dependabot[bot]
fae6f5d372
chore(deps): bump github/codeql-action from 3.25.4 to 3.25.5 ( #2867 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.4 to 3.25.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ccf74c9479...b7cec75265
2024-05-13 12:27:14 -04:00
Brian Ebarb
4194a2cd34
feat: add relationships to ELF package discovery ( #2715 )
...
This PR adds DependencyOf relationships when ELF packages have been discovered by the binary cataloger. The discovered file.Executable type has a []ImportedLibraries that's read from the file when discovered by syft. By mapping these imported libraries back to the package collection, syft is able to create relationships showing which packages are dependencies of other packages by just reading metadata from the ELF executable.
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Brian Ebarb <ebarb.brian@sers.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-05-09 13:53:59 -04:00
dependabot[bot]
5044f48cd6
chore(deps): bump github/codeql-action from 3.25.3 to 3.25.4 ( #2855 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.3 to 3.25.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](d39d31e687...ccf74c9479
2024-05-08 10:33:38 -04:00
dependabot[bot]
c0635a77a9
chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 ( #2850 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.4 to 4.1.5.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](0ad4b8fada...44c2b7a8a4
2024-05-07 12:05:33 -04:00
Alex Goodman
430c55a5b0
remove homebrew update workflow ( #2846 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-05-06 15:38:12 -04:00
Alex Goodman
49e93646eb
Restore version file update on release ( #2844 )
...
* restore version file update on release
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* allow for shallower fetch depth
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-05-06 15:14:43 -04:00
dependabot[bot]
f51b39ca04
chore(deps): bump actions/setup-go from 5.0.0 to 5.0.1 ( #2834 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](0c52d547c9...cdcb360436
2024-05-02 10:12:10 -04:00
dependabot[bot]
02dc2dfa9b
chore(deps): bump github/codeql-action from 3.25.2 to 3.25.3 ( #2817 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.2 to 3.25.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8f596b4ae3...d39d31e687
2024-04-30 16:27:14 +00:00
dependabot[bot]
9901ea8fe9
chore(deps): bump anchore/sbom-action from 0.15.10 to 0.15.11 ( #2821 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.10 to 0.15.11.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](ab5d7b5f48...7ccf588e3c
2024-04-29 12:40:43 -04:00
dependabot[bot]
13b06dad45
chore(deps): bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 ( #2812 )
2024-04-25 10:32:10 -04:00
dependabot[bot]
21b22555d2
chore(deps): bump actions/checkout from 4.1.3 to 4.1.4 ( #2809 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.3 to 4.1.4.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](1d96c772d1...0ad4b8fada
2024-04-24 15:19:03 -04:00
Gijs Calis
b90e7f9437
Fix removing labels in 'Detect schema changes' job ( #2772 )
...
* Fix error messages for add & remove label
Signed-off-by: Gijs Calis <51088038+GijsCalis@users.noreply.github.com>
* Check if label exists on PR before removing
Signed-off-by: Gijs Calis <51088038+GijsCalis@users.noreply.github.com>
---------
Signed-off-by: Gijs Calis <51088038+GijsCalis@users.noreply.github.com>
2024-04-23 14:42:57 -04:00
dependabot[bot]
27a8a1be03
chore(deps): bump github/codeql-action from 3.25.1 to 3.25.2 ( #2802 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.1 to 3.25.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](c7f9125735...8f596b4ae3
2024-04-23 09:54:36 -04:00
dependabot[bot]
4ccbd17255
chore(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 ( #2803 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.2 to 4.3.3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](1746f4ab65...65462800fd
2024-04-23 09:54:28 -04:00
dependabot[bot]
cf6f92f2c8
chore(deps): bump actions/checkout from 4.1.2 to 4.1.3 ( #2799 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.2 to 4.1.3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](9bb56186c3...1d96c772d1
2024-04-22 13:29:13 -04:00
