William Murphy
f0a09c0b9a
Install skopeo during bootstrap ( #1260 )
...
The "make integration" target assumes that skopeo will be available on
PATH, but this wasn't documented. Install it during bootstrap when other
utilities are installed. (See ./test/integration/utils_test.go:50).
Include a sample skopeo policy.json, otherwise skopeo will look for a
missing policy doc a /etc/containers/policy.json and exit with an error.
The sample policy document matches the one included by default with
"brew install skopeo".
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Co-authored-by: Will Murphy <will.murphy@anchore.com>
2023-04-28 10:10:29 -04:00
dependabot[bot]
aa52d673d0
chore(deps): bump github/codeql-action from 2.3.0 to 2.3.1 ( #1258 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b2c19fb9a2...8662eabe0e
2023-04-27 12:43:05 -04:00
dependabot[bot]
ae2fe4f063
chore(deps): bump github/codeql-action from 2.2.12 to 2.3.0 ( #1256 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.12 to 2.3.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](7df0ce3489...b2c19fb9a2
2023-04-24 14:49:01 -04:00
Weston Steimel
2cd2998d0e
chore: update quality gate labels and add keycloak ( #1255 )
...
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2023-04-24 12:38:46 +01:00
Shane Dell
dfa540f727
fix: false positive for purl provider for RPM without epoch ( #1237 )
...
Signed-off-by: Shane Dell <shanedell100@gmail.com>
2023-04-21 17:12:49 +00:00
Christopher Angelo Phillips
3caabc8711
chore: bump syft to latest version v0.79.0 ( #1250 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-04-21 12:58:02 -04:00
James Neate
04c0bc1bcd
feat: add timestamp to json output ( #1170 ) ( #1249 )
...
Signed-off-by: James Neate <jamesmneate@gmail.com>
2023-04-21 12:18:30 -04:00
anchore-actions-token-generator[bot]
b9fa68e3a9
chore(deps): update Syft to v0.78.0 ( #1242 )
...
* chore(deps): update Syft to v0.78.0
Signed-off-by: GitHub <noreply@github.com>
* fix test location references and package types
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
---------
Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
2023-04-19 17:38:06 +00:00
dependabot[bot]
0bc86761f2
chore(deps): bump github.com/docker/docker ( #1241 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 23.0.3+incompatible to 23.0.4+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v23.0.3...v23.0.4 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-18 12:57:38 -04:00
anchore-actions-token-generator[bot]
764022936b
chore(deps): update bootstrap tools to latest versions ( #1239 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
2023-04-18 10:25:33 -04:00
dependabot[bot]
45d03b6df0
chore(deps): bump github/codeql-action from 2.2.11 to 2.2.12 ( #1233 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.11 to 2.2.12.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](d186a2a36c...7df0ce3489
2023-04-17 11:42:08 -04:00
anchore-actions-token-generator[bot]
6477f328c8
chore(deps): update bootstrap tools to latest versions ( #1238 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
2023-04-17 11:41:48 -04:00
Alex Goodman
17f4917da1
add format make target ( #1231 )
...
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2023-04-12 14:37:44 -04:00
dependabot[bot]
5f7b4f2416
chore(deps): bump 8398a7/action-slack from 3.15.0 to 3.15.1 ( #1223 )
...
Bumps [8398a7/action-slack](https://github.com/8398a7/action-slack ) from 3.15.0 to 3.15.1.
- [Release notes](https://github.com/8398a7/action-slack/releases )
- [Commits](bdc6f9de22...fbd6aa58ba
2023-04-12 10:55:31 -04:00
dependabot[bot]
1f51229e17
chore(deps): bump github.com/docker/docker ( #1218 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 23.0.2+incompatible to 23.0.3+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v23.0.2...v23.0.3 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-12 10:55:21 -04:00
dependabot[bot]
4b773c583e
chore(deps): bump github/codeql-action from 2.2.9 to 2.2.11 ( #1225 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.9 to 2.2.11.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](04df1262e6...d186a2a36c
2023-04-12 10:54:35 -04:00
anchore-actions-token-generator[bot]
47ff457a36
chore(deps): update bootstrap tools to latest versions ( #1227 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
2023-04-12 10:54:17 -04:00
dependabot[bot]
01cbc98198
chore(deps): bump peter-evans/create-pull-request from 4.2.4 to 5.0.0 ( #1219 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 4.2.4 to 5.0.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](38e0b6e68b...5b4a9f6a9e
2023-04-05 19:07:58 -04:00
dependabot[bot]
2e8a63dba6
chore(deps): bump golang.org/x/term from 0.6.0 to 0.7.0 ( #1217 )
...
