Christopher Angelo Phillips
b90c881ab4
chore: bootstrap action cleanup ( #1587 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-11-06 21:55:37 -05:00
Christopher Angelo Phillips
401d67cd96
feat: add custom maven comparator ( #1571 )
...
This PR takes the recommendation from #1526 and adapts the go-mvn-version to be used as a custom comparator for matching against packages that have the JavaPkg type. Packages of type JavaPkg will no longer use the stock matcher.
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-27 14:24:56 -04:00
William Murphy
1ab051bac9
chore: fix path to quality tests ( #1578 )
...
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-10-27 11:23:19 -04:00
Alex Goodman
a276bf120b
capture quality gate state on failures ( #1576 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-26 14:31:30 -04:00
dependabot[bot]
dd823d19f6
chore(deps): bump ossf/scorecard-action from 2.3.0 to 2.3.1 ( #1570 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](483ef80eb9...0864cf1902
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-24 11:50:13 -04:00
dependabot[bot]
4c3ff476fa
chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 ( #1564 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8ade135a41...b4ffde65f4
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-18 13:50:51 -04:00
Shubham Hibare
e0e8b355f0
Add checksum signing ( #1535 )
...
* Add checksum signing
Signed-off-by: Shubham Hibare <shubham@hibare.in>
* Add artifact signature verification steps
Signed-off-by: Shubham Hibare <shubham@hibare.in>
---------
Signed-off-by: Shubham Hibare <shubham@hibare.in>
2023-10-12 15:38:30 -04:00
Weston Steimel
25762b7e3b
feat: disable CPE-based matching for GHSA ecosystems by default ( #1412 )
...
* feat: disable CPE-based matching for GHSA ecosystems by default
Disables CPE-based matching for ecosystems which are covered by GitHub
Security Advisories. Also adds a separate rust matcher and related
configuration to allow configuring CPE-based matching off for it while
still leaving it on for the stock matcher.
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* chore: use --by-cve with quality gate comparison
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* chore: add rust auditable binary match integration test
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
---------
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2023-10-12 09:07:33 -04:00
dependabot[bot]
88906fb60c
chore(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.0 ( #1544 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](08b4669551...483ef80eb9
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-09 13:05:06 -04:00
dependabot[bot]
cc522decdb
chore(deps): bump actions/checkout from 4.0.0 to 4.1.0 ( #1519 )
...
* chore(deps): bump actions/checkout from 4.0.0 to 4.1.0
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](3df4ab11eb...8ade135a41
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore: add version comment
Signed-off-by: Will Murphy <will.murphy@anchore.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Will Murphy <will.murphy@anchore.com>
2023-09-26 13:16:42 -04:00
dependabot[bot]
da3de94842
chore(deps): bump tibdex/github-app-token from 2.0.0 to 2.1.0 ( #1506 )
...
Bumps [tibdex/github-app-token](https://github.com/tibdex/github-app-token ) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/tibdex/github-app-token/releases )
- [Commits](0914d50df7...3beb63f4bd
)
---
updated-dependencies:
- dependency-name: tibdex/github-app-token
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-20 16:39:49 -04:00
Alex Goodman
18241e8986
Upgrade syft to v0.91.0 ( #1508 )
...
* bump syft to main
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* upgdate cyclonedx presenter fixtures (bump from cdx 1.4 to 1.5)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update cyclonedx schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* allow for pkg type exceptions for github actions and workflows
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update cyclonedx json schema from v1.4 to v1.5
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bump to syft v0.91.0
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* upgrade go-setup action to v4
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove asset upload from release workflow
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-09-20 16:39:23 -04:00
Alex Goodman
970fbd9166
Update chronicle to v0.8.0 ( #1507 )
...
* use annotated tags, update chronicle, fix cache keys
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* dont show the title in the release notes
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-09-20 16:06:08 -04:00
dependabot[bot]
b81340c7c6
chore(deps): bump actions/cache from 3.2.6 to 3.3.2 ( #1499 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.2.6 to 3.3.2.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](https://github.com/actions/cache/compare/v3.2.6...704facf57e6136b1bc63b828d79edcd491f0ee84 )
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-18 13:00:43 -04:00
Christopher Angelo Phillips
7a1f4a0891
chore: pin cache versions ( #1495 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-15 16:07:17 -04:00
dependabot[bot]
655c65facb
chore(deps): bump actions/checkout from 3 to 4 ( #1475 )
...
