dependabot[bot]
d37674ee17
chore(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 ( #1820 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.2 to 4.3.3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](1746f4ab65...65462800fd
2024-04-24 15:23:41 -04:00
dependabot[bot]
31352f6103
chore(deps): bump actions/checkout from 4.1.2 to 4.1.3 ( #1818 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.2 to 4.1.3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](9bb56186c3...1d96c772d1
2024-04-19 15:07:24 -04:00
dependabot[bot]
28df30c0ed
chore(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 ( #1814 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.1 to 4.3.2.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](5d5d22a312...1746f4ab65
2024-04-18 12:38:59 -04:00
dependabot[bot]
237cd0cf8c
chore(deps): bump peter-evans/create-pull-request from 6.0.3 to 6.0.4 ( #1808 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 6.0.3 to 6.0.4.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](c55203cfde...9153d834b6
2024-04-17 12:58:36 -04:00
dependabot[bot]
a093c951d5
chore(deps): bump peter-evans/create-pull-request from 6.0.2 to 6.0.3 ( #1802 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](70a41aba78...c55203cfde
2024-04-12 15:24:35 -04:00
dependabot[bot]
3c23dea01f
chore(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 ( #1801 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](e1523de757...59acb6260d
2024-04-11 13:31:58 -04:00
Hung Nguyen
8c1f4ceff3
update release token from readonly to write token ( #1768 )
...
Signed-off-by: Hung Nguyen <hung.tran.nguyen.585@gmail.com>
2024-03-26 11:59:48 -04:00
dependabot[bot]
0178ae522c
chore(deps): bump anchore/sbom-action from 0.15.9 to 0.15.10 ( #1771 )
2024-03-26 15:44:41 +00:00
dependabot[bot]
8afe1ccf65
chore(deps): bump fountainhead/action-wait-for-check from 1.1.0 to 1.2.0 ( #1753 )
...
Bumps [fountainhead/action-wait-for-check](https://github.com/fountainhead/action-wait-for-check ) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/fountainhead/action-wait-for-check/releases )
- [Commits](297be350cf...5a908a2481
2024-03-21 13:22:19 -04:00
dependabot[bot]
4147d91beb
chore(deps): bump actions/cache from 4.0.1 to 4.0.2 ( #1761 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.0.1 to 4.0.2.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](ab5e6d0c87...0c45773b62
2024-03-21 13:21:46 -04:00
Hung Nguyen
fd7b4e4dff
updating credentials to scoped permissions ( #1755 )
...
* updating credentials to scoped permissions
Signed-off-by: Hung Nguyen <hung.tran.nguyen.585@gmail.com>
---------
Signed-off-by: Hung Nguyen <hung.tran.nguyen.585@gmail.com>
2024-03-20 17:36:09 -04:00
dependabot[bot]
d420134bc1
chore(deps): bump docker/login-action from 3.0.0 to 3.1.0 ( #1748 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](343f7c4344...e92390c5fb
2024-03-13 13:15:41 -04:00
dependabot[bot]
ab73f1b970
chore(deps): bump peter-evans/create-pull-request from 6.0.1 to 6.0.2 ( #1746 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](a4f52f8033...70a41aba78
2024-03-12 13:17:33 -04:00
dependabot[bot]
e84e07fc07
chore(deps): bump actions/checkout from 4.1.1 to 4.1.2 ( #1747 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.1 to 4.1.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](b4ffde65f4...9bb56186c3
2024-03-12 13:17:04 -04:00
dependabot[bot]
0c60849d49
chore(deps): bump anchore/sbom-action from 0.15.8 to 0.15.9 ( #1740 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.8 to 0.15.9.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](b6a39da807...9fece9e200
2024-03-06 14:26:39 -05:00
dependabot[bot]
8e7f5cf85a
chore(deps): bump actions/cache from 4.0.0 to 4.0.1 ( #1735 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](13aacd865c...ab5e6d0c87
2024-03-01 13:49:48 -05:00
dependabot[bot]
c08686308e
chore(deps): bump peter-evans/create-pull-request from 6.0.0 to 6.0.1 ( #1733 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](b1ddad2c99...a4f52f8033
2024-02-29 10:16:57 -05:00
dependabot[bot]
79e2310f6d
chore(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 ( #1699 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.0 to 4.3.1.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](26f96dfa69...5d5d22a312
2024-02-06 10:44:11 -05:00
dependabot[bot]
e10a67fc4a
chore(deps): bump peter-evans/create-pull-request from 5.0.2 to 6.0.0 ( #1687 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 5.0.2 to 6.0.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](153407881e...b1ddad2c99
2024-02-01 11:59:43 -05:00
dependabot[bot]
fcd63cddc2
chore(deps): bump anchore/sbom-action from 0.15.6 to 0.15.8 ( #1690 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.6 to 0.15.8.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](c6aed38a43...b6a39da807
2024-02-01 11:59:29 -05:00
dependabot[bot]
c746e471b3
