Christopher Phillips
30d6eb53ac
feat: add fullText as optional field to syft model
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-09-17 12:34:04 -04:00
Christopher Phillips
2f7bacd6bc
feat: allow syft licenses to present discovered full-text
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-09-17 12:19:14 -04:00
dependabot[bot]
b9efac4d78
chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.0 to 0.9.1 ( #3242 )
...
Bumps [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go ) from 0.9.0 to 0.9.1.
- [Release notes](https://github.com/CycloneDX/cyclonedx-go/releases )
- [Changelog](https://github.com/CycloneDX/cyclonedx-go/blob/master/.goreleaser.yml )
- [Commits](https://github.com/CycloneDX/cyclonedx-go/compare/v0.9.0...v0.9.1 )
---
updated-dependencies:
- dependency-name: github.com/CycloneDX/cyclonedx-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-16 11:54:12 -04:00
dependabot[bot]
48c1c45d12
chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7 ( #3241 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.6 to 3.26.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](4dd16135b6...8214744c54
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-16 11:54:01 -04:00
dependabot[bot]
9cc3641ac6
chore(deps): bump peter-evans/create-pull-request from 7.0.2 to 7.0.3 ( #3240 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.2 to 7.0.3.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](d121e62763...6cd32fd936
)
---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-16 11:53:51 -04:00
anchore-actions-token-generator[bot]
7b4feb7c16
chore(deps): update tools to latest versions ( #3231 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-09-16 09:09:11 -04:00
anchore-actions-token-generator[bot]
41e9630409
chore(deps): update CPE dictionary index ( #3232 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-09-16 09:08:50 -04:00
anchore-actions-token-generator[bot]
58100fec9f
chore(deps): update tools to latest versions ( #3205 )
...
* chore(deps): update tools to latest versions
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* chore: disable gosec(G115)
A change to the rule gosec(G115) made a large amount of FP for gosec appear when updating to the
latest golang-ci linter.
https://github.com/securego/gosec/issues/1185
https://github.com/securego/gosec/pull/1149
We're going to ignore this rule for the time being while waiting for gosec to get updates so that
bound checking and example snippets of `valid` code is added for this rule
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---------
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-09-13 15:05:50 -04:00
dependabot[bot]
834027e32d
chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.0 to 1.1.1 ( #3225 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 1.1.0 to 1.1.1.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/main/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v1.1.0...v1.1.1 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-13 13:51:17 -04:00
dependabot[bot]
2b4d5c275f
chore(deps): bump peter-evans/create-pull-request from 7.0.1 to 7.0.2 ( #3226 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.1 to 7.0.2.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](8867c4aba1...d121e62763
)
---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-13 11:31:09 -04:00
dependabot[bot]
38e51f16ec
chore(deps): bump modernc.org/sqlite from 1.33.0 to 1.33.1 ( #3229 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.33.0 to 1.33.1.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.33.0...v1.33.1 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-13 11:30:58 -04:00
Keith Zantow
1b863268df
feat: --enrich flag for data enrichment feature enablement ( #3182 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-09-12 10:45:18 -04:00
Ryuichi Okumura
fcd5ec951d
chore: make ci-check.sh an executable file ( #3220 )
...
Signed-off-by: Ryuichi Okumura <okuryu@okuryu.com>
2024-09-11 10:02:37 -04:00
dependabot[bot]
61a9fde01c
chore(deps): bump github.com/opencontainers/runc from 1.1.12 to 1.1.14 ( #3219 )
...
Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc ) from 1.1.12 to 1.1.14.
- [Release notes](https://github.com/opencontainers/runc/releases )
- [Changelog](https://github.com/opencontainers/runc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/opencontainers/runc/compare/v1.1.12...v1.1.14 )
---
updated-dependencies:
- dependency-name: github.com/opencontainers/runc
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-10 21:20:43 +00:00
Keith Zantow
c33a51d3d8
chore: restore ci-check.sh script ( #3218 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-09-10 15:19:05 -04:00
Laurent Goderre
dbc4238f63
Add haskell binaries cataloger ( #3078 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-09-10 10:58:20 -04:00
anchore-actions-token-generator[bot]
fce14fd537
chore(deps): update CPE dictionary index ( #3206 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-09-10 10:36:50 -04:00
dependabot[bot]
98bd4e99b6
chore(deps): bump golang.org/x/net from 0.28.0 to 0.29.0 ( #3203 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.28.0 to 0.29.0.
