Laurent Goderre
ceced5eb27
Add detection of Erlang in Alpine linux ( #2996 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-06-25 14:40:40 -07:00
anchore-actions-token-generator[bot]
7da15890eb
chore(deps): update tools to latest versions ( #2991 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-06-25 13:41:26 -07:00
anchore-actions-token-generator[bot]
580c09b01c
chore(deps): update stereoscope to 753b5576fe42bc007b22108ad7911d1729957a46 ( #2992 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-06-25 13:41:08 -07:00
dependabot[bot]
0dce67872e
chore(deps): bump github.com/charmbracelet/bubbletea ( #2995 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 0.26.5 to 0.26.6.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.26.5...v0.26.6 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-25 10:10:26 -07:00
anchore-actions-token-generator[bot]
1eae9333a9
chore(deps): update CPE dictionary index ( #2986 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-06-24 08:27:29 -07:00
dependabot[bot]
863891f325
chore(deps): bump github.com/go-test/deep from 1.1.0 to 1.1.1 ( #2988 )
...
Bumps [github.com/go-test/deep](https://github.com/go-test/deep ) from 1.1.0 to 1.1.1.
- [Release notes](https://github.com/go-test/deep/releases )
- [Changelog](https://github.com/go-test/deep/blob/master/CHANGES.md )
- [Commits](https://github.com/go-test/deep/compare/v1.1.0...v1.1.1 )
---
updated-dependencies:
- dependency-name: github.com/go-test/deep
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-24 08:27:13 -07:00
Keith Zantow
bd1c1d260c
fix: handle errors reading go licenses ( #2985 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-06-24 10:27:03 -04:00
Christopher Angelo Phillips
f5a917a5a2
docs: update cyclone-dx documentation ( #2983 )
...
* chore: update docs to show 1.6 for cyclone-dx by default
* chore: update README showing version information for formats
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-06-21 09:32:59 -07:00
Rajan Agaskar
ae0683074e
feat: update syft to generate cyclone-dx 1.6 by default ( #2978 )
...
- Resolves #2974
- add detailed instructions re: updating schemas (a necessary task
when a new CycloneDX spec version becomes available).
- The DefaultVersion constant has been updated to "1.6" -- it's not
clear to me how this is used at this time (it may be redundant given
other code), but effectively unless a specific spec version is
configured, `syft` will emit the "most recent" spec version available
for cyclonedx. Users who wish to pin back to a "older" specVersion
(e.g. to preserve compatibilty with utilities that have not yet bumped
to latest) can either set this in a syft config file or pass a
name@spec_version pair to the output flag (e.g. `-o
cyclonedx-json@1.5=some-1.5-spec-bom.cdx.json`)
- Regenerate relevant .golden files (there seems to be a way to do this
via flags, but I couldn't quite figure out the right set to pass
correctly, esp. since (as a relative go novice) I found it difficult
to run just a single test file. I ended up "brute-forcing it" by
changing the *updateSnapshot val to "true" and running it in Goland.
A brief comment giving an example of regenerating fixtures usage would
be helpful.
Signed-off-by: Rajan Agaskar <ragaskar@gmail.com>
2024-06-21 08:51:27 -07:00
dependabot[bot]
9b178174a7
chore(deps): bump github.com/charmbracelet/bubbletea ( #2982 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 0.26.4 to 0.26.5.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.26.4...v0.26.5 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-21 08:46:35 -07:00
dependabot[bot]
e947779886
chore(deps): bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 ( #2975 )
2024-06-20 15:12:12 +00:00
Laurent Goderre
7a35de04ee
fix: detection of arangodb 3.12 ( #2979 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-06-20 11:11:03 -04:00
Weston Steimel
246df97ae7
chore: enable dependabot to keep boostrap action updated ( #2976 )
...
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-06-19 20:17:11 +01:00
dependabot[bot]
750d37f075
chore(deps): bump github.com/github/go-spdx/v2 from 2.2.0 to 2.3.1 ( #2973 )
...
Bumps [github.com/github/go-spdx/v2](https://github.com/github/go-spdx ) from 2.2.0 to 2.3.1.
- [Release notes](https://github.com/github/go-spdx/releases )
- [Commits](https://github.com/github/go-spdx/compare/v2.2.0...v2.3.1 )
---
updated-dependencies:
- dependency-name: github.com/github/go-spdx/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-18 09:46:11 -07:00
dependabot[bot]
5061b905dc
chore(deps): bump github.com/google/go-containerregistry ( #2971 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.19.1 to 0.19.2.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.19.1...v0.19.2 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-17 08:44:19 -07:00
dependabot[bot]
ed3774afa7
chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 ( #2972 )
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Commits](https://github.com/spf13/cobra/compare/v1.8.0...v1.8.1 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-17 08:44:10 -07:00
Christopher Angelo Phillips
22d5731482
fix: fix parsing for complex toml types ( #2965 )
...
* fix: fix parsing for complex toml types
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-14 19:32:17 +00:00
Keith Zantow
af3aaa0397
fix: make caching options more explicit ( #2966 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-06-14 18:45:48 +00:00
anchore-actions-token-generator[bot]
70098e20bb
chore(deps): update tools to latest versions ( #2961 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-06-14 08:18:41 -07:00
dependabot[bot]
784b17f66c
chore(deps): bump github/codeql-action from 3.25.9 to 3.25.10 ( #2964 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.9 to 3.25.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](530d4feaa9...23acc5c183
2024-06-14 08:18:25 -07:00
Weston Steimel
d5cd5f6091
feat: index known CPEs for wordpress plugins and themes ( #2963 )
...
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-06-14 14:39:43 +01:00
Weston Steimel
749ccc59c1
fix(golang): improve version extraction from ldflags for pingcap TiDB ( #2962 )
...
