dependabot[bot]
aa52d673d0
chore(deps): bump github/codeql-action from 2.3.0 to 2.3.1 ( #1258 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b2c19fb9a2...8662eabe0e
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-27 12:43:05 -04:00
dependabot[bot]
ae2fe4f063
chore(deps): bump github/codeql-action from 2.2.12 to 2.3.0 ( #1256 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.12 to 2.3.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](7df0ce3489...b2c19fb9a2
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-24 14:49:01 -04:00
dependabot[bot]
45d03b6df0
chore(deps): bump github/codeql-action from 2.2.11 to 2.2.12 ( #1233 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.11 to 2.2.12.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](d186a2a36c...7df0ce3489
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-17 11:42:08 -04:00
dependabot[bot]
5f7b4f2416
chore(deps): bump 8398a7/action-slack from 3.15.0 to 3.15.1 ( #1223 )
...
Bumps [8398a7/action-slack](https://github.com/8398a7/action-slack ) from 3.15.0 to 3.15.1.
- [Release notes](https://github.com/8398a7/action-slack/releases )
- [Commits](bdc6f9de22...fbd6aa58ba
)
---
updated-dependencies:
- dependency-name: 8398a7/action-slack
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-12 10:55:31 -04:00
dependabot[bot]
4b773c583e
chore(deps): bump github/codeql-action from 2.2.9 to 2.2.11 ( #1225 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.9 to 2.2.11.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](04df1262e6...d186a2a36c
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-12 10:54:35 -04:00
dependabot[bot]
01cbc98198
chore(deps): bump peter-evans/create-pull-request from 4.2.4 to 5.0.0 ( #1219 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 4.2.4 to 5.0.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](38e0b6e68b...5b4a9f6a9e
)
---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-05 19:07:58 -04:00
dependabot[bot]
537c47735c
chore(deps): bump anchore/sbom-action from 0.13.4 to 0.14.1 ( #1214 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.13.4 to 0.14.1.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](448520c4f1...422cb34a0f
)
---
updated-dependencies:
- dependency-name: anchore/sbom-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-03 14:35:56 -04:00
Keith Zantow
b9e40306d2
chore: update syft update ( #1211 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-04-03 10:28:53 -04:00
Keith Zantow
f40b5d43ab
chore: update deprecated set-output calls ( #1210 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-04-03 09:36:18 -04:00
dependabot[bot]
e5cb58f597
chore(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3 ( #1205 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.1.2 to 2.1.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](e38b1902ae...80e868c13c
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-31 09:39:00 -04:00
dependabot[bot]
fe76eb9efc
chore(deps): bump github/codeql-action from 2.2.8 to 2.2.9 ( #1197 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.8 to 2.2.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](67a35a0858...04df1262e6
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-27 12:51:20 -04:00
dependabot[bot]
4ac94147a4
chore(deps): bump github/codeql-action from 2.2.7 to 2.2.8 ( #1193 )
2023-03-24 07:49:13 -04:00
Keith Zantow
c1bc54f943
chore: tweak some workflow text ( #1190 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-03-21 11:09:10 -04:00
dependabot[bot]
568b504a7e
chore(deps): bump peter-evans/create-pull-request from 4.2.3 to 4.2.4 ( #1184 )
2023-03-21 09:51:27 -04:00
dependabot[bot]
e8fa509e72
chore(deps): bump anchore/sbom-action from 0.13.3 to 0.13.4 ( #1189 )
2023-03-21 09:50:56 -04:00
dependabot[bot]
96cbcad484
chore(deps): bump actions/setup-go from 3.5.0 to 4.0.0 ( #1182 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.5.0 to 4.0.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](6edd4406fa...4d34df0c23
)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-15 17:19:41 -04:00
dependabot[bot]
0cc8b9e4f6
chore(deps): bump github/codeql-action from 2.2.5 to 2.2.7 ( #1183 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.5 to 2.2.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](32dc499307...168b99b3c2
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-15 17:19:12 -04:00
Christopher Angelo Phillips
5754360376
Grype Release Pipeline Update ( #1147 )
...
