Alex Goodman
87292dc353
denormalize aux fields
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-21 15:53:17 -04:00
Alex Goodman
0f7c19811e
use package identifiers not a package obj
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-21 12:04:48 -04:00
Alex Goodman
27b4268022
deduplicate range events
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-21 09:11:06 -04:00
Alex Goodman
6933716613
deduplicate OS records
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-19 03:04:27 -04:00
Alex Goodman
6ddacf733b
with schema draft codified
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-19 00:07:37 -04:00
Joshua Cooper
9c98ac80ab
Updating maven URLs in README.md ( #1934 )
2024-06-12 17:34:00 +00:00
Alex Goodman
97edf42c26
sort order for matches should consider fix info ( #1933 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-12 15:48:23 +00:00
anchore-actions-token-generator[bot]
9d28137f78
chore(deps): update tools to latest versions ( #1925 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-06-11 10:01:30 -04:00
anchore-actions-token-generator[bot]
f5774bf84e
chore(deps): update tools to latest versions ( #1921 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-06-10 12:02:45 -04:00
anchore-actions-token-generator[bot]
b1707448ea
chore(deps): update tools to latest versions ( #1919 )
...
* chore(deps): update tools to latest versions
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* chore: update releaser file to compatible fields
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---------
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-06-07 15:53:54 -04:00
dependabot[bot]
adcfc04199
chore(deps): bump actions/checkout from 4.1.1 to 4.1.6 ( #1920 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.1 to 4.1.6.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v4.1.1...a5ac7e51b41094c92402da3b24376905380afc29 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-07 09:56:50 -07:00
Shubham Hibare
17b104771a
feat(signature): Checksum signature verification ( #1670 )
...
* feat(signature): Checksum signature verification
Signed-off-by: Shubham Hibare <shubham@hibare.in>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* Update message
Signed-off-by: Shubham Hibare <shubham@hibare.in>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* address comments
Signed-off-by: Shubham Hibare <shubham@hibare.in>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* consider -v flag across supported releases
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add tests for install.sh signature verification
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* check that release is run from main
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* summarize install.sh flags and recommendations
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove regex use on cosign verify-blob
Co-authored-by: Dominique Martinet <asmadeus@codewreck.org>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* simplify the compare_semver install function
Co-authored-by: Dominique Martinet <asmadeus@codewreck.org>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add more tests to compare_semver
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* nit copy change for install help
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* keep original compare_semver implementation
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update copy to include default install path
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Shubham Hibare <shubham@hibare.in>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Dominique Martinet <asmadeus@codewreck.org>
2024-06-06 21:23:04 +00:00
Alex Goodman
e5b341b87a
add skopeo to managed utilities ( #1915 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-06 18:58:34 +00:00
dependabot[bot]
cc5ca8b28c
chore(deps): bump github/codeql-action from 3.25.7 to 3.25.8 ( #1909 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.7 to 3.25.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f079b84933...2e230e8fe0
2024-06-06 12:55:31 -04:00
dependabot[bot]
0cacbe5081
chore(deps): bump github.com/docker/docker ( #1916 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 26.1.3+incompatible to 26.1.4+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v26.1.3...v26.1.4 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-06 16:12:57 +00:00
Alex Goodman
2beae30864
remove dco workflow ( #1914 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-06 10:53:23 -04:00
Alex Goodman
28c40f50cd
use dco tool during gh app outage ( #1910 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-04 14:08:34 -04:00
dependabot[bot]
ef4d3f55c4
chore(deps): bump github/codeql-action from 3.25.6 to 3.25.7 ( #1901 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.6 to 3.25.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](9fdb3e4972...f079b84933
2024-05-31 14:12:32 -04:00
dependabot[bot]
7dc95ebceb
chore(deps): bump github.com/charmbracelet/bubbletea ( #1902 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 0.26.3 to 0.26.4.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.26.3...v0.26.4 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-31 14:05:25 -04:00
Avtar Gill
0baa116159
fix: add note about TMPDIR env var ( #1880 )
...
Signed-off-by: Avtar Gill <avtargill@gmail.com>
2024-05-31 10:19:42 -04:00
Keith Zantow
31b0fcd390
fix: uppercased package in json ( #1900 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-05-30 17:37:09 -04:00
Dan Luhring
316c0e9a11
fix: main mod pseudo version default off ( #1894 )
...
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
2024-05-30 13:59:00 -04:00
anchore-actions-token-generator[bot]
46865680f5
chore(deps): update tools to latest versions ( #1898 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-05-30 11:43:52 -04:00
Alex Goodman
b13315fa72
update syft to v1.5.0 ( #1897 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-05-28 13:37:10 -04:00
dependabot[bot]
238caa4a82
chore(deps): bump docker/login-action from 3.1.0 to 3.2.0 ( #1896 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](e92390c5fb...0d4c9c5ea7
2024-05-28 12:29:48 -04:00
Alex Goodman
621eeddcce
Update syft to 1.4.2-0.20240528141306-ac34808b9c55 ( #1895 )
...
* update to latest syft
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix tests related to syft bump
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-05-28 15:06:16 +00:00
dependabot[bot]
8b7cf8f5e2
chore(deps): bump github.com/charmbracelet/lipgloss ( #1888 )
...
