Commit graph

1362 commits

Author SHA1 Message Date
Eiji Ito
7dfa436314
Add "Alpine Linux" to IDMapping; handle no CPEs error in findApkPackage. (#2040)
* Add "Alpine Linux" to IDMapping; handle no CPEs error in findApkPackage.

Signed-off-by: Eiji Ito <aeffy7@gmail.com>

* Remove unused errNoCPEs and update error handling in findApkPackage function.

Signed-off-by: Eiji Ito <aeffy7@gmail.com>

* test: prove test fails without fix

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>

* fix: revert contributed fix

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>

---------

Signed-off-by: Eiji Ito <aeffy7@gmail.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Eiji Ito <aeffy7@gmail.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-08-16 19:13:06 +00:00
anchore-actions-token-generator[bot]
a758b01d17
chore(deps): update tools to latest versions (#2055)
* chore(deps): update tools to latest versions

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* chore: fix linter for non-const format

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>

---------

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-08-16 17:58:10 +00:00
dependabot[bot]
c5fb1a3f9d
chore(deps): bump github.com/docker/docker (#2052)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 27.1.1+incompatible to 27.1.2+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v27.1.1...v27.1.2)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-16 13:47:48 -04:00
Shane Dell
d21c5490e0
fix: fail when grype cant check for db update (#1247)
Signed-off-by: Shane Dell <shanedell100@gmail.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
2024-08-15 14:39:24 -04:00
dependabot[bot]
b26f3e29ee
chore(deps): bump anchore/sbom-action from 0.17.0 to 0.17.1 (#2053)
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.17.0 to 0.17.1.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](d94f46e13c...ab9d16d4b4)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-15 13:40:26 -04:00
dependabot[bot]
db73c2c7d0
chore(deps): bump github.com/hashicorp/go-getter from 1.7.5 to 1.7.6 (#2056)
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.7.5 to 1.7.6.
- [Release notes](https://github.com/hashicorp/go-getter/releases)
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml)
- [Commits](https://github.com/hashicorp/go-getter/compare/v1.7.5...v1.7.6)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-15 13:40:15 -04:00
dependabot[bot]
1fe0b74704
chore(deps): bump github/codeql-action from 3.26.0 to 3.26.2 (#2060)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.0 to 3.26.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](eb055d739a...429e197704)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-15 13:39:14 -04:00
GGMU
e7ceffadc8
feat: add db search subcommand (#2031)
Signed-off-by: Tomer Seinfeld <tomersein@gmail.com>
2024-08-12 17:45:25 -04:00
Alex Goodman
89c4190914
do not fail when inflating DB records (#2049)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-08-12 16:20:46 +00:00
Keith Zantow
b12a6f2dc9
chore: remove quality gate Makefile db age check (#2036)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-08-12 11:59:53 -04:00
Alan Pope
4ec46b5e24
doc: Updates for the Slack to Discourse migration (#2046)
Signed-off-by: Alan Pope <alan@popey.com>
2024-08-12 11:49:43 +01:00
Keith Zantow
4dfd9d76d1
feat: update to Syft 1.11.0 (#2047) 2024-08-09 14:32:05 -04:00
William Murphy
f9b6365146
fix: higher default timeout for database download (#2033)
Depending on region and network conditions, 120s was not enough time for
many clients, leading to some complaints. Raise the default timeout to
five minutes.