dependabot[bot]
d70eb3d04b
chore(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 ( #2795 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.1 to 4.3.2.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](5d5d22a312...1746f4ab65
2024-04-19 15:06:32 -04:00
dependabot[bot]
f6845474bd
chore(deps): bump github/codeql-action from 3.25.0 to 3.25.1 ( #2786 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.0 to 3.25.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](df5a14dc28...c7f9125735
2024-04-17 10:46:34 -04:00
dependabot[bot]
e1cadead1d
chore(deps): bump peter-evans/create-pull-request from 6.0.3 to 6.0.4 ( #2787 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 6.0.3 to 6.0.4.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](c55203cfde...9153d834b6
2024-04-17 10:46:24 -04:00
dependabot[bot]
dc7fa21980
chore(deps): bump github/codeql-action from 3.24.10 to 3.25.0 ( #2779 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.10 to 3.25.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](4355270be1...df5a14dc28
2024-04-15 10:00:54 -04:00
dependabot[bot]
081ec04b3f
chore(deps): bump peter-evans/create-pull-request from 6.0.2 to 6.0.3 ( #2774 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](70a41aba78...c55203cfde
2024-04-12 15:31:36 -04:00
dependabot[bot]
c31696f131
chore(deps): bump github/codeql-action from 3.24.9 to 3.24.10 ( #2756 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.9 to 3.24.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](1b1aada464...4355270be1
2024-04-08 12:19:20 -04:00
dependabot[bot]
5a865d0d90
chore(deps): bump anchore/sbom-action from 0.15.9 to 0.15.10 ( #2737 )
2024-03-27 17:52:22 +00:00
dependabot[bot]
55fff0f4a1
chore(deps): bump github/codeql-action from 3.24.8 to 3.24.9 ( #2732 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.8 to 3.24.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](05963f47d8...1b1aada464
2024-03-26 11:50:31 -04:00
Hung Nguyen
059cfd6730
update release token from readonly to write token ( #2735 )
...
Signed-off-by: Hung Nguyen <hung.tran.nguyen.585@gmail.com>
2024-03-26 09:06:55 -04:00
Alex Goodman
0d5ebed74a
dont include labels for dependabot ecosystems ( #2720 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-03-21 12:16:01 -04:00
dependabot[bot]
8f7305ef78
chore(deps): bump fountainhead/action-wait-for-check from 1.1.0 to 1.2.0 ( #2717 )
...
Bumps [fountainhead/action-wait-for-check](https://github.com/fountainhead/action-wait-for-check ) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/fountainhead/action-wait-for-check/releases )
- [Commits](297be350cf...5a908a2481
2024-03-21 12:15:30 -04:00
dependabot[bot]
df547020ef
chore(deps): bump github/codeql-action from 3.24.7 to 3.24.8 ( #2725 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.7 to 3.24.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3ab4101902...05963f47d8
2024-03-21 12:14:51 -04:00
dependabot[bot]
37094c9751
chore(deps): bump actions/cache from 4.0.1 to 4.0.2 ( #2728 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.0.1 to 4.0.2.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](ab5e6d0c87...0c45773b62
2024-03-21 12:14:43 -04:00
Hung Nguyen
3ac1cd7a9f
updating credentials to scoped permissions ( #2722 )
...
* updating credentials to scoped permissions
Signed-off-by: Hung Nguyen <hung.tran.nguyen.585@gmail.com>
---------
Signed-off-by: Hung Nguyen <hung.tran.nguyen.585@gmail.com>
2024-03-20 17:35:07 -04:00
dependabot[bot]
1c8d29d577
chore(deps): bump docker/login-action from 3.0.0 to 3.1.0 ( #2714 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](343f7c4344...e92390c5fb
2024-03-14 11:16:16 -04:00
dependabot[bot]
2051a62ded
chore(deps): bump github/codeql-action from 3.24.6 to 3.24.7 ( #2711 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.6 to 3.24.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8a470fddaf...3ab4101902
2024-03-14 09:58:42 -04:00
dependabot[bot]
5534c38d0f
chore(deps): bump peter-evans/create-pull-request from 6.0.1 to 6.0.2 ( #2712 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](a4f52f8033...70a41aba78
2024-03-13 13:47:47 -04:00
Alex Goodman
47fc909700
Show binary exports, entrypoint, and imports ( #2626 )
...
