Commit graph

1399 commits

Author SHA1 Message Date
anchore-actions-token-generator[bot]
556ab2b959
chore(deps): update bootstrap tools to latest versions (#1776)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-03-30 17:50:51 -04:00
dependabot[bot]
c807af5f4f
chore(deps): bump gorm.io/gorm from 1.25.8 to 1.25.9 (#1775)
Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.25.8 to 1.25.9.
- [Release notes](https://github.com/go-gorm/gorm/releases)
- [Commits](https://github.com/go-gorm/gorm/compare/v1.25.8...v1.25.9)

---
updated-dependencies:
- dependency-name: gorm.io/gorm
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-28 16:35:57 -04:00
guangwu
002dea7adc
fix: make bootstrap-tools failed (#1739)
Signed-off-by: guoguangwu <guoguangwug@gmail.com>
2024-03-28 16:35:36 -04:00
Seiya
c4c6a40a2e
fix: use "path/filepath" to build file path (#1767)
Signed-off-by: seiya <20365512+seiyab@users.noreply.github.com>
2024-03-26 12:19:44 -04:00
Hung Nguyen
8c1f4ceff3
update release token from readonly to write token (#1768)
Signed-off-by: Hung Nguyen <hung.tran.nguyen.585@gmail.com>
2024-03-26 11:59:48 -04:00
dependabot[bot]
0178ae522c
chore(deps): bump anchore/sbom-action from 0.15.9 to 0.15.10 (#1771) 2024-03-26 15:44:41 +00:00
anchore-actions-token-generator[bot]
e531660d63
chore(deps): update Syft to v1.1.0 (#1769) 2024-03-26 11:44:13 -04:00
dependabot[bot]
16e954ab35
chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.33.0 (#1750)
Bumps google.golang.org/protobuf from 1.31.0 to 1.33.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-21 13:22:55 -04:00
dependabot[bot]
32853abe08
chore(deps): bump github.com/glebarez/sqlite from 1.10.0 to 1.11.0 (#1751)
Bumps [github.com/glebarez/sqlite](https://github.com/glebarez/sqlite) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/glebarez/sqlite/releases)
- [Commits](https://github.com/glebarez/sqlite/compare/v1.10.0...v1.11.0)

---
updated-dependencies:
- dependency-name: github.com/glebarez/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-21 13:22:27 -04:00
dependabot[bot]
8afe1ccf65
chore(deps): bump fountainhead/action-wait-for-check from 1.1.0 to 1.2.0 (#1753)
Bumps [fountainhead/action-wait-for-check](https://github.com/fountainhead/action-wait-for-check) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/fountainhead/action-wait-for-check/releases)
- [Commits](297be350cf...5a908a2481)

---
updated-dependencies:
- dependency-name: fountainhead/action-wait-for-check
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-21 13:22:19 -04:00
dependabot[bot]
ee402f9020
chore(deps): bump gorm.io/gorm from 1.25.7 to 1.25.8 (#1756)
Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.25.7 to 1.25.8.
- [Release notes](https://github.com/go-gorm/gorm/releases)
- [Commits](https://github.com/go-gorm/gorm/compare/v1.25.7...v1.25.8)

---
updated-dependencies:
- dependency-name: gorm.io/gorm
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-21 13:22:13 -04:00
dependabot[bot]
270fdd30d4
chore(deps): bump github.com/google/go-containerregistry (#1754)
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.19.0 to 0.19.1.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.19.0...v0.19.1)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-21 13:22:06 -04:00
anchore-actions-token-generator[bot]
582cb75bc2
chore(deps): update bootstrap tools to latest versions (#1758)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-03-21 13:21:58 -04:00
dependabot[bot]
4147d91beb
chore(deps): bump actions/cache from 4.0.1 to 4.0.2 (#1761)
Bumps [actions/cache](https://github.com/actions/cache) from 4.0.1 to 4.0.2.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](ab5e6d0c87...0c45773b62)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-21 13:21:46 -04:00
Hung Nguyen
fd7b4e4dff
updating credentials to scoped permissions (#1755)
* updating credentials to scoped permissions

