Commit graph

1401 commits

Author SHA1 Message Date
anchore-actions-token-generator[bot]
d7bf327d3c
chore(deps): update tools to latest versions (#1856)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-05-13 12:29:07 -04:00
dependabot[bot]
7ccaaf6904
chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 (#1858)
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.4 to 4.1.5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4.1.4...44c2b7a8a4ea60a981eaca3cf939b5f4305c123b)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-13 12:28:42 -04:00
dependabot[bot]
38ccf16049
chore(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 (#1859)
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.1 to 2.3.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](0864cf1902...dc50aa9510)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-13 12:28:33 -04:00
William Murphy
5ac483a3bc
fix: ask catalog for package rather than type asserting (#1857)
This fixes a class of false positive where removing language packages that are
owned by OS packages would incorrectly fail due to a buggy type assertion.

---------

Signed-off-by: Will Murphy <will.murphy@anchore.com>
2024-05-10 15:20:24 +00:00
Alex Goodman
24d5d4ffb2
Upgrade tool management (#1842)
* upgrade tool management

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* update version file on release

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-05-09 16:25:00 -04:00
anchore-actions-token-generator[bot]
e0c2b90da0
chore(deps): update Syft to v1.4.0 (#1855)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-05-09 20:15:15 +00:00
anchore-actions-token-generator[bot]
39e9843d47
chore(deps): update bootstrap tools to latest versions (#1852)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-05-09 12:04:53 -04:00
dependabot[bot]
f66a7f0f64
chore(deps): bump github.com/charmbracelet/bubbletea (#1853)
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea) from 0.26.1 to 0.26.2.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases)
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.26.1...v0.26.2)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-09 12:04:30 -04:00
dependabot[bot]
f396a579f6
chore(deps): bump github.com/docker/docker (#1854)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 26.1.1+incompatible to 26.1.2+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v26.1.1...v26.1.2)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-09 12:04:21 -04:00
dependabot[bot]
6b8f0f5eaa
chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 (#1847)
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.4 to 4.1.5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](0ad4b8fada...44c2b7a8a4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-07 13:25:45 -04:00
Arvind Somya
88b6139c69
Revert "feat: modify metadata structure for providers' pull date (#1795)" (#1846)
This reverts commit 4584423321.

Signed-off-by: Arvind Somya <arvind.somya@anchore.com>
2024-05-06 15:39:40 -04:00
dependabot[bot]
c6bbb6ba2c
chore(deps): bump github.com/charmbracelet/bubbletea (#1844)
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea) from 0.26.0 to 0.26.1.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases)
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.26.0...v0.26.1)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-06 11:45:18 -04:00
anchore-actions-token-generator[bot]
6700983fe8
chore(deps): update bootstrap tools to latest versions (#1845)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-05-06 11:45:09 -04:00
dependabot[bot]
61c962f856
chore(deps): bump actions/setup-go from 5.0.0 to 5.0.1 (#1840)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](0c52d547c9...cdcb360436)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-02 14:13:22 -04:00
dependabot[bot]
216ebc4f11
chore(deps): bump github.com/charmbracelet/bubbletea (#1841)
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea) from 0.25.0 to 0.26.0.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases)
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.25.0...v0.26.0)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-02 14:11:55 -04:00
dependabot[bot]
be167e8d72
chore(deps): bump github.com/docker/docker (#1839)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 26.1.0+incompatible to 26.1.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v26.1.0...v26.1.1)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-01 12:38:31 -04:00
Keith Zantow
bd16101ad0
fix: update ignored vulnerability count in tui (#1837) 2024-05-01 11:46:50 -04:00
Keith Zantow
6b9ea217f3
fix: update sarif to pass microsoft validator (#1838)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-04-30 14:45:48 -04:00
dependabot[bot]
8210bf2613
chore(deps): bump anchore/sbom-action from 0.15.10 to 0.15.11 (#1835)
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.15.10 to 0.15.11.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](ab5d7b5f48...7ccf588e3c)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-29 13:13:03 -04:00
dependabot[bot]
11fe1a5bb2
chore(deps): bump gorm.io/gorm from 1.25.9 to 1.25.10 (#1831)
Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.25.9 to 1.25.10.
- [Release notes](https://github.com/go-gorm/gorm/releases)
- [Commits](https://github.com/go-gorm/gorm/compare/v1.25.9...v1.25.10)

