Alex Goodman
4ee6c179f8
set cataloger names within package cataloger task ( #3165 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-08-27 09:23:43 -04:00
Weston Steimel
99be365f62
fix: use official CPE for curl binary cataloger ( #3164 )
...
The official CPE for curl is `cpe:2.3🅰️ haxx:curl:*:*:*:*:*:*:*:*`
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-08-27 14:03:19 +01:00
anchore-actions-token-generator[bot]
cf9bb13f2b
chore(deps): update tools to latest versions ( #3160 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-08-26 10:07:59 -04:00
anchore-actions-token-generator[bot]
0cd6185716
chore(deps): update CPE dictionary index ( #3161 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-08-26 10:07:44 -04:00
dependabot[bot]
6549ec9831
chore(deps): bump github/codeql-action from 3.26.4 to 3.26.5 ( #3162 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.4 to 3.26.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f0f3afee80...2c779ab0d0
2024-08-26 10:07:18 -04:00
Alex Goodman
b6b5c8e308
fix ELF package correlations ( #3151 )
2024-08-26 08:44:39 -04:00
anchore-actions-token-generator[bot]
dad253785e
chore(deps): update tools to latest versions ( #3144 )
2024-08-23 14:42:12 -04:00
KrysGor
cff9d494df
feat: detect curl binaries ( #3146 )
2024-08-23 14:41:08 -04:00
dependabot[bot]
9ab3de1819
chore(deps): bump anchore/sbom-action from 0.17.1 to 0.17.2 ( #3155 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.1 to 0.17.2.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](ab9d16d4b4...61119d458a
2024-08-22 13:52:58 -04:00
dependabot[bot]
6f0230879a
chore(deps): bump github/codeql-action from 3.26.3 to 3.26.4 ( #3154 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.3 to 3.26.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](883d8588e5...f0f3afee80
2024-08-22 13:52:48 -04:00
anchore-actions-token-generator[bot]
691f34ce27
chore(deps): update stereoscope to e6d086e8bef5fab4fcfbd60c9a759c4cb229decf ( #3152 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-08-22 13:52:34 -04:00
dependabot[bot]
ac977246c9
chore(deps): bump github.com/charmbracelet/bubbles from 0.18.0 to 0.19.0 ( #3148 )
...
Bumps [github.com/charmbracelet/bubbles](https://github.com/charmbracelet/bubbles ) from 0.18.0 to 0.19.0.
- [Release notes](https://github.com/charmbracelet/bubbles/releases )
- [Changelog](https://github.com/charmbracelet/bubbles/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbles/compare/v0.18.0...v0.19.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbles
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-22 13:52:06 -04:00
dependabot[bot]
78d48b4209
chore(deps): bump github.com/charmbracelet/lipgloss ( #3147 )
...
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss ) from 0.12.1 to 0.13.0.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases )
- [Changelog](https://github.com/charmbracelet/lipgloss/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.12.1...v0.13.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-22 13:51:57 -04:00
dependabot[bot]
bd80eeafac
chore(deps): bump github.com/anchore/stereoscope ( #3153 )
...
Bumps [github.com/anchore/stereoscope](https://github.com/anchore/stereoscope ) from 0.0.3-0.20240725180315-50ce3be7aa1f to 0.0.3.
- [Release notes](https://github.com/anchore/stereoscope/releases )
- [Changelog](https://github.com/anchore/stereoscope/blob/main/.goreleaser.yaml )
- [Commits](https://github.com/anchore/stereoscope/commits/v0.0.3 )
---
updated-dependencies:
- dependency-name: github.com/anchore/stereoscope
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-22 13:51:50 -04:00
Keith Zantow
73b9d5aa42
fix: mysql 8.0.3x binary detection ( #3142 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-08-21 09:48:28 -04:00
dependabot[bot]
f786233e97
chore(deps): bump github/codeql-action from 3.26.2 to 3.26.3 ( #3139 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.2 to 3.26.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](429e197704...883d8588e5
2024-08-20 23:04:58 +00:00
Keith Zantow
95b4a88256
fix: logging for remote network calls ( #3140 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-08-20 11:45:33 -04:00
anchore-actions-token-generator[bot]
511cc9c2d5
chore(deps): update CPE dictionary index ( #3135 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-08-19 12:49:43 -04:00
dependabot[bot]
360983f75b
chore(deps): bump github.com/charmbracelet/bubbletea ( #3137 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 0.26.6 to 0.27.0.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.26.6...v0.27.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-19 12:48:24 -04:00
anchore-actions-token-generator[bot]
4b7ae0ed3b
chore(deps): update tools to latest versions ( #3121 )
...
