grype

mirror of https://github.com/anchore/grype synced 2024-11-14 16:27:15 +00:00

Author	SHA1	Message	Date
anchore-actions-token-generator[bot]	b9fa68e3a9	chore(deps): update Syft to v0.78.0 (#1242 ) * chore(deps): update Syft to v0.78.0 Signed-off-by: GitHub <noreply@github.com> * fix test location references and package types Signed-off-by: Alex Goodman <alex.goodman@anchore.com> --------- Signed-off-by: GitHub <noreply@github.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2023-04-19 17:38:06 +00:00
dependabot[bot]	0bc86761f2	chore(deps): bump github.com/docker/docker (#1241 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.3+incompatible to 23.0.4+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v23.0.3...v23.0.4) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-18 12:57:38 -04:00
dependabot[bot]	1f51229e17	chore(deps): bump github.com/docker/docker (#1218 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.2+incompatible to 23.0.3+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v23.0.2...v23.0.3) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-12 10:55:21 -04:00
dependabot[bot]	2e8a63dba6	chore(deps): bump golang.org/x/term from 0.6.0 to 0.7.0 (#1217 ) Bumps [golang.org/x/term](https://github.com/golang/term) from 0.6.0 to 0.7.0. - [Release notes](https://github.com/golang/term/releases) - [Commits](https://github.com/golang/term/compare/v0.6.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/term dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-05 19:05:38 -04:00
dependabot[bot]	cecad5c9c4	chore(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0 (#1216 ) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.6.1 to 1.7.0. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.6.1...v1.7.0) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-04 14:32:16 -04:00
dependabot[bot]	d8c0c0805b	chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.1-0.20221222100750-41a1ac565cce to 0.7.1 (#1213 ) * chore(deps): bump github.com/CycloneDX/cyclonedx-go Bumps [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go) from 0.7.1-0.20221222100750-41a1ac565cce to 0.7.1. - [Release notes](https://github.com/CycloneDX/cyclonedx-go/releases) - [Changelog](https://github.com/CycloneDX/cyclonedx-go/blob/master/.goreleaser.yml) - [Commits](https://github.com/CycloneDX/cyclonedx-go/commits/v0.7.1) --- updated-dependencies: - dependency-name: github.com/CycloneDX/cyclonedx-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix: update test fixtures Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-04-04 14:41:03 +00:00
dependabot[bot]	0b306fae25	chore(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1 (#1212 ) Bumps google.golang.org/protobuf from 1.29.0 to 1.29.1. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-03 14:36:40 -04:00
dependabot[bot]	147f5cf92f	chore(deps): bump github.com/anchore/syft from 0.75.0 to 0.76.0 (#1207 ) * chore(deps): bump github.com/anchore/syft from 0.75.0 to 0.76.0 Bumps [github.com/anchore/syft](https://github.com/anchore/syft) from 0.75.0 to 0.76.0. - [Release notes](https://github.com/anchore/syft/releases) - [Changelog](https://github.com/anchore/syft/blob/main/.goreleaser.yaml) - [Commits](https://github.com/anchore/syft/compare/v0.75.0...v0.76.0) --- updated-dependencies: - dependency-name: github.com/anchore/syft dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore: update ParseInput signature with new syft version Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * fix: update integration tests Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-04-03 10:48:33 -04:00
dependabot[bot]	7614621b1d	chore(deps): bump github.com/docker/docker (#1201 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.1+incompatible to 23.0.2+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v23.0.1...v23.0.2) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-29 09:59:00 -04:00
dependabot[bot]	b3eff0c2d8	chore(deps): bump github.com/gookit/color from 1.5.2 to 1.5.3 (#1192 )	2023-03-24 07:49:36 -04:00
dependabot[bot]	6716ca5e24	chore(deps): bump github.com/hashicorp/go-getter from 1.7.0 to 1.7.1 (#1181 )	2023-03-21 09:51:55 -04:00
anchore-actions-token-generator[bot]	6da09d4fda	Update Syft to v0.75.0 (#1177 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-03-14 08:47:20 +00:00