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2024-08-09 08:39:17 -04:00
dependabot[bot]
a0d1c959f6
chore(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0 (#2045)
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.5.0 to 3.6.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](59acb6260d...4959ce089c)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-08 15:03:26 -04:00
dependabot[bot]
ec491ee45c
chore(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 (#2035)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.5 to 4.3.6.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](89ef406dd8...834a144ee9)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-07 14:43:47 -04:00
anchore-actions-token-generator[bot]
8f18cdc380
chore(deps): update tools to latest versions (#2038)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-08-07 14:27:33 -04:00
dependabot[bot]
d1eebcc41a
chore(deps): bump github.com/google/go-containerregistry (#2043)
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.20.1 to 0.20.2.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.20.1...v0.20.2)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-07 14:26:57 -04:00
dependabot[bot]
904e4b406c
chore(deps): bump github/codeql-action from 3.25.15 to 3.26.0 (#2044)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.15 to 3.26.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](afb54ba388...eb055d739a)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-07 14:26:45 -04:00
anchore-actions-token-generator[bot]
8642eba1b0
test: update quality gate db to latest version (#2034)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <12529630+willmurphyscode@users.noreply.github.com>
2024-08-06 07:48:26 -04:00
anchore-actions-token-generator[bot]
f72848dff1
chore(deps): update tools to latest versions (#2027)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-08-02 13:25:29 -04:00
dependabot[bot]
1bc1dd4dd0
chore(deps): bump actions/upload-artifact from 4.3.4 to 4.3.5 (#2028)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.4 to 4.3.5.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](0b2256b8c0...89ef406dd8)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-02 13:20:18 -04:00
Keith Zantow
bada7d51d7
chore: add grype version to application update check headers (#2021)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-08-01 14:16:00 -04:00
anchore-actions-token-generator[bot]
486f9f11b1
test: update quality gate db to latest version (#2026)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-08-01 12:39:14 -04:00
Keith Zantow
86ba33d72e
chore: use the .tool/gh for release script (#2022)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-07-31 20:10:58 -04:00
dependabot[bot]
0cf3939389
chore(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 (#2016)
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.3 to 2.4.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](dc50aa9510...62b2cac7ed)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-31 11:05:32 -04:00
anchore-actions-token-generator[bot]
406d196726
chore(deps): update Syft to v1.10.0 (#2019) 2024-07-30 13:18:54 -04:00
dependabot[bot]
133775cddf
chore(deps): bump github/codeql-action from 3.25.14 to 3.25.15 (#2011)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.14 to 3.25.15.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](5cf07d8b70...afb54ba388)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-29 11:01:27 -04:00
dependabot[bot]
064c915738
chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.4 to 1.4.5 (#2012)
Bumps [github.com/gabriel-vasile/mimetype](https://github.com/gabriel-vasile/mimetype) from 1.4.4 to 1.4.5.
- [Release notes](https://github.com/gabriel-vasile/mimetype/releases)
- [Commits](https://github.com/gabriel-vasile/mimetype/compare/v1.4.4...v1.4.5)

---
updated-dependencies:
- dependency-name: github.com/gabriel-vasile/mimetype
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-29 11:01:18 -04:00
anchore-actions-token-generator[bot]
59b3eedff5
chore(deps): update tools to latest versions (#2015)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-07-29 10:03:14 -04:00
dependabot[bot]
16a7e4d423
chore(deps): bump github/codeql-action from 3.25.13 to 3.25.14 (#2010)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.13 to 3.25.14.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](2d790406f5...5cf07d8b70)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-25 16:09:14 +00:00
Alex Goodman
1d38cea896
disable ui before run function on db status (#2008)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-07-25 11:55:30 -04:00
dependabot[bot]
3af8d1e46e
chore(deps): bump github.com/docker/docker (#2007)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 27.1.0+incompatible to 27.1.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v27.1.0...v27.1.1)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-24 16:08:59 -04:00
anchore-actions-token-generator[bot]
e07546ec86
chore(deps): update tools to latest versions (#2003)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-07-23 10:17:04 -04:00
dependabot[bot]
1f0bcc0d96
chore(deps): bump github.com/docker/docker (#2000)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 27.0.3+incompatible to 27.1.0+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v27.0.3...v27.1.0)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-22 08:43:47 -07:00
dependabot[bot]
387164964a
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.4 to 0.5.5 (#2001)
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.5.4 to 0.5.5.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.4...v0.5.5)

