Alex Goodman
fbc29c4da4
restore log on ui teardown ( #2248 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-11-08 12:31:50 -05:00
Alex Goodman
787aae1ae2
Merge indirect matches with direct matches ( #2241 )
...
* allow for merging similar indirect matches to existing direct matches
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* address PR review comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-11-07 16:22:47 +00:00
Alan Pope
d64b66329c
doc: Add official Grype logo license information ( #2244 )
...
This clarifies the license under which the Grype "alien" logo is released. This is necessary to enable us to share the logo in certain online communities.
Signed-off-by: Alan Pope <alan.pope@anchore.com>
2024-11-07 14:23:14 +00:00
Alex Goodman
80d873a8eb
add v6 provider store ( #2232 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-11-06 16:17:43 -05:00
anchore-actions-token-generator[bot]
c8d5ffca8d
chore(deps): update Syft to v1.16.0 ( #2237 )
2024-11-05 09:28:58 -05:00
anchore-actions-token-generator[bot]
50d47a5442
test: update quality gate db to latest version ( #2231 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-11-04 12:23:38 -05:00
dependabot[bot]
60df83b979
chore(deps): bump github.com/adrg/xdg from 0.5.2 to 0.5.3 ( #2230 )
...
Bumps [github.com/adrg/xdg](https://github.com/adrg/xdg ) from 0.5.2 to 0.5.3.
- [Release notes](https://github.com/adrg/xdg/releases )
- [Commits](https://github.com/adrg/xdg/compare/v0.5.2...v0.5.3 )
---
updated-dependencies:
- dependency-name: github.com/adrg/xdg
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-01 11:42:03 -04:00
dependabot[bot]
7cf9696655
chore(deps): bump github.com/charmbracelet/lipgloss from 0.13.1 to 1.0.0 ( #2228 )
...
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss ) from 0.13.1 to 1.0.0.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases )
- [Changelog](https://github.com/charmbracelet/lipgloss/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.13.1...v1.0.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-31 15:46:50 -04:00
Alex Goodman
02ee7592bd
fix and cleanup namespace search to account for missing info ( #2226 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-10-30 22:44:25 +00:00
Alex Goodman
ad5f441680
Remove gentoo integration test ( #2227 )
...
* remove gentoo integration test
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove portage matcher from completion testing
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-10-30 18:23:02 -04:00
Alex Goodman
0cc544f7ee
Improve purl input ( #2223 )
...
* improve purl input
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* address review comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-10-30 17:16:46 +00:00
dependabot[bot]
b3f3dd4ed1
chore(deps): bump github.com/adrg/xdg from 0.5.1 to 0.5.2 ( #2220 )
...
Bumps [github.com/adrg/xdg](https://github.com/adrg/xdg ) from 0.5.1 to 0.5.2.
- [Release notes](https://github.com/adrg/xdg/releases )
- [Commits](https://github.com/adrg/xdg/compare/v0.5.1...v0.5.2 )
---
updated-dependencies:
- dependency-name: github.com/adrg/xdg
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-29 13:59:51 -04:00
dependabot[bot]
441c09b4b7
chore(deps): bump anchore/sbom-action from 0.17.5 to 0.17.6 ( #2221 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.5 to 0.17.6.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](1ca97d9028...251a468eed
2024-10-29 13:59:27 -04:00
William Murphy
0602464ebc
bump syft to v1.15.0, sterescope to v0.0.5 ( #2219 )
...
* integration: syft@integration
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* chore: update syft@integration
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* bump to release syft, stereoscope
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
---------
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2024-10-28 21:37:06 +00:00
Adnan Gulegulzar
aed04a14f2
Add grype db providers command ( #2174 )
...
