Colm O hEigeartaigh
144ed725a7
Add additional license filenames ( #2227 )
...
* Add additional license filenames
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
* add comment about the license list being manually updated
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-16 13:20:00 +00:00
dependabot[bot]
dcec2bc352
chore(deps): bump github/codeql-action from 2.22.2 to 2.22.3 ( #2229 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.2 to 2.22.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](d90b8d79de...0116bc2df5
2023-10-16 08:59:39 -04:00
dependabot[bot]
1fe0921a5b
chore(deps): bump github.com/charmbracelet/lipgloss from 0.9.0 to 0.9.1 ( #2222 )
...
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss ) from 0.9.0 to 0.9.1.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases )
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.9.0...v0.9.1 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-12 11:10:56 -04:00
dependabot[bot]
538fe5ee1d
chore(deps): bump github/codeql-action from 2.22.1 to 2.22.2 ( #2224 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.1 to 2.22.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](fdcae64e14...d90b8d79de
2023-10-12 11:10:45 -04:00
Colm O hEigeartaigh
2687100e6a
Detect a license file in the root directory or META-INF of a jar ( #2213 )
...
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
2023-10-12 11:09:53 -04:00
Benji Visser
fe7a417fb2
Parse donet dependency trees ( #2143 )
...
* add dependency information for .NET pkgs
Signed-off-by: Benji Visser <benji@093b.org>
* update pkg coverage directory test
Signed-off-by: Benji Visser <benji@093b.org>
* reverse dependsOn relationship
Signed-off-by: Benji Visser <benji@093b.org>
* update root pkg parsing
Signed-off-by: Benji Visser <benji@093b.org>
* add comments about the test relationships represented
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add docs around relationship sorting functions + update test helpers
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Benji Visser <benji@093b.org>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-11 18:01:24 +00:00
dependabot[bot]
7732cd3b48
chore(deps): bump golang.org/x/net from 0.16.0 to 0.17.0 ( #2214 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/net/compare/v0.16.0...v0.17.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-11 13:52:07 -04:00
dependabot[bot]
0302fc5b48
chore(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0 ( #2215 )
...
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp ) from 0.5.9 to 0.6.0.
- [Release notes](https://github.com/google/go-cmp/releases )
- [Commits](https://github.com/google/go-cmp/compare/v0.5.9...v0.6.0 )
---
updated-dependencies:
- dependency-name: github.com/google/go-cmp
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-11 09:53:00 -04:00
dependabot[bot]
b899536814
chore(deps): bump github.com/charmbracelet/lipgloss from 0.8.0 to 0.9.0 ( #2216 )
...
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss ) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases )
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.8.0...v0.9.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-11 09:52:42 -04:00
Christopher Angelo Phillips
d1120ad56e
chore: add automated homebrew action ( #2164 )
...
* chore: add automated homebrew action
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* migrate homebrew publish step to separate post-release workflow
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-11 09:52:22 -04:00
Alex Goodman
ef759038f5
Add relationships for dpkg packages ( #2212 )
...
* add relationships for deb packages
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update snapshots
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bump json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* small refactor to remove duplicate code
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-11 08:56:26 -04:00
Colm O hEigeartaigh
0748945c83
Parse the Maven license from the pom.xml if not contained in the mani… ( #2115 )
...
* Parse the Maven license from the pom.xml if not contained in the manifest
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
* chore: restore 10.0.2 schema
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* chore: generate new 11.0.1 schema
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* refactor: remove schema change
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: update unit tests to align with new pattern
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* chore: pr feedback
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* chore: remove struct tags
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* keep license name and url semantics preserved on the pkg object
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-10 13:09:44 -04:00
Alex Goodman
185d0d1bfa
Refine the docs for building a cataloger ( #2175 )
...
* refine the docs for building a cataloger
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* incorporate comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-09 13:44:38 -04:00
Mohammad Sharief Baig
d16ecdf715
Fix algo lookup by converting key to lower case ( #2207 )
...
Signed-off-by: Mohammad Sharief Baig <shariefmohammad007@gmail.com>
2023-10-09 13:07:18 -04:00
dependabot[bot]
68cf57ed03
chore(deps): bump github/codeql-action from 2.22.0 to 2.22.1 ( #2208 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.0 to 2.22.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2cb752a87e...fdcae64e14
2023-10-09 13:05:57 -04:00
Christopher Angelo Phillips
f6c8057977
feat: add package for go compiler given binary detection ( #2195 )
...
adds a unique synthetic package to the SBOM output that represents the go compiler when it is detected as a part of a package discovered by the go binary cataloger.
When using an SBOM generated by syft - downstream vulnerability scanners now have the opportunity to detect/report on the PURL/CPEs attached to the new stdlib package.
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-10-06 13:15:50 -04:00
dependabot[bot]
87e57aa925
chore(deps): bump github.com/docker/distribution from 2.8.2+incompatible to 2.8.3+incompatible ( #2193 )
...