---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-22 08:43:34 -07:00
dependabot[bot]
fb16d0e4b5
chore(deps): bump docker/login-action from 3.2.0 to 3.3.0 (#2002)
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](0d4c9c5ea7...9780b0c442)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-22 08:43:02 -07:00
dependabot[bot]
b68cd230b1
chore(deps): bump github/codeql-action from 3.25.12 to 3.25.13 (#1999)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.12 to 3.25.13.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](4fa2a79536...2d790406f5)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-22 09:37:39 -04:00
William Murphy
96c890f92e
chore: request artifact in issue template (#1996)
* chore: request artifact in issue template

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* Apply suggestions from code review

Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: William Murphy <willmurphyscode@users.noreply.github.com>

* Update .github/ISSUE_TEMPLATE/bug_report.md

Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: William Murphy <willmurphyscode@users.noreply.github.com>

---------

Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: William Murphy <willmurphyscode@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-07-18 21:17:06 +00:00
anchore-actions-token-generator[bot]
98fdea4331
chore(deps): update tools to latest versions (#1998)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-07-18 08:22:02 -07:00
Alan Pope
10e9f4317e
docs: CODE_OF_CONDUCT.md (#1994)
This PR adds a code of conduct document to the repo, as agreed at our recent OSS team catch up.

Signed-off-by: Alan Pope <alan@popey.com>
2024-07-17 14:33:25 -07:00
dependabot[bot]
be6364fb5e
chore(deps): bump github.com/google/go-containerregistry (#1997)
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.20.0 to 0.20.1.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.20.0...v0.20.1)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-17 11:24:21 -07:00
dependabot[bot]
d73d5d505f
chore(deps): bump anchore/sbom-action from 0.16.1 to 0.17.0 (#1992)
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.16.1 to 0.17.0.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](95b086ac30...d94f46e13c)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-16 20:15:48 -04:00
anchore-actions-token-generator[bot]
08e9b7da44
chore(deps): update tools to latest versions (#1989)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-07-15 09:08:44 -04:00
dependabot[bot]
c3ce991952
chore(deps): bump github/codeql-action from 3.25.11 to 3.25.12 (#1990)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.11 to 3.25.12.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](b611370bb5...4fa2a79536)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-15 09:08:19 -04:00
dependabot[bot]
8f180cd5e5
chore(deps): bump github.com/charmbracelet/lipgloss (#1991)
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.11.1 to 0.12.1.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases)
- [Changelog](https://github.com/charmbracelet/lipgloss/blob/master/.goreleaser.yml)
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.11.1...v0.12.1)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-15 09:08:05 -04:00
dependabot[bot]
45b7236e94
chore(deps): bump gorm.io/gorm from 1.25.10 to 1.25.11 (#1985)
Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.25.10 to 1.25.11.
- [Release notes](https://github.com/go-gorm/gorm/releases)
- [Commits](https://github.com/go-gorm/gorm/compare/v1.25.10...v1.25.11)

---
updated-dependencies:
- dependency-name: gorm.io/gorm
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-11 14:39:52 -04:00
dependabot[bot]
cece530ade
chore(deps): bump anchore/sbom-action from 0.16.0 to 0.16.1 (#1981)
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.16.0 to 0.16.1.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](e8d2a6937e...95b086ac30)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-11 11:19:01 -07:00
dependabot[bot]
8fd3a21eea
chore(deps): bump actions/setup-go from 5.0.1 to 5.0.2 (#1982)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.0.1 to 5.0.2.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](cdcb360436...0a12ed9d6a)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-11 11:18:49 -07:00
anchore-actions-token-generator[bot]
9209b10577
chore(deps): update Syft to v1.9.0 (#1986)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <12529630+willmurphyscode@users.noreply.github.com>
2024-07-11 18:05:17 +00:00
Weston Steimel
ef37603751
fix: correct cpe target software comparison to syft language (#1658)
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2024-07-11 16:08:05 +01:00