chore(deps): bump sigstore/cosign-installer from 3.3.0 to 3.4.0 ( #1691 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.3.0 to 3.4.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](9614fae9e5...e1523de757
2024-02-01 11:59:16 -05:00
dependabot[bot]
b44c28f7b9
chore(deps): bump anchore/sbom-action from 0.15.5 to 0.15.6 ( #1684 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.5 to 0.15.6.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](24b0d52385...c6aed38a43
2024-01-29 15:32:53 -05:00
Alex Goodman
fdf9842eea
ensure releases only use released versions of syft ( #1680 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-26 12:15:39 -05:00
dependabot[bot]
5174d10f93
chore(deps): bump 8398a7/action-slack from 3.15.1 to 3.16.2 ( #1682 )
...
Bumps [8398a7/action-slack](https://github.com/8398a7/action-slack ) from 3.15.1 to 3.16.2.
- [Release notes](https://github.com/8398a7/action-slack/releases )
- [Commits](fbd6aa58ba...28ba43ae48
2024-01-26 10:40:04 -05:00
dependabot[bot]
b3d6f58184
chore(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0 ( #1676 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](694cdabd8b...26f96dfa69
2024-01-24 13:09:16 -05:00
dependabot[bot]
5e1ba46fb8
chore(deps): bump anchore/sbom-action from 0.15.4 to 0.15.5 ( #1671 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.4 to 0.15.5.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](41f7a6c033...24b0d52385
2024-01-22 10:54:45 -05:00
dependabot[bot]
8bc6ca8a1f
chore(deps): bump anchore/sbom-action from 0.15.3 to 0.15.4 ( #1666 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.3 to 0.15.4.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](c7f031d924...41f7a6c033
2024-01-19 15:46:07 -05:00
dependabot[bot]
5436f55aac
chore(deps): bump actions/upload-artifact from 4.1.0 to 4.2.0 ( #1668 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.1.0 to 4.2.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](1eb3cb2b3e...694cdabd8b
2024-01-19 15:45:48 -05:00
William Murphy
cd1c2ac66e
chore: enable automatic approval of dependabot PRs ( #1664 )
...
To reduce toil in this repo, enable dependabot PRs to be automatically
approved, but not merged. They are not automatically merged because if
the default GitHub token is used to automatically merge a PR, the
resulting commit will not trigger workflows on main. Rather than
generate a more potent token, just automatically review them, which
reduces toil by eliminating several clicks and page loads for
maintainers who are trying to merge dependabot PRs.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2024-01-18 08:35:37 -05:00
dependabot[bot]
4c4dfd59f5
chore(deps): bump actions/cache from 3.3.3 to 4.0.0 ( #1661 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.3.3 to 4.0.0.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](e12d46a63a...13aacd865c
2024-01-17 11:40:51 -05:00
dependabot[bot]
a9f72385f6
chore(deps): bump actions/cache from 3.3.2 to 3.3.3 ( #1656 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.3.2 to 3.3.3.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](704facf57e...e12d46a63a
2024-01-16 09:03:57 -05:00
dependabot[bot]
e296f5fe54
chore(deps): bump actions/upload-artifact from 4.0.0 to 4.1.0 ( #1659 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](c7d193f32e...1eb3cb2b3e
2024-01-16 09:02:36 -05:00
dependabot[bot]
d8c89e8515
chore(deps): bump anchore/sbom-action from 0.15.2 to 0.15.3 ( #1650 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.2 to 0.15.3.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](719133684c...c7f031d924
2024-01-08 11:03:58 -05:00
dependabot[bot]
33b15735a7
chore(deps): bump anchore/sbom-action from 0.15.1 to 0.15.2 ( #1647 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.1 to 0.15.2.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](5ecf649a41...719133684c
2024-01-03 05:06:05 -05:00
dependabot[bot]
a88a00a515
chore(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0 ( #1638 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.3 to 4.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](a8a3f3ad30...c7d193f32e
2023-12-18 06:57:52 -05:00
dependabot[bot]
556c8c0dc2
chore(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 ( #1632 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](1fc5bd396d...9614fae9e5
2023-12-15 10:29:02 -05:00
dependabot[bot]
a820759495
chore(deps): bump actions/setup-go from 4.1.0 to 5.0.0 ( #1630 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4.1.0 to 5.0.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](93397bea11...0c52d547c9
2023-12-11 06:40:01 -05:00
dependabot[bot]
c6719ccd02
chore(deps): bump anchore/sbom-action from 0.15.0 to 0.15.1 ( #1626 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.0 to 0.15.1.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](fd74a6fb98...5ecf649a41
2023-12-05 09:49:09 -05:00
Christopher Angelo Phillips
11b9e9616c
chore: pin action to correct sha ( #1598 )
...