dependabot[bot]	3a4d01b59c	chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.1 to 1.4.2 (#1166 ) Bumps [github.com/gabriel-vasile/mimetype](https://github.com/gabriel-vasile/mimetype) from 1.4.1 to 1.4.2. - [Release notes](https://github.com/gabriel-vasile/mimetype/releases) - [Commits](https://github.com/gabriel-vasile/mimetype/compare/v1.4.1...v1.4.2) --- updated-dependencies: - dependency-name: github.com/gabriel-vasile/mimetype dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-09 15:06:26 +00:00
anchore-actions-token-generator[bot]	2bc4c35142	Update Syft to v0.74.1 (#1168 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-03-09 14:37:02 +00:00
dependabot[bot]	8076863582	chore(deps): bump gorm.io/gorm from 1.23.5 to 1.23.10 (#1157 ) Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.23.5 to 1.23.10. - [Release notes](https://github.com/go-gorm/gorm/releases) - [Commits](https://github.com/go-gorm/gorm/compare/v1.23.5...v1.23.10) --- updated-dependencies: - dependency-name: gorm.io/gorm dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-03 12:26:49 -05:00
anchore-actions-token-generator[bot]	04a55885ee	chore: Update Syft to v0.74.0 (#1151 )	2023-03-02 12:22:46 -05:00
Keith Zantow	bdcefd2554	chore: update progress monitor handling (#1149 )	2023-03-01 16:47:01 -05:00
anchore-actions-token-generator[bot]	d1352ce843	Update Syft to v0.73.0 (#1140 ) * Update Syft to v0.73.0 Signed-off-by: GitHub <noreply@github.com> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-02-27 21:12:37 +00:00
dependabot[bot]	7ec450d413	chore(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.2 (#1144 ) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.1 to 1.8.2. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.1...v1.8.2) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-27 12:25:04 -05:00
dependabot[bot]	c65ef466a9	chore(deps): bump github.com/spf13/afero from 1.9.3 to 1.9.4 (#1141 ) Bumps [github.com/spf13/afero](https://github.com/spf13/afero) from 1.9.3 to 1.9.4. - [Release notes](https://github.com/spf13/afero/releases) - [Commits](https://github.com/spf13/afero/compare/v1.9.3...v1.9.4) --- updated-dependencies: - dependency-name: github.com/spf13/afero dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-24 15:10:36 -05:00
dependabot[bot]	0051d0e6d0	chore(deps): bump github.com/hashicorp/go-getter from 1.6.2 to 1.7.0 (#1134 ) Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.6.2 to 1.7.0. - [Release notes](https://github.com/hashicorp/go-getter/releases) - [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml) - [Commits](https://github.com/hashicorp/go-getter/compare/v1.6.2...v1.7.0) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-getter dependency-type: direct:production update-type: version-update:semver-minor ... Resolves reporting of CVE-2023-0475 Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-20 09:59:19 +00:00
anchore-actions-token-generator[bot]	50a5c33247	Update Syft to v0.72.0 (#1136 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>	2023-02-16 11:57:45 -05:00
dependabot[bot]	47ab7f55d3	chore(deps): bump github.com/docker/docker (#1128 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.0+incompatible to 23.0.1+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v23.0.0...v23.0.1) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-10 11:24:40 -05:00
anchore-actions-token-generator[bot]	29eeb69bc9	Update Syft to v0.71.0 (#1126 )	2023-02-10 10:14:01 -05:00
dependabot[bot]	562a8d1776	chore(deps): bump golang.org/x/term from 0.4.0 to 0.5.0 (#1123 ) Bumps [golang.org/x/term](https://github.com/golang/term) from 0.4.0 to 0.5.0. - [Release notes](https://github.com/golang/term/releases) - [Commits](https://github.com/golang/term/compare/v0.4.0...v0.5.0) --- updated-dependencies: - dependency-name: golang.org/x/term dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-08 11:56:58 -05:00
anchore-actions-token-generator[bot]	f7f1ae8344	Update Syft to v0.70.0 (#1117 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-02-06 09:24:15 -05:00
dependabot[bot]	94b2ba8eef	chore(deps): bump github.com/docker/docker (#1114 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.23+incompatible to 23.0.0+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v20.10.23...v23.0.0) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-02 12:18:57 -05:00
anchore-actions-token-generator[bot]	1cd4ef1108	Update Syft to v0.69.1 (#1111 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-02-01 08:28:50 +00:00
