Commit graph

1305 commits

Author SHA1 Message Date
anchore-actions-token-generator[bot]
b870b189c2
chore(deps): update bootstrap tools to latest versions (#1706)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-02-08 10:40:28 -05:00
anchore-actions-token-generator[bot]
74780902ed
chore(deps): update Syft to v0.104.0 (#1704)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-02-07 16:14:57 -05:00
William Murphy
396cc0aea7
Bump Syft in Grype to pull in unmarshaling fix (#1703)
* WIP: package builds but tests do not

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* WIP: some unit tests compile

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* WIP: unit tests compile but do not pass

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* Units passing with some changes to syft

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* fix: excludes plus bad sbom should not suppress error

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* add conan entry v2 package test

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* bump syft again

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* chore: fix compiler error in integration tests

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* chore: remove erlang OTP from package types that must be seen in test image

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* bump syft version used

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-07 14:28:48 -05:00
dependabot[bot]
68b2796026
chore(deps): bump github.com/docker/docker (#1702)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.2+incompatible to 25.0.3+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v25.0.2...v25.0.3)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-07 11:32:18 -05:00
dependabot[bot]
705b20a56f
chore(deps): bump gorm.io/gorm from 1.25.6 to 1.25.7 (#1700)
Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.25.6 to 1.25.7.
- [Release notes](https://github.com/go-gorm/gorm/releases)
- [Commits](https://github.com/go-gorm/gorm/compare/v1.25.6...v1.25.7)

---
updated-dependencies:
- dependency-name: gorm.io/gorm
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-06 11:42:58 -05:00
anchore-actions-token-generator[bot]
9a1f5ce97b
chore(deps): update bootstrap tools to latest versions (#1698)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-02-06 10:48:20 -05:00
dependabot[bot]
79e2310f6d
chore(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 (#1699)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.0 to 4.3.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](26f96dfa69...5d5d22a312)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-06 10:44:11 -05:00
dependabot[bot]
012026f0aa
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.0 to 0.5.2 (#1697)
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.5.0 to 0.5.2.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.0...v0.5.2)

---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-05 11:18:20 -05:00
dependabot[bot]
e10a67fc4a
chore(deps): bump peter-evans/create-pull-request from 5.0.2 to 6.0.0 (#1687)
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 5.0.2 to 6.0.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](153407881e...b1ddad2c99)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-01 11:59:43 -05:00
dependabot[bot]
fcd63cddc2
chore(deps): bump anchore/sbom-action from 0.15.6 to 0.15.8 (#1690)
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.15.6 to 0.15.8.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](c6aed38a43...b6a39da807)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-01 11:59:29 -05:00
dependabot[bot]
c746e471b3
chore(deps): bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (#1691)
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.3.0 to 3.4.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](9614fae9e5...e1523de757)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-01 11:59:16 -05:00
dependabot[bot]
6fb147cec6
chore(deps): bump github.com/docker/docker (#1692)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.1+incompatible to 25.0.2+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v25.0.1...v25.0.2)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-01 11:58:46 -05:00
dependabot[bot]
82c7585219
chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.12 (#1689)
Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc) from 1.1.5 to 1.1.12.
- [Release notes](https://github.com/opencontainers/runc/releases)
- [Changelog](https://github.com/opencontainers/runc/blob/v1.1.12/CHANGELOG.md)
- [Commits](https://github.com/opencontainers/runc/compare/v1.1.5...v1.1.12)

---
updated-dependencies:
- dependency-name: github.com/opencontainers/runc
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-01 06:32:30 +00:00
Alex Goodman
8f3a798451
Upgrade syft to v0.103.1 (#1688)
* upgrade syft to v0.103.0

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* upgrade syft to v0.103.1

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-31 17:32:28 +00:00
dependabot[bot]
4150cfb86b
chore(deps): bump github.com/google/go-containerregistry (#1685)
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.18.0 to 0.19.0.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.18.0...v0.19.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-30 13:14:46 -05:00
dependabot[bot]
b44c28f7b9
chore(deps): bump anchore/sbom-action from 0.15.5 to 0.15.6 (#1684)
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.15.5 to 0.15.6.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](24b0d52385...c6aed38a43)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-29 15:32:53 -05:00
Alex Goodman
fdf9842eea
ensure releases only use released versions of syft (#1680)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-26 12:15:39 -05:00
dependabot[bot]
7aa4030c6c
chore(deps): bump gorm.io/gorm from 1.25.5 to 1.25.6 (#1683)
Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.25.5 to 1.25.6.
- [Release notes](https://github.com/go-gorm/gorm/releases)
- [Commits](https://github.com/go-gorm/gorm/compare/v1.25.5...v1.25.6)