* chore: pin action to correct sha
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* chore: add version for dependabot
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-12-01 10:43:56 -05:00
dependabot[bot]
e4242b9246
chore(deps): bump anchore/sbom-action from 0.14.3 to 0.15.0 ( #1611 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.14.3 to 0.15.0.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](78fc58e266...fd74a6fb98
2023-11-21 13:47:08 -05:00
dependabot[bot]
5d8cfd56c7
chore(deps): bump sigstore/cosign-installer from 3.1.2 to 3.2.0 ( #1590 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.1.2 to 3.2.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](11086d2504...1fc5bd396d
2023-11-08 06:18:38 +00:00
Christopher Angelo Phillips
b90c881ab4
chore: bootstrap action cleanup ( #1587 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-11-06 21:55:37 -05:00
Christopher Angelo Phillips
401d67cd96
feat: add custom maven comparator ( #1571 )
...
This PR takes the recommendation from #1526 and adapts the go-mvn-version to be used as a custom comparator for matching against packages that have the JavaPkg type. Packages of type JavaPkg will no longer use the stock matcher.
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-27 14:24:56 -04:00
William Murphy
1ab051bac9
chore: fix path to quality tests ( #1578 )
...
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-10-27 11:23:19 -04:00
Alex Goodman
a276bf120b
capture quality gate state on failures ( #1576 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-26 14:31:30 -04:00
dependabot[bot]
dd823d19f6
chore(deps): bump ossf/scorecard-action from 2.3.0 to 2.3.1 ( #1570 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](483ef80eb9...0864cf1902
2023-10-24 11:50:13 -04:00
dependabot[bot]
4c3ff476fa
chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 ( #1564 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8ade135a41...b4ffde65f4
2023-10-18 13:50:51 -04:00
Shubham Hibare
e0e8b355f0
Add checksum signing ( #1535 )
...
* Add checksum signing
Signed-off-by: Shubham Hibare <shubham@hibare.in>
* Add artifact signature verification steps
Signed-off-by: Shubham Hibare <shubham@hibare.in>
---------
Signed-off-by: Shubham Hibare <shubham@hibare.in>
2023-10-12 15:38:30 -04:00
Weston Steimel
25762b7e3b
feat: disable CPE-based matching for GHSA ecosystems by default ( #1412 )
...
* feat: disable CPE-based matching for GHSA ecosystems by default
Disables CPE-based matching for ecosystems which are covered by GitHub
Security Advisories. Also adds a separate rust matcher and related
configuration to allow configuring CPE-based matching off for it while
still leaving it on for the stock matcher.
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* chore: use --by-cve with quality gate comparison
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* chore: add rust auditable binary match integration test
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
---------
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2023-10-12 09:07:33 -04:00
dependabot[bot]
88906fb60c
chore(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.0 ( #1544 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](08b4669551...483ef80eb9
2023-10-09 13:05:06 -04:00
dependabot[bot]
cc522decdb
chore(deps): bump actions/checkout from 4.0.0 to 4.1.0 ( #1519 )
...