Christopher Angelo Phillips	788ed965ec	chore: prune cosign dependency for grype builds (#1100 ) * feat: segment cosign dependency for grype builds for faster build times Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-01-31 11:42:40 -05:00
anchore-actions-token-generator[bot]	46a1955484	Update Syft to v0.69.0 (#1109 )	2023-01-31 09:26:26 -05:00
dependabot[bot]	73577eb430	chore(deps): bump github.com/hashicorp/go-getter from 1.6.1 to 1.6.2 (#1087 ) Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.6.1 to 1.6.2. - [Release notes](https://github.com/hashicorp/go-getter/releases) - [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml) - [Commits](https://github.com/hashicorp/go-getter/compare/v1.6.1...v1.6.2) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-getter dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-26 13:07:24 -05:00
anchore-actions-token-generator[bot]	c01ee9b2c7	Update Syft to v0.68.1 (#1086 ) Signed-off-by: GitHub <noreply@github.com> Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-01-26 10:07:49 +00:00
dependabot[bot]	46a3c17e11	chore(deps): bump github.com/sigstore/sigstore from 1.4.4 to 1.5.1 (#1081 ) Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) from 1.4.4 to 1.5.1. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.4.4...v1.5.1) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-25 14:42:48 -05:00
dependabot[bot]	60aba60449	chore(deps): bump github.com/pkg/profile from 1.6.0 to 1.7.0 (#1079 ) Bumps [github.com/pkg/profile](https://github.com/pkg/profile) from 1.6.0 to 1.7.0. - [Release notes](https://github.com/pkg/profile/releases) - [Commits](https://github.com/pkg/profile/compare/v1.6.0...v1.7.0) --- updated-dependencies: - dependency-name: github.com/pkg/profile dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-25 12:21:34 -05:00
dependabot[bot]	3dd16f42ff	chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.0 to 1.4.1 (#1080 ) Bumps [github.com/gabriel-vasile/mimetype](https://github.com/gabriel-vasile/mimetype) from 1.4.0 to 1.4.1. - [Release notes](https://github.com/gabriel-vasile/mimetype/releases) - [Commits](https://github.com/gabriel-vasile/mimetype/compare/v1.4.0...v1.4.1) --- updated-dependencies: - dependency-name: github.com/gabriel-vasile/mimetype dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-25 12:21:12 -05:00
dependabot[bot]	8df5925854	chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 (#1083 ) Bumps [github.com/Masterminds/sprig/v3](https://github.com/Masterminds/sprig) from 3.2.2 to 3.2.3. - [Release notes](https://github.com/Masterminds/sprig/releases) - [Changelog](https://github.com/Masterminds/sprig/blob/master/CHANGELOG.md) - [Commits](https://github.com/Masterminds/sprig/compare/v3.2.2...v3.2.3) --- updated-dependencies: - dependency-name: github.com/Masterminds/sprig/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-25 12:17:03 -05:00
anchore-actions-token-generator[bot]	d28269c190	Update Syft to v0.68.0 (#1064 )	2023-01-21 09:40:51 -05:00
anchore-actions-token-generator[bot]	88de2ae82b	chore: update Syft to v0.66.2 (#1060 )	2023-01-18 12:50:46 -05:00
Keith Zantow	04a84a4440	fix: orient by cve merging (#1046 )	2023-01-04 13:41:10 -05:00
anchore-actions-token-generator[bot]	3ff1d64eab	Update Syft to v0.64.0 (#1047 )	2022-12-23 16:33:08 -05:00
anchore-actions-token-generator[bot]	93499eec7e	Update Syft to v0.63.0 (#1037 )	2022-12-12 19:30:04 -05:00
Alex Goodman	a869480f89	Optionally orient results by CVE (#1020 ) Co-authored-by: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-12-08 15:22:40 -05:00
anchore-actions-token-generator[bot]	0a2a7b7cbb	Update Syft to v0.62.3 (#1026 ) Co-authored-by: kzantow <kzantow@users.noreply.github.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-12-07 18:30:38 -05:00
anchore-actions-token-generator[bot]	6bdb3b50c4	Update Syft to v0.62.2 (#1018 ) Signed-off-by: GitHub <noreply@github.com>	2022-11-29 08:40:34 +00:00
anchore-actions-token-generator[bot]	826726d553	Update Syft to v0.62.1 (#1006 )	2022-11-21 11:11:25 -05:00
Christopher Angelo Phillips	a4a62aab4b	chore: bump syft version v0.62.0 (#1000 )	2022-11-18 15:03:15 -05:00
Christopher Angelo Phillips	c8ddd7e218	chore: update syft to v0.60.3 (#978 )	2022-11-03 16:19:03 +00:00
anchore-actions-token-generator[bot]	b62ad702b9	Update Syft to v0.59.0 (#957 )	2022-10-17 16:07:39 -04:00
