Will Murphy
372e603c10
fix python version to work with new yardstick
...
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2024-08-29 12:41:31 -04:00
Will Murphy
832391cbe6
chore: switch to yardstick validate from custom gate.py
...
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2024-08-29 12:34:33 -04:00
anchore-actions-token-generator[bot]
7901a57c1e
chore(deps): update tools to latest versions ( #2082 )
2024-08-29 08:21:08 -04:00
Felix Bünemann
aacf153a17
docs(templates): escape description in junit.tmpl ( #2088 )
...
Signed-off-by: Felix Bünemann <Felix.Buenemann@gmail.com>
2024-08-29 08:20:37 -04:00
anchore-actions-token-generator[bot]
95430bbbff
chore(deps): update tools to latest versions ( #2080 )
2024-08-23 09:08:35 -04:00
dependabot[bot]
76cd5af489
chore(deps): bump github/codeql-action from 3.26.3 to 3.26.4 ( #2078 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.3 to 3.26.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](883d8588e5...f0f3afee80
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-22 13:50:28 -04:00
dependabot[bot]
29f5d2a03f
chore(deps): bump anchore/sbom-action from 0.17.1 to 0.17.2 ( #2079 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.1 to 0.17.2.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](ab9d16d4b4...61119d458a
)
---
updated-dependencies:
- dependency-name: anchore/sbom-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-22 13:50:18 -04:00
anchore-actions-token-generator[bot]
c4d0a877dc
chore(deps): update tools to latest versions ( #2072 )
2024-08-21 13:09:13 -04:00
dependabot[bot]
dd2bf2df55
chore(deps): bump github.com/charmbracelet/lipgloss ( #2073 )
2024-08-21 13:08:47 -04:00
Weston Steimel
b65822607e
chore: bump quality gate vuln match labels data ( #2069 )
...
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-08-20 14:00:25 -04:00
dependabot[bot]
205ccfb6c9
chore(deps): bump github/codeql-action from 3.26.2 to 3.26.3 ( #2070 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.2 to 3.26.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](429e197704...883d8588e5
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-20 13:29:17 -04:00
anchore-actions-token-generator[bot]
8dee469616
chore(deps): update Syft to v1.11.1 ( #2071 )
2024-08-20 13:26:32 -04:00
Keith Zantow
41cfd42de6
chore: add grype version to db network operations ( #2062 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-08-20 10:54:16 -04:00
Lucas Rodriguez
e7a3c011bc
fix: do not panic when given empty string arg ( #2064 )
...
Signed-off-by: Lucas Rodriguez <lucas.rodriguez9616@gmail.com>
2024-08-19 12:58:39 -04:00
dependabot[bot]
c1b9498671
chore(deps): bump github.com/charmbracelet/bubbletea ( #2067 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 0.26.6 to 0.27.0.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.26.6...v0.27.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-19 12:48:17 -04:00
Andrei Stefanie
589d86c35a
fix: correctly close the db file in v4/v5 stores ( #2066 )
...
Signed-off-by: Andrei Stefanie <andrei.stefanie@gmail.com>
2024-08-19 11:51:59 -04:00
Eiji Ito
7dfa436314
Add "Alpine Linux" to IDMapping; handle no CPEs error in findApkPackage. ( #2040 )
...
* Add "Alpine Linux" to IDMapping; handle no CPEs error in findApkPackage.
Signed-off-by: Eiji Ito <aeffy7@gmail.com>
* Remove unused errNoCPEs and update error handling in findApkPackage function.
Signed-off-by: Eiji Ito <aeffy7@gmail.com>
* test: prove test fails without fix
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
* fix: revert contributed fix
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---------
Signed-off-by: Eiji Ito <aeffy7@gmail.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Eiji Ito <aeffy7@gmail.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-08-16 19:13:06 +00:00
anchore-actions-token-generator[bot]
a758b01d17
chore(deps): update tools to latest versions ( #2055 )
...
* chore(deps): update tools to latest versions
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* chore: fix linter for non-const format
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---------
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-08-16 17:58:10 +00:00
dependabot[bot]
c5fb1a3f9d
chore(deps): bump github.com/docker/docker ( #2052 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 27.1.1+incompatible to 27.1.2+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v27.1.1...v27.1.2 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-16 13:47:48 -04:00
Shane Dell
d21c5490e0
fix: fail when grype cant check for db update ( #1247 )
...
Signed-off-by: Shane Dell <shanedell100@gmail.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
2024-08-15 14:39:24 -04:00
dependabot[bot]
b26f3e29ee
chore(deps): bump anchore/sbom-action from 0.17.0 to 0.17.1 ( #2053 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.0 to 0.17.1.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](d94f46e13c...ab9d16d4b4
)
---
updated-dependencies:
- dependency-name: anchore/sbom-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-15 13:40:26 -04:00
dependabot[bot]
db73c2c7d0
chore(deps): bump github.com/hashicorp/go-getter from 1.7.5 to 1.7.6 ( #2056 )
...
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter ) from 1.7.5 to 1.7.6.
- [Release notes](https://github.com/hashicorp/go-getter/releases )
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml )
- [Commits](https://github.com/hashicorp/go-getter/compare/v1.7.5...v1.7.6 )
---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-15 13:40:15 -04:00
dependabot[bot]
1fe0b74704
chore(deps): bump github/codeql-action from 3.26.0 to 3.26.2 ( #2060 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.0 to 3.26.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](eb055d739a...429e197704
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-15 13:39:14 -04:00
GGMU
e7ceffadc8
feat: add db search subcommand ( #2031 )
...