* chore(deps): bump github.com/docker/distribution
Bumps [github.com/docker/distribution](https://github.com/docker/distribution ) from 2.8.2+incompatible to 2.8.3+incompatible.
- [Release notes](https://github.com/docker/distribution/releases )
- [Commits](https://github.com/docker/distribution/compare/v2.8.2...v2.8.3 )
---
updated-dependencies:
- dependency-name: github.com/docker/distribution
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore: update reference import
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-10-06 12:54:19 -04:00
dependabot[bot]
eed35ec9ce
chore(deps): bump github/codeql-action from 2.21.9 to 2.22.0 ( #2202 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.9 to 2.22.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ddccb87388...2cb752a87e
2023-10-06 12:02:34 -04:00
dependabot[bot]
b23879fd37
chore(deps): bump golang.org/x/net from 0.15.0 to 0.16.0 ( #2204 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.15.0 to 0.16.0.
- [Commits](https://github.com/golang/net/compare/v0.15.0...v0.16.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-06 12:01:38 -04:00
Christopher Angelo Phillips
30f0686353
chore: update license list to 3.22 ( #2201 )
2023-10-06 10:56:47 -04:00
Marc-Etienne Vargenau
235ad2e749
Add exact syntax of the conversion formats ( #2196 )
...
Signed-off-by: Marc-Etienne Vargenau <marc-etienne.vargenau@nokia.com>
2023-10-05 14:48:30 -04:00
dependabot[bot]
127fac8ca9
chore(deps): bump github.com/saferwall/pe from 1.4.6 to 1.4.7 ( #2198 )
...
Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe ) from 1.4.6 to 1.4.7.
- [Release notes](https://github.com/saferwall/pe/releases )
- [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md )
- [Commits](https://github.com/saferwall/pe/compare/v1.4.6...v1.4.7 )
---
updated-dependencies:
- dependency-name: github.com/saferwall/pe
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-05 13:02:30 -04:00
dependabot[bot]
37bb95f5c9
chore(deps): bump golang.org/x/mod from 0.12.0 to 0.13.0 ( #2199 )
...
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.12.0 to 0.13.0.
- [Commits](https://github.com/golang/mod/compare/v0.12.0...v0.13.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-05 11:50:05 -04:00
chavacava
1067dc2ce9
chore: removes unnecessary conditional ( #2194 )
...
Signed-off-by: chavacava <salvadorcavadini+github@gmail.com>
2023-10-04 18:06:12 +00:00
Mohammad Sharief Baig
21878784a8
chore: improve --output help text and deprecate --file ( #2187 )
...
Signed-off-by: Mohammad Sharief Baig <shariefmohammad007@gmail.com>
2023-10-03 11:13:07 -04:00
dependabot[bot]
86005d1593
chore(deps): bump modernc.org/sqlite from 1.25.0 to 1.26.0 ( #2189 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.25.0 to 1.26.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.25.0...v1.26.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-02 12:34:59 -04:00
dependabot[bot]
45625dae94
chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.10 to 0.4.11 ( #2191 )
...
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) from 0.4.10 to 0.4.11.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.10...v0.4.11 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-02 12:33:42 -04:00
dependabot[bot]
38d5ef2c84
chore(deps): bump github/codeql-action from 2.21.8 to 2.21.9 ( #2182 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.8 to 2.21.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](6a28655e3d...ddccb87388
2023-09-28 10:56:08 -04:00
anchore-actions-token-generator[bot]
44e5480238
chore(deps): update bootstrap tools to latest versions ( #2178 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2023-09-27 15:05:15 -04:00
dependabot[bot]
7b1af8721d
chore(deps): bump github.com/saferwall/pe from 1.4.5 to 1.4.6 ( #2180 )
...
Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe ) from 1.4.5 to 1.4.6.
- [Release notes](https://github.com/saferwall/pe/releases )
- [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md )
- [Commits](https://github.com/saferwall/pe/compare/v1.4.5...v1.4.6 )
---
updated-dependencies:
- dependency-name: github.com/saferwall/pe
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-27 15:04:52 -04:00
anchore-actions-token-generator[bot]
8f57d22f63
chore(deps): update bootstrap tools to latest versions ( #2171 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2023-09-26 11:14:25 -04:00
dependabot[bot]
351c683cb4
chore(deps): bump actions/checkout from 4.0.0 to 4.1.0 ( #2172 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](3df4ab11eb...8ade135a41
2023-09-26 07:49:13 -04:00
dependabot[bot]
534a5f54b0
chore(deps): bump github.com/spf13/afero from 1.9.5 to 1.10.0 ( #2174 )
...
Bumps [github.com/spf13/afero](https://github.com/spf13/afero ) from 1.9.5 to 1.10.0.
- [Release notes](https://github.com/spf13/afero/releases )
- [Commits](https://github.com/spf13/afero/compare/v1.9.5...v1.10.0 )
---
updated-dependencies:
- dependency-name: github.com/spf13/afero
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-25 15:07:19 -04:00
William Murphy
8a414b5366
chore: bump stereoscope to fix data race in UI code ( #2173 )
...
