dependabot[bot]
28df30c0ed
chore(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 ( #1814 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.1 to 4.3.2.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](5d5d22a312...1746f4ab65
2024-04-18 12:38:59 -04:00
Arvind Somya
4584423321
feat: modify metadata structure for providers' pull date ( #1795 )
...
modifying metadata to store provider last successful run date
Signed-off-by: Arvind Somya <arvind.somya@anchore.com>
2024-04-18 11:27:42 -04:00
Zach Hill
378959d60c
fix: add linux and libc-dev headers ignore rules for debian packages ( #1809 )
...
Signed-off-by: Zach Hill <zach@anchore.com>
2024-04-17 11:42:08 -07:00
dependabot[bot]
237cd0cf8c
chore(deps): bump peter-evans/create-pull-request from 6.0.3 to 6.0.4 ( #1808 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 6.0.3 to 6.0.4.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](c55203cfde...9153d834b6
2024-04-17 12:58:36 -04:00
Firas AlShafei
8e1cce03c8
feat: add html template ( #1806 )
...
- responsive template using datatables.js
- filtering option
- pdf export option
Signed-off-by: Firas AlShafei <firas.alshafei@hitachienergy.com>
2024-04-16 11:41:50 -04:00
Dan Luhring
6dde5ce9f4
fix: use Go main module version ( #1797 )
...
When its helpful, that is. This doesnt change the behavior of matching a main module with "(devel") as the version, but in cases where a more useful version is provided, such as when Syft was able to compute a reasonable pseudoversion, we use the version in for best effort matching.
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
2024-04-16 11:06:17 -04:00
Zach Hill
a7cbe3a26c
fix: adds ignore rules for kernel-headers indirect matches ( #1787 )
...
* fix: adds ignore rules for kernel-headers indirect matches
Adds ignoring of kernel-headers indirect matches on kernel vulns
since the kernel-headers package does not have the kernel code in it
that kernel vulns are actually referring to.
Adds a config value to control this ignore behavior that defaults to
enabling the ignore rules.
Fixes: 1762
* Adds ignore rule support for match types and upstream package names.
* Adds default ignore rules for kernel-headers indirect matches on kernel
for rpms.
Signed-off-by: Zach Hill <zach@anchore.com>
* chore: add match-upstream-kernel-headers config to README.md
Signed-off-by: Zach Hill <zach@anchore.com>
* chore: update match labels
Signed-off-by: Keith Zantow <kzantow@gmail.com>
---------
Signed-off-by: Zach Hill <zach@anchore.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
2024-04-15 13:29:19 -07:00
dependabot[bot]
018b415abd
chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 ( #1805 )
...
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter ) from 1.7.3 to 1.7.4.
- [Release notes](https://github.com/hashicorp/go-getter/releases )
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml )
- [Commits](https://github.com/hashicorp/go-getter/compare/v1.7.3...v1.7.4 )
---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-15 12:27:26 -04:00
oftenoccur
4c5e4c64f4
chore: fix function name in comment ( #1798 )
...
Signed-off-by: oftenoccur <ezc5@sina.com>
2024-04-12 15:24:54 -04:00
dependabot[bot]
a093c951d5
chore(deps): bump peter-evans/create-pull-request from 6.0.2 to 6.0.3 ( #1802 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](70a41aba78...c55203cfde
2024-04-12 15:24:35 -04:00
anchore-actions-token-generator[bot]
9ce3048adb
chore(deps): update Syft to v1.2.0 ( #1803 )
2024-04-12 18:57:16 +00:00
dependabot[bot]
062217c7b6
chore(deps): bump github.com/docker/docker ( #1800 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 26.0.0+incompatible to 26.0.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v26.0.0...v26.0.1 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-11 13:35:11 -04:00
dependabot[bot]
3c23dea01f
chore(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 ( #1801 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](e1523de757...59acb6260d
2024-04-11 13:31:58 -04:00
dependabot[bot]
2d613a816d
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.2 to 0.5.3 ( #1791 )
...
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) from 0.5.2 to 0.5.3.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.2...v0.5.3 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-08 16:24:35 +00:00
Weston Steimel
420c0cd0b3
test: fuzzy version comparison for java versions ( #1788 )
...
Adds tests to ensure fuzzy version comparison logic works as expected
for java version strings under both the pre version 9 schema and the
modern semver equivalents. Details of the version schemes can be found
in https://openjdk.org/jeps/223
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-04-05 13:17:33 -04:00
Christopher Angelo Phillips
046c19102d
chore: readme formats updated with sarif option ( #1786 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-04-04 21:02:45 +00:00
Christopher Angelo Phillips
57af1c34cb
chore: update syft to latest v1.1.1 ( #1784 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-04-04 11:52:02 -04:00
William Murphy
7c849c33b0
fix: enable http timeout ( #1777 )
...