anchore-actions-token-generator[bot]	7ad60ce410	Update Syft to v0.58.0 (#941 ) * Update Syft to v0.58.0 Signed-off-by: GitHub <noreply@github.com> * fix conan metadata related unit test failures Signed-off-by: Weston Steimel <weston.steimel@anchore.com> Signed-off-by: GitHub <noreply@github.com> Signed-off-by: Weston Steimel <weston.steimel@anchore.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com> Co-authored-by: Weston Steimel <weston.steimel@anchore.com>	2022-10-05 11:26:16 +01:00
anchore-actions-token-generator[bot]	f094b860b9	Update Syft to v0.57.0 (#930 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2022-09-20 09:35:37 +01:00
dependabot[bot]	e63910b2c5	Bump github.com/sigstore/cosign from 1.11.1 to 1.12.0 (#927 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-09-19 11:46:11 -04:00
anchore-actions-token-generator[bot]	403a535321	Update Syft to v0.56.0 (#919 ) Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2022-09-13 11:18:13 -04:00
Keith Zantow	ba73ab362a	Add support for scanning RPM files (#917 )	2022-09-09 14:56:37 -04:00
anchore-actions-token-generator[bot]	77a8eb866d	Update Syft to v0.55.0 (#906 ) Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2022-08-30 09:18:17 -04:00
anchore-actions-token-generator[bot]	08b4ef493b	Update Syft to v0.54.0 (#881 ) Signed-off-by: GitHub <noreply@github.com> Signed-off-by: GitHub <noreply@github.com> Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>	2022-08-17 19:36:54 +00:00
anchore-actions-token-generator[bot]	262630e01e	Update Syft to v0.53.4 (#856 )	2022-08-04 09:37:48 -04:00
Christopher Angelo Phillips	74fd591caf	update golanci-lint, goreleaser, cosign (#850 )	2022-07-28 14:55:14 -04:00
Christopher Angelo Phillips	991d16879a	update grype to use syft v0.52.0 (#838 )	2022-07-22 16:12:18 +00:00
Zac Medico	30943e032b	add Gentoo matching support (#813 ) Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-07-19 09:37:21 -04:00
Christopher Angelo Phillips	cb6bddfeeb	bump syft version to v0.51.0 (#822 )	2022-07-11 15:15:12 -04:00
Christopher Angelo Phillips	0e0a9d9e7a	update syft to v0.50.0 (#818 )	2022-07-06 14:48:21 +00:00
Christopher Angelo Phillips	82c0146b0a	update syft => v0.49.0 (#804 )	2022-06-24 18:30:36 +00:00
cpendery	bb2f8dcdb4	fix: add fixed versions to cyclonedxjson output (#763 )	2022-06-21 17:50:05 -04:00
Christopher Angelo Phillips	0703bae977	update grype to latest syft patch v0.48.1 (#790 )	2022-06-17 15:45:33 +00:00
Jonas Xavier	d6fa674edc	add db staleness check (#785 ) * add db staleness check Signed-off-by: Jonas Xavier <jonasx@anchore.com> * less config fields Signed-off-by: Jonas Xavier <jonasx@anchore.com> * fix import order Signed-off-by: Jonas Xavier <jonasx@anchore.com> * warn even when set to not error on staleness Signed-off-by: Jonas Xavier <jonasx@anchore.com> * nits Signed-off-by: Jonas Xavier <jonasx@anchore.com> * nits Signed-off-by: Jonas Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Xavier <jonasx@anchore.com> * lint fix Signed-off-by: Jonas Xavier <jonasx@anchore.com> * fix test Signed-off-by: Jonas Xavier <jonasx@anchore.com> * consistent log message Signed-off-by: Jonas Xavier <jonasx@anchore.com> * consistent new version message Signed-off-by: Jonas Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Xavier <jonasx@anchore.com> * human friendly time durations Signed-off-by: Jonas Xavier <jonasx@anchore.com> * fix typo Signed-off-by: Jonas Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Xavier <jonasx@anchore.com> * cleaner tests and default db value Signed-off-by: Jonas Xavier <jonasx@anchore.com>	2022-06-15 12:48:10 -04:00
Christopher Angelo Phillips	69de9e7a0a	update syft version to v0.47.0 (#781 )	2022-06-09 16:03:14 -04:00
Weston Steimel	81af51302d	use anchore fork of glebarez/sqlite (#778 ) This overcomes an issue with duplicate registration of sqlite drivers between glebarez/sqlite and knqyf263/go-rpmdb by just using modernc.org/sqlite directly within our fork Signed-off-by: Weston Steimel <weston.steimel@anchore.com>	2022-06-08 09:41:15 -04:00
dependabot[bot]	07dfb28718	Bump github.com/hashicorp/go-getter from 1.5.11 to 1.6.1 (#770 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-06-02 09:18:53 -04:00
anchore-actions-token-generator[bot]	10c3604498	Update Syft to v0.46.3 (#761 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: jonasagx <jonasagx@users.noreply.github.com>	2022-05-26 10:14:28 -07:00
Alex Goodman	06d28dad9f	bump to syft v0.46.2 (#755 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-05-23 13:47:21 +00:00
