Mirrors/grype
2
0
Fork 0
mirror of https://github.com/anchore/grype synced 2024-11-12 23:37:06 +00:00
Code Issues Projects Releases Packages Wiki Activity
1102 commits 36 branches 157 tags 14 MiB
Commit graph

324 commits

Author SHA1 Message Date
5p2O5pe25ouT
bf84e2fa7f
Add registry certificate verification support (#1232) 
* add registry certificate verification support

* modify go.mod

* rename registry cert options, add docs, and add test

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* update to account for changes in anchore/stereoscope#195

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix cli tests

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: lishituo <24578666@qq.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-08-29 15:51:27 +00:00
anchore-actions-token-generator[bot]
4d84465681
chore(deps): update Syft to v0.88.0 (#1466) 2023-08-25 17:23:52 -04:00
dependabot[bot]
bc6a7cc8c9
chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 (#1453) 
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.3.0 to 1.3.1.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.3.0...v1.3.1)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-08-23 13:40:49 -04:00
anchore-actions-token-generator[bot]
51223cd0b1
chore(deps): update Syft to v0.87.1 (#1432) 2023-08-17 15:39:41 -04:00
dependabot[bot]
60e7b2bcdc
chore(deps): bump golang.org/x/term from 0.10.0 to 0.11.0 (#1420) 
Bumps [golang.org/x/term](https://github.com/golang/term) from 0.10.0 to 0.11.0.
- [Commits](https://github.com/golang/term/compare/v0.10.0...v0.11.0)

---
updated-dependencies:
- dependency-name: golang.org/x/term
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-08-07 18:11:09 -04:00
anchore-actions-token-generator[bot]
c97048baa1
chore(deps): update Syft to v0.86.1 (#1410) 
* chore(deps): update Syft to v0.86.0

Signed-off-by: GitHub <noreply@github.com>

* fix python package metadata shape

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* account for new metadatas added in syft

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* bump syft to unreleased but fixed version

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
 2023-07-31 17:58:36 +00:00
dependabot[bot]
ea0b54c681
chore(deps): bump github.com/docker/docker (#1402) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.4+incompatible to 24.0.5+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v24.0.4...v24.0.5)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-31 11:45:39 -04:00
dependabot[bot]
50bc9c0af5
chore(deps): bump github.com/hashicorp/go-getter from 1.7.1 to 1.7.2 (#1406) 
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.7.1 to 1.7.2.
- [Release notes](https://github.com/hashicorp/go-getter/releases)
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml)
- [Commits](https://github.com/hashicorp/go-getter/compare/v1.7.1...v1.7.2)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-27 12:54:06 -04:00
dependabot[bot]
e3be4916ac
chore(deps): bump github.com/gookit/color from 1.5.3 to 1.5.4 (#1396) 
Bumps [github.com/gookit/color](https://github.com/gookit/color) from 1.5.3 to 1.5.4.
- [Release notes](https://github.com/gookit/color/releases)
- [Commits](https://github.com/gookit/color/compare/v1.5.3...v1.5.4)

---
updated-dependencies:
- dependency-name: github.com/gookit/color
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-20 12:28:06 -04:00
dependabot[bot]
5a8ea73ff2
chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.7 to 0.4.8 (#1389) 
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.4.7 to 0.4.8.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.7...v0.4.8)

---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-17 14:09:22 -04:00
Alex Goodman
ebd4643930
Port UI to bubbletea (#1385) 
* initial port to bubbletea

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* remove jotframe UI

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add bubbletea component tests

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* update main.go refs to cmd package

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* move goreleaser build dir to cmd

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* upgrade yardstick for grype source installs and fix post-ui tests

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* ensure stable severity map in UI component test

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add windows support for tui

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-07-13 17:13:48 +00:00
anchore-actions-token-generator[bot]
37f436cfb6
chore(deps): update Syft to v0.85.0 (#1383) 2023-07-13 11:06:41 -04:00
Olivier Boudet
9050883715
feat(outputs): allow to set multiple outputs (#648) (#1346) 
* feat(outputs): allow to set multiple outputs (#648)

Signed-off-by: Olivier Boudet <o.boudet@gmail.com>
Signed-off-by: Olivier Boudet <olivier.boudet@cooperl.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* feat(outputs): allow to set multiple outputs (#648)

review

Signed-off-by: Olivier Boudet <olivier.boudet@cooperl.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* use syft format writter pattern and de-emphasize presenter package