show binary exports, entrypoint, and imports for macho, elf, and pe formats
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-03-12 22:04:02 +00:00
dependabot[bot]
2e2a9377ea
chore(deps): bump actions/checkout from 4.1.1 to 4.1.2 ( #2703 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.1 to 4.1.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](b4ffde65f4...9bb56186c3
2024-03-12 13:18:44 -04:00
dependabot[bot]
5e3fde04a5
chore(deps): bump anchore/sbom-action from 0.15.8 to 0.15.9 ( #2694 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.8 to 0.15.9.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](b6a39da807...9fece9e200
2024-03-06 14:24:56 -05:00
dependabot[bot]
d7e58964ef
chore(deps): bump actions/cache from 4.0.0 to 4.0.1 ( #2685 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](13aacd865c...ab5e6d0c87
2024-03-01 13:50:49 -05:00
dependabot[bot]
59d54d6154
chore(deps): bump github/codeql-action from 3.24.5 to 3.24.6 ( #2686 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.5 to 3.24.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](47b3d888fe...8a470fddaf
2024-03-01 13:50:34 -05:00
dependabot[bot]
acc473fc30
chore(deps): bump peter-evans/create-pull-request from 6.0.0 to 6.0.1 ( #2676 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](b1ddad2c99...a4f52f8033
2024-02-28 09:31:29 -05:00
dependabot[bot]
33b72ccbf8
chore(deps): bump github/codeql-action from 3.24.4 to 3.24.5 ( #2666 )
2024-02-23 14:10:26 +00:00
dependabot[bot]
cdf1e0bacb
chore(deps): bump github/codeql-action from 3.24.3 to 3.24.4 ( #2662 )
2024-02-22 16:50:53 +00:00
dependabot[bot]
578ac9cf2d
chore(deps): bump github/codeql-action from 3.24.1 to 3.24.3 ( #2649 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.1 to 3.24.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](e675ced7a7...379614612a
2024-02-15 09:13:29 -05:00
Christopher Angelo Phillips
9803db2949
fix: update runner size to use larger HD for codeql ( #2641 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-02-14 10:31:05 -05:00
dependabot[bot]
3ac7369068
chore(deps): bump github/codeql-action from 3.24.0 to 3.24.1 ( #2638 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.0 to 3.24.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](e8893c57a1...e675ced7a7
2024-02-14 09:21:21 -05:00
dependabot[bot]
4d4efa4963
chore(deps): bump dawidd6/action-homebrew-bump-formula ( #2639 )
...
Bumps [dawidd6/action-homebrew-bump-formula](https://github.com/dawidd6/action-homebrew-bump-formula ) from 3.10.1 to 3.11.0.
- [Release notes](https://github.com/dawidd6/action-homebrew-bump-formula/releases )
- [Commits](75ed025ff3...baf2b60c51
2024-02-14 09:21:05 -05:00
dependabot[bot]
0bc5971085
chore(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 ( #2597 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.0 to 4.3.1.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](26f96dfa69...5d5d22a312
2024-02-06 10:44:51 -05:00
dependabot[bot]
05fa8ba4e9
chore(deps): bump actions/cache from 3.3.2 to 4.0.0 ( #2592 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.3.2 to 4.0.0.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](https://github.com/actions/cache/compare/v3.3.2...13aacd865c20de90d75de3b17ebe84f7a17d57d2 )
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-05 10:26:55 -05:00
dependabot[bot]
0618b2cb35
chore(deps): bump github/codeql-action from 3.23.2 to 3.24.0 ( #2593 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.23.2 to 3.24.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b7bf0a3ed3...e8893c57a1
2024-02-05 09:46:22 -05:00
Alex Goodman
fd3844853a
labeler should ignore latest version ( #2588 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-02 18:08:15 -05:00
Alex Goodman
3023a5a7bc
Detect ELF security features ( #2443 )
...
* add detection of ELF security features
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix linting
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update json schema with file executable data
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update expected fixure when no tty present
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* more detailed differ
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* use json differ
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove json schema addition
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* regenerate json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix mimtype set ref
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-02 16:51:18 +00:00
dependabot[bot]
4a98f9fbd3
chore(deps): bump anchore/sbom-action from 0.15.7 to 0.15.8 ( #2578 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.7 to 0.15.8.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](767b08fd88...b6a39da807
2024-02-01 10:26:47 -05:00
dependabot[bot]
db49c145f0
chore(deps): bump marocchino/sticky-pull-request-comment ( #2579 )
...
Bumps [marocchino/sticky-pull-request-comment](https://github.com/marocchino/sticky-pull-request-comment ) from 2.8.0 to 2.9.0.
