Yevhenii Pokhvalii
fe7027f9e9
docs(example-templates): add a simple JUnit XML template ( #1422 )
...
Signed-off-by: Yevhenii Pokhvalii <yevhenii_pokhvalii@epam.com>
2023-08-08 16:12:56 +00:00
dependabot[bot]
60e7b2bcdc
chore(deps): bump golang.org/x/term from 0.10.0 to 0.11.0 ( #1420 )
...
Bumps [golang.org/x/term](https://github.com/golang/term ) from 0.10.0 to 0.11.0.
- [Commits](https://github.com/golang/term/compare/v0.10.0...v0.11.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/term
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-07 18:11:09 -04:00
Weston Steimel
74a7a67b73
chore: use syft v0.86.1 in the quality gate tests ( #1418 )
...
* chore: use syft v0.86.1 in the quality gate tests
This ensures the CPE dict enhancements are taken into account for
future quality gate comparisons
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* fix: bump runner to use larger disk
Signed-off-by: Christopher Phillips <cphillips918@gmail.com>
---------
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Signed-off-by: Christopher Phillips <cphillips918@gmail.com>
Co-authored-by: Christopher Phillips <cphillips918@gmail.com>
2023-08-04 16:48:21 -04:00
Keith Zantow
078a6c5e9e
fix: some hang conditions ( #1414 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-08-03 21:28:37 +00:00
anchore-actions-token-generator[bot]
4761a68bb3
chore(deps): update bootstrap tools to latest versions ( #1413 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
2023-08-03 11:02:02 -04:00
anchore-actions-token-generator[bot]
c97048baa1
chore(deps): update Syft to v0.86.1 ( #1410 )
...
* chore(deps): update Syft to v0.86.0
Signed-off-by: GitHub <noreply@github.com>
* fix python package metadata shape
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* account for new metadatas added in syft
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bump syft to unreleased but fixed version
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
2023-07-31 17:58:36 +00:00
dependabot[bot]
ea0b54c681
chore(deps): bump github.com/docker/docker ( #1402 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 24.0.4+incompatible to 24.0.5+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v24.0.4...v24.0.5 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-31 11:45:39 -04:00
dependabot[bot]
50bc9c0af5
chore(deps): bump github.com/hashicorp/go-getter from 1.7.1 to 1.7.2 ( #1406 )
...
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter ) from 1.7.1 to 1.7.2.
- [Release notes](https://github.com/hashicorp/go-getter/releases )
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml )
- [Commits](https://github.com/hashicorp/go-getter/compare/v1.7.1...v1.7.2 )
---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-27 12:54:06 -04:00
Weston Steimel
13feb5bf96
chore: bump quality gate label dataset ( #1404 )
...
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2023-07-27 15:17:06 +01:00
Christopher Angelo Phillips
05edf62e62
feat: implement secondary sorting for default json output ( #1403 )
...
* feat: implement secondary sorting for default json output
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-07-26 13:40:20 -04:00
Christopher Angelo Phillips
eb6c3b0acd
feat: update table sort to be name, version, type, severity, vulnerability ( #1400 )
...
* feat: update table sort to be name, version, type, severity, vuln
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-07-26 14:37:34 +00:00
William Murphy
5ee6bf4563
chore: in quality tests, only colorize quality output if in a tty ( #1398 )
...
Permit piping "make validate" (from test/quality) to a file without filling it with control
characters.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-24 10:10:06 -04:00
dependabot[bot]
e3be4916ac
chore(deps): bump github.com/gookit/color from 1.5.3 to 1.5.4 ( #1396 )
...
Bumps [github.com/gookit/color](https://github.com/gookit/color ) from 1.5.3 to 1.5.4.
- [Release notes](https://github.com/gookit/color/releases )
- [Commits](https://github.com/gookit/color/compare/v1.5.3...v1.5.4 )
---
updated-dependencies:
- dependency-name: github.com/gookit/color
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-20 12:28:06 -04:00
William Murphy
e09bae392d
fix: vulnerabilities should be printed when --fail-on fails ( #1395 )
...
Stop terminating the UI early if the error is that the "--fail-on" threshold failed.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-19 16:36:20 -04:00
Weston Steimel
03d18a5de4
chore: bump yardstick to address PyYAML cython compatibility issues ( #1394 )
...