---
updated-dependencies:
- dependency-name: gorm.io/gorm
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-26 12:44:55 -04:00
anchore-actions-token-generator[bot]
15059bfc3b
chore(deps): update Syft to v1.3.0 (#1832)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <12529630+willmurphyscode@users.noreply.github.com>
2024-04-26 12:42:56 -04:00
dependabot[bot]
b3e26e6597
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.3 to 0.5.4 (#1824)
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.5.3 to 0.5.4.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.3...v0.5.4)

---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-25 16:57:09 -04:00
dependabot[bot]
f247c622a9
chore(deps): bump actions/checkout from 4.1.3 to 4.1.4 (#1823)
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.3 to 4.1.4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](1d96c772d1...0ad4b8fada)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-25 16:57:01 -04:00
dependabot[bot]
32da42f16c
chore(deps): bump github.com/anchore/stereoscope (#1825)
Bumps [github.com/anchore/stereoscope](https://github.com/anchore/stereoscope) from 0.0.2-0.20240229175558-fe426d1b1c84 to 0.0.2.
- [Release notes](https://github.com/anchore/stereoscope/releases)
- [Changelog](https://github.com/anchore/stereoscope/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/anchore/stereoscope/commits/v0.0.2)

---
updated-dependencies:
- dependency-name: github.com/anchore/stereoscope
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-25 16:56:53 -04:00
dependabot[bot]
92e864df35
chore(deps): bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#1828)
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 6.0.4 to 6.0.5.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](9153d834b6...6d6857d369)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-25 16:56:42 -04:00
Christopher Angelo Phillips
8c044b0d08
fix: update grype version to support darwin arm64 (#1830)
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-04-25 18:34:48 +00:00
dependabot[bot]
d37674ee17
chore(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 (#1820)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.2 to 4.3.3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](1746f4ab65...65462800fd)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-24 15:23:41 -04:00
Dan Luhring
aed8e6304e
docs: update README with newer data sources (#1819)
* docs: update README with newer data sources

Signed-off-by: Dan Luhring <dluhring@chainguard.dev>

* docs: add Wolfi to distro list

Signed-off-by: Dan Luhring <dluhring@chainguard.dev>

---------

Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
2024-04-24 12:07:33 -04:00
dependabot[bot]
ca52c5cb18
chore(deps): bump github.com/docker/docker (#1821)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 26.0.2+incompatible to 26.1.0+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v26.0.2...v26.1.0)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-24 12:06:36 -04:00
Tony DevOps
a9dc753c7f
Add some more examples for the config.yaml file in the README. (#1811)
---------
Signed-off-by: Tony DevOps <868644+TonyLovesDevOps@users.noreply.github.com>
2024-04-22 17:53:38 +00:00
dependabot[bot]
94f180da76
chore(deps): bump github.com/docker/docker (#1817)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 26.0.1+incompatible to 26.0.2+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v26.0.1...v26.0.2)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-19 15:07:34 -04:00
dependabot[bot]
31352f6103
chore(deps): bump actions/checkout from 4.1.2 to 4.1.3 (#1818)
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.2 to 4.1.3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](9bb56186c3...1d96c772d1)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-19 15:07:24 -04:00
Christopher Angelo Phillips
b7ffbeee53
config: add config opt in golang pseudo version main module comparison (#1816)
config: add config opt in golang pseudo version main module comparison
---------

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-04-18 14:40:52 -04:00
dependabot[bot]
28df30c0ed
chore(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 (#1814)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.1 to 4.3.2.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](5d5d22a312...1746f4ab65)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-18 12:38:59 -04:00
Arvind Somya
4584423321
feat: modify metadata structure for providers' pull date (#1795)
modifying metadata to store provider last successful run date