- Remove old apple signing flow in favor of [quill](https://github.com/anchore/quill )
- Update changelog generation to be in sync with syft's flow
- Remove old goreleaser docker workflow in favor of single file
- Remove individual bootstrap options in favor of single bootstrap action
- Update release and validation workflows to use trigger based approach seen in syft
- Update golangci.yaml to be equivalent to syft patterns
- Remove unused Dockerfile.dev
- Remove docker-compose development cycle
- Add organized test-fixture Makefile targets
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-03-03 21:17:44 +00:00
dependabot[bot]
3e04d32706
chore(deps): bump github/codeql-action from 2.2.4 to 2.2.5 ( #1145 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.4 to 2.2.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](17573ee1cc...32dc499307
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-27 12:24:47 -05:00
dependabot[bot]
4d36e3706e
chore(deps): bump actions/cache from 3.2.5 to 3.2.6 ( #1143 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.2.5 to 3.2.6.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](6998d139dd...69d9d449ac
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-24 15:10:19 -05:00
dependabot[bot]
39b9138327
chore(deps): bump github/codeql-action from 2.2.3 to 2.2.4 ( #1131 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.3 to 2.2.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8775e86802...17573ee1cc
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-14 10:16:58 -05:00
dependabot[bot]
0ccd5930c4
chore(deps): bump actions/cache from 3.2.4 to 3.2.5 ( #1129 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.2.4 to 3.2.5.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](627f0f41f6...6998d139dd
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-10 13:20:12 -05:00
dependabot[bot]
89b996b41b
chore(deps): bump github/codeql-action from 2.2.1 to 2.2.3 ( #1125 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.1 to 2.2.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3ebbd71c74...8775e86802
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-09 11:28:48 -05:00
Christopher Angelo Phillips
788ed965ec
chore: prune cosign dependency for grype builds ( #1100 )
...
* feat: segment cosign dependency for grype builds for faster build times
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-01-31 11:42:40 -05:00
dependabot[bot]
8545f2e686
chore(deps): bump actions/cache from 3.2.3 to 3.2.4 ( #1107 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.2.3 to 3.2.4.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](58c146cc91...627f0f41f6
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-30 11:36:45 -05:00
dependabot[bot]
e8796d5783
chore(deps): bump actions/cache from 3.0.11 to 3.2.3 ( #1096 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.11 to 3.2.3.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](9b0c1fce7a...58c146cc91
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-27 10:54:58 -05:00
dependabot[bot]
8ebf97cedc
chore(deps): bump github/codeql-action from 2.1.39 to 2.2.1 ( #1097 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.39 to 2.2.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](a34ca99b46...3ebbd71c74
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-27 10:54:34 -05:00
dependabot[bot]
3c3675f0dd
chore(deps): bump anchore/sbom-action from 0.13.2 to 0.13.3 ( #1098 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.13.2 to 0.13.3.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](54e36e45f3...07978da4bd
)
---
updated-dependencies:
- dependency-name: anchore/sbom-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-27 10:51:13 -05:00
dependabot[bot]
c89fa42552
chore(deps): bump tibdex/github-app-token from 1.7.0 to 1.8.0 ( #1099 )
...
Bumps [tibdex/github-app-token](https://github.com/tibdex/github-app-token ) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/tibdex/github-app-token/releases )
- [Commits](021a2405c7...b62528385c
)
---
updated-dependencies:
- dependency-name: tibdex/github-app-token
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-27 10:50:16 -05:00
dependabot[bot]
48db63a05e
chore(deps): bump actions/checkout from 3.1.0 to 3.3.0 ( #1090 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.1.0 to 3.3.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3.1.0...ac593985615ec2ede58e132d2e21d2b1cbd6127c )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-26 18:39:09 +00:00
dependabot[bot]
5ff488a250
chore(deps): bump 8398a7/action-slack from 3.14.0 to 3.15.0 ( #1088 )
...
Bumps [8398a7/action-slack](https://github.com/8398a7/action-slack ) from 3.14.0 to 3.15.0.
