Krystian G.
6a95a5f2ed
feat: add binary classifiers for lighttp, proftpd, zstd, xz, gzip, jq, and sqlcipher ( #3252 )
...
* feat: detect lighttpd binaries
Signed-off-by: Krystian Gorny <krystian.gorny@wipotec.com>
* feat: detect proftpd binaries
Signed-off-by: Krystian Gorny <krystian.gorny@wipotec.com>
* feat: detect zstd binaries
Signed-off-by: Krystian Gorny <krystian.gorny@wipotec.com>
* feat: detect xz utils binarie
Signed-off-by: Krystian Gorny <krystian.gorny@wipotec.com>
* feat: detect gzip binaries
Signed-off-by: Krystian Gorny <krystian.gorny@wipotec.com>
* feat: detect sqlcipher binaries
Signed-off-by: Krystian Gorny <krystian.gorny@wipotec.com>
* feat: detect jq binaries
Signed-off-by: Krystian Gorny <krystian.gorny@wipotec.com>
* add tests + snippets
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Krystian Gorny <krystian.gorny@wipotec.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Krystian Gorny <krystian.gorny@wipotec.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-09-19 13:21:02 +00:00
Krystian G.
cb0de97bc3
fix: capture-snippet.sh can handle leading whitespaces now ( #3249 ) ( #3250 )
...
Signed-off-by: Gorny Krystian <krystian.gorny@wipotec.com>
Co-authored-by: Gorny Krystian <krystian.gorny@wipotec.com>
2024-09-19 09:15:54 -04:00
anchore-actions-token-generator[bot]
50016c3172
chore(deps): update tools to latest versions ( #3251 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-09-19 09:15:12 -04:00
anchore-actions-token-generator[bot]
a2f12fef0c
chore(deps): update tools to latest versions ( #3247 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-09-18 13:13:24 -04:00
anchore-actions-token-generator[bot]
7934696463
chore(deps): update tools to latest versions ( #3243 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-09-17 12:30:07 -04:00
dependabot[bot]
b9efac4d78
chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.0 to 0.9.1 ( #3242 )
...
Bumps [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go ) from 0.9.0 to 0.9.1.
- [Release notes](https://github.com/CycloneDX/cyclonedx-go/releases )
- [Changelog](https://github.com/CycloneDX/cyclonedx-go/blob/master/.goreleaser.yml )
- [Commits](https://github.com/CycloneDX/cyclonedx-go/compare/v0.9.0...v0.9.1 )
---
updated-dependencies:
- dependency-name: github.com/CycloneDX/cyclonedx-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-16 11:54:12 -04:00
dependabot[bot]
48c1c45d12
chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7 ( #3241 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.6 to 3.26.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](4dd16135b6...8214744c54
2024-09-16 11:54:01 -04:00
dependabot[bot]
9cc3641ac6
chore(deps): bump peter-evans/create-pull-request from 7.0.2 to 7.0.3 ( #3240 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.2 to 7.0.3.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](d121e62763...6cd32fd936
2024-09-16 11:53:51 -04:00
anchore-actions-token-generator[bot]
7b4feb7c16
chore(deps): update tools to latest versions ( #3231 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-09-16 09:09:11 -04:00
anchore-actions-token-generator[bot]
41e9630409
chore(deps): update CPE dictionary index ( #3232 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-09-16 09:08:50 -04:00
anchore-actions-token-generator[bot]
58100fec9f
chore(deps): update tools to latest versions ( #3205 )
...
* chore(deps): update tools to latest versions
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* chore: disable gosec(G115)
A change to the rule gosec(G115) made a large amount of FP for gosec appear when updating to the
latest golang-ci linter.
https://github.com/securego/gosec/issues/1185
https://github.com/securego/gosec/pull/1149
We're going to ignore this rule for the time being while waiting for gosec to get updates so that
bound checking and example snippets of `valid` code is added for this rule
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---------
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-09-13 15:05:50 -04:00
dependabot[bot]
834027e32d
chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.0 to 1.1.1 ( #3225 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 1.1.0 to 1.1.1.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/main/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v1.1.0...v1.1.1 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-13 13:51:17 -04:00
dependabot[bot]
2b4d5c275f
chore(deps): bump peter-evans/create-pull-request from 7.0.1 to 7.0.2 ( #3226 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.1 to 7.0.2.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](8867c4aba1...d121e62763
2024-09-13 11:31:09 -04:00
dependabot[bot]
38e51f16ec
chore(deps): bump modernc.org/sqlite from 1.33.0 to 1.33.1 ( #3229 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.33.0 to 1.33.1.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.33.0...v1.33.1 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-13 11:30:58 -04:00
Keith Zantow
1b863268df
feat: --enrich flag for data enrichment feature enablement ( #3182 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-09-12 10:45:18 -04:00
Ryuichi Okumura
fcd5ec951d
chore: make ci-check.sh an executable file ( #3220 )
...
