Christopher Angelo Phillips
272b312569
Merge branch 'main' into dependabot/go_modules/github.com/docker/docker-27.2.1incompatible
...
Signed-off-by: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com>
2024-09-10 11:24:10 -04:00
dependabot[bot]
8b30e0d9b6
chore(deps): bump github.com/dave/jennifer from 1.7.0 to 1.7.1 ( #2105 )
...
Bumps [github.com/dave/jennifer](https://github.com/dave/jennifer ) from 1.7.0 to 1.7.1.
- [Commits](https://github.com/dave/jennifer/compare/v1.7.0...v1.7.1 )
---
updated-dependencies:
- dependency-name: github.com/dave/jennifer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-10 11:23:37 -04:00
dependabot[bot]
8268cbba94
chore(deps): bump github.com/docker/docker
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 27.2.0+incompatible to 27.2.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v27.2.0...v27.2.1 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-09-09 15:16:53 +00:00
dependabot[bot]
6064cfd19b
chore(deps): bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 ( #2098 )
...
Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc ) from 1.1.13 to 1.1.14.
- [Release notes](https://github.com/opencontainers/runc/releases )
- [Changelog](https://github.com/opencontainers/runc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/opencontainers/runc/compare/v1.1.13...v1.1.14 )
---
updated-dependencies:
- dependency-name: github.com/opencontainers/runc
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-05 13:32:17 -04:00
dependabot[bot]
b0da488d52
chore(deps): bump peter-evans/create-pull-request from 7.0.0 to 7.0.1 ( #2099 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.0 to 7.0.1.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](4320041ed3...8867c4aba1
2024-09-05 13:32:06 -04:00
dependabot[bot]
fbdab6e1ec
chore(deps): bump github.com/anchore/stereoscope ( #2074 )
...
Bumps [github.com/anchore/stereoscope](https://github.com/anchore/stereoscope ) from 0.0.3-0.20240725180315-50ce3be7aa1f to 0.0.3.
- [Release notes](https://github.com/anchore/stereoscope/releases )
- [Changelog](https://github.com/anchore/stereoscope/blob/main/.goreleaser.yaml )
- [Commits](https://github.com/anchore/stereoscope/commits/v0.0.3 )
---
updated-dependencies:
- dependency-name: github.com/anchore/stereoscope
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-03 12:25:14 -04:00
dependabot[bot]
b8dc27ccac
chore(deps): bump github.com/docker/docker ( #2086 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 27.1.2+incompatible to 27.2.0+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v27.1.2...v27.2.0 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-03 12:25:07 -04:00
dependabot[bot]
fe4df49d11
chore(deps): bump github/codeql-action from 3.26.4 to 3.26.6 ( #2089 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.4 to 3.26.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f0f3afee80...4dd16135b6
2024-09-03 12:24:49 -04:00
Christopher Angelo Phillips
b1a0e8ccf2
chore(sec): update Golang and runc to latest releases ( #2091 )
...
* chore(deps): update tools to latest versions (#2082 )
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
* chore: update go version and runc version
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: anchore-actions-token-generator[bot] <102182147+anchore-actions-token-generator[bot]@users.noreply.github.com>
2024-09-03 12:24:39 -04:00
dependabot[bot]
a80ce02a69
chore(deps): bump github.com/charmbracelet/bubbletea ( #2092 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 0.27.0 to 1.1.0.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/main/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.27.0...v1.1.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-03 12:24:13 -04:00
dependabot[bot]
1f852d43e7
chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.3 to 3.3.0 ( #2093 )
...
Bumps [github.com/Masterminds/sprig/v3](https://github.com/Masterminds/sprig ) from 3.2.3 to 3.3.0.