- [Release notes](https://github.com/marocchino/sticky-pull-request-comment/releases )
- [Commits](efaaab3fd4...331f8f5b42
2024-02-01 10:26:37 -05:00
dependabot[bot]
43837f47f5
chore(deps): bump peter-evans/create-pull-request from 5.0.2 to 6.0.0 ( #2567 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 5.0.2 to 6.0.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](153407881e...b1ddad2c99
2024-01-31 13:20:17 -05:00
dependabot[bot]
e880e6dcd6
chore(deps): bump anchore/sbom-action from 0.15.6 to 0.15.7 ( #2568 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.6 to 0.15.7.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](c6aed38a43...767b08fd88
2024-01-31 13:19:50 -05:00
Alex Goodman
6ae5b2904d
re-add cosign signing checksums file ( #2572 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-31 13:19:41 -05:00
dependabot[bot]
b113391638
chore(deps): bump anchore/sbom-action from 0.15.5 to 0.15.6 ( #2560 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.5 to 0.15.6.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](24b0d52385...c6aed38a43
2024-01-30 13:15:22 -05:00
dependabot[bot]
2e0149fd9e
chore(deps): bump 8398a7/action-slack from 3.15.1 to 3.16.2 ( #2557 )
...
Bumps [8398a7/action-slack](https://github.com/8398a7/action-slack ) from 3.15.1 to 3.16.2.
- [Release notes](https://github.com/8398a7/action-slack/releases )
- [Commits](fbd6aa58ba...28ba43ae48
2024-01-29 12:32:30 -05:00
dependabot[bot]
87bbc507ee
chore(deps): bump github/codeql-action from 3.23.1 to 3.23.2 ( #2558 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.23.1 to 3.23.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0b21cf2492...b7bf0a3ed3
2024-01-29 12:32:22 -05:00
Alex Goodman
e0e1c4ba0a
Internalize majority of cmd package ( #2533 )
...
* internalize majority of cmd package and migrate integration tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add internal api encoder
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* create internal representation of all formats
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* export capability to get default encoders
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* restore test fixtures
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-24 13:29:51 -05:00
dependabot[bot]
ad2843bf50
chore(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0 ( #2536 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](694cdabd8b...26f96dfa69
2024-01-24 10:11:43 -05:00
dependabot[bot]
8e39ca6dfc
chore(deps): bump anchore/sbom-action from 0.15.4 to 0.15.5 ( #2531 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.4 to 0.15.5.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](41f7a6c033...24b0d52385
2024-01-23 10:14:05 -05:00
dependabot[bot]
ec802dfc80
chore(deps): bump actions/upload-artifact from 4.1.0 to 4.2.0 ( #2513 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.1.0 to 4.2.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](1eb3cb2b3e...694cdabd8b
2024-01-19 09:31:12 -05:00
dependabot[bot]
8845c938ce
chore(deps): bump anchore/sbom-action from 0.15.3 to 0.15.4 ( #2514 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.3 to 0.15.4.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](c7f031d924...41f7a6c033
2024-01-19 09:28:37 -05:00
dependabot[bot]
308dc6f9b8
chore(deps): bump github/codeql-action from 3.23.0 to 3.23.1 ( #2506 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.23.0 to 3.23.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](e5f05b81d5...0b21cf2492
2024-01-18 09:45:04 -05:00
William Murphy
c816c73341
chore: enable automatic approval of dependabot PRs ( #2505 )
...
To reduce toil in this repo, enable dependabot PRs to be automatically
approved, but not merged. They are not automatically merged because if
the default GitHub token is used to automatically merge a PR, the
resulting commit will not trigger workflows on main. Rather than
generate a more potent token, just automatically review them, which
reduces toil by eliminating several clicks and page loads for
maintainers who are trying to merge dependabot PRs.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2024-01-18 08:35:23 -05:00
dependabot[bot]
0409eef615
chore(deps): bump actions/cache from 3.3.3 to 4.0.0 ( #2503 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.3.3 to 4.0.0.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](e12d46a63a...13aacd865c
2024-01-17 10:07:41 -05:00
dependabot[bot]
3de5e98db1
chore(deps): bump actions/upload-artifact from 4.0.0 to 4.1.0 ( #2495 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](c7d193f32e...1eb3cb2b3e
2024-01-15 14:40:41 -05:00
dependabot[bot]
f9a862d268
chore(deps): bump actions/cache from 3.3.2 to 3.3.3 ( #2489 )
2024-01-12 13:52:50 +00:00
dependabot[bot]
aec53bc32d
chore(deps): bump anchore/sbom-action from 0.15.2 to 0.15.3 ( #2481 )
2024-01-10 16:19:02 +00:00
dependabot[bot]
1ca8ee2a8d
chore(deps): bump github/codeql-action from 3.22.12 to 3.23.0 ( #2477 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.22.12 to 3.23.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](012739e508...e5f05b81d5
2024-01-08 08:33:13 -05:00
Christopher Angelo Phillips
7182f5b519
Upgrade binary test fixtures management ( #2444 )
...
