anchore-actions-token-generator[bot]
04e8c96822
chore(deps): update stereoscope to 590920dabc5479216e755983d41367b6be3544f3 ( #2452 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-12-22 09:36:13 -05:00
anchore-actions-token-generator[bot]
1bc4179193
chore(deps): update tools to latest versions ( #2451 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2023-12-22 09:30:00 -05:00
dependabot[bot]
51a1bad159
chore(deps): bump github/codeql-action from 3.22.11 to 3.22.12 ( #2455 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.22.11 to 3.22.12.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b374143c11...012739e508
2023-12-22 09:01:16 -05:00
Christopher Angelo Phillips
3cffa0b7fd
chore: remove execute from test fixtures ( #2450 )
...
* chore: remove execute from test fixtures
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* chore: add back ignored file
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-12-20 22:34:29 +00:00
anchore-actions-token-generator[bot]
da03e981c3
chore(deps): update tools to latest versions ( #2447 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2023-12-20 10:59:01 -05:00
William Murphy
4aa2d8c0af
fix: don't panic when hackage missing in haskell stack yaml lock ( #2448 )
...
Fixes a bug where previously the haskell cataloger would panic
when parsing a stack.yaml.lock file that had an entry with an empty
hackage string.
Signed-off-by: houdini91 <mdstrauss91@gmail.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Co-authored-by: houdini91 <mdstrauss91@gmail.com>
2023-12-20 10:57:06 -05:00
Laurent Goderre
a635d66657
Add binary classifier for the ERLang interpretter ( #2417 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2023-12-18 15:00:49 -05:00
Laurent Goderre
51d3cd0066
Add binary classifier for Julia lang ( #2427 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2023-12-18 15:00:21 -05:00
Laurent Goderre
4846639ee4
Add binary detection for PHP composer ( #2432 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2023-12-18 14:59:45 -05:00
dependabot[bot]
6030a69b17
chore(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0 ( #2433 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.3 to 4.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](a8a3f3ad30...c7d193f32e
2023-12-18 11:17:07 -05:00
anchore-actions-token-generator[bot]
8b9194eb81
chore(deps): update CPE dictionary index ( #2442 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
2023-12-18 07:01:21 -05:00
anchore-actions-token-generator[bot]
56a1ab54d2
chore(deps): update stereoscope to 4b999b76ca8901d15bb97aef445dc94c38d11d5c ( #2440 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-12-18 06:43:24 -05:00
Alex Goodman
f4dd36ca9d
fix syft-json test to use pretty json for snapshot testing ( #2441 )
...
without this fix, capturing fixtures will result in hard-to-read
failures in testing.
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-12-15 17:23:21 -05:00
Alex Goodman
17c605822e
refactor pkg.Collection ( #2439 )
...
- remove "catalog" references
- add a separate add() function for readability
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-12-15 17:11:11 -05:00
Alex Goodman
4eace4b141
refactor javascript cataloger to use configuration options when creating packages ( #2438 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-12-15 17:11:02 -05:00
Alex Goodman
05660da8d7
use single source of truth for archive options ( #2437 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-12-15 17:07:55 -05:00
Alex Goodman
2f378d806e
fix file digest cataloger when passed coordinates ( #2436 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-12-15 14:43:09 -05:00
dependabot[bot]
b83cc8485a
chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.2 to 0.8.0 ( #2413 )
2023-12-14 17:18:37 -05:00
Colm O hEigeartaigh
38a12bd91a
Look for a maven version in a pom from a parent dependency management section ( #2423 )
...
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
2023-12-14 13:15:14 -05:00
Colm O hEigeartaigh
649d152548
Parse Python licenses from LicenseExpression entry in the Wheel Metadata ( #2431 )
...
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
2023-12-14 12:41:41 -05:00
dependabot[bot]
f5d5892434
chore(deps): bump github/codeql-action from 2.22.10 to 3.22.11 ( #2430 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.10 to 3.22.11.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](305f654631...b374143c11
2023-12-14 12:40:39 -05:00
dependabot[bot]
51831d303c
chore(deps): bump modernc.org/sqlite from 1.27.0 to 1.28.0 ( #2429 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.27.0 to 1.28.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.27.0...v1.28.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-14 12:38:55 -05:00
anchore-actions-token-generator[bot]
09e62c3282
chore(deps): update tools to latest versions ( #2428 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2023-12-14 07:31:44 -05:00
Colm O hEigeartaigh
d39ef44e40
Parse Python licenses from LicenseFile entry in the Wheel Metadata ( #2331 )
...
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
2023-12-13 17:46:56 -05:00
Wayne Starr
8bca0ac39e
fix: use filepath instead of path for file source exclusions ( #2411 )
...
Signed-off-by: Wayne Starr <me@racer159.com>
2023-12-13 17:45:34 -05:00
dependabot[bot]
67dbd1fe4c
chore(deps): bump github.com/charmbracelet/bubbletea ( #2424 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 0.24.2 to 0.25.0.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.24.2...v0.25.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-13 12:21:22 -05:00
dependabot[bot]
402227f0b3
chore(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 ( #2425 )
...