* chore(deps): bump actions/checkout from 4.0.0 to 4.1.0
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](3df4ab11eb...8ade135a41
2023-09-26 13:16:42 -04:00
dependabot[bot]
da3de94842
chore(deps): bump tibdex/github-app-token from 2.0.0 to 2.1.0 ( #1506 )
...
Bumps [tibdex/github-app-token](https://github.com/tibdex/github-app-token ) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/tibdex/github-app-token/releases )
- [Commits](0914d50df7...3beb63f4bd
2023-09-20 16:39:49 -04:00
Alex Goodman
18241e8986
Upgrade syft to v0.91.0 ( #1508 )
...
* bump syft to main
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* upgdate cyclonedx presenter fixtures (bump from cdx 1.4 to 1.5)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update cyclonedx schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* allow for pkg type exceptions for github actions and workflows
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update cyclonedx json schema from v1.4 to v1.5
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bump to syft v0.91.0
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* upgrade go-setup action to v4
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove asset upload from release workflow
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-09-20 16:39:23 -04:00
Alex Goodman
970fbd9166
Update chronicle to v0.8.0 ( #1507 )
...
* use annotated tags, update chronicle, fix cache keys
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* dont show the title in the release notes
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-09-20 16:06:08 -04:00
dependabot[bot]
b81340c7c6
chore(deps): bump actions/cache from 3.2.6 to 3.3.2 ( #1499 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.2.6 to 3.3.2.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](https://github.com/actions/cache/compare/v3.2.6...704facf57e6136b1bc63b828d79edcd491f0ee84 )
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-18 13:00:43 -04:00
Christopher Angelo Phillips
7a1f4a0891
chore: pin cache versions ( #1495 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-15 16:07:17 -04:00
dependabot[bot]
655c65facb
chore(deps): bump actions/checkout from 3 to 4 ( #1475 )
...
* chore(deps): bump actions/checkout from 3 to 4
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3...3df4ab11eba7bda6032a0b82a6bb43b11571feac )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore: update tag comments and standardize comments to # vx.x.x
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-15 15:25:20 -04:00
Christopher Angelo Phillips
9c0140d6b1
chore: pin actions; pin images; add top level action permissions ( #1493 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-15 14:29:37 -04:00
dependabot[bot]
6ee9054c88
chore(deps): bump docker/login-action from 2 to 3 ( #1488 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 2 to 3.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](https://github.com/docker/login-action/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: docker/login-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-12 14:04:24 -04:00
dependabot[bot]
8b34b585ca
chore(deps): bump tibdex/github-app-token from 1.8.2 to 2.0.0 ( #1485 )
...
Bumps [tibdex/github-app-token](https://github.com/tibdex/github-app-token ) from 1.8.2 to 2.0.0.
- [Release notes](https://github.com/tibdex/github-app-token/releases )
- [Commits](0d49dd7211...0914d50df7
2023-09-11 15:23:55 -04:00
Christopher Angelo Phillips
719feb0b44
chore: update grype to use Go v1.21 ( #1480 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-07 14:55:38 -04:00
dependabot[bot]
a04dfaac23
chore(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 ( #1481 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.2 to 3.1.3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](0b7f8abb15...a8a3f3ad30
2023-09-07 11:51:25 -04:00
dependabot[bot]
7b3605db24
chore(deps): bump tibdex/github-app-token from 1.8.0 to 1.8.2 ( #1474 )
...
Bumps [tibdex/github-app-token](https://github.com/tibdex/github-app-token ) from 1.8.0 to 1.8.2.
- [Release notes](https://github.com/tibdex/github-app-token/releases )
- [Commits](b62528385c...0d49dd7211
2023-09-07 10:20:24 -04:00
Keith Zantow
a2e41a5c58
chore: update quill version ( #1465 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-08-25 17:03:25 -04:00
dependabot[bot]
fff434156c
chore(deps): bump actions/setup-go from 4.0.1 to 4.1.0 ( #1421 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4.0.1 to 4.1.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](fac708d667...93397bea11
2023-08-08 13:29:12 -04:00
Weston Steimel
74a7a67b73
chore: use syft v0.86.1 in the quality gate tests ( #1418 )
...