* feat: add `grype db providers` command
- currently reads content of `provider-metadata.json` file
- added flag `-o`/`--output` flags which accept `json` and `table`
- update method `getDBProviders()` and type `dbProviderMetadata` for db schema `v6`
Signed-off-by: Adnan Gulegulzar <gulegulzaradnan@gmail.com>
* chore: update readme for `grype db providers`
Signed-off-by: Adnan Gulegulzar <gulegulzaradnan@gmail.com>
* chore: update lint
Signed-off-by: Adnan Gulegulzar <gulegulzaradnan@gmail.com>
* chore: add cli test for `grype db providers`
Signed-off-by: Adnan Gulegulzar <gulegulzaradnan@gmail.com>
* fix: review changes
- updated table as the default output format
- updated tablewriter settings
- added unit test for the components of db providers command
- added dummy "provider-metadata.json" to aid unit tests
- added table and json assertion to cli test
Signed-off-by: Adnan Gulegulzar <gulegulzaradnan@gmail.com>
* chore: removes changes to `db diff`, `db serach` and `db list` commands
Signed-off-by: Adnan Gulegulzar <gulegulzaradnan@gmail.com>
* chore: remove unused constants
Signed-off-by: Adnan Gulegulzar <gulegulzaradnan@gmail.com>
* chore: move constants to scope where used
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
---------
Signed-off-by: Adnan Gulegulzar <gulegulzaradnan@gmail.com>
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
Co-authored-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2024-10-28 18:27:14 +00:00
dependabot[bot]
b695bc3480
chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.1 to 1.1.2 ( #2214 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 1.1.1 to 1.1.2.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/main/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v1.1.1...v1.1.2 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-28 14:13:09 -04:00
anchore-actions-token-generator[bot]
1c5e27164c
chore(deps): update tools to latest versions ( #2213 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-10-28 14:12:44 -04:00
Keith Zantow
f3e584cbcd
docs: update config section to be valid, reference config subcommand ( #2218 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-10-28 12:28:11 -04:00
dependabot[bot]
9b7d752a79
chore(deps): bump github.com/charmbracelet/lipgloss ( #2207 )
...
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss ) from 0.13.0 to 0.13.1.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases )
- [Changelog](https://github.com/charmbracelet/lipgloss/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.13.0...v0.13.1 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-24 12:50:04 -04:00
dependabot[bot]
a97b86d8f3
chore(deps): bump github/codeql-action from 3.26.13 to 3.27.0 ( #2208 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.13 to 3.27.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f779452ac5...662472033e
2024-10-24 12:49:51 -04:00
dependabot[bot]
96cb186991
chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 ( #2209 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.2.1 to 4.2.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](eef61447b9...11bd71901b
2024-10-24 12:49:44 -04:00
dependabot[bot]
d47f9589e2
chore(deps): bump actions/setup-go from 5.0.2 to 5.1.0 ( #2211 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 5.0.2 to 5.1.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](0a12ed9d6a...41dfa10bad
2024-10-24 12:49:35 -04:00
Keith Zantow
398017c601
feat: multi-level configuration and profiles ( #2194 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-10-23 12:18:18 -04:00
dependabot[bot]
3696433d8b
chore(deps): bump actions/cache from 4.1.1 to 4.1.2 ( #2204 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.1.1 to 4.1.2.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](3624ceb22c...6849a64899
2024-10-22 12:23:57 -04:00
dependabot[bot]
e8929e104f
chore(deps): bump anchore/sbom-action from 0.17.4 to 0.17.5 ( #2205 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.4 to 0.17.5.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](8d0a6505bf...1ca97d9028
2024-10-22 12:23:50 -04:00
Alex Goodman
d018ffa51b
Update to Syft v1.14.2 ( #2203 )
...
* update to v1.14.2-git-e4e985b9b05b
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update syft to v1.14.2 (post release)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-10-21 13:50:26 -04:00
Piyush Bhaskar
99cff8ae26
Updated README.md with correct spellings & phrase. ( #2201 )
...
Signed-off-by: Piyush Bhaskar <102078527+Piyush-r-bhaskar@users.noreply.github.com>
2024-10-21 13:00:58 -04:00
dependabot[bot]
9544be92e5
chore(deps): bump github.com/adrg/xdg from 0.5.0 to 0.5.1 ( #2198 )
...
Bumps [github.com/adrg/xdg](https://github.com/adrg/xdg ) from 0.5.0 to 0.5.1.