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Olivier Boudet <o.boudet@gmail.com>
Signed-off-by: Olivier Boudet <olivier.boudet@cooperl.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-07-11 17:37:17 +00:00
dependabot[bot]
9ac9bdd9c2
chore(deps): bump github.com/docker/docker (#1382) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.2+incompatible to 24.0.4+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v24.0.2...v24.0.4)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-10 13:52:35 -04:00
Alex Goodman
64e9c9c0d3
Port to new syft source API (#1376) 
* port to new syft source API

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix linting

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-07-06 09:01:49 -04:00
dependabot[bot]
7545e8858d
chore(deps): bump golang.org/x/term from 0.9.0 to 0.10.0 (#1375) 
Bumps [golang.org/x/term](https://github.com/golang/term) from 0.9.0 to 0.10.0.
- [Commits](https://github.com/golang/term/compare/v0.9.0...v0.10.0)

---
updated-dependencies:
- dependency-name: golang.org/x/term
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-06 01:59:28 -04:00
anchore-actions-token-generator[bot]
bc93a968b5
chore(deps): update Syft to v0.84.1 (#1372) 2023-06-29 16:07:15 -04:00
anchore-actions-token-generator[bot]
a11f66c058
chore(deps): update Syft to v0.84.0 (#1354) 
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: willmurphyscode <willmurphyscode@users.noreply.github.com>
 2023-06-21 10:33:34 -04:00
anchore-actions-token-generator[bot]
4fec9a231b
chore(deps): update Syft to v0.83.1 (#1352) 2023-06-15 10:04:13 -04:00
dependabot[bot]
9e2287065b
chore(deps): bump golang.org/x/term from 0.8.0 to 0.9.0 (#1350) 
Bumps [golang.org/x/term](https://github.com/golang/term) from 0.8.0 to 0.9.0.
- [Commits](https://github.com/golang/term/compare/v0.8.0...v0.9.0)

---
updated-dependencies:
- dependency-name: golang.org/x/term
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-14 16:07:11 -04:00
anchore-actions-token-generator[bot]
3865f4cc1d
chore(deps): update bootstrap tools to latest versions (#1334) 
* chore(deps): update bootstrap tools to latest versions

Signed-off-by: GitHub <noreply@github.com>

* chore: dependency clean-up

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* chore: fix s/a changes

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* fix: update PURL provider tests; remove unparam

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

---------

Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
 2023-06-05 21:17:20 +00:00
dependabot[bot]
7f71f7f849
chore(deps): bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 (#1336) 
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.2 to 1.9.3.
- [Release notes](https://github.com/sirupsen/logrus/releases)
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sirupsen/logrus/compare/v1.9.2...v1.9.3)

---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-05 12:50:01 -04:00
dependabot[bot]
7c681d5059
chore(deps): bump github.com/stretchr/testify from 1.8.3 to 1.8.4 (#1324) 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.3 to 1.8.4.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.3...v1.8.4)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-30 12:42:46 -04:00
dependabot[bot]
8fbcb42619
chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 (#1323) 
Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.15.0 to 1.16.0.
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](https://github.com/spf13/viper/compare/v1.15.0...v1.16.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-30 12:13:39 -04:00
dependabot[bot]
2d1dcd72dc
chore(deps): bump github.com/docker/docker (#1320) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.1+incompatible to 24.0.2+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v24.0.1...v24.0.2)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-26 12:39:51 -04:00
Christopher Angelo Phillips
0f71006f62
chore: update gomod with latest syft (#1313) 
* chore: update go mod with latest syft

---------

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
 2023-05-23 13:57:53 -04:00
dependabot[bot]
3b80916c23
chore(deps): bump github.com/docker/docker (#1311) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.0+incompatible to 24.0.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v24.0.0...v24.0.1)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-23 13:42:03 -04:00
Alex Goodman
852a208417
bump syft to pre-release of v0.81.0 (#1310) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2023-05-22 14:17:34 +00:00
dependabot[bot]
1a3b92a3f1
chore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#1309) 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.2 to 1.8.3.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.2...v1.8.3)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-22 09:13:30 -04:00
dependabot[bot]
e7fa9d6d50
chore(deps): bump github.com/docker/docker (#1304) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.6+incompatible to 24.0.0+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v23.0.6...v24.0.0)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-19 11:41:10 -04:00
dependabot[bot]
f15b1fa1f8
chore(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.2 (#1307) 
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.0 to 1.9.2.
- [Release notes](https://github.com/sirupsen/logrus/releases)
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sirupsen/logrus/compare/v1.9.0...v1.9.2)