Bumps [golang.org/x/term](https://github.com/golang/term ) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/term/releases )
- [Commits](https://github.com/golang/term/compare/v0.6.0...v0.7.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/term
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-05 19:05:38 -04:00
dependabot[bot]
cecad5c9c4
chore(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0 ( #1216 )
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.6.1 to 1.7.0.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Commits](https://github.com/spf13/cobra/compare/v1.6.1...v1.7.0 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-04 14:32:16 -04:00
dependabot[bot]
d8c0c0805b
chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.1-0.20221222100750-41a1ac565cce to 0.7.1 ( #1213 )
...
* chore(deps): bump github.com/CycloneDX/cyclonedx-go
Bumps [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go ) from 0.7.1-0.20221222100750-41a1ac565cce to 0.7.1.
- [Release notes](https://github.com/CycloneDX/cyclonedx-go/releases )
- [Changelog](https://github.com/CycloneDX/cyclonedx-go/blob/master/.goreleaser.yml )
- [Commits](https://github.com/CycloneDX/cyclonedx-go/commits/v0.7.1 )
---
updated-dependencies:
- dependency-name: github.com/CycloneDX/cyclonedx-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix: update test fixtures
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-04-04 14:41:03 +00:00
Christopher Angelo Phillips
8dec5c3784
feat: add default-image-source-config option ( #1215 )
...
#1204 surfaces the need for allowing a user to express a preference over the default-image-pull-source to be used when building an SBOM for vulnerability scanning.
This adds a config option into grype to consume the new syft behavior.
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-04-04 10:28:33 -04:00
dependabot[bot]
0b306fae25
chore(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1 ( #1212 )
...
Bumps google.golang.org/protobuf from 1.29.0 to 1.29.1.
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-03 14:36:40 -04:00
dependabot[bot]
537c47735c
chore(deps): bump anchore/sbom-action from 0.13.4 to 0.14.1 ( #1214 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.13.4 to 0.14.1.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](448520c4f1...422cb34a0f
2023-04-03 14:35:56 -04:00
dependabot[bot]
147f5cf92f
chore(deps): bump github.com/anchore/syft from 0.75.0 to 0.76.0 ( #1207 )
...
* chore(deps): bump github.com/anchore/syft from 0.75.0 to 0.76.0
Bumps [github.com/anchore/syft](https://github.com/anchore/syft ) from 0.75.0 to 0.76.0.
- [Release notes](https://github.com/anchore/syft/releases )
- [Changelog](https://github.com/anchore/syft/blob/main/.goreleaser.yaml )
- [Commits](https://github.com/anchore/syft/compare/v0.75.0...v0.76.0 )
---
updated-dependencies:
- dependency-name: github.com/anchore/syft
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore: update ParseInput signature with new syft version
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* fix: update integration tests
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-04-03 10:48:33 -04:00
Keith Zantow
b9e40306d2
chore: update syft update ( #1211 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-04-03 10:28:53 -04:00
Keith Zantow
f40b5d43ab
chore: update deprecated set-output calls ( #1210 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-04-03 09:36:18 -04:00
dependabot[bot]
e5cb58f597
chore(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3 ( #1205 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.1.2 to 2.1.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](e38b1902ae...80e868c13c
2023-03-31 09:39:00 -04:00
Weston Steimel
b2bd709e6d
chore: update quality gate dataset ( #1206 )
...
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2023-03-31 13:16:59 +01:00
dependabot[bot]
7614621b1d
chore(deps): bump github.com/docker/docker ( #1201 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 23.0.1+incompatible to 23.0.2+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v23.0.1...v23.0.2 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-29 09:59:00 -04:00
Dan Luhring
45c5f8c9c7
Implement support for Chainguard Linux ( #1198 )
...