* fix: enable http timeout
Otherwise grype db commands can hang if the CDN is having issues.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
* separate timeouts for listing and database download
Signed-off-by: Will Murphy <will.murphy@anchore.com>
* assign timeout after checking err is nil
Signed-off-by: Will Murphy <will.murphy@anchore.com>
* add unit test for timeout behavior
Signed-off-by: Will Murphy <will.murphy@anchore.com>
---------
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2024-04-04 10:54:08 -04:00
anchore-actions-token-generator[bot]
39f460b8f7
chore(deps): update bootstrap tools to latest versions ( #1781 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-04-04 09:31:22 -04:00
anchore-actions-token-generator[bot]
556ab2b959
chore(deps): update bootstrap tools to latest versions ( #1776 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-03-30 17:50:51 -04:00
dependabot[bot]
c807af5f4f
chore(deps): bump gorm.io/gorm from 1.25.8 to 1.25.9 ( #1775 )
...
Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm ) from 1.25.8 to 1.25.9.
- [Release notes](https://github.com/go-gorm/gorm/releases )
- [Commits](https://github.com/go-gorm/gorm/compare/v1.25.8...v1.25.9 )
---
updated-dependencies:
- dependency-name: gorm.io/gorm
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-28 16:35:57 -04:00
guangwu
002dea7adc
fix: make bootstrap-tools failed ( #1739 )
...
Signed-off-by: guoguangwu <guoguangwug@gmail.com>
2024-03-28 16:35:36 -04:00
Seiya
c4c6a40a2e
fix: use "path/filepath" to build file path ( #1767 )
...
Signed-off-by: seiya <20365512+seiyab@users.noreply.github.com>
2024-03-26 12:19:44 -04:00
Hung Nguyen
8c1f4ceff3
update release token from readonly to write token ( #1768 )
...
Signed-off-by: Hung Nguyen <hung.tran.nguyen.585@gmail.com>
2024-03-26 11:59:48 -04:00
dependabot[bot]
0178ae522c
chore(deps): bump anchore/sbom-action from 0.15.9 to 0.15.10 ( #1771 )
2024-03-26 15:44:41 +00:00
anchore-actions-token-generator[bot]
e531660d63
chore(deps): update Syft to v1.1.0 ( #1769 )
2024-03-26 11:44:13 -04:00
dependabot[bot]
16e954ab35
chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.33.0 ( #1750 )
...
Bumps google.golang.org/protobuf from 1.31.0 to 1.33.0.
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-21 13:22:55 -04:00
dependabot[bot]
32853abe08
chore(deps): bump github.com/glebarez/sqlite from 1.10.0 to 1.11.0 ( #1751 )
...
Bumps [github.com/glebarez/sqlite](https://github.com/glebarez/sqlite ) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/glebarez/sqlite/releases )
- [Commits](https://github.com/glebarez/sqlite/compare/v1.10.0...v1.11.0 )
---
updated-dependencies:
- dependency-name: github.com/glebarez/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-21 13:22:27 -04:00
dependabot[bot]
8afe1ccf65
chore(deps): bump fountainhead/action-wait-for-check from 1.1.0 to 1.2.0 ( #1753 )
...
Bumps [fountainhead/action-wait-for-check](https://github.com/fountainhead/action-wait-for-check ) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/fountainhead/action-wait-for-check/releases )
- [Commits](297be350cf...5a908a2481
2024-03-21 13:22:19 -04:00
dependabot[bot]
ee402f9020
chore(deps): bump gorm.io/gorm from 1.25.7 to 1.25.8 ( #1756 )
...
Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm ) from 1.25.7 to 1.25.8.
- [Release notes](https://github.com/go-gorm/gorm/releases )
- [Commits](https://github.com/go-gorm/gorm/compare/v1.25.7...v1.25.8 )
---
updated-dependencies:
- dependency-name: gorm.io/gorm
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-21 13:22:13 -04:00
dependabot[bot]
270fdd30d4
chore(deps): bump github.com/google/go-containerregistry ( #1754 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.19.0 to 0.19.1.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.19.0...v0.19.1 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-21 13:22:06 -04:00
anchore-actions-token-generator[bot]
582cb75bc2
chore(deps): update bootstrap tools to latest versions ( #1758 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-03-21 13:21:58 -04:00
dependabot[bot]
4147d91beb
chore(deps): bump actions/cache from 4.0.1 to 4.0.2 ( #1761 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.0.1 to 4.0.2.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](ab5e6d0c87...0c45773b62
2024-03-21 13:21:46 -04:00
Hung Nguyen
fd7b4e4dff
updating credentials to scoped permissions ( #1755 )
...
