Keith Zantow
4dfd9d76d1
feat: update to Syft 1.11.0 ( #2047 )
2024-08-09 14:32:05 -04:00
William Murphy
f9b6365146
fix: higher default timeout for database download ( #2033 )
...
Depending on region and network conditions, 120s was not enough time for
many clients, leading to some complaints. Raise the default timeout to
five minutes.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2024-08-09 08:39:17 -04:00
dependabot[bot]
a0d1c959f6
chore(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0 ( #2045 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.5.0 to 3.6.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](59acb6260d...4959ce089c
2024-08-08 15:03:26 -04:00
dependabot[bot]
ec491ee45c
chore(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 ( #2035 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.5 to 4.3.6.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](89ef406dd8...834a144ee9
2024-08-07 14:43:47 -04:00
anchore-actions-token-generator[bot]
8f18cdc380
chore(deps): update tools to latest versions ( #2038 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-08-07 14:27:33 -04:00
dependabot[bot]
d1eebcc41a
chore(deps): bump github.com/google/go-containerregistry ( #2043 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.20.1 to 0.20.2.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.20.1...v0.20.2 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-07 14:26:57 -04:00
dependabot[bot]
904e4b406c
chore(deps): bump github/codeql-action from 3.25.15 to 3.26.0 ( #2044 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.15 to 3.26.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](afb54ba388...eb055d739a
2024-08-07 14:26:45 -04:00
anchore-actions-token-generator[bot]
8642eba1b0
test: update quality gate db to latest version ( #2034 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <12529630+willmurphyscode@users.noreply.github.com>
2024-08-06 07:48:26 -04:00
anchore-actions-token-generator[bot]
f72848dff1
chore(deps): update tools to latest versions ( #2027 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-08-02 13:25:29 -04:00
dependabot[bot]
1bc1dd4dd0
chore(deps): bump actions/upload-artifact from 4.3.4 to 4.3.5 ( #2028 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.4 to 4.3.5.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](0b2256b8c0...89ef406dd8
2024-08-02 13:20:18 -04:00
Keith Zantow
bada7d51d7
chore: add grype version to application update check headers ( #2021 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-08-01 14:16:00 -04:00
anchore-actions-token-generator[bot]
486f9f11b1
test: update quality gate db to latest version ( #2026 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-08-01 12:39:14 -04:00
Keith Zantow
86ba33d72e
chore: use the .tool/gh for release script ( #2022 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-07-31 20:10:58 -04:00
dependabot[bot]
0cf3939389
chore(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 ( #2016 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.3.3 to 2.4.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](dc50aa9510...62b2cac7ed
2024-07-31 11:05:32 -04:00
anchore-actions-token-generator[bot]
406d196726
chore(deps): update Syft to v1.10.0 ( #2019 )
2024-07-30 13:18:54 -04:00
dependabot[bot]
133775cddf
chore(deps): bump github/codeql-action from 3.25.14 to 3.25.15 ( #2011 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.14 to 3.25.15.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](5cf07d8b70...afb54ba388
2024-07-29 11:01:27 -04:00
dependabot[bot]
064c915738
chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.4 to 1.4.5 ( #2012 )
...
Bumps [github.com/gabriel-vasile/mimetype](https://github.com/gabriel-vasile/mimetype ) from 1.4.4 to 1.4.5.