Jonas Xavier	c842fb9af5	bump stereoscope version to include source path fix (#752 )	2022-05-19 08:18:49 -07:00
anchore-actions-token-generator[bot]	5a5642cc0d	Update Syft to v0.46.1 (#751 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2022-05-18 14:10:39 -07:00
Christian Kotzbauer	731abaab72	Add syft v0.46.0 Dotnet support (#747 )	2022-05-13 12:46:31 -04:00
dependabot[bot]	d6196b6525	Bump github.com/hashicorp/go-getter from 1.5.9 to 1.5.11 (#742 ) Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.5.9 to 1.5.11. - [Release notes](https://github.com/hashicorp/go-getter/releases) - [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml) - [Commits](https://github.com/hashicorp/go-getter/compare/v1.5.9...v1.5.11) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-getter dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-05-04 16:33:28 +01:00
Dan Luhring	0df35f8d2c	address excessive warnings from multiple sources (#741 )	2022-05-03 14:05:50 +00:00
Christopher Angelo Phillips	36f5150fa9	bump syft version (#738 )	2022-04-29 13:39:08 -04:00
Jonas Xavier	523f5ce9c0	Consume attestation files (#706 ) * add key flag to attest validation Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * mvp: verify sig and extract sbom Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip read attestation without scheme Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * mvp consuming attestations - needs unit tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove prototype file Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * drop local syft from go.mod Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix order of sbom parsing strategies Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * handle implicit attestation input Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add test for invalid attestation key Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * rebase and go-mod-tidy Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * consume attestation via stdin Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * attestation test for stdin Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * validate input and content for attestation Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add stdin test Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix config tags Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add int test to ignore attestation validation Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix cycloneDX attestation fixture Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add tampered att test Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add tampered predicate type test Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * improve docs/help on atttestation Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * upgrade to latest syft Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fall through when guessing between sbom and att Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix butter finger rebase Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * drop default key value Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * assert error messages Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * better test/cli coverage Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix stdin decode test Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix goimports Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * tui - verified attestation and feedback changes Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * better naming Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add attestation section to config file Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * emit event for skipped verification Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * use public key name Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * nit Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>	2022-04-21 11:52:42 -07:00
Alex Goodman	9cc1c72169	Preserve package IDs on Syft JSON SBOM decode (#731 )	2022-04-18 18:22:58 +00:00
Christopher Angelo Phillips	95f68b4c33	Add java.Matcher configuration to includes maven upstream sha1 query (#714 )	2022-04-13 13:01:22 -04:00
Alex Goodman	c36e9df887	Use CGO-less sqlite GORM driver (#705 )	2022-04-04 18:40:29 +00:00
Jonas Xavier	182c86d11d	Migrate LocationSet and add Dart support (#703 )	2022-04-01 08:21:37 -07:00