* chore(deps): bump actions/checkout from 3 to 4
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3...3df4ab11eba7bda6032a0b82a6bb43b11571feac )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore: update tag comments and standardize comments to # vx.x.x
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-15 15:25:20 -04:00
Christopher Angelo Phillips
9c0140d6b1
chore: pin actions; pin images; add top level action permissions ( #1493 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-15 14:29:37 -04:00
dependabot[bot]
6ee9054c88
chore(deps): bump docker/login-action from 2 to 3 ( #1488 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 2 to 3.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](https://github.com/docker/login-action/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: docker/login-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-12 14:04:24 -04:00
dependabot[bot]
8b34b585ca
chore(deps): bump tibdex/github-app-token from 1.8.2 to 2.0.0 ( #1485 )
...
Bumps [tibdex/github-app-token](https://github.com/tibdex/github-app-token ) from 1.8.2 to 2.0.0.
- [Release notes](https://github.com/tibdex/github-app-token/releases )
- [Commits](0d49dd7211...0914d50df7
)
---
updated-dependencies:
- dependency-name: tibdex/github-app-token
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-11 15:23:55 -04:00
Christopher Angelo Phillips
719feb0b44
chore: update grype to use Go v1.21 ( #1480 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-07 14:55:38 -04:00
dependabot[bot]
a04dfaac23
chore(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 ( #1481 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.2 to 3.1.3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](0b7f8abb15...a8a3f3ad30
)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-07 11:51:25 -04:00
dependabot[bot]
7b3605db24
chore(deps): bump tibdex/github-app-token from 1.8.0 to 1.8.2 ( #1474 )
...
Bumps [tibdex/github-app-token](https://github.com/tibdex/github-app-token ) from 1.8.0 to 1.8.2.
- [Release notes](https://github.com/tibdex/github-app-token/releases )
- [Commits](b62528385c...0d49dd7211
)
---
updated-dependencies:
- dependency-name: tibdex/github-app-token
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-07 10:20:24 -04:00
Keith Zantow
a2e41a5c58
chore: update quill version ( #1465 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-08-25 17:03:25 -04:00
dependabot[bot]
fff434156c
chore(deps): bump actions/setup-go from 4.0.1 to 4.1.0 ( #1421 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4.0.1 to 4.1.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](fac708d667...93397bea11
)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-08 13:29:12 -04:00
Weston Steimel
74a7a67b73
chore: use syft v0.86.1 in the quality gate tests ( #1418 )
...
* chore: use syft v0.86.1 in the quality gate tests
This ensures the CPE dict enhancements are taken into account for
future quality gate comparisons
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* fix: bump runner to use larger disk
Signed-off-by: Christopher Phillips <cphillips918@gmail.com>
---------
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Signed-off-by: Christopher Phillips <cphillips918@gmail.com>
Co-authored-by: Christopher Phillips <cphillips918@gmail.com>
2023-08-04 16:48:21 -04:00
Alex Goodman
11301356cf
add oss community board auto-add workflow ( #1364 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-06-27 15:57:08 -04:00
dependabot[bot]
5c5fb0e665
chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 ( #1363 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.1.3 to 2.2.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](80e868c13c...08b4669551
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-26 13:59:12 -04:00
dependabot[bot]
41d3d134d2
chore(deps): bump anchore/sbom-action from 0.14.2 to 0.14.3 ( #1357 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.14.2 to 0.14.3.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](4d571ad103...78fc58e266
)
---
updated-dependencies:
- dependency-name: anchore/sbom-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-22 12:04:09 -04:00
dependabot[bot]
4e31789324
chore(deps): bump peter-evans/create-pull-request from 5.0.1 to 5.0.2 ( #1351 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 5.0.1 to 5.0.2.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](284f54f989...153407881e
)
---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-14 15:58:43 -04:00
dependabot[bot]
7be9da43e1
chore(deps): bump github/codeql-action from 2.3.6 to 2.13.4 ( #1344 )
2023-06-13 13:40:02 +00:00
dependabot[bot]
dc9bc1ee04