- [Commits](https://github.com/golang/net/compare/v0.28.0...v0.29.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-10 10:35:43 -04:00
Laurent Goderre
9c2799e379
Add the Ocaml ecosystem ( #3112 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-09-10 10:35:18 -04:00
dependabot[bot]
dafc6ad034
chore(deps): bump github.com/charmbracelet/bubbles from 0.19.0 to 0.20.0 ( #3209 )
...
Bumps [github.com/charmbracelet/bubbles](https://github.com/charmbracelet/bubbles ) from 0.19.0 to 0.20.0.
- [Release notes](https://github.com/charmbracelet/bubbles/releases )
- [Changelog](https://github.com/charmbracelet/bubbles/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbles/compare/v0.19.0...v0.20.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbles
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-09 16:28:01 -04:00
dependabot[bot]
16f89840fd
chore(deps): bump modernc.org/sqlite from 1.32.0 to 1.33.0 ( #3210 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.32.0 to 1.33.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.32.0...v1.33.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-09 16:27:52 -04:00
dependabot[bot]
2475f7f696
chore(deps): bump github.com/docker/docker ( #3211 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 27.2.0+incompatible to 27.2.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v27.2.0...v27.2.1 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-09 16:27:43 -04:00
dependabot[bot]
f735a428eb
chore(deps): bump github.com/dave/jennifer from 1.7.0 to 1.7.1 ( #3212 )
...
Bumps [github.com/dave/jennifer](https://github.com/dave/jennifer ) from 1.7.0 to 1.7.1.
- [Commits](https://github.com/dave/jennifer/compare/v1.7.0...v1.7.1 )
---
updated-dependencies:
- dependency-name: github.com/dave/jennifer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-09 16:27:33 -04:00
Alex Goodman
ba7bf6b85e
dont cleanup cache in forks ( #3214 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-09-09 20:27:21 +00:00
Alex Goodman
b153b1d594
less verbose java logging when non-fatal issues arise ( #3208 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-09-09 15:27:59 +00:00
Alex Goodman
0a3f513f92
Slim down docker cache size ( #3190 )
...
* slim down docker cache size
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove old centos images
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* troubleshoot test failure
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix wget version ref
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* refactor caching mechanisms
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add cache cleanup steps
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* simplify deleting cache
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix first clone issue
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add tool dep
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-09-09 11:15:13 -04:00
dependabot[bot]
deabd4115a
chore(deps): bump peter-evans/create-pull-request from 7.0.0 to 7.0.1 ( #3196 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.0 to 7.0.1.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](4320041ed3...8867c4aba1
)
---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-05 15:06:23 -04:00
dependabot[bot]
ff0bae67bd
chore(deps): bump golang.org/x/mod from 0.20.0 to 0.21.0 ( #3197 )
...
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.20.0 to 0.21.0.
- [Commits](https://github.com/golang/mod/compare/v0.20.0...v0.21.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-05 15:05:15 -04:00
witchcraze
a343825685
fix: haproxy classifier for versions with -dev suffix ( #3180 )
...
Signed-off-by: witchcraze <witchcraze@gmail.com>
2024-09-05 14:52:19 -04:00
dependabot[bot]
7c96a10cbe
chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.3 to 3.3.0 ( #3177 )
...
Bumps [github.com/Masterminds/sprig/v3](https://github.com/Masterminds/sprig ) from 3.2.3 to 3.3.0.