Signed-off-by: Hung Nguyen <hung.tran.nguyen.585@gmail.com>

---------

Signed-off-by: Hung Nguyen <hung.tran.nguyen.585@gmail.com>
2024-03-20 17:36:09 -04:00
Alex Goodman
dbc8f159a3
dont warn on golang devel version (#1752)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-03-18 07:15:00 -04:00
dependabot[bot]
d420134bc1
chore(deps): bump docker/login-action from 3.0.0 to 3.1.0 (#1748)
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](343f7c4344...e92390c5fb)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-13 13:15:41 -04:00
dependabot[bot]
ab73f1b970
chore(deps): bump peter-evans/create-pull-request from 6.0.1 to 6.0.2 (#1746)
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](a4f52f8033...70a41aba78)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-12 13:17:33 -04:00
dependabot[bot]
e84e07fc07
chore(deps): bump actions/checkout from 4.1.1 to 4.1.2 (#1747)
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.1 to 4.1.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](b4ffde65f4...9bb56186c3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-12 13:17:04 -04:00
guangwu
e528261719
chore(code-comments): typo (#1745)
Signed-off-by: guoguangwu <guoguangwug@gmail.com>
2024-03-11 13:17:15 -04:00
guangwu
9701ea0972
chore: slice loop replace (#1738)
Signed-off-by: guoguangwu <guoguangwug@gmail.com>
2024-03-07 13:18:51 -05:00
anchore-actions-token-generator[bot]
5c7923536b
chore(deps): update Syft to v1.0.1 (#1742)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-03-07 13:13:44 -05:00
dependabot[bot]
e864b373d9
chore(deps): bump github.com/anchore/syft from 1.0.0 to 1.0.1 (#1743)
Bumps [github.com/anchore/syft](https://github.com/anchore/syft) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/anchore/syft/releases)
- [Changelog](https://github.com/anchore/syft/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/anchore/syft/compare/v1.0.0...v1.0.1)

---
updated-dependencies:
- dependency-name: github.com/anchore/syft
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-07 12:59:16 -05:00
dependabot[bot]
6bf4b17623
chore(deps): bump github.com/docker/docker (#1744)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.3+incompatible to 25.0.4+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v25.0.3...v25.0.4)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-07 12:59:05 -05:00
dependabot[bot]
0c60849d49
chore(deps): bump anchore/sbom-action from 0.15.8 to 0.15.9 (#1740)
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.15.8 to 0.15.9.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](b6a39da807...9fece9e200)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-06 14:26:39 -05:00
dependabot[bot]
296b0901cf
chore(deps): bump github.com/charmbracelet/lipgloss from 0.9.1 to 0.10.0 (#1741)
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.9.1 to 0.10.0.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases)
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.9.1...v0.10.0)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-06 14:26:30 -05:00
dependabot[bot]
8e7f5cf85a
chore(deps): bump actions/cache from 4.0.0 to 4.0.1 (#1735)
Bumps [actions/cache](https://github.com/actions/cache) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](13aacd865c...ab5e6d0c87)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-01 13:49:48 -05:00
dependabot[bot]
ec21e628c7
chore(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#1736)
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-01 13:08:49 -05:00
dependabot[bot]
484647fcdf
chore(deps): bump github.com/anchore/syft (#1734)
Bumps [github.com/anchore/syft](https://github.com/anchore/syft) from 0.105.2-0.20240227214437-a978966cadfc to 1.0.0.
- [Release notes](https://github.com/anchore/syft/releases)
- [Changelog](https://github.com/anchore/syft/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/anchore/syft/commits/v1.0.0)