---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-19 11:40:38 -04:00
dependabot[bot]
a153b3047b
chore(deps): bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 (#1289) 2023-05-17 13:45:58 +00:00
dependabot[bot]
e4b756eb34
chore(deps): bump github.com/docker/distribution (#1290) 2023-05-17 13:45:39 +00:00
dependabot[bot]
75e7ef43cd
chore(deps): bump github.com/docker/docker (#1280) 2023-05-08 17:07:59 +00:00
anchore-actions-token-generator[bot]
f9df952a2d
chore(deps): update Syft to v0.80.0 (#1276) 2023-05-07 13:57:12 -04:00
dependabot[bot]
eb337bf45e
chore(deps): bump golang.org/x/term from 0.7.0 to 0.8.0 (#1268) 2023-05-05 15:43:13 +00:00
dependabot[bot]
74a5d6d4fc
chore(deps): bump github.com/docker/docker (#1257) 2023-05-02 20:34:19 +00:00
Christopher Angelo Phillips
3caabc8711
chore: bump syft to latest version v0.79.0 (#1250) 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
 2023-04-21 12:58:02 -04:00
anchore-actions-token-generator[bot]
b9fa68e3a9
chore(deps): update Syft to v0.78.0 (#1242) 
* chore(deps): update Syft to v0.78.0

Signed-off-by: GitHub <noreply@github.com>

* fix test location references and package types

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

---------

Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
 2023-04-19 17:38:06 +00:00
dependabot[bot]
0bc86761f2
chore(deps): bump github.com/docker/docker (#1241) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.3+incompatible to 23.0.4+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v23.0.3...v23.0.4)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-18 12:57:38 -04:00
dependabot[bot]
1f51229e17
chore(deps): bump github.com/docker/docker (#1218) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.2+incompatible to 23.0.3+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v23.0.2...v23.0.3)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-12 10:55:21 -04:00
dependabot[bot]
2e8a63dba6
chore(deps): bump golang.org/x/term from 0.6.0 to 0.7.0 (#1217) 
Bumps [golang.org/x/term](https://github.com/golang/term) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/term/releases)
- [Commits](https://github.com/golang/term/compare/v0.6.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/term
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-05 19:05:38 -04:00
dependabot[bot]
cecad5c9c4
chore(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0 (#1216) 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.6.1 to 1.7.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.6.1...v1.7.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-04 14:32:16 -04:00
dependabot[bot]
d8c0c0805b
chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.1-0.20221222100750-41a1ac565cce to 0.7.1 (#1213) 
* chore(deps): bump github.com/CycloneDX/cyclonedx-go

Bumps [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go) from 0.7.1-0.20221222100750-41a1ac565cce to 0.7.1.
- [Release notes](https://github.com/CycloneDX/cyclonedx-go/releases)
- [Changelog](https://github.com/CycloneDX/cyclonedx-go/blob/master/.goreleaser.yml)
- [Commits](https://github.com/CycloneDX/cyclonedx-go/commits/v0.7.1)

---
updated-dependencies:
- dependency-name: github.com/CycloneDX/cyclonedx-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix: update test fixtures

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
 2023-04-04 14:41:03 +00:00
dependabot[bot]
0b306fae25
chore(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1 (#1212) 
Bumps google.golang.org/protobuf from 1.29.0 to 1.29.1.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-03 14:36:40 -04:00
dependabot[bot]
147f5cf92f
chore(deps): bump github.com/anchore/syft from 0.75.0 to 0.76.0 (#1207) 
* chore(deps): bump github.com/anchore/syft from 0.75.0 to 0.76.0

Bumps [github.com/anchore/syft](https://github.com/anchore/syft) from 0.75.0 to 0.76.0.
- [Release notes](https://github.com/anchore/syft/releases)
- [Changelog](https://github.com/anchore/syft/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/anchore/syft/compare/v0.75.0...v0.76.0)