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
2023-03-28 10:52:33 -04:00
anchore-actions-token-generator[bot]
dfcce84cdb
chore(deps): update bootstrap tools to latest versions ( #1194 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
2023-03-27 12:51:53 -04:00
dependabot[bot]
fe76eb9efc
chore(deps): bump github/codeql-action from 2.2.8 to 2.2.9 ( #1197 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.8 to 2.2.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](67a35a0858...04df1262e6
2023-03-27 12:51:20 -04:00
dependabot[bot]
b3eff0c2d8
chore(deps): bump github.com/gookit/color from 1.5.2 to 1.5.3 ( #1192 )
2023-03-24 07:49:36 -04:00
dependabot[bot]
4ac94147a4
chore(deps): bump github/codeql-action from 2.2.7 to 2.2.8 ( #1193 )
2023-03-24 07:49:13 -04:00
anchore-actions-token-generator[bot]
c1990daed1
chore(deps): update bootstrap tools to latest versions ( #1191 )
2023-03-22 09:00:47 -04:00
Keith Zantow
c1bc54f943
chore: tweak some workflow text ( #1190 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-03-21 11:09:10 -04:00
dependabot[bot]
6716ca5e24
chore(deps): bump github.com/hashicorp/go-getter from 1.7.0 to 1.7.1 ( #1181 )
2023-03-21 09:51:55 -04:00
dependabot[bot]
568b504a7e
chore(deps): bump peter-evans/create-pull-request from 4.2.3 to 4.2.4 ( #1184 )
2023-03-21 09:51:27 -04:00
dependabot[bot]
e8fa509e72
chore(deps): bump anchore/sbom-action from 0.13.3 to 0.13.4 ( #1189 )
2023-03-21 09:50:56 -04:00
anchore-actions-token-generator[bot]
353bc87bb2
chore: Update grype bootstrap tools to latest versions. ( #1187 )
2023-03-21 09:36:06 -04:00
Weston Steimel
b996cbe29b
fix: by-cpe pivot by vuln metadata rather than vulnerability record ( #1188 )
...
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2023-03-20 14:39:46 +00:00
anchore-actions-token-generator[bot]
0bc0aa76a1
Update grype bootstrap tools to latest versions. ( #1173 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
2023-03-15 17:20:06 -04:00
dependabot[bot]
96cbcad484
chore(deps): bump actions/setup-go from 3.5.0 to 4.0.0 ( #1182 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.5.0 to 4.0.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](6edd4406fa...4d34df0c23
2023-03-15 17:19:41 -04:00
dependabot[bot]
0cc8b9e4f6
chore(deps): bump github/codeql-action from 2.2.5 to 2.2.7 ( #1183 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.5 to 2.2.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](32dc499307...168b99b3c2
2023-03-15 17:19:12 -04:00
Weston Steimel
52f724f785
feat: disable CPE-based matching by default for javascript ( #1180 )
...
* feat: disable CPE-based matching by default for javascript
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* chore: bump vuln match label dataset
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
---------
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2023-03-14 16:34:41 +00:00
anchore-actions-token-generator[bot]
6da09d4fda
Update Syft to v0.75.0 ( #1177 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-03-14 08:47:20 +00:00
Weston Steimel
c3fc8cba63
chore: bump vuln match quality dataset ( #1174 )
...
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2023-03-13 19:36:26 +00:00
dependabot[bot]
3a4d01b59c
chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.1 to 1.4.2 ( #1166 )
...
Bumps [github.com/gabriel-vasile/mimetype](https://github.com/gabriel-vasile/mimetype ) from 1.4.1 to 1.4.2.
- [Release notes](https://github.com/gabriel-vasile/mimetype/releases )
- [Commits](https://github.com/gabriel-vasile/mimetype/compare/v1.4.1...v1.4.2 )
---
updated-dependencies:
- dependency-name: github.com/gabriel-vasile/mimetype
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-09 15:06:26 +00:00
anchore-actions-token-generator[bot]
29b6465689
Update grype bootstrap tools to latest versions. ( #1163 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
2023-03-09 09:41:19 -05:00