* chore: use syft v0.86.1 in the quality gate tests
This ensures the CPE dict enhancements are taken into account for
future quality gate comparisons
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* fix: bump runner to use larger disk
Signed-off-by: Christopher Phillips <cphillips918@gmail.com>
---------
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Signed-off-by: Christopher Phillips <cphillips918@gmail.com>
Co-authored-by: Christopher Phillips <cphillips918@gmail.com>
2023-08-04 16:48:21 -04:00
Alex Goodman
11301356cf
add oss community board auto-add workflow ( #1364 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-06-27 15:57:08 -04:00
dependabot[bot]
5c5fb0e665
chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 ( #1363 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.1.3 to 2.2.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](80e868c13c...08b4669551
2023-06-26 13:59:12 -04:00
dependabot[bot]
41d3d134d2
chore(deps): bump anchore/sbom-action from 0.14.2 to 0.14.3 ( #1357 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.14.2 to 0.14.3.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](4d571ad103...78fc58e266
2023-06-22 12:04:09 -04:00
dependabot[bot]
4e31789324
chore(deps): bump peter-evans/create-pull-request from 5.0.1 to 5.0.2 ( #1351 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 5.0.1 to 5.0.2.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](284f54f989...153407881e
2023-06-14 15:58:43 -04:00
dependabot[bot]
7be9da43e1
chore(deps): bump github/codeql-action from 2.3.6 to 2.13.4 ( #1344 )
2023-06-13 13:40:02 +00:00
dependabot[bot]
dc9bc1ee04
chore(deps): bump github/codeql-action from 2.3.5 to 2.3.6 ( #1331 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.5 to 2.3.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0225834cc5...83f0fe6c49
2023-06-01 15:41:37 -04:00
dependabot[bot]
ac67a27a87
chore(deps): bump github/codeql-action from 2.3.3 to 2.3.5 ( #1321 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.3 to 2.3.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](29b1f65c5e...0225834cc5
2023-05-26 12:35:45 -04:00
dependabot[bot]
745dca977c
chore(deps): bump actions/setup-go from 4.0.0 to 4.0.1 ( #1298 )
2023-05-17 13:24:06 +00:00
dependabot[bot]
fce29858cb
chore(deps): bump anchore/sbom-action from 0.14.1 to 0.14.2 ( #1281 )
2023-05-08 17:07:35 +00:00
dependabot[bot]
8d47fedd54
chore(deps): bump github/codeql-action from 2.3.2 to 2.3.3 ( #1272 )
2023-05-05 18:55:27 +00:00
dependabot[bot]
7861b63981
chore(deps): bump github/codeql-action from 2.3.1 to 2.3.2 ( #1261 )
2023-05-02 20:34:05 +00:00
dependabot[bot]
2e835eaebf
chore(deps): bump peter-evans/create-pull-request from 5.0.0 to 5.0.1 ( #1263 )
2023-05-02 20:33:51 +00:00
dependabot[bot]
aa52d673d0
chore(deps): bump github/codeql-action from 2.3.0 to 2.3.1 ( #1258 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b2c19fb9a2...8662eabe0e
2023-04-27 12:43:05 -04:00
dependabot[bot]
ae2fe4f063
chore(deps): bump github/codeql-action from 2.2.12 to 2.3.0 ( #1256 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.12 to 2.3.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](7df0ce3489...b2c19fb9a2
2023-04-24 14:49:01 -04:00
dependabot[bot]
45d03b6df0
chore(deps): bump github/codeql-action from 2.2.11 to 2.2.12 ( #1233 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.11 to 2.2.12.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](d186a2a36c...7df0ce3489
2023-04-17 11:42:08 -04:00
dependabot[bot]
5f7b4f2416
chore(deps): bump 8398a7/action-slack from 3.15.0 to 3.15.1 ( #1223 )
...
Bumps [8398a7/action-slack](https://github.com/8398a7/action-slack ) from 3.15.0 to 3.15.1.