---
updated-dependencies:
- dependency-name: github.com/anchore/syft
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: update ParseInput signature with new syft version

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* fix: update integration tests

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
 2023-04-03 10:48:33 -04:00
dependabot[bot]
7614621b1d
chore(deps): bump github.com/docker/docker (#1201) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.1+incompatible to 23.0.2+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v23.0.1...v23.0.2)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-29 09:59:00 -04:00
dependabot[bot]
b3eff0c2d8
chore(deps): bump github.com/gookit/color from 1.5.2 to 1.5.3 (#1192) 2023-03-24 07:49:36 -04:00
dependabot[bot]
6716ca5e24
chore(deps): bump github.com/hashicorp/go-getter from 1.7.0 to 1.7.1 (#1181) 2023-03-21 09:51:55 -04:00
anchore-actions-token-generator[bot]
6da09d4fda
Update Syft to v0.75.0 (#1177) 
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
 2023-03-14 08:47:20 +00:00
dependabot[bot]
3a4d01b59c
chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.1 to 1.4.2 (#1166) 
Bumps [github.com/gabriel-vasile/mimetype](https://github.com/gabriel-vasile/mimetype) from 1.4.1 to 1.4.2.
- [Release notes](https://github.com/gabriel-vasile/mimetype/releases)
- [Commits](https://github.com/gabriel-vasile/mimetype/compare/v1.4.1...v1.4.2)

---
updated-dependencies:
- dependency-name: github.com/gabriel-vasile/mimetype
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-09 15:06:26 +00:00
anchore-actions-token-generator[bot]
2bc4c35142
Update Syft to v0.74.1 (#1168) 
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
 2023-03-09 14:37:02 +00:00
dependabot[bot]
8076863582
chore(deps): bump gorm.io/gorm from 1.23.5 to 1.23.10 (#1157) 
Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.23.5 to 1.23.10.
- [Release notes](https://github.com/go-gorm/gorm/releases)
- [Commits](https://github.com/go-gorm/gorm/compare/v1.23.5...v1.23.10)

---
updated-dependencies:
- dependency-name: gorm.io/gorm
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-03 12:26:49 -05:00
anchore-actions-token-generator[bot]
04a55885ee
chore: Update Syft to v0.74.0 (#1151) 2023-03-02 12:22:46 -05:00
Keith Zantow
bdcefd2554
chore: update progress monitor handling (#1149) 2023-03-01 16:47:01 -05:00
anchore-actions-token-generator[bot]
d1352ce843
Update Syft to v0.73.0 (#1140) 
* Update Syft to v0.73.0

Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
 2023-02-27 21:12:37 +00:00
dependabot[bot]
7ec450d413
chore(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.2 (#1144) 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.1...v1.8.2)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-27 12:25:04 -05:00
dependabot[bot]
c65ef466a9
chore(deps): bump github.com/spf13/afero from 1.9.3 to 1.9.4 (#1141) 
Bumps [github.com/spf13/afero](https://github.com/spf13/afero) from 1.9.3 to 1.9.4.
- [Release notes](https://github.com/spf13/afero/releases)
- [Commits](https://github.com/spf13/afero/compare/v1.9.3...v1.9.4)

---
updated-dependencies:
- dependency-name: github.com/spf13/afero
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-24 15:10:36 -05:00
dependabot[bot]
0051d0e6d0
chore(deps): bump github.com/hashicorp/go-getter from 1.6.2 to 1.7.0 (#1134) 
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.6.2 to 1.7.0.
- [Release notes](https://github.com/hashicorp/go-getter/releases)
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml)
- [Commits](https://github.com/hashicorp/go-getter/compare/v1.6.2...v1.7.0)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Resolves reporting of CVE-2023-0475

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-20 09:59:19 +00:00
anchore-actions-token-generator[bot]
50a5c33247
Update Syft to v0.72.0 (#1136) 
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
 2023-02-16 11:57:45 -05:00
dependabot[bot]
47ab7f55d3
chore(deps): bump github.com/docker/docker (#1128) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.0+incompatible to 23.0.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v23.0.0...v23.0.1)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-10 11:24:40 -05:00
anchore-actions-token-generator[bot]
29eeb69bc9
Update Syft to v0.71.0 (#1126) 2023-02-10 10:14:01 -05:00
dependabot[bot]
562a8d1776
chore(deps): bump golang.org/x/term from 0.4.0 to 0.5.0 (#1123) 
Bumps [golang.org/x/term](https://github.com/golang/term) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/golang/term/releases)
- [Commits](https://github.com/golang/term/compare/v0.4.0...v0.5.0)