Signed-off-by: Arvind Somya <arvind.somya@anchore.com>
2024-04-18 11:27:42 -04:00
Zach Hill
378959d60c
fix: add linux and libc-dev headers ignore rules for debian packages (#1809)
Signed-off-by: Zach Hill <zach@anchore.com>
2024-04-17 11:42:08 -07:00
dependabot[bot]
237cd0cf8c
chore(deps): bump peter-evans/create-pull-request from 6.0.3 to 6.0.4 (#1808)
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 6.0.3 to 6.0.4.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](c55203cfde...9153d834b6)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-17 12:58:36 -04:00
Firas AlShafei
8e1cce03c8
feat: add html template (#1806)
- responsive template using datatables.js
- filtering option
- pdf export option

Signed-off-by: Firas AlShafei <firas.alshafei@hitachienergy.com>
2024-04-16 11:41:50 -04:00
Dan Luhring
6dde5ce9f4
fix: use Go main module version (#1797)
When its helpful, that is. This doesnt change the behavior of matching a main module with "(devel") as the version, but in cases where a more useful version is provided, such as when Syft was able to compute a reasonable pseudoversion, we use the version in for best effort matching.

Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
2024-04-16 11:06:17 -04:00
Zach Hill
a7cbe3a26c
fix: adds ignore rules for kernel-headers indirect matches (#1787)
* fix: adds ignore rules for kernel-headers indirect matches

Adds ignoring of kernel-headers indirect matches on kernel vulns
since the kernel-headers package does not have the kernel code in it
that kernel vulns are actually referring to.

Adds a config value to control this ignore behavior that defaults to
enabling the ignore rules.

Fixes: 1762

* Adds ignore rule support for match types and upstream package names.
* Adds default ignore rules for kernel-headers indirect matches on kernel
for rpms.

Signed-off-by: Zach Hill <zach@anchore.com>

* chore: add match-upstream-kernel-headers config to README.md

Signed-off-by: Zach Hill <zach@anchore.com>

* chore: update match labels

Signed-off-by: Keith Zantow <kzantow@gmail.com>

---------

Signed-off-by: Zach Hill <zach@anchore.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
2024-04-15 13:29:19 -07:00
dependabot[bot]
018b415abd
chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 (#1805)
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.7.3 to 1.7.4.
- [Release notes](https://github.com/hashicorp/go-getter/releases)
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml)
- [Commits](https://github.com/hashicorp/go-getter/compare/v1.7.3...v1.7.4)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-15 12:27:26 -04:00
oftenoccur
4c5e4c64f4
chore: fix function name in comment (#1798)
Signed-off-by: oftenoccur <ezc5@sina.com>
2024-04-12 15:24:54 -04:00
dependabot[bot]
a093c951d5
chore(deps): bump peter-evans/create-pull-request from 6.0.2 to 6.0.3 (#1802)
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](70a41aba78...c55203cfde)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-12 15:24:35 -04:00
anchore-actions-token-generator[bot]
9ce3048adb
chore(deps): update Syft to v1.2.0 (#1803) 2024-04-12 18:57:16 +00:00
dependabot[bot]
062217c7b6
chore(deps): bump github.com/docker/docker (#1800)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 26.0.0+incompatible to 26.0.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v26.0.0...v26.0.1)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-11 13:35:11 -04:00
dependabot[bot]
3c23dea01f
chore(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 (#1801)
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](e1523de757...59acb6260d)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-11 13:31:58 -04:00
dependabot[bot]
2d613a816d
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.2 to 0.5.3 (#1791)
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.5.2 to 0.5.3.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.2...v0.5.3)

---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-08 16:24:35 +00:00
Weston Steimel
420c0cd0b3
test: fuzzy version comparison for java versions (#1788)
Adds tests to ensure fuzzy version comparison logic works as expected
for java version strings under both the pre version 9 schema and the
modern semver equivalents.  Details of the version schemes can be found
in https://openjdk.org/jeps/223

Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-04-05 13:17:33 -04:00
Christopher Angelo Phillips
046c19102d
chore: readme formats updated with sarif option (#1786)
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-04-04 21:02:45 +00:00
Christopher Angelo Phillips
57af1c34cb
chore: update syft to latest v1.1.1 (#1784)
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-04-04 11:52:02 -04:00