Signed-off-by: Ryuichi Okumura <okuryu@okuryu.com>
2024-09-11 10:02:37 -04:00
dependabot[bot]
61a9fde01c
chore(deps): bump github.com/opencontainers/runc from 1.1.12 to 1.1.14 ( #3219 )
...
Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc ) from 1.1.12 to 1.1.14.
- [Release notes](https://github.com/opencontainers/runc/releases )
- [Changelog](https://github.com/opencontainers/runc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/opencontainers/runc/compare/v1.1.12...v1.1.14 )
---
updated-dependencies:
- dependency-name: github.com/opencontainers/runc
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-10 21:20:43 +00:00
Keith Zantow
c33a51d3d8
chore: restore ci-check.sh script ( #3218 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-09-10 15:19:05 -04:00
Laurent Goderre
dbc4238f63
Add haskell binaries cataloger ( #3078 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-09-10 10:58:20 -04:00
anchore-actions-token-generator[bot]
fce14fd537
chore(deps): update CPE dictionary index ( #3206 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-09-10 10:36:50 -04:00
dependabot[bot]
98bd4e99b6
chore(deps): bump golang.org/x/net from 0.28.0 to 0.29.0 ( #3203 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.28.0 to 0.29.0.
- [Commits](https://github.com/golang/net/compare/v0.28.0...v0.29.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-10 10:35:43 -04:00
Laurent Goderre
9c2799e379
Add the Ocaml ecosystem ( #3112 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-09-10 10:35:18 -04:00
dependabot[bot]
dafc6ad034
chore(deps): bump github.com/charmbracelet/bubbles from 0.19.0 to 0.20.0 ( #3209 )
...
Bumps [github.com/charmbracelet/bubbles](https://github.com/charmbracelet/bubbles ) from 0.19.0 to 0.20.0.
- [Release notes](https://github.com/charmbracelet/bubbles/releases )
- [Changelog](https://github.com/charmbracelet/bubbles/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbles/compare/v0.19.0...v0.20.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbles
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-09 16:28:01 -04:00
dependabot[bot]
16f89840fd
chore(deps): bump modernc.org/sqlite from 1.32.0 to 1.33.0 ( #3210 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.32.0 to 1.33.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.32.0...v1.33.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-09 16:27:52 -04:00
dependabot[bot]
2475f7f696
chore(deps): bump github.com/docker/docker ( #3211 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 27.2.0+incompatible to 27.2.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v27.2.0...v27.2.1 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-09 16:27:43 -04:00
dependabot[bot]
f735a428eb
chore(deps): bump github.com/dave/jennifer from 1.7.0 to 1.7.1 ( #3212 )
...
Bumps [github.com/dave/jennifer](https://github.com/dave/jennifer ) from 1.7.0 to 1.7.1.
- [Commits](https://github.com/dave/jennifer/compare/v1.7.0...v1.7.1 )
---
updated-dependencies:
- dependency-name: github.com/dave/jennifer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-09 16:27:33 -04:00
Alex Goodman
ba7bf6b85e
dont cleanup cache in forks ( #3214 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-09-09 20:27:21 +00:00
Alex Goodman
b153b1d594
less verbose java logging when non-fatal issues arise ( #3208 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-09-09 15:27:59 +00:00
Alex Goodman
0a3f513f92
Slim down docker cache size ( #3190 )
...
* slim down docker cache size
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove old centos images
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* troubleshoot test failure
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix wget version ref
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* refactor caching mechanisms
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add cache cleanup steps
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* simplify deleting cache
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix first clone issue
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add tool dep
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-09-09 11:15:13 -04:00
dependabot[bot]
deabd4115a
chore(deps): bump peter-evans/create-pull-request from 7.0.0 to 7.0.1 ( #3196 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.0 to 7.0.1.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](4320041ed3...8867c4aba1
2024-09-05 15:06:23 -04:00
dependabot[bot]
ff0bae67bd
chore(deps): bump golang.org/x/mod from 0.20.0 to 0.21.0 ( #3197 )
...