Signed-off-by: Tomer Seinfeld <tomersein@gmail.com>
2024-08-12 17:45:25 -04:00
Alex Goodman
89c4190914
do not fail when inflating DB records ( #2049 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-08-12 16:20:46 +00:00
Keith Zantow
b12a6f2dc9
chore: remove quality gate Makefile db age check ( #2036 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-08-12 11:59:53 -04:00
Alan Pope
4ec46b5e24
doc: Updates for the Slack to Discourse migration ( #2046 )
...
Signed-off-by: Alan Pope <alan@popey.com>
2024-08-12 11:49:43 +01:00
Keith Zantow
4dfd9d76d1
feat: update to Syft 1.11.0 ( #2047 )
2024-08-09 14:32:05 -04:00
William Murphy
f9b6365146
fix: higher default timeout for database download ( #2033 )
...
Depending on region and network conditions, 120s was not enough time for
many clients, leading to some complaints. Raise the default timeout to
five minutes.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2024-08-09 08:39:17 -04:00
dependabot[bot]
a0d1c959f6
chore(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0 ( #2045 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.5.0 to 3.6.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](59acb6260d...4959ce089c
)
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-08 15:03:26 -04:00
dependabot[bot]
ec491ee45c
chore(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 ( #2035 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.5 to 4.3.6.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](89ef406dd8...834a144ee9
)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-07 14:43:47 -04:00
anchore-actions-token-generator[bot]
8f18cdc380
chore(deps): update tools to latest versions ( #2038 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-08-07 14:27:33 -04:00
dependabot[bot]
d1eebcc41a
chore(deps): bump github.com/google/go-containerregistry ( #2043 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.20.1 to 0.20.2.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.20.1...v0.20.2 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-07 14:26:57 -04:00
dependabot[bot]
904e4b406c
chore(deps): bump github/codeql-action from 3.25.15 to 3.26.0 ( #2044 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.15 to 3.26.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](afb54ba388...eb055d739a
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-07 14:26:45 -04:00
anchore-actions-token-generator[bot]
8642eba1b0
test: update quality gate db to latest version ( #2034 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <12529630+willmurphyscode@users.noreply.github.com>
2024-08-06 07:48:26 -04:00
anchore-actions-token-generator[bot]
f72848dff1
chore(deps): update tools to latest versions ( #2027 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-08-02 13:25:29 -04:00
dependabot[bot]
1bc1dd4dd0
chore(deps): bump actions/upload-artifact from 4.3.4 to 4.3.5 ( #2028 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.4 to 4.3.5.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](0b2256b8c0...89ef406dd8
)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-02 13:20:18 -04:00
Keith Zantow
bada7d51d7
chore: add grype version to application update check headers ( #2021 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-08-01 14:16:00 -04:00
anchore-actions-token-generator[bot]
486f9f11b1
test: update quality gate db to latest version ( #2026 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-08-01 12:39:14 -04:00
Keith Zantow
86ba33d72e
chore: use the .tool/gh for release script ( #2022 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-07-31 20:10:58 -04:00
dependabot[bot]
0cf3939389
chore(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 ( #2016 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.3.3 to 2.4.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](dc50aa9510...62b2cac7ed
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-31 11:05:32 -04:00
anchore-actions-token-generator[bot]
406d196726
chore(deps): update Syft to v1.10.0 ( #2019 )
2024-07-30 13:18:54 -04:00
dependabot[bot]
133775cddf
chore(deps): bump github/codeql-action from 3.25.14 to 3.25.15 ( #2011 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.14 to 3.25.15.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](5cf07d8b70...afb54ba388
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-29 11:01:27 -04:00
dependabot[bot]
064c915738
chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.4 to 1.4.5 ( #2012 )
...
Bumps [github.com/gabriel-vasile/mimetype](https://github.com/gabriel-vasile/mimetype ) from 1.4.4 to 1.4.5.
- [Release notes](https://github.com/gabriel-vasile/mimetype/releases )
- [Commits](https://github.com/gabriel-vasile/mimetype/compare/v1.4.4...v1.4.5 )
---
updated-dependencies:
- dependency-name: github.com/gabriel-vasile/mimetype
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-29 11:01:18 -04:00
anchore-actions-token-generator[bot]
59b3eedff5
chore(deps): update tools to latest versions ( #2015 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-07-29 10:03:14 -04:00
dependabot[bot]
16a7e4d423
chore(deps): bump github/codeql-action from 3.25.13 to 3.25.14 ( #2010 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.13 to 3.25.14.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2d790406f5...5cf07d8b70
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-25 16:09:14 +00:00
Alex Goodman
1d38cea896
disable ui before run function on db status ( #2008 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-07-25 11:55:30 -04:00
dependabot[bot]
3af8d1e46e
chore(deps): bump github.com/docker/docker ( #2007 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 27.1.0+incompatible to 27.1.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v27.1.0...v27.1.1 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-24 16:08:59 -04:00
anchore-actions-token-generator[bot]
e07546ec86
chore(deps): update tools to latest versions ( #2003 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-07-23 10:17:04 -04:00
dependabot[bot]
1f0bcc0d96
chore(deps): bump github.com/docker/docker ( #2000 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 27.0.3+incompatible to 27.1.0+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v27.0.3...v27.1.0 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-22 08:43:47 -07:00