---
updated-dependencies:
- dependency-name: github.com/anchore/syft
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-29 10:40:45 -05:00
dependabot[bot]
c08686308e
chore(deps): bump peter-evans/create-pull-request from 6.0.0 to 6.0.1 (#1733)
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](b1ddad2c99...a4f52f8033)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-29 10:16:57 -05:00
Keith Zantow
77e00feb42
chore: update syft source providers (#1727) 2024-02-27 20:47:51 -05:00
anchore-actions-token-generator[bot]
987238519b
chore(deps): update Syft to v0.105.1 (#1728) 2024-02-26 12:30:31 -05:00
Stefan Hacker
4813bfedb3
fix(install): return appropriate exit codes (#1725)
Signed-off-by: Stefan Hacker <mail@hacst.net>
2024-02-23 10:25:11 -05:00
Keith Zantow
f664c59997
chore(test): update quality test grype db (#1726) 2024-02-23 10:01:42 -05:00
Keith Zantow
d43208c014
fix: improve sarif descriptive text and fingerprint (#1720) 2024-02-22 15:36:57 -05:00
Seiya
5f7620fb80
chore: remove unused file internal/file/tar.go and its test (#1724)
Signed-off-by: seiya <20365512+seiyab@users.noreply.github.com>
2024-02-21 13:07:07 -05:00
Robert
09fdabd814
Added instruction to install with choco (#1716)
Signed-off-by: Robert Roos <robert.soor@gmail.com>
2024-02-20 12:02:47 -05:00
anchore-actions-token-generator[bot]
8b0d86420d
chore(deps): update bootstrap tools to latest versions (#1719)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-02-20 11:45:57 -05:00
Seiya
05953ead8c
chore: remove unused file internal/logger/logrus.go (#1721)
Signed-off-by: seiya <20365512+seiyab@users.noreply.github.com>
2024-02-20 11:35:38 -05:00
anchore-actions-token-generator[bot]
b9cf0e5cf8
chore(deps): update Syft to v0.105.0 (#1714)
* chore(deps): update Syft to v0.105.0

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* fix tests

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-14 22:09:50 +00:00
anchore-actions-token-generator[bot]
53279333ee
chore(deps): update bootstrap tools to latest versions (#1707) 2024-02-14 13:56:09 +00:00
Weston Steimel
63a5788cb2
test(quality): bump label dataset and images (#1712)
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2024-02-13 13:38:04 -05:00
William Murphy
6b38079fad
fix: only warn missing CPEs if CPEs wanted (#1710)
Previously, a warning would be logged about missing CPEs even when
processing packages for which CPEs would never be matched on. Instead,
return a specific error when attempting to match by CPEs on a package
with no CPEs.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
2024-02-12 09:26:56 -05:00
Keith Zantow
ba0cc19a1e
fix: ensure version output to stdout (#1709) 2024-02-09 21:05:52 +00:00
anchore-actions-token-generator[bot]
b870b189c2
chore(deps): update bootstrap tools to latest versions (#1706)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-02-08 10:40:28 -05:00
anchore-actions-token-generator[bot]
74780902ed
chore(deps): update Syft to v0.104.0 (#1704)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-02-07 16:14:57 -05:00
William Murphy
396cc0aea7
Bump Syft in Grype to pull in unmarshaling fix (#1703)
* WIP: package builds but tests do not

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* WIP: some unit tests compile

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* WIP: unit tests compile but do not pass

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* Units passing with some changes to syft

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* fix: excludes plus bad sbom should not suppress error

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* add conan entry v2 package test

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* bump syft again

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* chore: fix compiler error in integration tests

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* chore: remove erlang OTP from package types that must be seen in test image

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* bump syft version used

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-07 14:28:48 -05:00
dependabot[bot]
68b2796026
chore(deps): bump github.com/docker/docker (#1702)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.2+incompatible to 25.0.3+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v25.0.2...v25.0.3)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-07 11:32:18 -05:00
dependabot[bot]
705b20a56f
chore(deps): bump gorm.io/gorm from 1.25.6 to 1.25.7 (#1700)
Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.25.6 to 1.25.7.
- [Release notes](https://github.com/go-gorm/gorm/releases)
- [Commits](https://github.com/go-gorm/gorm/compare/v1.25.6...v1.25.7)

---
updated-dependencies:
- dependency-name: gorm.io/gorm
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-06 11:42:58 -05:00
anchore-actions-token-generator[bot]
9a1f5ce97b
chore(deps): update bootstrap tools to latest versions (#1698)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-02-06 10:48:20 -05:00