* chore(deps): update tools to latest versions
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* chore: update code to reflect new linter settings for error messages
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---------
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-08-16 17:56:36 +00:00
dependabot[bot]
4ff60ee837
chore(deps): bump github.com/docker/docker ( #3123 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 27.1.1+incompatible to 27.1.2+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v27.1.1...v27.1.2 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-15 13:50:51 -04:00
dependabot[bot]
965000dcbb
chore(deps): bump anchore/sbom-action from 0.17.0 to 0.17.1 ( #3124 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.0 to 0.17.1.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](d94f46e13c...ab9d16d4b4
2024-08-15 13:16:47 -04:00
dependabot[bot]
a447884084
chore(deps): bump github/codeql-action from 3.26.0 to 3.26.2 ( #3129 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.0 to 3.26.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](eb055d739a...429e197704
2024-08-15 13:16:39 -04:00
Lucas Rodriguez
cd3b828905
fix: add nil check to CycloneDX toBomProperties ( #3119 )
...
Signed-off-by: Lucas Rodriguez <lucas.rodriguez9616@gmail.com>
2024-08-13 16:02:15 -04:00
Lukas Voetmand
3161e1847e
fix: read CycloneDX BOM components from metadata ( #3092 )
...
Signed-off-by: dervoeti <lukas.voetmand@stackable.tech>
2024-08-12 16:37:23 -04:00
Weston Steimel
df1e5b57fe
fix: improve groupid extraction for Jenkins plugins ( #2815 )
...
* fix: improve groupid extraction for Jenkins plugins
Consider the `Group-Id` java manifest property as this is typically set
for Jenkins plugins if there is no pom file
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
* test: update java purl integration test image
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
---------
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-08-12 13:01:44 -04:00
anchore-actions-token-generator[bot]
d2b33f1acb
chore(deps): update CPE dictionary index ( #3116 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-08-12 16:57:47 +00:00
GGMU
91cf066db6
support .kar files ( #3113 )
...
* add kar
Signed-off-by: tomersein <tomersein@gmail.com>
2024-08-12 12:10:03 -04:00
luozexuan
c19cf626ab
chore: fix some comments ( #3114 )
...
Signed-off-by: luozexuan <fetchcode@139.com>
2024-08-12 12:08:04 -04:00
Keith Zantow
cf85450e08
chore: fix failing python relationship test ( #3117 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-08-12 12:07:47 -04:00
Alan Pope
49d4e32241
update-slack-to-discourse ( #3111 )
...
Signed-off-by: Alan Pope <alan@popey.com>
2024-08-12 11:49:10 +01:00
Weston Steimel
19cc664cf8
test: increase java purl generation test coverage ( #3110 )
...