- [Release notes](https://github.com/gabriel-vasile/mimetype/releases )
- [Commits](https://github.com/gabriel-vasile/mimetype/compare/v1.4.4...v1.4.5 )
---
updated-dependencies:
- dependency-name: github.com/gabriel-vasile/mimetype
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-29 11:01:18 -04:00
anchore-actions-token-generator[bot]
59b3eedff5
chore(deps): update tools to latest versions ( #2015 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-07-29 10:03:14 -04:00
dependabot[bot]
16a7e4d423
chore(deps): bump github/codeql-action from 3.25.13 to 3.25.14 ( #2010 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.13 to 3.25.14.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2d790406f5...5cf07d8b70
2024-07-25 16:09:14 +00:00
Alex Goodman
1d38cea896
disable ui before run function on db status ( #2008 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-07-25 11:55:30 -04:00
dependabot[bot]
3af8d1e46e
chore(deps): bump github.com/docker/docker ( #2007 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 27.1.0+incompatible to 27.1.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v27.1.0...v27.1.1 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-24 16:08:59 -04:00
anchore-actions-token-generator[bot]
e07546ec86
chore(deps): update tools to latest versions ( #2003 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-07-23 10:17:04 -04:00
dependabot[bot]
1f0bcc0d96
chore(deps): bump github.com/docker/docker ( #2000 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 27.0.3+incompatible to 27.1.0+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v27.0.3...v27.1.0 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-22 08:43:47 -07:00
dependabot[bot]
387164964a
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.4 to 0.5.5 ( #2001 )
...
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) from 0.5.4 to 0.5.5.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.4...v0.5.5 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-22 08:43:34 -07:00
dependabot[bot]
fb16d0e4b5
chore(deps): bump docker/login-action from 3.2.0 to 3.3.0 ( #2002 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](0d4c9c5ea7...9780b0c442
2024-07-22 08:43:02 -07:00
dependabot[bot]
b68cd230b1
chore(deps): bump github/codeql-action from 3.25.12 to 3.25.13 ( #1999 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.12 to 3.25.13.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](4fa2a79536...2d790406f5
2024-07-22 09:37:39 -04:00
William Murphy
96c890f92e
chore: request artifact in issue template ( #1996 )
...
* chore: request artifact in issue template
Signed-off-by: Will Murphy <will.murphy@anchore.com>
* Apply suggestions from code review
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: William Murphy <willmurphyscode@users.noreply.github.com>
* Update .github/ISSUE_TEMPLATE/bug_report.md
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: William Murphy <willmurphyscode@users.noreply.github.com>
---------
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: William Murphy <willmurphyscode@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-07-18 21:17:06 +00:00
anchore-actions-token-generator[bot]
98fdea4331
chore(deps): update tools to latest versions ( #1998 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-07-18 08:22:02 -07:00
Alan Pope
10e9f4317e
docs: CODE_OF_CONDUCT.md ( #1994 )
...
This PR adds a code of conduct document to the repo, as agreed at our recent OSS team catch up.
Signed-off-by: Alan Pope <alan@popey.com>
2024-07-17 14:33:25 -07:00
dependabot[bot]
be6364fb5e
chore(deps): bump github.com/google/go-containerregistry ( #1997 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.20.0 to 0.20.1.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.20.0...v0.20.1 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-17 11:24:21 -07:00
dependabot[bot]
d73d5d505f
chore(deps): bump anchore/sbom-action from 0.16.1 to 0.17.0 ( #1992 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.16.1 to 0.17.0.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](95b086ac30...d94f46e13c
2024-07-16 20:15:48 -04:00
anchore-actions-token-generator[bot]
08e9b7da44
chore(deps): update tools to latest versions ( #1989 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-07-15 09:08:44 -04:00
dependabot[bot]
c3ce991952
chore(deps): bump github/codeql-action from 3.25.11 to 3.25.12 ( #1990 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.11 to 3.25.12.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b611370bb5...4fa2a79536
2024-07-15 09:08:19 -04:00
dependabot[bot]
8f180cd5e5
chore(deps): bump github.com/charmbracelet/lipgloss ( #1991 )
...
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss ) from 0.11.1 to 0.12.1.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases )
- [Changelog](https://github.com/charmbracelet/lipgloss/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.11.1...v0.12.1 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-15 09:08:05 -04:00
dependabot[bot]
45b7236e94
chore(deps): bump gorm.io/gorm from 1.25.10 to 1.25.11 ( #1985 )
...
Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm ) from 1.25.10 to 1.25.11.