* test: strip fixtures of any execution permissions
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* chore: add lint check for large files
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* add helper script to capture binary snippets
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* chore: update scripts and add new dir output for snippets
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: update erlang test to new generated format
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: update memcached to new generator pattern
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: update openjdk to named version
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: move openjdk lts to versioned folder
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: rename unversioned java to versioned folders
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: migrate bash fixture to new snippet workflow
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: update script to size 600 bytes
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: update go classifier to new snippet workflow
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: move haproxy new new snippet
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: add flatter haproxy example
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: update tests to new pattern
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: final version of snippet script
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* [wip] download bin helpers
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add manager for binary cataloger test fixtures
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add remaining binary cataloger patterns and snippets
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* adjust gitignore to be more permissive to snippets
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add rust darwin snippets
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* skip tests that are missing full binaries
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* address PR feedback
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add tests for binary test fixture manager
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* highlight rows that do not have binaries or snippets
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bump fixture limit to 1K (found exceptions when adding snippets)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add redis and postgres snippets
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* improve formating of fixture listing
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-05 21:40:03 +00:00
dependabot[bot]
3174a17efb
chore(deps): bump anchore/sbom-action from 0.15.1 to 0.15.2 ( #2464 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.1 to 0.15.2.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](5ecf649a41...719133684c
2024-01-05 11:26:27 -05:00
dependabot[bot]
51a1bad159
chore(deps): bump github/codeql-action from 3.22.11 to 3.22.12 ( #2455 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.22.11 to 3.22.12.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b374143c11...012739e508
2023-12-22 09:01:16 -05:00
dependabot[bot]
6030a69b17
chore(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0 ( #2433 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.3 to 4.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](a8a3f3ad30...c7d193f32e
2023-12-18 11:17:07 -05:00
dependabot[bot]
f5d5892434
chore(deps): bump github/codeql-action from 2.22.10 to 3.22.11 ( #2430 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.10 to 3.22.11.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](305f654631...b374143c11
2023-12-14 12:40:39 -05:00
dependabot[bot]
2bcf825857
chore(deps): bump github/codeql-action from 2.22.9 to 2.22.10 ( #2426 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.9 to 2.22.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](c0d1daa7f7...305f654631
2023-12-13 11:44:41 -05:00
dependabot[bot]
9cb7c3d350
chore(deps): bump dawidd6/action-homebrew-bump-formula ( #2420 )
...
Bumps [dawidd6/action-homebrew-bump-formula](https://github.com/dawidd6/action-homebrew-bump-formula ) from 3.10.0 to 3.10.1.
- [Release notes](https://github.com/dawidd6/action-homebrew-bump-formula/releases )
- [Commits](d3667e5ae1...75ed025ff3
2023-12-12 14:43:43 -05:00
dependabot[bot]
790ecc6f28
chore(deps): bump github/codeql-action from 2.22.8 to 2.22.9 ( #2400 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.8 to 2.22.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](407ffafae6...c0d1daa7f7
2023-12-12 13:59:39 -05:00
dependabot[bot]
b345752f49
chore(deps): bump actions/setup-go from 4.1.0 to 5.0.0 ( #2401 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4.1.0 to 5.0.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](93397bea11...0c52d547c9
2023-12-11 06:38:05 -05:00
dependabot[bot]
23778de112
chore(deps): bump anchore/sbom-action from 0.15.0 to 0.15.1 ( #2392 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.0 to 0.15.1.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](fd74a6fb98...5ecf649a41
2023-12-05 09:48:40 -05:00
Alex Goodman
c379d21e9a
only remove breaking-change label when there are schema changes ( #2371 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-28 17:59:04 -05:00
dependabot[bot]
c08b0990ca
chore(deps): bump github/codeql-action from 2.22.7 to 2.22.8 ( #2351 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.7 to 2.22.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](66b90a5db1...407ffafae6
2023-11-24 06:42:30 -05:00
dependabot[bot]
1c582f0aa5
chore(deps): bump anchore/sbom-action from 0.14.3 to 0.15.0 ( #2344 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.14.3 to 0.15.0.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](78fc58e266...fd74a6fb98
2023-11-21 11:12:43 -05:00
dependabot[bot]
c7eb3f4c93
chore(deps): bump github/codeql-action from 2.22.6 to 2.22.7 ( #2332 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.6 to 2.22.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](689fdc5193...66b90a5db1
2023-11-16 09:22:23 -05:00
dependabot[bot]
43bdf6e1b2
chore(deps): bump github/codeql-action from 2.22.5 to 2.22.6 ( #2321 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.5 to 2.22.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](74483a38d3...689fdc5193
2023-11-14 11:35:59 -05:00
Alex Goodman
b2f4d7eda2
Follow convention for naming catalogers ( #2277 )
...