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2023-07-18 12:54:19 -04:00
William Murphy
e347e03f4d
Refactor integ test to table test ( #1390 )
...
To make it easier to see which tests fail if there's a failure.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-18 11:27:46 -04:00
William Murphy
43bcf301c4
Pass correct output file ( #1391 )
...
Previously, the wrong path would get passed, and the template file would
get truncated.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-17 16:16:34 -04:00
dependabot[bot]
5a8ea73ff2
chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.7 to 0.4.8 ( #1389 )
...
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) from 0.4.7 to 0.4.8.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.7...v0.4.8 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-17 14:09:22 -04:00
Alex Goodman
ebd4643930
Port UI to bubbletea ( #1385 )
...
* initial port to bubbletea
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove jotframe UI
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add bubbletea component tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update main.go refs to cmd package
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* move goreleaser build dir to cmd
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* upgrade yardstick for grype source installs and fix post-ui tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* ensure stable severity map in UI component test
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add windows support for tui
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-07-13 17:13:48 +00:00
anchore-actions-token-generator[bot]
37f436cfb6
chore(deps): update Syft to v0.85.0 ( #1383 )
2023-07-13 11:06:41 -04:00
Olivier Boudet
9050883715
feat(outputs): allow to set multiple outputs ( #648 ) ( #1346 )
...
* feat(outputs): allow to set multiple outputs (#648 )
Signed-off-by: Olivier Boudet <o.boudet@gmail.com>
Signed-off-by: Olivier Boudet <olivier.boudet@cooperl.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* feat(outputs): allow to set multiple outputs (#648 )
review
Signed-off-by: Olivier Boudet <olivier.boudet@cooperl.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* use syft format writter pattern and de-emphasize presenter package
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Olivier Boudet <o.boudet@gmail.com>
Signed-off-by: Olivier Boudet <olivier.boudet@cooperl.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-07-11 17:37:17 +00:00
William Murphy
6834e2148c
Remove Docker section from DEVELOPING.md ( #1384 )
...
Developing in Docker is no longer explicitly supported. Update
developing docs to reflect this.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-07-11 13:08:50 -04:00
anchore-actions-token-generator[bot]
d6bd01a4fa
chore(deps): update bootstrap tools to latest versions ( #1381 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
2023-07-10 13:52:55 -04:00
dependabot[bot]
9ac9bdd9c2
chore(deps): bump github.com/docker/docker ( #1382 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 24.0.2+incompatible to 24.0.4+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v24.0.2...v24.0.4 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-10 13:52:35 -04:00
Alex Goodman
64e9c9c0d3
Port to new syft source API ( #1376 )
...
* port to new syft source API
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix linting
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-07-06 09:01:49 -04:00
dependabot[bot]
7545e8858d
chore(deps): bump golang.org/x/term from 0.9.0 to 0.10.0 ( #1375 )
...
Bumps [golang.org/x/term](https://github.com/golang/term ) from 0.9.0 to 0.10.0.
- [Commits](https://github.com/golang/term/compare/v0.9.0...v0.10.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/term
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-06 01:59:28 -04:00
Weston Steimel
74a7185340
chore: bump quality gate labels and images ( #1374 )
...
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2023-07-05 11:05:07 -04:00
anchore-actions-token-generator[bot]
116dc4aaff
chore(deps): update bootstrap tools to latest versions ( #1368 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
2023-07-05 11:04:37 -04:00
Tim Gerla
ecf9e65b95
Add a simple CSV format template to the templates/ directory and tweak docs ( #1366 )
2023-06-29 17:05:17 -04:00
anchore-actions-token-generator[bot]
bc93a968b5
chore(deps): update Syft to v0.84.1 ( #1372 )
2023-06-29 16:07:15 -04:00
Dan Luhring
7436af93c1
fix: Add more log4j-adjacent package ignore rules ( #1358 )
...
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
2023-06-29 11:14:58 -04:00
Weston Steimel
a37940f699
chore: bump the quality gate labels ( #1369 )
...