Keith Zantow	44e676488e	Update syft to v0.42.4 (#697 )	2022-03-24 14:11:17 -04:00
Keith Zantow	d8e1c37cd1	Update syft to v0.42.3 (#690 )	2022-03-23 17:57:06 -04:00
Alex Goodman	9fc6fb8a32	Bump strset version to fix 386 builds (#689 )	2022-03-23 18:27:11 +00:00
j-k	d40fb77c1a	Correct go.mod to enforce go 1.18 (#685 ) Since grype now depends on debug/buildinfo go 1.18 is required to build grype and as such go.mod needs updating Signed-off-by: 06kellyjac <jack@control-plane.io>	2022-03-22 09:33:35 -04:00
Keith Zantow	f004f7dee3	Update Syft to 0.42.1 (#683 )	2022-03-21 20:11:40 +00:00
Jonas Xavier	dae6411c5c	upgrade github workflows to go 1.18 (#649 ) * upgrade github workflows to go 1.18 Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * upgrade syft & set go1.18 for CI workflows Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add go1.17 static analysis Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix yaml comment Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-03-17 14:58:20 -07:00
Keith Zantow	60c2968953	Update Syft to v0.41.6 (#670 )	2022-03-16 12:48:42 -04:00
Keith Zantow	cbdec2ae5e	Update to Syft v0.41.4 (#664 )	2022-03-14 17:15:09 -04:00
Keith Zantow	bc8f8414ca	Add SARIF presenter option (#654 )	2022-03-14 12:13:37 -04:00
Keith Zantow	ff424d3adc	Bump Syft for CycloneDX input (#650 )	2022-03-02 10:05:01 -05:00
Alex Goodman	16cd14519a	Bump syft to release version v0.39.0 (#645 ) * bump syft to v0.39.0 Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update ByCriteria to log error on failure Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * integration tests now pass Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * bump to v0.39.3 Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * raise search failures to warn Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * tidy go.mod/sum Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-02-26 17:28:08 -05:00
Alex Goodman	f29a0d06d8	Bump syft to v0.38.0 for release (#635 )	2022-02-15 19:03:55 +00:00
Alex Goodman	5aa85338d6	Normalize release assets and refactor install.sh (#630 ) * refactor release to keep snapshot assets in parity with release assets Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * refactor install.sh and put under test Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * tidy go.sum Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add mac acceptance test to github actions workflow Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rm use of goreleaser in cli tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * go mod tidy with go 1.17 Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-02-11 19:24:25 +00:00
Christopher Angelo Phillips	d2dba7d14a	update golang crypto to resolve CVE-2020-29652 (#631 ) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-02-11 13:37:17 -05:00
Christopher Angelo Phillips	16e6bee766	update go -> 1.17 (#628 ) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-02-11 10:50:13 -05:00
Alex Goodman	c9f2716389	Abstract upstream package before matching (#607 ) * add metadata extraction from pURLs Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * extract upstream packages before matching Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * put pkg.UpstreamPackages under test Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove pURL related processing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * pull in syft spdx decoding Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * allow for more flexible GHSA namespace and source extraction Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add matching parity integration tests for all supported formats Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump syft to get spdx tv fix Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-02-10 21:43:12 +00:00
Jonas Xavier	42ca8c61d3	Ensure completion of UI progress bar (#627 )	2022-02-10 08:03:15 -08:00
Jonas Xavier	a8c65807fc	update stereoscope version to include Podman (#612 ) * update stereoscope Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * test stereoscope with fix Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove mod replacement and use latest stereoscope Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-02-01 14:45:11 -08:00
Sambhav Kothari	346df07df5	Add sprig templating functions for grype output (#610 ) Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net>	2022-01-28 11:27:27 -05:00

1 2 3 4 5 ...

287 commits