anchore-actions-token-generator[bot]
c01ee9b2c7
Update Syft to v0.68.1 ( #1086 )
...
Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-01-26 10:07:49 +00:00
Weston Steimel
7c5a066d08
chore: update grype quality gate ( #1085 )
...
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2023-01-25 23:13:05 +00:00
dependabot[bot]
46a3c17e11
chore(deps): bump github.com/sigstore/sigstore from 1.4.4 to 1.5.1 ( #1081 )
...
Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore ) from 1.4.4 to 1.5.1.
- [Release notes](https://github.com/sigstore/sigstore/releases )
- [Commits](https://github.com/sigstore/sigstore/compare/v1.4.4...v1.5.1 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-25 14:42:48 -05:00
dependabot[bot]
4ebe182655
chore(deps): bump actions/setup-python from 4.3.0 to 4.5.0 ( #1075 )
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.3.0 to 4.5.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](13ae5bb136...d27e3f3d7c
2023-01-25 12:30:15 -05:00
dependabot[bot]
55fc253fea
chore(deps): bump anchore/sbom-action from 0.13.1 to 0.13.2 ( #1076 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.13.1 to 0.13.2.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](06e109483e...54e36e45f3
2023-01-25 12:29:56 -05:00
dependabot[bot]
a98a81f4cb
chore(deps): bump actions/upload-artifact from 3.1.1 to 3.1.2 ( #1077 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](83fd05a356...0b7f8abb15
2023-01-25 12:28:26 -05:00
dependabot[bot]
3841782b69
chore(deps): bump actions/download-artifact from 3.0.1 to 3.0.2 ( #1074 )
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](9782bd6a98...9bc31d5ccc
2023-01-25 12:24:49 -05:00
dependabot[bot]
2fd9543562
chore(deps): bump ossf/scorecard-action from 2.0.6 to 2.1.2 ( #1078 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.0.6 to 2.1.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](99c53751e0...e38b1902ae
2023-01-25 12:24:27 -05:00
dependabot[bot]
60aba60449
chore(deps): bump github.com/pkg/profile from 1.6.0 to 1.7.0 ( #1079 )
...
Bumps [github.com/pkg/profile](https://github.com/pkg/profile ) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/pkg/profile/releases )
- [Commits](https://github.com/pkg/profile/compare/v1.6.0...v1.7.0 )
---
updated-dependencies:
- dependency-name: github.com/pkg/profile
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-25 12:21:34 -05:00
dependabot[bot]
3dd16f42ff
chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.0 to 1.4.1 ( #1080 )
...
Bumps [github.com/gabriel-vasile/mimetype](https://github.com/gabriel-vasile/mimetype ) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/gabriel-vasile/mimetype/releases )
- [Commits](https://github.com/gabriel-vasile/mimetype/compare/v1.4.0...v1.4.1 )
---
updated-dependencies:
- dependency-name: github.com/gabriel-vasile/mimetype
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-25 12:21:12 -05:00
dependabot[bot]
8df5925854
chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 ( #1083 )
...
Bumps [github.com/Masterminds/sprig/v3](https://github.com/Masterminds/sprig ) from 3.2.2 to 3.2.3.
- [Release notes](https://github.com/Masterminds/sprig/releases )
- [Changelog](https://github.com/Masterminds/sprig/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Masterminds/sprig/compare/v3.2.2...v3.2.3 )
---
updated-dependencies:
- dependency-name: github.com/Masterminds/sprig/v3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-25 12:17:03 -05:00
Keith Zantow
e99a95697c
chore: align makefile and bootstrap tools scripts more with syft ( #1073 )
2023-01-25 16:27:42 +00:00
Weston Steimel
5b0f0fe3b9
chore: enable dependabot on gomod and GitHub actions ( #1072 )
...
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2023-01-25 15:58:56 +00:00
anchore-actions-token-generator[bot]
26e77896b3
Update grype bootstrap tools to latest versions. ( #1070 )
2023-01-25 09:44:40 -05:00
Keith Zantow
ed074f05c3
fix: always include severity in cyclonedx output ( #1067 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-01-23 16:04:31 -05:00
anchore-actions-token-generator[bot]
d28269c190
Update Syft to v0.68.0 ( #1064 )
2023-01-21 09:40:51 -05:00
Dan Luhring
b40b54db03
Add protobuf FPs to default ignore list ( #1062 )
...
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
2023-01-20 17:29:39 -05:00
anchore-actions-token-generator[bot]
88de2ae82b
chore: update Syft to v0.66.2 ( #1060 )
2023-01-18 12:50:46 -05:00
anchore-actions-token-generator[bot]
465d5c86a4
Update grype bootstrap tools to latest versions. ( #1055 )
...
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
2023-01-12 16:20:15 -05:00
Keith Zantow
bc6d838030
feat: allow grype db diff to specify local db directories ( #1058 )
2023-01-12 11:26:04 -05:00
Batuhan Apaydın
c4db725492
chore: claim artifacthub package ownership from developer-guy ( #661 )
...