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2023-06-29 14:59:52 +00:00
Alex Goodman
11301356cf
add oss community board auto-add workflow ( #1364 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-06-27 15:57:08 -04:00
Keith Zantow
ab0a31af64
fix: totals for vulnerability matches ( #1359 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-06-26 14:00:27 -04:00
dependabot[bot]
5c5fb0e665
chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 ( #1363 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.1.3 to 2.2.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](80e868c13c...08b4669551
2023-06-26 13:59:12 -04:00
dependabot[bot]
41d3d134d2
chore(deps): bump anchore/sbom-action from 0.14.2 to 0.14.3 ( #1357 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.14.2 to 0.14.3.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](4d571ad103...78fc58e266
2023-06-22 12:04:09 -04:00
William Murphy
ca79c2a753
Configure chronicle to pre-1.0 mode ( #1356 )
...
Track a chronicle config file that causes chronicle to bump minor
version instead of major version in response to the "breaking-change"
label for pre-1.0 releases.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-06-21 15:48:31 +00:00
anchore-actions-token-generator[bot]
a11f66c058
chore(deps): update Syft to v0.84.0 ( #1354 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: willmurphyscode <willmurphyscode@users.noreply.github.com>
2023-06-21 10:33:34 -04:00
anchore-actions-token-generator[bot]
1a056cc20a
chore(deps): update bootstrap tools to latest versions ( #1353 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
2023-06-16 14:45:04 -04:00
anchore-actions-token-generator[bot]
4fec9a231b
chore(deps): update Syft to v0.83.1 ( #1352 )
2023-06-15 10:04:13 -04:00
dependabot[bot]
9e2287065b
chore(deps): bump golang.org/x/term from 0.8.0 to 0.9.0 ( #1350 )
...
Bumps [golang.org/x/term](https://github.com/golang/term ) from 0.8.0 to 0.9.0.
- [Commits](https://github.com/golang/term/compare/v0.8.0...v0.9.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/term
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-14 16:07:11 -04:00
dependabot[bot]
4e31789324
chore(deps): bump peter-evans/create-pull-request from 5.0.1 to 5.0.2 ( #1351 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 5.0.1 to 5.0.2.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](284f54f989...153407881e
2023-06-14 15:58:43 -04:00
dependabot[bot]
7be9da43e1
chore(deps): bump github/codeql-action from 2.3.6 to 2.13.4 ( #1344 )
2023-06-13 13:40:02 +00:00
Josh Bressers
6ac1f17d9c
chore: Update the contributing guide ( #1347 )
...
Signed-off-by: Josh Bressers <josh@bress.net>
2023-06-13 09:39:14 -04:00
James Neate
c47304b7a2
feat: add community template folder and new table template ( #1343 )
...
Signed-off-by: James Neate <jamesmneate@gmail.com>
2023-06-09 11:33:20 -04:00
Weston Steimel
e8143f2c94
chore: log unsupported package qualifier as debug ( #1340 )
...
Logs unsupported package qualifiers at `debug` level rather than
`warning`. The message is only meant to convey that there are new
qualifiers available in grype-db that the version of grype being used
cannot take advantage of to improve matching behavior; however, the
warning is confusing to users and may make it seem like grype is in a
broken state.
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2023-06-08 17:02:07 -04:00
Weston Steimel
844711285b
feat: add package info to search by for all match details ( #1339 )
...
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2023-06-06 19:32:50 +01:00
anchore-actions-token-generator[bot]
3865f4cc1d
chore(deps): update bootstrap tools to latest versions ( #1334 )
...
* chore(deps): update bootstrap tools to latest versions
Signed-off-by: GitHub <noreply@github.com>
* chore: dependency clean-up
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* chore: fix s/a changes
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* fix: update PURL provider tests; remove unparam
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-06-05 21:17:20 +00:00
dependabot[bot]
7f71f7f849
chore(deps): bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 ( #1336 )
...
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus ) from 1.9.2 to 1.9.3.
- [Release notes](https://github.com/sirupsen/logrus/releases )
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md )
- [Commits](https://github.com/sirupsen/logrus/compare/v1.9.2...v1.9.3 )
---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-05 12:50:01 -04:00
dependabot[bot]
dc9bc1ee04
chore(deps): bump github/codeql-action from 2.3.5 to 2.3.6 ( #1331 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.5 to 2.3.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0225834cc5...83f0fe6c49
2023-06-01 15:41:37 -04:00