- [Release notes](https://github.com/8398a7/action-slack/releases )
- [Commits](a189acbf0b...bdc6f9de22
)
---
updated-dependencies:
- dependency-name: 8398a7/action-slack
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-26 13:06:47 -05:00
dependabot[bot]
1ac4289432
chore(deps): bump peter-evans/create-pull-request from 4.2.0 to 4.2.3 ( #1089 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 4.2.0 to 4.2.3.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](b4d51739f9...2b011faafd
)
---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-26 13:06:01 -05:00
dependabot[bot]
752b0d470f
chore(deps): bump actions/setup-go from 3.3.1 to 3.5.0 ( #1091 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.3.1 to 3.5.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](c4a742cab1...6edd4406fa
)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-26 13:05:20 -05:00
dependabot[bot]
e15412dc44
chore(deps): bump github/codeql-action from 2.1.31 to 2.1.39 ( #1092 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.31 to 2.1.39.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v2.1.31...a34ca99b4610d924e04c68db79e503e1f79f9f02 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-26 13:04:56 -05:00
dependabot[bot]
4ebe182655
chore(deps): bump actions/setup-python from 4.3.0 to 4.5.0 ( #1075 )
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.3.0 to 4.5.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](13ae5bb136...d27e3f3d7c
)
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-25 12:30:15 -05:00
dependabot[bot]
55fc253fea
chore(deps): bump anchore/sbom-action from 0.13.1 to 0.13.2 ( #1076 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.13.1 to 0.13.2.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](06e109483e...54e36e45f3
)
---
updated-dependencies:
- dependency-name: anchore/sbom-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-25 12:29:56 -05:00
dependabot[bot]
a98a81f4cb
chore(deps): bump actions/upload-artifact from 3.1.1 to 3.1.2 ( #1077 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](83fd05a356...0b7f8abb15
)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-25 12:28:26 -05:00
dependabot[bot]
3841782b69
chore(deps): bump actions/download-artifact from 3.0.1 to 3.0.2 ( #1074 )
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](9782bd6a98...9bc31d5ccc
)
---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-25 12:24:49 -05:00
dependabot[bot]
2fd9543562
chore(deps): bump ossf/scorecard-action from 2.0.6 to 2.1.2 ( #1078 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.0.6 to 2.1.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](99c53751e0...e38b1902ae
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-25 12:24:27 -05:00
Keith Zantow
e99a95697c
chore: align makefile and bootstrap tools scripts more with syft ( #1073 )
2023-01-25 16:27:42 +00:00
Keith Zantow
5ff7b07748
chore: add github token to quality tests ( #1056 )
2023-01-11 13:48:02 -05:00
Christopher Angelo Phillips
26438862df
chore: update default packages to read ( #1007 )
2022-11-21 13:07:42 -05:00
Christopher Angelo Phillips
d5c93aa00f
scoped: token release for content write on image assets ( #1002 )
2022-11-18 22:32:49 +00:00
Christopher Angelo Phillips
3e0af43383
chore: pin dependencies ( #994 )
2022-11-14 21:23:42 +00:00
Christopher Angelo Phillips
e1d3302b9a
chore: code-ql top level read check ( #993 )
2022-11-14 14:30:52 -05:00
Christopher Angelo Phillips
02fe5e9c76
chore: update codeql to pinned v2 with correct write permissions
2022-11-14 15:39:45 +00:00
Joyce
8f28a6ea96
Update token permissions to be read-only ( #988 )
...
Closes https://github.com/anchore/grype/issues/984
2022-11-14 08:10:09 -05:00
Joyce
2cd2ef5340
Enable the Scorecard Github Action and badge ( #929 )
2022-11-03 14:24:20 -04:00
Alex Goodman
d4587ddeec
Add in-depth quality gate checks ( #949 )
...
* add in-depth quality gate checks
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add quality tests to PR checks
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2022-10-05 16:26:26 -04:00
Christopher Angelo Phillips
78d87c1e11
grype release message update ( #914 )
2022-09-06 11:46:59 -04:00