Mirrors/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft synced 2024-11-10 06:14:16 +00:00
Code Issues Projects Releases Packages Wiki Activity
1470 commits 73 branches 214 tags 132 MiB
Commit graph

148 commits

Author SHA1 Message Date
Alex Goodman
74013d7da7
Add test to ensure package metadata is represented in the JSON schema (#1841) 
* [wip] try to reflect metadata types... probably wont work

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* refactor to add unit test to ensure there is coverage in the schema

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* [wip] generate metadata container

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add generation of metadata container struct for JSON schema generation

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* fix linting

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* update linter script to account for code generation

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

---------

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2023-05-25 13:26:56 -04:00
Bob Callaway
0580328ad9
update cosign to v2 release (different go module) (#1805) 
Signed-off-by: Bob Callaway <bcallaway@google.com>
 2023-05-10 11:12:37 -04:00
Christopher Angelo Phillips
a42bac6fcc
fix: only cache java packages and not source content (#1750) 
* fix: only cache java packages and not source content

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* fix: add gradle to matched files for ci checksum

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

---------

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
 2023-04-19 16:07:34 -04:00
Christopher Angelo Phillips
55a90a2ee0
fix: update cache.fingerprint file to java-builds dir (#1748) 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
 2023-04-19 12:17:07 -04:00
Alex Goodman
5a7bab972c
Fix kernel cataloger test fixtures (#1742) 
* pin kernel and modules version for kernel fixtures

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* cache kernel fixtures in CI

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* update CLI test image with pinned kernel deps

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* update the kernel version found in integration tests

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

---------

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2023-04-17 11:44:46 -04:00
dependabot[bot]
394ec8d215
chore(deps): bump peter-evans/create-pull-request from 4 to 5 (#1712) 
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 4 to 5.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v4...v5)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-05 19:04:26 -04:00
Keith Zantow
2022ffa0e5
chore: update deprecated set-output calls (#1705) 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
 2023-04-03 09:36:11 -04:00
Keith Zantow
34ace36a9e
chore: tweak some workflow text (#1685) 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
 2023-03-21 11:08:49 -04:00
dependabot[bot]
b5ec4d4f08
chore(deps): bump actions/setup-go from 3 to 4 (#1671) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-16 12:02:07 -04:00
Keith Zantow
7714bc0521
fix: improved Python binary detection (#1648) 2023-03-07 10:52:29 -05:00
dependabot[bot]
ff34594284
chore(deps): bump actions/upload-artifact from 2 to 3 (#1627) 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-27 14:17:29 -05:00
dependabot[bot]
f3acff81f3
chore(deps): bump actions/checkout from 2 to 3 (#1626) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-27 13:14:03 -05:00
Alex Goodman
669fee84d5
Revert "add workaround for macos github actions cache issue (#1584)" (#1605) 
This reverts commit 0076b19893.

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2023-02-22 15:03:12 -05:00
Alex Goodman
0076b19893
add workaround for macos github actions cache issue (#1584) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2023-02-17 10:29:33 -05:00
Keith Zantow
a3ebb31e3c
chore: update bug issue template (#1571) 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
 2023-02-14 12:58:44 -05:00
Alex Goodman
88c81d33ed
switch from trigger-release target to release target (#1560) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2023-02-09 16:35:11 +00:00
Alex Goodman
8847ba5d0b
Add release trigger (#1501) 
* add release trigger

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* deduplicate version and changelog calls + add gh checks

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add more chronicle verbosity, but not when triggering releases

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* bump chronicle version to get --version-file feature

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* update bootstrap tool workflow to include glow

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add version prefix check on tags in release quality gate

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

---------

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2023-02-08 11:38:27 -05:00
Bradley Jones
cdac2245b5
feat: update golang to 1.19 (#1526) 
* feat: update golang to 1.19

Signed-off-by: Bradley Jones <bradley.jones@anchore.com>

* chore: break out json schema drift check into separate script

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* chore: update git index refresh

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

---------

Signed-off-by: Bradley Jones <bradley.jones@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
 2023-01-31 11:39:57 -05:00
Keith Zantow
674a54512c
chore: correct bootstrap tool script (#1514) 2023-01-25 10:22:28 -05:00
dependabot[bot]
b77c104aa6
chore(deps): bump github/codeql-action from 1 to 2 (#1473) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-18 09:38:06 -05:00
dependabot[bot]
10ca7f56ab
chore(deps): bump actions/setup-go from 2 to 3 (#1472) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 2 to 3.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-18 09:37:45 -05:00
Luca Comellini
6b2dc08ffb
Add dependabot (#1451) 
Signed-off-by: Luca Comellini <luca.com@gmail.com>

Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2023-01-18 09:29:24 -05:00
Christopher Angelo Phillips
03971ace43
chore: use checkout v3 with new depth (#1471) 2023-01-17 21:26:39 +00:00
Christopher Angelo Phillips
07aee798b0
chore: use checkout v2 for tag depth (#1470) 2023-01-17 21:03:29 +00:00
Alex Goodman
05611c283d
bootstrap within composite action (#1461) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2023-01-17 10:04:22 -05:00
Weston Steimel
e87cfe7319
chore: remove bumping cosign in go.mod when updating bootstrap tools (#1452) 2023-01-12 16:21:01 -05:00
Alex Goodman
e0acfa98c7
add s3 credentials to release (#1309) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2022-11-02 15:48:37 +00:00
Keith Zantow
35f0f2931e
chore: update goreleaser brew token (#1306) 2022-11-02 10:05:20 -04:00
Keith Zantow
ba57f3db51
chore: update github token permissions for goreleaser (#1305) 2022-11-01 16:28:37 +00:00
Christopher Angelo Phillips
4c5c6f6319
fix: update ci secret to use new password (#1304) 2022-11-01 14:30:29 +00:00
Christopher Angelo Phillips
1b69fbd566
fix: update secret value to use new cert cahin (#1303) 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
 2022-11-01 00:05:40 +00:00
Alex Goodman
28cadfdb5d
replace signing tooling with quill (#1280) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
 2022-10-24 13:03:10 -04:00
Christopher Angelo Phillips
6e764815d0
fix: move reproduction to top of issue (#1264) 2022-10-19 12:51:38 -04:00
Keith Zantow
b20310eaf8
Add gosimports (#1205) 2022-09-14 13:38:18 -04:00
Keith Zantow
70db13d49e
Add RPM file scanning support (#1188) 2022-09-07 14:16:30 -04:00
Weston Steimel
6949a2500f
Fix update-bootstrap-tools workflow (#1170) 2022-08-22 16:17:28 +00:00
Weston Steimel
5282820b5d
workflow to create automated PRs to update bootstrap tools (#1167) 2022-08-22 11:28:24 -04:00
Keith Zantow
69bde44c6e
Update stereoscope to get rid of the replace directive (#1140) 2022-08-03 12:24:20 -04:00
Christopher Angelo Phillips
f5d02d4e52
improve docker release bootstrap (#1136) 2022-08-02 15:44:24 +00:00
Christopher Angelo Phillips
b7f587f5dc
remove docker login from keychain (#1135) 2022-08-02 09:42:12 -04:00
Christopher Angelo Phillips
d196ab70a0
remove ENV checks from siging script (#1134) 2022-08-01 22:08:41 +00:00
Christopher Angelo Phillips
1bf97af3fb
remove docker assets from main goreleaser configuration to reduce mac-os runner friction (#1133) 2022-08-01 21:08:38 +00:00
Christopher Angelo Phillips
ca69fb8370
remove prefixed v from tag to match release (#1131) 2022-08-01 15:07:58 +00:00
Christopher Angelo Phillips
8f21180681
rollback actions-setup-docker to earlier version (#1130) 2022-08-01 14:10:50 +00:00
Christopher Angelo Phillips
20ad59ad1b
Delete pr_action.yaml (#1120) 2022-07-27 17:12:00 +00:00
Christopher Angelo Phillips
ba685eada8
Add PR action back to workflow with new token (#1086) 2022-07-06 09:31:51 -04:00
Christopher Angelo Phillips
3ce1a4aac1
remove pr automation until service account creation (#1080) 2022-06-30 21:43:24 +00:00
Christopher Angelo Phillips
f35a252ecf
add workflows to test new project automation (#1023) 2022-06-08 09:42:53 -04:00
Keith Zantow
321eddf874
Auto-PR needs to run go mod tidy (#958) 2022-04-13 16:30:35 -04:00
Keith Zantow
25bf679f8f
Add workflow for automatic PR for new stereoscope updates (#954) 2022-04-13 13:20:40 -04:00