---
updated-dependencies:
- dependency-name: gorm.io/gorm
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-26 10:51:38 -05:00
dependabot[bot]
5174d10f93
chore(deps): bump 8398a7/action-slack from 3.15.1 to 3.16.2 (#1682)
Bumps [8398a7/action-slack](https://github.com/8398a7/action-slack) from 3.15.1 to 3.16.2.
- [Release notes](https://github.com/8398a7/action-slack/releases)
- [Commits](fbd6aa58ba...28ba43ae48)

---
updated-dependencies:
- dependency-name: 8398a7/action-slack
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-26 10:40:04 -05:00
anchore-actions-token-generator[bot]
8376491454
chore(deps): update Syft to v0.102.0 (#1681)
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
2024-01-26 15:00:41 +00:00
Alex Goodman
3e0aa00242
Fix matching when RPM modularity is a factor (#1679)
* allow for RPM modularity to be optional

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* use latest syft from main

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* bump syft

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* remove lint ignores for CPEs

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* update snapshot tests

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* update tests

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix: treat oraclelinux default appstream rpm modularity as missing for now

For oraclelinux, the default stream of an installed appstream package does not currently set
the MODULARITYLABEL property in the rpm metadata; however, in their advisory data they do specify
modularity information, so this ends up in a case where the vuln entries have modularity but the
packages coming from the sbom won't, so for now we need to treat the constraint as satisfied when the
modularity label from an oraclelinux package is "".

Signed-off-by: Weston Steimel <weston.steimel@anchore.com>

* test: add new appstream images to quality gate and bump labels

Signed-off-by: Weston Steimel <weston.steimel@anchore.com>

* chore: bump quality gate labels

Signed-off-by: Weston Steimel <weston.steimel@anchore.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Co-authored-by: Weston Steimel <weston.steimel@anchore.com>
2024-01-26 09:18:11 -05:00
William Murphy
73cb5f6647
chore: break assumption that syft cpe.CPE is wfn.Attributes (#1675)
* chore: break assumption that syft cpe.CPE is wfn.Attributes

Previously, Syft's cpe.CPE type was an alias for wfn.Attributes. Fix a
couple places where Grype's compilation depended on that fact, since it
will stop being true in the next Syft release.

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* chore: fix linter

Signed-off-by: Will Murphy <will.murphy@anchore.com>

---------

Signed-off-by: Will Murphy <will.murphy@anchore.com>
2024-01-25 14:24:01 +00:00
dependabot[bot]
636248daba
chore(deps): bump github.com/docker/docker (#1677)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.0+incompatible to 25.0.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v25.0.0...v25.0.1)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-24 13:09:36 -05:00
dependabot[bot]
c4d5bc8843
chore(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0 (#1678)
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.5.0...v1.6.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-24 13:09:28 -05:00
dependabot[bot]
b3d6f58184
chore(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0 (#1676)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](694cdabd8b...26f96dfa69)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-24 13:09:16 -05:00
dependabot[bot]
4172e72194
chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.12 to 0.5.0 (#1674)
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.4.12 to 0.5.0.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.12...v0.5.0)

---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-23 11:57:21 -05:00
Feroz Salam
a3ade4242b
fix: take VEX docs into account when --fail-on is set (#1657)
* Take VEX docs into account when --fail-on is set

Previously, VEX documents provided to Grype when --fail-on was set were not
taken into account. That led to inconsistent behaviour where a vulnerability
would be ignored when only `--vex` was specified, but would be included in
Grype output when both `--vex` and `--fail-on` were specified.

This change fixes that by moving the failure severity check to after the VEX
documents provided are tested.

I have also added a unit test to check that the combination of VEX docs and
failure severity checks works as expected.