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.20.0 to 0.21.0.
- [Commits](https://github.com/golang/mod/compare/v0.20.0...v0.21.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-05 15:05:15 -04:00
witchcraze
a343825685
fix: haproxy classifier for versions with -dev suffix ( #3180 )
...
Signed-off-by: witchcraze <witchcraze@gmail.com>
2024-09-05 14:52:19 -04:00
dependabot[bot]
7c96a10cbe
chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.3 to 3.3.0 ( #3177 )
...
Bumps [github.com/Masterminds/sprig/v3](https://github.com/Masterminds/sprig ) from 3.2.3 to 3.3.0.
- [Release notes](https://github.com/Masterminds/sprig/releases )
- [Changelog](https://github.com/Masterminds/sprig/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Masterminds/sprig/compare/v3.2.3...v3.3.0 )
---
updated-dependencies:
- dependency-name: github.com/Masterminds/sprig/v3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-03 12:22:43 -04:00
anchore-actions-token-generator[bot]
8c690d000d
chore(deps): update CPE dictionary index ( #3183 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-09-03 12:22:30 -04:00
dependabot[bot]
8ade391658
chore(deps): bump actions/upload-artifact from 4.3.6 to 4.4.0 ( #3184 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.6 to 4.4.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](834a144ee9...50769540e7
2024-09-03 12:22:16 -04:00
dependabot[bot]
e299a95120
chore(deps): bump peter-evans/create-pull-request from 6.1.0 to 7.0.0 ( #3187 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 6.1.0 to 7.0.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](c5a7806660...4320041ed3
2024-09-03 12:22:07 -04:00
Mikail
f2caf45695
fix: properly decode SPDX license expressions in CycloneDX format ( #3175 )
...
Signed-off-by: Mikail Kocak <mikail-gh@pm.me>
2024-08-29 11:05:43 -04:00
dependabot[bot]
731fc77641
chore(deps): bump github.com/docker/docker ( #3168 )
2024-08-29 14:16:50 +00:00
dependabot[bot]
3499d92c6d
chore(deps): bump github.com/charmbracelet/bubbletea ( #3171 )
2024-08-29 14:16:43 +00:00
dependabot[bot]
19d2735aff
chore(deps): bump github/codeql-action from 3.26.5 to 3.26.6 ( #3173 )
2024-08-29 14:16:34 +00:00
Keith Zantow
11d77b4a94
fix: cycles resolving relative path parent poms with parent-defined variables ( #3170 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-08-28 15:12:13 -04:00
Weston Steimel
2c25f81b68
fix: improve generated cpes for binaries with existing classifiers ( #3169 )
...
The existing syft binary classifiers already specify any known CPEs for
the defined binary; however, sometimes these end up getting suppressed
(such as when there are ELF notes extracted) and the CPE generator ends
up being used instead. This adds enough detail to at least ensure the
correct ones get appended to the generation list for the currently
covered classifiers.
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-08-28 16:46:35 +01:00
GGMU
04e3371cce
fix: add log time of task ( #3105 )
...
Signed-off-by: tomersein <tomersein@gmail.com>
2024-08-28 11:04:26 -04:00
Weston Steimel
5ab43bafec
fix: improve known CPEs and set NVD as source for all current binary classifiers ( #3167 )
...
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-08-27 17:36:34 +01:00
Alex Goodman
e9a8c27be1
respond to authoratative CPEs from catalogers ( #3166 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-08-27 10:26:35 -04:00
Alex Goodman
4ee6c179f8
set cataloger names within package cataloger task ( #3165 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-08-27 09:23:43 -04:00
Weston Steimel
99be365f62
fix: use official CPE for curl binary cataloger ( #3164 )
...
The official CPE for curl is `cpe:2.3🅰️ haxx:curl:*:*:*:*:*:*:*:*`
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-08-27 14:03:19 +01:00
anchore-actions-token-generator[bot]
cf9bb13f2b
chore(deps): update tools to latest versions ( #3160 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-08-26 10:07:59 -04:00
anchore-actions-token-generator[bot]
0cd6185716
chore(deps): update CPE dictionary index ( #3161 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-08-26 10:07:44 -04:00
dependabot[bot]
6549ec9831
chore(deps): bump github/codeql-action from 3.26.4 to 3.26.5 ( #3162 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.4 to 3.26.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f0f3afee80...2c779ab0d0
2024-08-26 10:07:18 -04:00