chore(deps): bump github/codeql-action from 2.3.5 to 2.3.6 ( #1331 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.5 to 2.3.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0225834cc5...83f0fe6c49
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-01 15:41:37 -04:00
dependabot[bot]
ac67a27a87
chore(deps): bump github/codeql-action from 2.3.3 to 2.3.5 ( #1321 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.3 to 2.3.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](29b1f65c5e...0225834cc5
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-26 12:35:45 -04:00
dependabot[bot]
745dca977c
chore(deps): bump actions/setup-go from 4.0.0 to 4.0.1 ( #1298 )
2023-05-17 13:24:06 +00:00
dependabot[bot]
fce29858cb
chore(deps): bump anchore/sbom-action from 0.14.1 to 0.14.2 ( #1281 )
2023-05-08 17:07:35 +00:00
dependabot[bot]
8d47fedd54
chore(deps): bump github/codeql-action from 2.3.2 to 2.3.3 ( #1272 )
2023-05-05 18:55:27 +00:00
dependabot[bot]
7861b63981
chore(deps): bump github/codeql-action from 2.3.1 to 2.3.2 ( #1261 )
2023-05-02 20:34:05 +00:00
dependabot[bot]
2e835eaebf
chore(deps): bump peter-evans/create-pull-request from 5.0.0 to 5.0.1 ( #1263 )
2023-05-02 20:33:51 +00:00
dependabot[bot]
aa52d673d0
chore(deps): bump github/codeql-action from 2.3.0 to 2.3.1 ( #1258 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b2c19fb9a2...8662eabe0e
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-27 12:43:05 -04:00
dependabot[bot]
ae2fe4f063
chore(deps): bump github/codeql-action from 2.2.12 to 2.3.0 ( #1256 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.12 to 2.3.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](7df0ce3489...b2c19fb9a2
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-24 14:49:01 -04:00
dependabot[bot]
45d03b6df0
chore(deps): bump github/codeql-action from 2.2.11 to 2.2.12 ( #1233 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.11 to 2.2.12.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](d186a2a36c...7df0ce3489
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-17 11:42:08 -04:00
dependabot[bot]
5f7b4f2416
chore(deps): bump 8398a7/action-slack from 3.15.0 to 3.15.1 ( #1223 )
...
Bumps [8398a7/action-slack](https://github.com/8398a7/action-slack ) from 3.15.0 to 3.15.1.
- [Release notes](https://github.com/8398a7/action-slack/releases )
- [Commits](bdc6f9de22...fbd6aa58ba
)
---
updated-dependencies:
- dependency-name: 8398a7/action-slack
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-12 10:55:31 -04:00
dependabot[bot]
4b773c583e
chore(deps): bump github/codeql-action from 2.2.9 to 2.2.11 ( #1225 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.9 to 2.2.11.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](04df1262e6...d186a2a36c
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-12 10:54:35 -04:00
dependabot[bot]
01cbc98198
chore(deps): bump peter-evans/create-pull-request from 4.2.4 to 5.0.0 ( #1219 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 4.2.4 to 5.0.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](38e0b6e68b...5b4a9f6a9e
)
---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-05 19:07:58 -04:00
dependabot[bot]
537c47735c
chore(deps): bump anchore/sbom-action from 0.13.4 to 0.14.1 ( #1214 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.13.4 to 0.14.1.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](448520c4f1...422cb34a0f
)
---
updated-dependencies:
- dependency-name: anchore/sbom-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-03 14:35:56 -04:00
Keith Zantow
b9e40306d2
chore: update syft update ( #1211 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-04-03 10:28:53 -04:00
Keith Zantow
f40b5d43ab
chore: update deprecated set-output calls ( #1210 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-04-03 09:36:18 -04:00
dependabot[bot]
e5cb58f597
chore(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3 ( #1205 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.1.2 to 2.1.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](e38b1902ae...80e868c13c
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-31 09:39:00 -04:00
dependabot[bot]
fe76eb9efc
chore(deps): bump github/codeql-action from 2.2.8 to 2.2.9 ( #1197 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.8 to 2.2.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](67a35a0858...04df1262e6
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-27 12:51:20 -04:00
dependabot[bot]
4ac94147a4
chore(deps): bump github/codeql-action from 2.2.7 to 2.2.8 ( #1193 )
2023-03-24 07:49:13 -04:00
Keith Zantow
c1bc54f943
chore: tweak some workflow text ( #1190 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-03-21 11:09:10 -04:00