- [Release notes](https://github.com/Masterminds/sprig/releases )
- [Changelog](https://github.com/Masterminds/sprig/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Masterminds/sprig/compare/v3.2.3...v3.3.0 )
---
updated-dependencies:
- dependency-name: github.com/Masterminds/sprig/v3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-03 12:24:06 -04:00
anchore-actions-token-generator[bot]
f9d8ac16ad
test: update quality gate db to latest version ( #2094 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-09-03 12:23:56 -04:00
dependabot[bot]
e76eaec1d1
chore(deps): bump actions/upload-artifact from 4.3.6 to 4.4.0 ( #2096 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.6 to 4.4.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](834a144ee9...50769540e7
2024-09-03 12:23:34 -04:00
dependabot[bot]
3468694c8f
chore(deps): bump peter-evans/create-pull-request from 6.1.0 to 7.0.0 ( #2097 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 6.1.0 to 7.0.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](c5a7806660...4320041ed3
2024-09-03 12:23:26 -04:00
anchore-actions-token-generator[bot]
7901a57c1e
chore(deps): update tools to latest versions ( #2082 )
2024-08-29 08:21:08 -04:00
Felix Bünemann
aacf153a17
docs(templates): escape description in junit.tmpl ( #2088 )
...
Signed-off-by: Felix Bünemann <Felix.Buenemann@gmail.com>
2024-08-29 08:20:37 -04:00
anchore-actions-token-generator[bot]
95430bbbff
chore(deps): update tools to latest versions ( #2080 )
2024-08-23 09:08:35 -04:00
dependabot[bot]
76cd5af489
chore(deps): bump github/codeql-action from 3.26.3 to 3.26.4 ( #2078 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.3 to 3.26.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](883d8588e5...f0f3afee80
2024-08-22 13:50:28 -04:00
dependabot[bot]
29f5d2a03f
chore(deps): bump anchore/sbom-action from 0.17.1 to 0.17.2 ( #2079 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.1 to 0.17.2.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](ab9d16d4b4...61119d458a
2024-08-22 13:50:18 -04:00
anchore-actions-token-generator[bot]
c4d0a877dc
chore(deps): update tools to latest versions ( #2072 )
2024-08-21 13:09:13 -04:00
dependabot[bot]
dd2bf2df55
chore(deps): bump github.com/charmbracelet/lipgloss ( #2073 )
2024-08-21 13:08:47 -04:00
Weston Steimel
b65822607e
chore: bump quality gate vuln match labels data ( #2069 )
...
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-08-20 14:00:25 -04:00
dependabot[bot]
205ccfb6c9
chore(deps): bump github/codeql-action from 3.26.2 to 3.26.3 ( #2070 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.2 to 3.26.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](429e197704...883d8588e5
2024-08-20 13:29:17 -04:00
anchore-actions-token-generator[bot]
8dee469616
chore(deps): update Syft to v1.11.1 ( #2071 )
2024-08-20 13:26:32 -04:00
Keith Zantow
41cfd42de6
chore: add grype version to db network operations ( #2062 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-08-20 10:54:16 -04:00
Lucas Rodriguez
e7a3c011bc
fix: do not panic when given empty string arg ( #2064 )
...
Signed-off-by: Lucas Rodriguez <lucas.rodriguez9616@gmail.com>
2024-08-19 12:58:39 -04:00
dependabot[bot]
c1b9498671
chore(deps): bump github.com/charmbracelet/bubbletea ( #2067 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 0.26.6 to 0.27.0.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.26.6...v0.27.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-19 12:48:17 -04:00
Andrei Stefanie
589d86c35a
fix: correctly close the db file in v4/v5 stores ( #2066 )
...
Signed-off-by: Andrei Stefanie <andrei.stefanie@gmail.com>
2024-08-19 11:51:59 -04:00
Eiji Ito
7dfa436314
Add "Alpine Linux" to IDMapping; handle no CPEs error in findApkPackage. ( #2040 )
...
* Add "Alpine Linux" to IDMapping; handle no CPEs error in findApkPackage.
Signed-off-by: Eiji Ito <aeffy7@gmail.com>
* Remove unused errNoCPEs and update error handling in findApkPackage function.
Signed-off-by: Eiji Ito <aeffy7@gmail.com>
* test: prove test fails without fix
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
* fix: revert contributed fix
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---------
Signed-off-by: Eiji Ito <aeffy7@gmail.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Eiji Ito <aeffy7@gmail.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-08-16 19:13:06 +00:00
anchore-actions-token-generator[bot]
a758b01d17
chore(deps): update tools to latest versions ( #2055 )
...