- [Release notes](https://github.com/adrg/xdg/releases )
- [Commits](https://github.com/adrg/xdg/compare/v0.5.0...v0.5.1 )
---
updated-dependencies:
- dependency-name: github.com/adrg/xdg
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-17 13:50:18 -04:00
anchore-actions-token-generator[bot]
7825f698b1
chore(deps): update tools to latest versions ( #2196 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-10-17 10:05:55 -04:00
Weston Steimel
8d11d45dd2
fix: azurelinux considered as comprehensive distro ( #2197 )
...
azurelinux should be considered as providing a comprehensive vulnerability
data source
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-10-17 09:38:17 -04:00
dependabot[bot]
5c2b26249f
chore(deps): bump anchore/sbom-action from 0.17.3 to 0.17.4 ( #2193 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.3 to 0.17.4.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](f5e124a5e5...8d0a6505bf
2024-10-15 16:19:26 +00:00
anchore-actions-token-generator[bot]
50815e59c9
chore(deps): update Syft to v1.14.1 ( #2191 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <12529630+willmurphyscode@users.noreply.github.com>
2024-10-15 09:37:24 -04:00
William Murphy
cd92e7e8a0
dependency: bump syft to main pre-release ( #2189 )
...
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2024-10-14 16:35:44 -04:00
dependabot[bot]
7591bfedf8
chore(deps): bump github/codeql-action from 3.26.12 to 3.26.13 ( #2183 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.12 to 3.26.13.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](c36620d31a...f779452ac5
2024-10-14 15:49:31 -04:00
Alex Goodman
7293c2f607
Skip matching on packages with missing version info ( #2182 )
...
* skip seaching packages with missing version info
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* swap to trace logging and log only pkg name
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-10-14 15:39:11 -04:00
dependabot[bot]
06c1e8e335
chore(deps): bump anchore/sbom-action from 0.17.2 to 0.17.3 ( #2184 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.2 to 0.17.3.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](61119d458a...f5e124a5e5
2024-10-14 15:04:28 -04:00
dependabot[bot]
4b1c97ed97
chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.5 to 1.4.6 ( #2185 )
...
Bumps [github.com/gabriel-vasile/mimetype](https://github.com/gabriel-vasile/mimetype ) from 1.4.5 to 1.4.6.
- [Release notes](https://github.com/gabriel-vasile/mimetype/releases )
- [Commits](https://github.com/gabriel-vasile/mimetype/compare/v1.4.5...v1.4.6 )
---
updated-dependencies:
- dependency-name: github.com/gabriel-vasile/mimetype
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-14 18:26:48 +00:00
Alex Goodman
1fa8dd70dc
Account for implicit 0s in rpm release versions ( #2188 )
...
* account for implicit 0s in rpm release versions
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* use buildin min max fns
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-10-14 17:51:58 +00:00
Weston Steimel
420508f347
chore: bump syft in quality gate to v1.14.0 ( #2187 )
...
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-10-14 17:18:42 +00:00
Alex Goodman
5d12328876
use epoch from metadata when missing from version string ( #2186 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-10-14 12:57:11 -04:00
Weston Steimel
c87f4a0f53
fix: exclude binary packages from CPE target software component filter logic ( #2179 )
...
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-10-11 18:48:14 -04:00
Alex Goodman
71d05d2509
add release docs ( #2177 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-10-11 05:16:29 -04:00
dependabot[bot]
e5f2c339f8
chore(deps): bump actions/upload-artifact from 4.4.2 to 4.4.3 ( #2176 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.4.2 to 4.4.3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](84480863f2...b4b15b8c7c
2024-10-10 13:30:54 -04:00
dependabot[bot]
72d07baf3c
chore(deps): bump actions/upload-artifact from 4.4.1 to 4.4.2 ( #2173 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.4.1 to 4.4.2.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](604373da63...84480863f2
2024-10-09 15:54:35 +00:00
dependabot[bot]
9232081782
chore(deps): bump actions/cache from 4.0.2 to 4.1.1 ( #2172 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.0.2 to 4.1.1.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](0c45773b62...3624ceb22c
2024-10-09 08:30:00 -04:00
Alan Pope
d2427f8c97
[chore] Add mastodon link to README.md ( #2166 )
2024-10-09 08:09:35 -04:00
dependabot[bot]
accf92422b
chore(deps): bump actions/upload-artifact from 4.4.0 to 4.4.1 ( #2167 )
2024-10-09 08:06:32 -04:00
dependabot[bot]
aa22f91c7e
chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 ( #2168 )
2024-10-09 08:06:20 -04:00
dependabot[bot]
6453af3da9
chore(deps): bump github/codeql-action from 3.26.11 to 3.26.12 ( #2169 )
2024-10-09 08:04:35 -04:00
anchore-actions-token-generator[bot]
6b09bb8575
chore(deps): update Syft to v1.14.0 ( #2164 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <12529630+willmurphyscode@users.noreply.github.com>
2024-10-07 21:20:18 +00:00