- [Release notes](https://github.com/go-gorm/gorm/releases )
- [Commits](https://github.com/go-gorm/gorm/compare/v1.25.10...v1.25.11 )
---
updated-dependencies:
- dependency-name: gorm.io/gorm
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-11 14:39:52 -04:00
dependabot[bot]
cece530ade
chore(deps): bump anchore/sbom-action from 0.16.0 to 0.16.1 ( #1981 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.16.0 to 0.16.1.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](e8d2a6937e...95b086ac30
2024-07-11 11:19:01 -07:00
dependabot[bot]
8fd3a21eea
chore(deps): bump actions/setup-go from 5.0.1 to 5.0.2 ( #1982 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 5.0.1 to 5.0.2.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](cdcb360436...0a12ed9d6a
2024-07-11 11:18:49 -07:00
anchore-actions-token-generator[bot]
9209b10577
chore(deps): update Syft to v1.9.0 ( #1986 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <12529630+willmurphyscode@users.noreply.github.com>
2024-07-11 18:05:17 +00:00
Weston Steimel
ef37603751
fix: correct cpe target software comparison to syft language ( #1658 )
...
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2024-07-11 16:08:05 +01:00
dependabot[bot]
7acac8caba
chore(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4 ( #1977 )
2024-07-05 12:45:07 -04:00
Christopher Angelo Phillips
8ea95c422c
docs: update readme with new default format ( #1974 )
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-07-02 15:27:40 +00:00
dependabot[bot]
1ab36b4708
chore(deps): bump github/codeql-action from 3.25.10 to 3.25.11 ( #1968 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.10 to 3.25.11.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](23acc5c183...b611370bb5
2024-07-02 07:42:38 -07:00
anchore-actions-token-generator[bot]
ba13a1a92d
chore(deps): update tools to latest versions ( #1969 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-07-02 07:42:21 -07:00
anchore-actions-token-generator[bot]
5d9415df9e
test: update quality gate db to latest version ( #1972 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-07-02 07:41:09 -07:00
Christopher Angelo Phillips
c7f02e03b8
chore: pin new sign installer to commit sha ( #1966 )
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-06-26 20:13:03 +00:00
dependabot[bot]
58360eaaed
chore(deps): bump github.com/charmbracelet/bubbletea ( #1963 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 0.26.5 to 0.26.6.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.26.5...v0.26.6 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-25 10:05:21 -07:00
anchore-actions-token-generator[bot]
0ea91e3fac
chore(deps): update tools to latest versions ( #1962 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-06-25 07:53:23 -07:00
Christopher Angelo Phillips
84cbf10b9c
chore: add workflow to update quality test db ( #1961 )
...
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-06-25 10:38:37 -04:00
dependabot[bot]
cbd6346527
chore(deps): bump github.com/anchore/syft from 1.7.0 to 1.8.0 ( #1957 )
...
Bumps [github.com/anchore/syft](https://github.com/anchore/syft ) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/anchore/syft/releases )
- [Changelog](https://github.com/anchore/syft/blob/main/.goreleaser.yaml )
- [Commits](https://github.com/anchore/syft/compare/v1.7.0...v1.8.0 )
---
updated-dependencies:
- dependency-name: github.com/anchore/syft
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-24 11:28:52 -07:00
dependabot[bot]
6fa82d641b
chore(deps): bump github.com/go-test/deep from 1.1.0 to 1.1.1 ( #1958 )
...
Bumps [github.com/go-test/deep](https://github.com/go-test/deep ) from 1.1.0 to 1.1.1.
- [Release notes](https://github.com/go-test/deep/releases )
- [Changelog](https://github.com/go-test/deep/blob/master/CHANGES.md )
- [Commits](https://github.com/go-test/deep/compare/v1.1.0...v1.1.1 )
---
updated-dependencies:
- dependency-name: github.com/go-test/deep
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-24 11:28:45 -07:00