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss ) from 0.10.0 to 0.11.0.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases )
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.10.0...v0.11.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-28 14:26:23 +00:00
dependabot[bot]
51bd0be67b
chore(deps): bump github.com/hashicorp/go-version from 1.6.0 to 1.7.0 ( #1887 )
...
Bumps [github.com/hashicorp/go-version](https://github.com/hashicorp/go-version ) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/hashicorp/go-version/releases )
- [Changelog](https://github.com/hashicorp/go-version/blob/main/CHANGELOG.md )
- [Commits](https://github.com/hashicorp/go-version/compare/v1.6.0...v1.7.0 )
---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-version
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-28 10:03:28 -04:00
anchore-actions-token-generator[bot]
336952b36e
chore(deps): update tools to latest versions ( #1891 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-05-28 10:03:05 -04:00
dependabot[bot]
ecd9afa8e7
chore(deps): bump github.com/charmbracelet/bubbletea ( #1890 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 0.26.2 to 0.26.3.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.26.2...v0.26.3 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-28 10:02:52 -04:00
dependabot[bot]
cea7a404d6
chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.3 to 1.4.4 ( #1889 )
...
Bumps [github.com/gabriel-vasile/mimetype](https://github.com/gabriel-vasile/mimetype ) from 1.4.3 to 1.4.4.
- [Release notes](https://github.com/gabriel-vasile/mimetype/releases )
- [Commits](https://github.com/gabriel-vasile/mimetype/compare/v1.4.3...v1.4.4 )
---
updated-dependencies:
- dependency-name: github.com/gabriel-vasile/mimetype
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-24 14:28:56 -04:00
anchore-actions-token-generator[bot]
e097691d7f
chore(deps): update tools to latest versions ( #1883 )
2024-05-24 09:33:42 -04:00
Keith Zantow
d4b6cd60a6
feat: add config command ( #1876 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-05-23 15:18:37 -04:00
Alex Goodman
2b1ca9b07f
disable TUI for simpler commands ( #1872 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-05-21 15:17:33 +00:00
dependabot[bot]
834793100e
chore(deps): bump github.com/docker/docker ( #1867 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 26.1.2+incompatible to 26.1.3+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v26.1.2...v26.1.3 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-20 13:38:54 -04:00
dependabot[bot]
1e6811b7cb
chore(deps): bump actions/checkout from 4.1.5 to 4.1.6 ( #1868 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.5 to 4.1.6.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](44c2b7a8a4...a5ac7e51b4
2024-05-20 13:38:30 -04:00
anchore-actions-token-generator[bot]
b7a51d669c
chore(deps): update tools to latest versions ( #1864 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-05-20 11:59:56 -04:00
dependabot[bot]
0117d566a9
chore(deps): bump github/codeql-action from 2.13.4 to 3.25.6 ( #1870 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.13.4 to 3.25.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](cdcdbb5797...9fdb3e4972
2024-05-20 11:59:06 -04:00
dependabot[bot]
cefc896a4f
chore(deps): bump anchore/sbom-action from 0.15.11 to 0.16.0 ( #1871 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.11 to 0.16.0.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](7ccf588e3c...e8d2a6937e
2024-05-20 11:58:39 -04:00
anchore-actions-token-generator[bot]
0ff0d99a50
chore(deps): update tools to latest versions ( #1862 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-05-14 11:27:55 -04:00
Christopher Angelo Phillips
bfac9dafed
chore: add top level permissions to new workflow ( #1860 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-05-13 13:35:37 -04:00
anchore-actions-token-generator[bot]
d7bf327d3c
chore(deps): update tools to latest versions ( #1856 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-05-13 12:29:07 -04:00
dependabot[bot]
7ccaaf6904
chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 ( #1858 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.4 to 4.1.5.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v4.1.4...44c2b7a8a4ea60a981eaca3cf939b5f4305c123b )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-13 12:28:42 -04:00
dependabot[bot]
38ccf16049
chore(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 ( #1859 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.3.1 to 2.3.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](0864cf1902...dc50aa9510
2024-05-13 12:28:33 -04:00
William Murphy
5ac483a3bc
fix: ask catalog for package rather than type asserting ( #1857 )
...
This fixes a class of false positive where removing language packages that are
owned by OS packages would incorrectly fail due to a buggy type assertion.
---------
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2024-05-10 15:20:24 +00:00
Alex Goodman
24d5d4ffb2
Upgrade tool management ( #1842 )
...
* upgrade tool management
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update version file on release
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-05-09 16:25:00 -04:00
anchore-actions-token-generator[bot]
e0c2b90da0
chore(deps): update Syft to v1.4.0 ( #1855 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-05-09 20:15:15 +00:00
anchore-actions-token-generator[bot]
39e9843d47
chore(deps): update bootstrap tools to latest versions ( #1852 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-05-09 12:04:53 -04:00
dependabot[bot]
f66a7f0f64
chore(deps): bump github.com/charmbracelet/bubbletea ( #1853 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 0.26.1 to 0.26.2.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.26.1...v0.26.2 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-09 12:04:30 -04:00
dependabot[bot]
f396a579f6
chore(deps): bump github.com/docker/docker ( #1854 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 26.1.1+incompatible to 26.1.2+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v26.1.1...v26.1.2 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-09 12:04:21 -04:00