---
updated-dependencies:
- dependency-name: golang.org/x/term
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-08 11:56:58 -05:00
anchore-actions-token-generator[bot]
f7f1ae8344
Update Syft to v0.70.0 (#1117) 
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
 2023-02-06 09:24:15 -05:00
dependabot[bot]
94b2ba8eef
chore(deps): bump github.com/docker/docker (#1114) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.23+incompatible to 23.0.0+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v20.10.23...v23.0.0)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-02 12:18:57 -05:00
anchore-actions-token-generator[bot]
1cd4ef1108
Update Syft to v0.69.1 (#1111) 
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
 2023-02-01 08:28:50 +00:00
Christopher Angelo Phillips
788ed965ec
chore: prune cosign dependency for grype builds (#1100) 
* feat: segment cosign dependency for grype builds for faster build times

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
 2023-01-31 11:42:40 -05:00
anchore-actions-token-generator[bot]
46a1955484
Update Syft to v0.69.0 (#1109) 2023-01-31 09:26:26 -05:00
dependabot[bot]
73577eb430
chore(deps): bump github.com/hashicorp/go-getter from 1.6.1 to 1.6.2 (#1087) 
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.6.1 to 1.6.2.
- [Release notes](https://github.com/hashicorp/go-getter/releases)
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml)
- [Commits](https://github.com/hashicorp/go-getter/compare/v1.6.1...v1.6.2)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-26 13:07:24 -05:00
anchore-actions-token-generator[bot]
c01ee9b2c7
Update Syft to v0.68.1 (#1086) 
Signed-off-by: GitHub <noreply@github.com>

Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
 2023-01-26 10:07:49 +00:00
dependabot[bot]
46a3c17e11
chore(deps): bump github.com/sigstore/sigstore from 1.4.4 to 1.5.1 (#1081) 
Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) from 1.4.4 to 1.5.1.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](https://github.com/sigstore/sigstore/compare/v1.4.4...v1.5.1)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-25 14:42:48 -05:00
dependabot[bot]
60aba60449
chore(deps): bump github.com/pkg/profile from 1.6.0 to 1.7.0 (#1079) 
Bumps [github.com/pkg/profile](https://github.com/pkg/profile) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/pkg/profile/releases)
- [Commits](https://github.com/pkg/profile/compare/v1.6.0...v1.7.0)

---
updated-dependencies:
- dependency-name: github.com/pkg/profile
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-25 12:21:34 -05:00
dependabot[bot]
3dd16f42ff
chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.0 to 1.4.1 (#1080) 
Bumps [github.com/gabriel-vasile/mimetype](https://github.com/gabriel-vasile/mimetype) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/gabriel-vasile/mimetype/releases)
- [Commits](https://github.com/gabriel-vasile/mimetype/compare/v1.4.0...v1.4.1)

---
updated-dependencies:
- dependency-name: github.com/gabriel-vasile/mimetype
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-25 12:21:12 -05:00
dependabot[bot]
8df5925854
chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 (#1083) 
Bumps [github.com/Masterminds/sprig/v3](https://github.com/Masterminds/sprig) from 3.2.2 to 3.2.3.
- [Release notes](https://github.com/Masterminds/sprig/releases)
- [Changelog](https://github.com/Masterminds/sprig/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Masterminds/sprig/compare/v3.2.2...v3.2.3)