Bumps [github.com/google/uuid](https://github.com/google/uuid ) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/google/uuid/releases )
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md )
- [Commits](https://github.com/google/uuid/compare/v1.4.0...v1.5.0 )
---
updated-dependencies:
- dependency-name: github.com/google/uuid
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-13 11:45:04 -05:00
dependabot[bot]
2bcf825857
chore(deps): bump github/codeql-action from 2.22.9 to 2.22.10 ( #2426 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.9 to 2.22.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](c0d1daa7f7...305f654631
2023-12-13 11:44:41 -05:00
dependabot[bot]
9cb7c3d350
chore(deps): bump dawidd6/action-homebrew-bump-formula ( #2420 )
...
Bumps [dawidd6/action-homebrew-bump-formula](https://github.com/dawidd6/action-homebrew-bump-formula ) from 3.10.0 to 3.10.1.
- [Release notes](https://github.com/dawidd6/action-homebrew-bump-formula/releases )
- [Commits](d3667e5ae1...75ed025ff3
2023-12-12 14:43:43 -05:00
Colm O hEigeartaigh
e789e0714d
feat: add the option to retrieve remote licenses for projects defined in a maven pom ( #2409 )
...
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
2023-12-12 14:02:36 -05:00
dependabot[bot]
790ecc6f28
chore(deps): bump github/codeql-action from 2.22.8 to 2.22.9 ( #2400 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.8 to 2.22.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](407ffafae6...c0d1daa7f7
2023-12-12 13:59:39 -05:00
dependabot[bot]
b9462db59e
chore(deps): bump github.com/saferwall/pe from 1.4.7 to 1.4.8 ( #2415 )
...
Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe ) from 1.4.7 to 1.4.8.
- [Release notes](https://github.com/saferwall/pe/releases )
- [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md )
- [Commits](https://github.com/saferwall/pe/compare/v1.4.7...v1.4.8 )
---
updated-dependencies:
- dependency-name: github.com/saferwall/pe
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-11 12:37:20 -05:00
dependabot[bot]
bfad9659a8
chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 ( #2414 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.10.1 to 5.11.0.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.10.1...v5.11.0 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-11 08:58:26 -05:00
dependabot[bot]
b345752f49
chore(deps): bump actions/setup-go from 4.1.0 to 5.0.0 ( #2401 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4.1.0 to 5.0.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](93397bea11...0c52d547c9
2023-12-11 06:38:05 -05:00
anchore-actions-token-generator[bot]
ba9dd1d5fd
chore(deps): update tools to latest versions ( #2408 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2023-12-11 06:36:51 -05:00
anchore-actions-token-generator[bot]
68f35815d6
chore(deps): update CPE dictionary index ( #2412 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
2023-12-11 06:35:58 -05:00
Weston Steimel
4d4b502174
fix(java): improve identification for org.codehaus.groovy artifacts ( #2404 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-08 05:02:01 -05:00
Weston Steimel
ea80f94c0e
fix(java): improve identification for commons-jelly artifacts ( #2399 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-07 12:28:21 -05:00
Weston Steimel
2c145f70b2
fix(java): improve identification for io.minio artifacts ( #2398 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-06 16:58:07 -05:00
Weston Steimel
bcc7e90fcc
fix(java): improve identification for com.graphql-java artifacts ( #2397 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-06 18:04:43 +00:00
anchore-actions-token-generator[bot]
fa1baabc05
chore(deps): update tools to latest versions ( #2395 )
2023-12-06 10:49:07 -05:00
Weston Steimel
b5906824cb
chore: enhance java purl generation integration test ( #2393 )
...
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2023-12-06 15:31:16 +00:00
Colm O hEigeartaigh
16dee41b4b
feat: add ability to retrieve remote licenses for yarn.lock ( #2338 )
...
---------
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-12-05 13:38:28 -05:00
dependabot[bot]
23778de112
chore(deps): bump anchore/sbom-action from 0.15.0 to 0.15.1 ( #2392 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.0 to 0.15.1.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](fd74a6fb98...5ecf649a41
2023-12-05 09:48:40 -05:00
Colm O hEigeartaigh
3ba9df4ff3
Retrieve remote licenses using pom.properties when there is no pom.xml ( #2315 )
...
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
2023-12-05 09:47:40 -05:00
Weston Steimel
bbf223b2c9
fix(java): improve identification for org.apache.tapestry artifacts ( #2384 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-04 11:23:40 -05:00
Weston Steimel
b126276f97
fix(java): improve identification for io.ratpack artifacts ( #2379 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-04 11:23:26 -05:00
Weston Steimel
40d766a257
fix(java): improve identification for org.apache.cassandra artifacts ( #2386 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-01 10:51:14 -05:00
Weston Steimel
814960f65a
fix(java): improve identification for org.neo4j.procedure artifacts ( #2388 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2023-12-01 10:50:24 -05:00
William Murphy
13758260dd
fix: bump fangs for ptr summarize fix ( #2387 )
...
Previously, pointers to primitive types in config summarization could be
printed literally (like "0x123aefef"). Pull in fangs to get the fix for
this.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-12-01 14:37:42 +00:00