Pulls in a fix in go-progress that prevents a race in the UI code when
scanning large images.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-09-25 10:29:56 -04:00
William Murphy
e34adea749
fix: deterministic java purls ( #2170 )
...
Previously, which PURL was generated depended on the order of key iteration
in maps. Also update an integ test that was apparently only passing because
of the previous issue.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-09-25 09:28:18 -04:00
Alex Goodman
8314c0d2cb
Correcting behavior based on Syft release v0.91.0 run ( #2162 )
...
* dont show the title in the release notes
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* dont upload assets on the release pipeline
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bump action-slack action to v3.15.1
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove custom go mod and build cache
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-09-20 20:18:44 +00:00
Đỗ Trọng Hải
b7fa75d7f8
chore: switch to stdlib's slices pkg ( #2148 )
...
* chore: switch to stdlib's slices pkg
Signed-off-by: hainenber <dotronghai96@gmail.com>
* fix linting
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: hainenber <dotronghai96@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-09-20 18:38:37 +00:00
Keith Zantow
7d0d3e1977
fix: prevent errors from clobbering terminal ( #2161 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-09-20 14:35:41 -04:00
Alex Goodman
58f8c852df
Require ordering of relationships when comparing parser output ( #2160 )
...
* require ordering of relationships when comparing parser output
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* [wip] fix cataloger test
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* change method of relationship sort to simple string dump
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-09-20 17:39:18 +00:00
William Murphy
b8f52d570e
chore: stop unit test switch on host arch ( #2156 )
...
Now that the test fixture pins to a particular digest, there's no need
for platform specific architecture switches in this test.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-09-20 11:45:13 -04:00
dependabot[bot]
ba00f3328d
chore(deps): bump github.com/github/go-spdx/v2 from 2.1.2 to 2.2.0 ( #2158 )
...
Bumps [github.com/github/go-spdx/v2](https://github.com/github/go-spdx ) from 2.1.2 to 2.2.0.
- [Release notes](https://github.com/github/go-spdx/releases )
- [Commits](https://github.com/github/go-spdx/compare/v2.1.2...v2.2.0 )
---
updated-dependencies:
- dependency-name: github.com/github/go-spdx/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-20 10:12:33 -04:00
dependabot[bot]
962ff1ec49
chore(deps): bump tibdex/github-app-token from 2.0.0 to 2.1.0 ( #2157 )
...
Bumps [tibdex/github-app-token](https://github.com/tibdex/github-app-token ) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/tibdex/github-app-token/releases )
- [Commits](0914d50df7...3beb63f4bd
2023-09-20 10:12:13 -04:00
Alex Goodman
40899adb87
use annotated tags, update chronicle, fix cache keys ( #2154 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-09-20 10:11:44 -04:00
Christopher Angelo Phillips
650f71cbe0
chore: update to latest stereoscope ( #2151 )
...
* chore: update to latest stereoscope
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* chore: go mod tidy
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-19 15:22:10 -04:00
dependabot[bot]
30885ed92e
chore(deps): bump github/codeql-action from 2.21.7 to 2.21.8 ( #2150 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.7 to 2.21.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](04daf014b5...6a28655e3d
2023-09-19 14:37:54 -04:00
anchore-actions-token-generator[bot]
51243aa65f
chore(deps): update stereoscope to 41288870305034fade27388afa7326c44eb8ff17 ( #2149 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-09-19 09:07:15 -04:00
Shane Dell
23e3de75e3
Add containerd support ( #1793 )
...
* [wip] add containerd UI handlers
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* Add containerd support
- Add UI handlers (done by @wagoodman)
- Add containerd types and wrappers (done by @wagoodman)
- Add flag for specifying containerd address
Closes #201
Signed-off-by: Shane Dell <shanedell100@gmail.com>
* Fix lint
Signed-off-by: Shane Dell <shanedell100@gmail.com>
* add containerd ui handler
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add containerd scheme to readme
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add test for scheme detection
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Shane Dell <shanedell100@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-09-18 11:33:43 -04:00
Christopher Angelo Phillips
594ba5f295
chore: pin workflow checkout for cpe update-cpe-dictionary-index ( #2141 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-15 16:00:15 -04:00
Alex Goodman
5d48882a78
Add GitHub actions and shared workflow usage catalogers ( #2140 )
...
* add github actions usage cataloger
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update integration and cli tests with github actions sample
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add support for shared workflows
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* split github actions usage cataloger
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add source explanation for github action types
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* a github purl does not always mean the package is a github action
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* keep github action catalogers as dir only catalogers
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-09-15 18:51:21 +00:00
Stefan Profanter
ec4d595920
feat: add dependency information to conan lockfile parser ( #2131 )
...
Signed-off-by: Stefan Profanter <stefan.profanter@agile-robots.com>
2023-09-15 14:31:08 -04:00