- [Release notes](https://github.com/Masterminds/sprig/releases )
- [Changelog](https://github.com/Masterminds/sprig/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Masterminds/sprig/compare/v3.2.3...v3.3.0 )
---
updated-dependencies:
- dependency-name: github.com/Masterminds/sprig/v3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-03 12:22:43 -04:00
anchore-actions-token-generator[bot]
8c690d000d
chore(deps): update CPE dictionary index ( #3183 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-09-03 12:22:30 -04:00
dependabot[bot]
8ade391658
chore(deps): bump actions/upload-artifact from 4.3.6 to 4.4.0 ( #3184 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.6 to 4.4.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](834a144ee9...50769540e7
)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-03 12:22:16 -04:00
dependabot[bot]
e299a95120
chore(deps): bump peter-evans/create-pull-request from 6.1.0 to 7.0.0 ( #3187 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 6.1.0 to 7.0.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](c5a7806660...4320041ed3
)
---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-03 12:22:07 -04:00
Mikail
f2caf45695
fix: properly decode SPDX license expressions in CycloneDX format ( #3175 )
...
Signed-off-by: Mikail Kocak <mikail-gh@pm.me>
2024-08-29 11:05:43 -04:00
dependabot[bot]
731fc77641
chore(deps): bump github.com/docker/docker ( #3168 )
2024-08-29 14:16:50 +00:00
dependabot[bot]
3499d92c6d
chore(deps): bump github.com/charmbracelet/bubbletea ( #3171 )
2024-08-29 14:16:43 +00:00
dependabot[bot]
19d2735aff
chore(deps): bump github/codeql-action from 3.26.5 to 3.26.6 ( #3173 )
2024-08-29 14:16:34 +00:00
Keith Zantow
11d77b4a94
fix: cycles resolving relative path parent poms with parent-defined variables ( #3170 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-08-28 15:12:13 -04:00
Weston Steimel
2c25f81b68
fix: improve generated cpes for binaries with existing classifiers ( #3169 )
...
The existing syft binary classifiers already specify any known CPEs for
the defined binary; however, sometimes these end up getting suppressed
(such as when there are ELF notes extracted) and the CPE generator ends
up being used instead. This adds enough detail to at least ensure the
correct ones get appended to the generation list for the currently
covered classifiers.
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-08-28 16:46:35 +01:00
GGMU
04e3371cce
fix: add log time of task ( #3105 )
...
Signed-off-by: tomersein <tomersein@gmail.com>
2024-08-28 11:04:26 -04:00
Weston Steimel
5ab43bafec
fix: improve known CPEs and set NVD as source for all current binary classifiers ( #3167 )
...
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-08-27 17:36:34 +01:00
Alex Goodman
e9a8c27be1
respond to authoratative CPEs from catalogers ( #3166 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-08-27 10:26:35 -04:00
Alex Goodman
4ee6c179f8
set cataloger names within package cataloger task ( #3165 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-08-27 09:23:43 -04:00
Weston Steimel
99be365f62
fix: use official CPE for curl binary cataloger ( #3164 )
...
The official CPE for curl is `cpe:2.3🅰️ haxx:curl:*:*:*:*:*:*:*:*`
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-08-27 14:03:19 +01:00
anchore-actions-token-generator[bot]
cf9bb13f2b
chore(deps): update tools to latest versions ( #3160 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-08-26 10:07:59 -04:00
anchore-actions-token-generator[bot]
0cd6185716
chore(deps): update CPE dictionary index ( #3161 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-08-26 10:07:44 -04:00
dependabot[bot]
6549ec9831
chore(deps): bump github/codeql-action from 3.26.4 to 3.26.5 ( #3162 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.4 to 3.26.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f0f3afee80...2c779ab0d0
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-26 10:07:18 -04:00
Alex Goodman
b6b5c8e308
fix ELF package correlations ( #3151 )
2024-08-26 08:44:39 -04:00
anchore-actions-token-generator[bot]
dad253785e
chore(deps): update tools to latest versions ( #3144 )
2024-08-23 14:42:12 -04:00
KrysGor
cff9d494df
feat: detect curl binaries ( #3146 )
2024-08-23 14:41:08 -04:00