- [Release notes](https://github.com/8398a7/action-slack/releases )
- [Commits](bdc6f9de22...fbd6aa58ba
2023-04-12 10:55:31 -04:00
dependabot[bot]
4b773c583e
chore(deps): bump github/codeql-action from 2.2.9 to 2.2.11 ( #1225 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.9 to 2.2.11.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](04df1262e6...d186a2a36c
2023-04-12 10:54:35 -04:00
dependabot[bot]
01cbc98198
chore(deps): bump peter-evans/create-pull-request from 4.2.4 to 5.0.0 ( #1219 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 4.2.4 to 5.0.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](38e0b6e68b...5b4a9f6a9e
2023-04-05 19:07:58 -04:00
dependabot[bot]
537c47735c
chore(deps): bump anchore/sbom-action from 0.13.4 to 0.14.1 ( #1214 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.13.4 to 0.14.1.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](448520c4f1...422cb34a0f
2023-04-03 14:35:56 -04:00
Keith Zantow
b9e40306d2
chore: update syft update ( #1211 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-04-03 10:28:53 -04:00
Keith Zantow
f40b5d43ab
chore: update deprecated set-output calls ( #1210 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-04-03 09:36:18 -04:00
dependabot[bot]
e5cb58f597
chore(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3 ( #1205 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.1.2 to 2.1.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](e38b1902ae...80e868c13c
2023-03-31 09:39:00 -04:00
dependabot[bot]
fe76eb9efc
chore(deps): bump github/codeql-action from 2.2.8 to 2.2.9 ( #1197 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.8 to 2.2.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](67a35a0858...04df1262e6
2023-03-27 12:51:20 -04:00
dependabot[bot]
4ac94147a4
chore(deps): bump github/codeql-action from 2.2.7 to 2.2.8 ( #1193 )
2023-03-24 07:49:13 -04:00
Keith Zantow
c1bc54f943
chore: tweak some workflow text ( #1190 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-03-21 11:09:10 -04:00
dependabot[bot]
568b504a7e
chore(deps): bump peter-evans/create-pull-request from 4.2.3 to 4.2.4 ( #1184 )
2023-03-21 09:51:27 -04:00
dependabot[bot]
e8fa509e72
chore(deps): bump anchore/sbom-action from 0.13.3 to 0.13.4 ( #1189 )
2023-03-21 09:50:56 -04:00
dependabot[bot]
96cbcad484
chore(deps): bump actions/setup-go from 3.5.0 to 4.0.0 ( #1182 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.5.0 to 4.0.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](6edd4406fa...4d34df0c23
2023-03-15 17:19:41 -04:00
dependabot[bot]
0cc8b9e4f6
chore(deps): bump github/codeql-action from 2.2.5 to 2.2.7 ( #1183 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.5 to 2.2.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](32dc499307...168b99b3c2
2023-03-15 17:19:12 -04:00
Christopher Angelo Phillips
5754360376
Grype Release Pipeline Update ( #1147 )
...
- Remove old apple signing flow in favor of [quill](https://github.com/anchore/quill )
- Update changelog generation to be in sync with syft's flow
- Remove old goreleaser docker workflow in favor of single file
- Remove individual bootstrap options in favor of single bootstrap action
- Update release and validation workflows to use trigger based approach seen in syft
- Update golangci.yaml to be equivalent to syft patterns
- Remove unused Dockerfile.dev
- Remove docker-compose development cycle
- Add organized test-fixture Makefile targets
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-03-03 21:17:44 +00:00
dependabot[bot]
3e04d32706
chore(deps): bump github/codeql-action from 2.2.4 to 2.2.5 ( #1145 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.4 to 2.2.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](17573ee1cc...32dc499307
2023-02-27 12:24:47 -05:00
dependabot[bot]
4d36e3706e
chore(deps): bump actions/cache from 3.2.5 to 3.2.6 ( #1143 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.2.5 to 3.2.6.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](6998d139dd...69d9d449ac
2023-02-24 15:10:19 -05:00
dependabot[bot]
39b9138327
chore(deps): bump github/codeql-action from 2.2.3 to 2.2.4 ( #1131 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.3 to 2.2.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8775e86802...17573ee1cc
2023-02-14 10:16:58 -05:00
dependabot[bot]
0ccd5930c4
chore(deps): bump actions/cache from 3.2.4 to 3.2.5 ( #1129 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.2.4 to 3.2.5.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](627f0f41f6...6998d139dd
2023-02-10 13:20:12 -05:00