* updating credentials to scoped permissions
Signed-off-by: Hung Nguyen <hung.tran.nguyen.585@gmail.com>
---------
Signed-off-by: Hung Nguyen <hung.tran.nguyen.585@gmail.com>
2024-03-20 17:36:09 -04:00
Alex Goodman
dbc8f159a3
dont warn on golang devel version ( #1752 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-03-18 07:15:00 -04:00
dependabot[bot]
d420134bc1
chore(deps): bump docker/login-action from 3.0.0 to 3.1.0 ( #1748 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](343f7c4344...e92390c5fb
2024-03-13 13:15:41 -04:00
dependabot[bot]
ab73f1b970
chore(deps): bump peter-evans/create-pull-request from 6.0.1 to 6.0.2 ( #1746 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](a4f52f8033...70a41aba78
2024-03-12 13:17:33 -04:00
dependabot[bot]
e84e07fc07
chore(deps): bump actions/checkout from 4.1.1 to 4.1.2 ( #1747 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.1 to 4.1.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](b4ffde65f4...9bb56186c3
2024-03-12 13:17:04 -04:00
guangwu
e528261719
chore(code-comments): typo ( #1745 )
...
Signed-off-by: guoguangwu <guoguangwug@gmail.com>
2024-03-11 13:17:15 -04:00
guangwu
9701ea0972
chore: slice loop replace ( #1738 )
...
Signed-off-by: guoguangwu <guoguangwug@gmail.com>
2024-03-07 13:18:51 -05:00
anchore-actions-token-generator[bot]
5c7923536b
chore(deps): update Syft to v1.0.1 ( #1742 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-03-07 13:13:44 -05:00
dependabot[bot]
e864b373d9
chore(deps): bump github.com/anchore/syft from 1.0.0 to 1.0.1 ( #1743 )
...
Bumps [github.com/anchore/syft](https://github.com/anchore/syft ) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/anchore/syft/releases )
- [Changelog](https://github.com/anchore/syft/blob/main/.goreleaser.yaml )
- [Commits](https://github.com/anchore/syft/compare/v1.0.0...v1.0.1 )
---
updated-dependencies:
- dependency-name: github.com/anchore/syft
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-07 12:59:16 -05:00
dependabot[bot]
6bf4b17623
chore(deps): bump github.com/docker/docker ( #1744 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 25.0.3+incompatible to 25.0.4+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v25.0.3...v25.0.4 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-07 12:59:05 -05:00
dependabot[bot]
0c60849d49
chore(deps): bump anchore/sbom-action from 0.15.8 to 0.15.9 ( #1740 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.8 to 0.15.9.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](b6a39da807...9fece9e200
2024-03-06 14:26:39 -05:00
dependabot[bot]
296b0901cf
chore(deps): bump github.com/charmbracelet/lipgloss from 0.9.1 to 0.10.0 ( #1741 )
...
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss ) from 0.9.1 to 0.10.0.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases )
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.9.1...v0.10.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-06 14:26:30 -05:00
dependabot[bot]
8e7f5cf85a
chore(deps): bump actions/cache from 4.0.0 to 4.0.1 ( #1735 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](13aacd865c...ab5e6d0c87
2024-03-01 13:49:48 -05:00
dependabot[bot]
ec21e628c7
chore(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 ( #1736 )
...
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify ) from 1.8.4 to 1.9.0.
- [Release notes](https://github.com/stretchr/testify/releases )
- [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0 )
---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-01 13:08:49 -05:00
dependabot[bot]
484647fcdf
chore(deps): bump github.com/anchore/syft ( #1734 )
...
Bumps [github.com/anchore/syft](https://github.com/anchore/syft ) from 0.105.2-0.20240227214437-a978966cadfc to 1.0.0.
- [Release notes](https://github.com/anchore/syft/releases )
- [Changelog](https://github.com/anchore/syft/blob/main/.goreleaser.yaml )
- [Commits](https://github.com/anchore/syft/commits/v1.0.0 )
---
updated-dependencies:
- dependency-name: github.com/anchore/syft
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-29 10:40:45 -05:00
dependabot[bot]
c08686308e
chore(deps): bump peter-evans/create-pull-request from 6.0.0 to 6.0.1 ( #1733 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](b1ddad2c99...a4f52f8033
2024-02-29 10:16:57 -05:00
Keith Zantow
77e00feb42
chore: update syft source providers ( #1727 )
2024-02-27 20:47:51 -05:00