* chore(deps): update tools to latest versions
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* chore: fix linter for non-const format
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---------
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-08-16 17:58:10 +00:00
dependabot[bot]
c5fb1a3f9d
chore(deps): bump github.com/docker/docker ( #2052 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 27.1.1+incompatible to 27.1.2+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v27.1.1...v27.1.2 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-16 13:47:48 -04:00
Shane Dell
d21c5490e0
fix: fail when grype cant check for db update ( #1247 )
...
Signed-off-by: Shane Dell <shanedell100@gmail.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
2024-08-15 14:39:24 -04:00
dependabot[bot]
b26f3e29ee
chore(deps): bump anchore/sbom-action from 0.17.0 to 0.17.1 ( #2053 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.0 to 0.17.1.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](d94f46e13c...ab9d16d4b4
2024-08-15 13:40:26 -04:00
dependabot[bot]
db73c2c7d0
chore(deps): bump github.com/hashicorp/go-getter from 1.7.5 to 1.7.6 ( #2056 )
...
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter ) from 1.7.5 to 1.7.6.
- [Release notes](https://github.com/hashicorp/go-getter/releases )
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml )
- [Commits](https://github.com/hashicorp/go-getter/compare/v1.7.5...v1.7.6 )
---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-15 13:40:15 -04:00
dependabot[bot]
1fe0b74704
chore(deps): bump github/codeql-action from 3.26.0 to 3.26.2 ( #2060 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.0 to 3.26.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](eb055d739a...429e197704
2024-08-15 13:39:14 -04:00
GGMU
e7ceffadc8
feat: add db search subcommand ( #2031 )
...
Signed-off-by: Tomer Seinfeld <tomersein@gmail.com>
2024-08-12 17:45:25 -04:00
Alex Goodman
89c4190914
do not fail when inflating DB records ( #2049 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-08-12 16:20:46 +00:00
Keith Zantow
b12a6f2dc9
chore: remove quality gate Makefile db age check ( #2036 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-08-12 11:59:53 -04:00
Alan Pope
4ec46b5e24
doc: Updates for the Slack to Discourse migration ( #2046 )
...
Signed-off-by: Alan Pope <alan@popey.com>
2024-08-12 11:49:43 +01:00
Keith Zantow
4dfd9d76d1
feat: update to Syft 1.11.0 ( #2047 )
2024-08-09 14:32:05 -04:00
William Murphy
f9b6365146
fix: higher default timeout for database download ( #2033 )
...
Depending on region and network conditions, 120s was not enough time for
many clients, leading to some complaints. Raise the default timeout to
five minutes.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2024-08-09 08:39:17 -04:00
dependabot[bot]
a0d1c959f6
chore(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0 ( #2045 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.5.0 to 3.6.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](59acb6260d...4959ce089c
2024-08-08 15:03:26 -04:00
dependabot[bot]
ec491ee45c
chore(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 ( #2035 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.5 to 4.3.6.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](89ef406dd8...834a144ee9
2024-08-07 14:43:47 -04:00
anchore-actions-token-generator[bot]
8f18cdc380
chore(deps): update tools to latest versions ( #2038 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-08-07 14:27:33 -04:00
dependabot[bot]
d1eebcc41a
chore(deps): bump github.com/google/go-containerregistry ( #2043 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.20.1 to 0.20.2.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.20.1...v0.20.2 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-07 14:26:57 -04:00
dependabot[bot]
904e4b406c
chore(deps): bump github/codeql-action from 3.25.15 to 3.26.0 ( #2044 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.15 to 3.26.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](afb54ba388...eb055d739a
2024-08-07 14:26:45 -04:00
anchore-actions-token-generator[bot]
8642eba1b0
test: update quality gate db to latest version ( #2034 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <12529630+willmurphyscode@users.noreply.github.com>
2024-08-06 07:48:26 -04:00
anchore-actions-token-generator[bot]
f72848dff1
chore(deps): update tools to latest versions ( #2027 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-08-02 13:25:29 -04:00
dependabot[bot]
1bc1dd4dd0
chore(deps): bump actions/upload-artifact from 4.3.4 to 4.3.5 ( #2028 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.4 to 4.3.5.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](0b2256b8c0...89ef406dd8
2024-08-02 13:20:18 -04:00
Keith Zantow
bada7d51d7
chore: add grype version to application update check headers ( #2021 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-08-01 14:16:00 -04:00