ensures correct package url generation for more java packages now that
syft has more deterministic results per https://github.com/anchore/syft/pull/3085
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-08-09 10:14:10 +00:00
dependabot[bot]
64a9ecbf7a
chore(deps): bump modernc.org/sqlite from 1.31.1 to 1.32.0 ( #3106 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.31.1 to 1.32.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.31.1...v1.32.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-08 15:49:45 -04:00
dependabot[bot]
6267d69930
chore(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0 ( #3107 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.5.0 to 3.6.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/v3.5.0...v3.6.0 )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-08 15:49:37 -04:00
anchore-actions-token-generator[bot]
1fb47d908e
chore(deps): update tools to latest versions ( #3099 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-08-07 14:26:05 -04:00
dependabot[bot]
2339743c8c
chore(deps): bump github/codeql-action from 3.25.15 to 3.26.0 ( #3101 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.15 to 3.26.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](afb54ba388...eb055d739a
2024-08-07 14:25:52 -04:00
dependabot[bot]
9031592649
chore(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 ( #3102 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.5 to 4.3.6.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](89ef406dd8...834a144ee9
2024-08-07 14:25:44 -04:00
dependabot[bot]
47d192d79b
chore(deps): bump github.com/google/go-containerregistry ( #3103 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.20.1 to 0.20.2.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.20.1...v0.20.2 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-07 14:25:36 -04:00
dependabot[bot]
040b683da8
chore(deps): bump golang.org/x/net from 0.27.0 to 0.28.0 ( #3104 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.27.0 to 0.28.0.
- [Commits](https://github.com/golang/net/compare/v0.27.0...v0.28.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-07 14:25:28 -04:00
dependabot[bot]
dcd87d1fef
chore(deps): bump actions/upload-artifact from 4.3.4 to 4.3.5 ( #3095 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.4 to 4.3.5.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](0b2256b8c0...89ef406dd8
2024-08-06 13:17:36 -04:00
anchore-actions-token-generator[bot]
214a0498e0
chore(deps): update CPE dictionary index ( #3094 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-08-06 13:07:48 -04:00
dependabot[bot]
0f9df805c1
chore(deps): bump golang.org/x/mod from 0.19.0 to 0.20.0 ( #3096 )
...
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.19.0 to 0.20.0.
- [Commits](https://github.com/golang/mod/compare/v0.19.0...v0.20.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-06 13:07:33 -04:00
dependabot[bot]
703330abd0
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.6 to 0.5.7 ( #3097 )
...
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) from 0.5.6 to 0.5.7.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.6...v0.5.7 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-06 13:07:21 -04:00
Gijs Calis
9d40d1152e
feat: improved java maven property resolution ( #2769 )
...
Signed-off-by: Gijs Calis <51088038+GijsCalis@users.noreply.github.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
2024-08-05 11:30:47 -04:00
Harippriya Sivapatham
cc15edca62
fix: use organization for package supplier when reading Java vendor fields ( #3093 )
...
Signed-off-by: Harippriya Sivapatham <harippriyasivapatham@gmail.com>
2024-08-03 16:00:55 -04:00
anchore-actions-token-generator[bot]
623532e3ed
chore(deps): update tools to latest versions ( #3091 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-08-02 13:25:09 -04:00
Dor Hayun
48f1e975f0
fix: update 'guessMainPackageNameAndVersionFromPomInfo' and 'artifactIDMatchesFilename' ( #3054 )
...
- Correct retrieval of package name when main POM file exists
- Address issue where wrong package name was retrieved for certain jars
- Example case: 'jansi' jar containing multiple jars like 'jansi-win32'
- Ensure true is returned when filename matches the artifact ID, prevent random retrieval by checking prefix and suffix
- Use fallback check with suffix and prefix if no POM properties file matches the exact artifact name
Signed-off-by: dor-hayun <dor.hayun@mend.io>
Co-authored-by: dor-hayun <dor.hayun@mend.io>
2024-08-01 13:47:15 -04:00
Christopher Angelo Phillips
c84cb2cf84
fix: update mainModuleVersion function to always prefix v to findings ( #3087 )
...
* chore: basic fix
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
* test: make sure ldflags are prefixed with v
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-08-01 11:29:07 -04:00
Keith Zantow
05a10e8bed
chore: update release script to use gh from binny ( #3084 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-07-31 20:10:17 -04:00
Laurent Goderre
92d63df6f5
Added the SWI Prolog (swipl) ecosystem ( #3076 )
...
* Add binary classifier for swipl
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
* Added cataloger for SWI Prolog Pack packages
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
---------
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-07-31 16:13:26 -04:00