---
updated-dependencies:
- dependency-name: github.com/Masterminds/sprig/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-25 12:17:03 -05:00
anchore-actions-token-generator[bot]
d28269c190
Update Syft to v0.68.0 (#1064) 2023-01-21 09:40:51 -05:00
anchore-actions-token-generator[bot]
88de2ae82b
chore: update Syft to v0.66.2 (#1060) 2023-01-18 12:50:46 -05:00
Keith Zantow
04a84a4440
fix: orient by cve merging (#1046) 2023-01-04 13:41:10 -05:00
anchore-actions-token-generator[bot]
3ff1d64eab
Update Syft to v0.64.0 (#1047) 2022-12-23 16:33:08 -05:00
anchore-actions-token-generator[bot]
93499eec7e
Update Syft to v0.63.0 (#1037) 2022-12-12 19:30:04 -05:00
Alex Goodman
a869480f89
Optionally orient results by CVE (#1020) 
Co-authored-by: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
 2022-12-08 15:22:40 -05:00
anchore-actions-token-generator[bot]
0a2a7b7cbb
Update Syft to v0.62.3 (#1026) 
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
 2022-12-07 18:30:38 -05:00
anchore-actions-token-generator[bot]
6bdb3b50c4
Update Syft to v0.62.2 (#1018) 
Signed-off-by: GitHub <noreply@github.com>
 2022-11-29 08:40:34 +00:00
anchore-actions-token-generator[bot]
826726d553
Update Syft to v0.62.1 (#1006) 2022-11-21 11:11:25 -05:00
Christopher Angelo Phillips
a4a62aab4b
chore: bump syft version v0.62.0 (#1000) 2022-11-18 15:03:15 -05:00
Christopher Angelo Phillips
c8ddd7e218
chore: update syft to v0.60.3 (#978) 2022-11-03 16:19:03 +00:00
Weston Steimel
4cda526992
implement v5 db schema to support improved matching between rpm appstream modules (#944) 
Adds support for a `package_qualifiers` column to allow evaluating package matches to vulnerabilities based on more than just version constraints. Currently adds an rpm-modularity qualifier in order to support matching to correct app stream module in order to reduce false positives within rpm-based distro ecosystems. In order to prevent an increase in false positive matches for previous versions of grype using the v4 schema, this change (along with the vulnerability source driver parser updates) requires bumping the schema to v5.

Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
 2022-10-18 00:34:47 +01:00
anchore-actions-token-generator[bot]
b62ad702b9
Update Syft to v0.59.0 (#957) 2022-10-17 16:07:39 -04:00
anchore-actions-token-generator[bot]
7ad60ce410
Update Syft to v0.58.0 (#941) 
* Update Syft to v0.58.0

Signed-off-by: GitHub <noreply@github.com>

* fix conan metadata related unit test failures

Signed-off-by: Weston Steimel <weston.steimel@anchore.com>

Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
Co-authored-by: Weston Steimel <weston.steimel@anchore.com>
 2022-10-05 11:26:16 +01:00
anchore-actions-token-generator[bot]
f094b860b9
Update Syft to v0.57.0 (#930) 
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
 2022-09-20 09:35:37 +01:00
dependabot[bot]
e63910b2c5
Bump github.com/sigstore/cosign from 1.11.1 to 1.12.0 (#927) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-19 11:46:11 -04:00
anchore-actions-token-generator[bot]
403a535321
Update Syft to v0.56.0 (#919) 
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
 2022-09-13 11:18:13 -04:00
Keith Zantow
ba73ab362a
Add support for scanning RPM files (#917) 2022-09-09 14:56:37 -04:00
anchore-actions-token-generator[bot]
77a8eb866d
Update Syft to v0.55.0 (#906) 
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
 2022-08-30 09:18:17 -04:00
anchore-actions-token-generator[bot]
08b4ef493b
Update Syft to v0.54.0 (#881) 
Signed-off-by: GitHub <noreply@github.com>

Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
 2022-08-17 19:36:54 +00:00
anchore-actions-token-generator[bot]
262630e01e
Update Syft to v0.53.4 (#856) 2022-08-04 09:37:48 -04:00
Christopher Angelo Phillips
74fd591caf
update golanci-lint, goreleaser, cosign (#850) 2022-07-28 14:55:14 -04:00
Christopher Angelo Phillips
991d16879a
update grype to use syft v0.52.0 (#838) 2022-07-22 16:12:18 +00:00
Zac Medico
30943e032b
add Gentoo matching support (#813) 
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
 2022-07-19 09:37:21 -04:00
Christopher Angelo Phillips
cb6bddfeeb
bump syft version to v0.51.0 (#822) 2022-07-11 15:15:12 -04:00
Christopher Angelo Phillips
0e0a9d9e7a
update syft to v0.50.0 (#818) 2022-07-06 14:48:21 +00:00