* follow convention for naming catalogers
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix cataloger name example
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 12:39:42 +00:00
dependabot[bot]
2428d704e1
chore(deps): bump github/codeql-action from 2.22.4 to 2.22.5 ( #2261 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.4 to 2.22.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](49abf0ba24...74483a38d3
2023-10-27 09:54:23 -04:00
Alex Goodman
7315f83f9d
Upgrade tool management ( #2188 )
...
* migrate to binny and taskfile
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update binny to not require github token
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* added support for automatically building snapshots
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* detect source changes for snapshot builds
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fail workflow explicitly when snapshot cache restoral fails
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* match snapshot restoral paths
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-25 09:08:43 -04:00
Alex Goodman
c4b464e616
fix CPE workflow ( #2252 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-24 15:07:49 +00:00
dependabot[bot]
bdbf927847
chore(deps): bump github/codeql-action from 2.22.3 to 2.22.4 ( #2249 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.3 to 2.22.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0116bc2df5...49abf0ba24
2023-10-23 10:41:54 -04:00
Alex Goodman
f3d95aa3a9
fill version info from release and git directly ( #2244 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-23 09:05:43 -04:00
Alex Goodman
263be01faa
change homebrew release trigger ( #2242 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-20 18:31:41 +00:00
Alex Goodman
8f6bdde666
Label PRs when the json schema changes ( #2240 )
...
* label PRs when the json schema changes
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* moderate pr comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* be more strict about processing file names
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-20 13:00:15 -04:00
dependabot[bot]
6c7900f5b8
chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 ( #2236 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8ade135a41...b4ffde65f4
2023-10-18 09:54:26 -04:00
dependabot[bot]
dcec2bc352
chore(deps): bump github/codeql-action from 2.22.2 to 2.22.3 ( #2229 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.2 to 2.22.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](d90b8d79de...0116bc2df5
2023-10-16 08:59:39 -04:00
dependabot[bot]
538fe5ee1d
chore(deps): bump github/codeql-action from 2.22.1 to 2.22.2 ( #2224 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.1 to 2.22.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](fdcae64e14...d90b8d79de
2023-10-12 11:10:45 -04:00
Christopher Angelo Phillips
d1120ad56e
chore: add automated homebrew action ( #2164 )
...
* chore: add automated homebrew action
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* migrate homebrew publish step to separate post-release workflow
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-11 09:52:22 -04:00
dependabot[bot]
68cf57ed03
chore(deps): bump github/codeql-action from 2.22.0 to 2.22.1 ( #2208 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.0 to 2.22.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2cb752a87e...fdcae64e14
2023-10-09 13:05:57 -04:00
dependabot[bot]
eed35ec9ce
chore(deps): bump github/codeql-action from 2.21.9 to 2.22.0 ( #2202 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.9 to 2.22.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ddccb87388...2cb752a87e
2023-10-06 12:02:34 -04:00
dependabot[bot]
38d5ef2c84
chore(deps): bump github/codeql-action from 2.21.8 to 2.21.9 ( #2182 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.8 to 2.21.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](6a28655e3d...ddccb87388
2023-09-28 10:56:08 -04:00
dependabot[bot]
351c683cb4
chore(deps): bump actions/checkout from 4.0.0 to 4.1.0 ( #2172 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](3df4ab11eb...8ade135a41
2023-09-26 07:49:13 -04:00
