github.com/Masterminds/sprig/v3](https://github.com/Masterminds/sprig ) from 3.2.3 to 3.3.0.
- [Release notes](https://github.com/Masterminds/sprig/releases )
- [Changelog](https://github.com/Masterminds/sprig/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Masterminds/sprig/compare/v3.2.3...v3.3.0 )
---
updated-dependencies:
- dependency-name: github.com/Masterminds/sprig/v3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-03 12:24:06 -04:00
anchore-actions-token-generator[bot]
f9d8ac16ad
test: update quality gate db to latest version ( #2094 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-09-03 12:23:56 -04:00
dependabot[bot]
e76eaec1d1
chore(deps): bump actions/upload-artifact from 4.3.6 to 4.4.0 ( #2096 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.6 to 4.4.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](834a144ee9...50769540e7
2024-09-03 12:23:34 -04:00
dependabot[bot]
3468694c8f
chore(deps): bump peter-evans/create-pull-request from 6.1.0 to 7.0.0 ( #2097 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 6.1.0 to 7.0.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](c5a7806660...4320041ed3
2024-09-03 12:23:26 -04:00
anchore-actions-token-generator[bot]
7901a57c1e
chore(deps): update tools to latest versions ( #2082 )
2024-08-29 08:21:08 -04:00
Felix Bünemann
aacf153a17
docs(templates): escape description in junit.tmpl ( #2088 )
...
Signed-off-by: Felix Bünemann <Felix.Buenemann@gmail.com>
2024-08-29 08:20:37 -04:00
anchore-actions-token-generator[bot]
95430bbbff
chore(deps): update tools to latest versions ( #2080 )
2024-08-23 09:08:35 -04:00
dependabot[bot]
76cd5af489
chore(deps): bump github/codeql-action from 3.26.3 to 3.26.4 ( #2078 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.3 to 3.26.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](883d8588e5...f0f3afee80
2024-08-22 13:50:28 -04:00
dependabot[bot]
29f5d2a03f
chore(deps): bump anchore/sbom-action from 0.17.1 to 0.17.2 ( #2079 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.1 to 0.17.2.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](ab9d16d4b4...61119d458a
2024-08-22 13:50:18 -04:00
anchore-actions-token-generator[bot]
c4d0a877dc
chore(deps): update tools to latest versions ( #2072 )
2024-08-21 13:09:13 -04:00
dependabot[bot]
dd2bf2df55
chore(deps): bump github.com/charmbracelet/lipgloss ( #2073 )
2024-08-21 13:08:47 -04:00
Weston Steimel
b65822607e
chore: bump quality gate vuln match labels data ( #2069 )
...
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-08-20 14:00:25 -04:00
dependabot[bot]
205ccfb6c9
chore(deps): bump github/codeql-action from 3.26.2 to 3.26.3 ( #2070 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.2 to 3.26.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](429e197704...883d8588e5
2024-08-20 13:29:17 -04:00
anchore-actions-token-generator[bot]
8dee469616
chore(deps): update Syft to v1.11.1 ( #2071 )
2024-08-20 13:26:32 -04:00
Keith Zantow
41cfd42de6
chore: add grype version to db network operations ( #2062 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-08-20 10:54:16 -04:00
Lucas Rodriguez
e7a3c011bc
fix: do not panic when given empty string arg ( #2064 )
...
Signed-off-by: Lucas Rodriguez <lucas.rodriguez9616@gmail.com>
2024-08-19 12:58:39 -04:00
dependabot[bot]
c1b9498671
chore(deps): bump github.com/charmbracelet/bubbletea ( #2067 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 0.26.6 to 0.27.0.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.26.6...v0.27.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-19 12:48:17 -04:00
Andrei Stefanie
589d86c35a
fix: correctly close the db file in v4/v5 stores ( #2066 )
...
Signed-off-by: Andrei Stefanie <andrei.stefanie@gmail.com>
2024-08-19 11:51:59 -04:00
Eiji Ito
7dfa436314
Add "Alpine Linux" to IDMapping; handle no CPEs error in findApkPackage. ( #2040 )
...
* Add "Alpine Linux" to IDMapping; handle no CPEs error in findApkPackage.
Signed-off-by: Eiji Ito <aeffy7@gmail.com>
* Remove unused errNoCPEs and update error handling in findApkPackage function.
Signed-off-by: Eiji Ito <aeffy7@gmail.com>
* test: prove test fails without fix
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
* fix: revert contributed fix
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---------
Signed-off-by: Eiji Ito <aeffy7@gmail.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Eiji Ito <aeffy7@gmail.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-08-16 19:13:06 +00:00
anchore-actions-token-generator[bot]
a758b01d17
chore(deps): update tools to latest versions ( #2055 )
...
* chore(deps): update tools to latest versions
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* chore: fix linter for non-const format
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---------
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-08-16 17:58:10 +00:00
dependabot[bot]
c5fb1a3f9d
chore(deps): bump github.com/docker/docker ( #2052 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 27.1.1+incompatible to 27.1.2+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v27.1.1...v27.1.2 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-16 13:47:48 -04:00
Shane Dell
d21c5490e0
fix: fail when grype cant check for db update ( #1247 )
...
Signed-off-by: Shane Dell <shanedell100@gmail.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
2024-08-15 14:39:24 -04:00
dependabot[bot]
b26f3e29ee
chore(deps): bump anchore/sbom-action from 0.17.0 to 0.17.1 ( #2053 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.0 to 0.17.1.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](d94f46e13c...ab9d16d4b4
2024-08-15 13:40:26 -04:00
dependabot[bot]
db73c2c7d0
chore(deps): bump github.com/hashicorp/go-getter from 1.7.5 to 1.7.6 ( #2056 )
...
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter ) from 1.7.5 to 1.7.6.
- [Release notes](https://github.com/hashicorp/go-getter/releases )
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml )
- [Commits](https://github.com/hashicorp/go-getter/compare/v1.7.5...v1.7.6 )
---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-15 13:40:15 -04:00
dependabot[bot]
1fe0b74704
chore(deps): bump github/codeql-action from 3.26.0 to 3.26.2 ( #2060 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.0 to 3.26.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](eb055d739a...429e197704
2024-08-15 13:39:14 -04:00
GGMU
e7ceffadc8
feat: add db search subcommand ( #2031 )
...
Signed-off-by: Tomer Seinfeld <tomersein@gmail.com>
2024-08-12 17:45:25 -04:00
Alex Goodman
89c4190914
do not fail when inflating DB records ( #2049 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-08-12 16:20:46 +00:00
Keith Zantow
b12a6f2dc9
chore: remove quality gate Makefile db age check ( #2036 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-08-12 11:59:53 -04:00
Alan Pope
4ec46b5e24
doc: Updates for the Slack to Discourse migration ( #2046 )
...
Signed-off-by: Alan Pope <alan@popey.com>
2024-08-12 11:49:43 +01:00