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
2023-01-11 15:26:17 -05:00
Keith Zantow
5ff7b07748
chore: add github token to quality tests ( #1056 )
2023-01-11 13:48:02 -05:00
Keith Zantow
b01678d192
chore: update yardstick to diagnose intermittent failures ( #1054 )
2023-01-09 17:44:08 -05:00
anchore-actions-token-generator[bot]
3a8b2e3a9f
Update grype bootstrap tools to latest versions. ( #1048 )
2023-01-05 10:36:05 -05:00
Keith Zantow
c559833c7e
fix: sort vulnerability results ( #1052 )
2023-01-04 15:46:30 -05:00
Benji Visser
3748e8e20c
Adding internal/file/hasher test cases ( #1049 )
2023-01-04 13:50:10 -05:00
Keith Zantow
04a84a4440
fix: orient by cve merging ( #1046 )
2023-01-04 13:41:10 -05:00
anchore-actions-token-generator[bot]
3ff1d64eab
Update Syft to v0.64.0 ( #1047 )
2022-12-23 16:33:08 -05:00
Keith Zantow
03b402a5ae
fix: update removing results based on ownership-by-file-overlap ( #1045 )
2022-12-23 08:39:24 -05:00
Christopher Angelo Phillips
a62a3a413e
feat: swap custom cyclone-dx model for cyclone-dx library ( #1038 )
...
grype currently produces CYCLONE-DX SBOM that are not compliant with the cyclone-dx tooling libraries. Rather than write the logic in two places, this PR moves grype to use syft's formatting functions as a library to produce valid CYCLONE-DX SBOM components along with the discovered vulnerabilities.
For more context on impacted issues:
https://github.com/anchore/grype/issues/796
https://github.com/anchore/grype/issues/951
2022-12-22 16:35:09 +00:00
Weston Steimel
ea05be970a
chore: add GitLab Community Edition image to quality gate ( #1035 )
...
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2022-12-13 10:08:46 -05:00
anchore-actions-token-generator[bot]
93499eec7e
Update Syft to v0.63.0 ( #1037 )
2022-12-12 19:30:04 -05:00
Keith Zantow
2c94031e1e
fix: Exclude binary packages that have overlap by file ownership relationship ( #1024 )
2022-12-12 15:59:47 -05:00
Keith Zantow
2ace4c0b11
docs: update quality gate docs ( #1032 )
2022-12-12 15:59:25 -05:00
Alex Goodman
a869480f89
Optionally orient results by CVE ( #1020 )
...
Co-authored-by: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2022-12-08 15:22:40 -05:00
Weston Steimel
ef82b33465
chore: bump yardstick to latest commit ( #1027 )
2022-12-07 20:14:45 -05:00
anchore-actions-token-generator[bot]
0a2a7b7cbb
Update Syft to v0.62.3 ( #1026 )
...
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2022-12-07 18:30:38 -05:00
Christopher Angelo Phillips
cdb8f3fa45
chore: change CVE example to official sample ( #1028 )
...
CVE-2017-41432 is not a valid ID but in theory could be one day. Changed it to CVE-2014-54321 which is one of a number sample IDs used during the Syntax change in 2013/2014. References: cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-54321 cve.mitre.org/data/board/archives/2013-04/msg00000.html
Co-authored-by: Jericho <3095424+attritionorg@users.noreply.github.com>
2022-12-06 13:03:40 -05:00
Keith Zantow
36c4604383
fix: Table format sorting ( #1023 )
2022-11-30 18:05:08 +00:00
Christopher Angelo Phillips
1b33a59342
fix: update architecture release for to ppc64le ( #1021 )
2022-11-29 17:44:59 -05:00
anchore-actions-token-generator[bot]
dd8015e7a5
Update grype bootstrap tools to latest versions. ( #1017 )
...
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
2022-11-29 10:09:08 -05:00
anchore-actions-token-generator[bot]
6bdb3b50c4
Update Syft to v0.62.2 ( #1018 )
...
Signed-off-by: GitHub <noreply@github.com>
2022-11-29 08:40:34 +00:00
Weston Steimel
3183c0b58b
chore: update quality gate with latest label data ( #1016 )
...
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2022-11-25 18:59:20 +00:00
Weston Steimel
788ca5cf75
chore: update digest for test fixture dockerfile ( #1015 )
...
* chore: update digest for test fixture dockerfile
The previous digest was specifically for i386. The updated digest should use the manifest to determine the correct platform to use based on the client.
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* chore: add digesst on archlinux test fixture image
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2022-11-25 15:42:43 +00:00
Christopher Angelo Phillips
ac8f769179
test: remove presenter tests reliance on docker from unit suite ( #1013 )
2022-11-23 21:46:41 +00:00
Keith Zantow
26609a8087
fix: swapped base container images ( #1011 )
2022-11-22 09:49:36 -05:00
Christopher Angelo Phillips
26438862df
chore: update default packages to read ( #1007 )
2022-11-21 13:07:42 -05:00
anchore-actions-token-generator[bot]
826726d553
Update Syft to v0.62.1 ( #1006 )
2022-11-21 11:11:25 -05:00
anchore-actions-token-generator[bot]
426c60ba74
Update grype bootstrap tools to latest versions. ( #1004 )
...
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
2022-11-21 09:57:27 -05:00
Christopher Angelo Phillips
d5c93aa00f
scoped: token release for content write on image assets ( #1002 )
2022-11-18 22:32:49 +00:00