Signed-off-by: Feroz Salam <feroz.salam@isovalent.com>

* Fix typos

Signed-off-by: Feroz Salam <feroz.salam@isovalent.com>

---------

Signed-off-by: Feroz Salam <feroz.salam@isovalent.com>
2024-01-23 10:08:25 -05:00
dependabot[bot]
5e1ba46fb8
chore(deps): bump anchore/sbom-action from 0.15.4 to 0.15.5 (#1671)
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.15.4 to 0.15.5.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](41f7a6c033...24b0d52385)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-22 10:54:45 -05:00
anchore-actions-token-generator[bot]
90fa3f29fa
chore(deps): update Syft to v0.101.1 (#1669)
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
2024-01-19 22:25:33 +00:00
dependabot[bot]
acd8c9c81f
chore(deps): bump github.com/docker/docker (#1667)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.7+incompatible to 25.0.0+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v24.0.7...v25.0.0)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-19 17:11:39 -05:00
dependabot[bot]
8bc6ca8a1f
chore(deps): bump anchore/sbom-action from 0.15.3 to 0.15.4 (#1666)
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.15.3 to 0.15.4.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](c7f031d924...41f7a6c033)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-19 15:46:07 -05:00
dependabot[bot]
5436f55aac
chore(deps): bump actions/upload-artifact from 4.1.0 to 4.2.0 (#1668)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.1.0 to 4.2.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](1eb3cb2b3e...694cdabd8b)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-19 15:45:48 -05:00
dependabot[bot]
9c0ed56528
chore(deps): bump github.com/google/go-containerregistry (#1665)
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.17.0 to 0.18.0.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-19 10:26:28 -05:00
William Murphy
cd1c2ac66e
chore: enable automatic approval of dependabot PRs (#1664)
To reduce toil in this repo, enable dependabot PRs to be automatically
approved, but not merged. They are not automatically merged because if
the default GitHub token is used to automatically merge a PR, the
resulting commit will not trigger workflows on main. Rather than
generate a more potent token, just automatically review them, which
reduces toil by eliminating several clicks and page loads for
maintainers who are trying to merge dependabot PRs.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
2024-01-18 08:35:37 -05:00
anchore-actions-token-generator[bot]
85be82158b
chore(deps): update Syft to v0.101.0 (#1663)
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
2024-01-17 21:06:53 +00:00
Alex Goodman
4569a5ffa6
upgrade syft with latest SBOM creation API (#1662)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-17 12:33:09 -05:00
dependabot[bot]
4c4dfd59f5
chore(deps): bump actions/cache from 3.3.3 to 4.0.0 (#1661)
Bumps [actions/cache](https://github.com/actions/cache) from 3.3.3 to 4.0.0.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](e12d46a63a...13aacd865c)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-17 11:40:51 -05:00
plavy
07656abef0
chore(tests): fix logging configuration in tests (#1655)
Signed-off-by: plavy <tinplavec@gmail.com>
2024-01-16 10:17:17 -05:00
dependabot[bot]
a9f72385f6
chore(deps): bump actions/cache from 3.3.2 to 3.3.3 (#1656)
Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 3.3.3.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](704facf57e...e12d46a63a)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-16 09:03:57 -05:00
dependabot[bot]
e296f5fe54
chore(deps): bump actions/upload-artifact from 4.0.0 to 4.1.0 (#1659)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](c7d193f32e...1eb3cb2b3e)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-16 09:02:36 -05:00
dependabot[bot]
0a7a15746a
chore(deps): bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 (#1651)
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.3.3 to 1.3.7.
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](https://github.com/cloudflare/circl/compare/v1.3.3...v1.3.7)

---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-09 16:20:55 -05:00
dependabot[bot]
d8c89e8515
chore(deps): bump anchore/sbom-action from 0.15.2 to 0.15.3 (#1650)
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.15.2 to 0.15.3.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](719133684c...c7f031d924)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-08 11:03:58 -05:00
anchore-actions-token-generator[bot]
a808408584
chore(deps): update Syft to v0.100.0 (#1649)
* chore(deps): update Syft to v0.100.0

Signed-off-by: GitHub <noreply@github.com>

* apply CLI options over default cataloging config

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: willmurphyscode <willmurphyscode@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-06 02:27:59 +00:00
Dan Luhring
474030cc62
fix: distro FP data not applied correctly (#1603)
* fix: distro FP data not applied correctly

Signed-off-by: Dan Luhring <dluhring@chainguard.dev>

* fix: apply FP data to apk subpackages

Signed-off-by: Dan Luhring <dluhring@chainguard.dev>

---------

Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
2024-01-04 13:12:18 -05:00
dependabot[bot]
33b15735a7
chore(deps): bump anchore/sbom-action from 0.15.1 to 0.15.2 (#1647)
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.15.1 to 0.15.2.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](5ecf649a41...719133684c)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-03 05:06:05 -05:00
anchore-actions-token-generator[bot]
c6fbffe4cd
chore(deps): update bootstrap tools to latest versions (#1644)
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
2024-01-02 09:22:39 -05:00
plavy
89610e1e07
docs: fix logging configuration in README (#1646)
Signed-off-by: plavy <tinplavec@gmail.com>
2023-12-29 01:53:32 +00:00
dependabot[bot]
55ef6b6108
chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.2 to 0.8.0 (#1633)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-12-21 12:02:53 -05:00
dependabot[bot]
634cdf3647
chore(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#1641) 2023-12-20 16:30:16 +00:00
dependabot[bot]
010b2583b0
chore(deps): bump github.com/containerd/containerd from 1.7.8 to 1.7.11 (#1642) 2023-12-20 16:27:47 +00:00