* fix(golang): improve version extraction from ldflags for pingcap TiDB
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
* loosen ld flag parsing requirements
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-14 14:35:14 +01:00
dependabot[bot]
273e31e806
chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 ( #2955 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.6 to 4.1.7.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](a5ac7e51b4...692973e3d9
2024-06-13 12:28:04 -04:00
dependabot[bot]
9beaec2e97
chore(deps): bump github/codeql-action from 3.25.8 to 3.25.9 ( #2956 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.8 to 3.25.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2e230e8fe0...530d4feaa9
2024-06-13 12:27:53 -04:00
Keith Zantow
ca0cc52d47
fix: separate golang license caches from mod dir ( #2852 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-06-12 19:12:35 -04:00
dependabot[bot]
dd723bb3c5
chore(deps): bump github.com/vbatts/go-mtree from 0.5.3 to 0.5.4 ( #2952 )
...
Bumps [github.com/vbatts/go-mtree](https://github.com/vbatts/go-mtree ) from 0.5.3 to 0.5.4.
- [Release notes](https://github.com/vbatts/go-mtree/releases )
- [Changelog](https://github.com/vbatts/go-mtree/blob/main/releases.md )
- [Commits](https://github.com/vbatts/go-mtree/compare/v0.5.3...v0.5.4 )
---
updated-dependencies:
- dependency-name: github.com/vbatts/go-mtree
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-12 13:17:06 -04:00
anchore-actions-token-generator[bot]
fb68489590
chore(deps): update tools to latest versions ( #2949 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-06-11 08:09:07 -07:00
dependabot[bot]
5590d5c1ce
chore(deps): bump modernc.org/sqlite from 1.30.0 to 1.30.1 ( #2950 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.30.0 to 1.30.1.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.30.0...v1.30.1 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-11 08:08:45 -07:00
Alex Goodman
0956753409
Consider Author field for wordpress plugins when generating CPEs ( #2946 )
...
* enhance wordpress vendor candidates for CPEs
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* encode wordpress plugin target software
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-10 14:12:20 -04:00
Alex Goodman
f966bcfd03
trim whitespace from wordpress values ( #2945 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-10 13:35:01 -04:00
Alex Goodman
c43f4fb416
add signature verification to install.sh ( #2941 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-10 11:29:53 -04:00
Alex Goodman
db0c33481e
pin golang image ( #2944 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-10 09:59:33 -04:00
anchore-actions-token-generator[bot]
a658cc7402
chore(deps): update tools to latest versions ( #2943 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-06-10 09:20:22 -04:00
Alex Goodman
254a562b4e
Add support for reading ELF package notes with section header ( #2939 )
...
* add support for reading ELF package notes with section header
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add systemd elf package fields to json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-07 14:38:54 -04:00
anchore-actions-token-generator[bot]
bc20e66d08
chore(deps): update tools to latest versions ( #2940 )
...
* chore(deps): update tools to latest versions
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* chore: update header and deprecated fields
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---------
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-06-07 16:55:32 +00:00
Alex Goodman
6e16396d18
remove dco workflow ( #2936 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-06 14:29:55 +00:00
Brian Ebarb
5cdc0845fb
feat: add license field to ELF binary package metadata ( #2890 )
...
Signed-off-by: Brian Ebarb <ebarb.brian@gmail.com>
feat: add License component to elf binary packages
Signed-off-by: Brian Ebarb <ebarb.brian@gmail.com>
feat: fix elf_package_cataloger test
feat: elf package cataloger unit test updates
2024-06-06 14:10:53 +00:00
dependabot[bot]
baca15f186
chore(deps): bump github.com/docker/docker ( #2935 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 26.1.3+incompatible to 26.1.4+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v26.1.3...v26.1.4 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-06 09:56:47 -04:00
Laurent Goderre
b608ab77e1
feat: classifier for util-linux ( #2933 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-06-05 17:32:52 -04:00
dependabot[bot]
f4c941f08d
chore(deps): bump golang.org/x/net from 0.25.0 to 0.26.0 ( #2929 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.25.0 to 0.26.0.
- [Commits](https://github.com/golang/net/compare/v0.25.0...v0.26.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-05 19:09:09 +00:00
dependabot[bot]
2d5760145c
chore(deps): bump github/codeql-action from 3.25.7 to 3.25.8 ( #2928 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.7 to 3.25.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f079b84933...2e230e8fe0
2024-06-05 11:58:14 -07:00
dependabot[bot]
f11bb95c1e
chore(deps): bump golang.org/x/mod from 0.17.0 to 0.18.0 ( #2930 )
...
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.17.0 to 0.18.0.
- [Commits](https://github.com/golang/mod/compare/v0.17.0...v0.18.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-05 11:57:54 -07:00
dependabot[bot]
d2fa5ed41c
chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.8.0 to 0.9.0 ( #2931 )
...
Bumps [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go ) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/CycloneDX/cyclonedx-go/releases )
- [Changelog](https://github.com/CycloneDX/cyclonedx-go/blob/master/.goreleaser.yml )
- [Commits](https://github.com/CycloneDX/cyclonedx-go/compare/v0.8.0...v0.9.0 )
---
updated-dependencies:
- dependency-name: github.com/CycloneDX/cyclonedx-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-05 11:57:43 -07:00
Christopher Angelo Phillips
7508d75b2b
fix: update unit tests to use pinned patch version ( #2932 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-06-05 18:31:38 +00:00
Alex Goodman
3472b48177
Add relationships for python poetry packages ( #2906 )
...
* [wip] add initial poetry.lock relationship support
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* provide generic set for basic types
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* dependency resolver should allow for conditional deps
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add tests for poetry lock relationship additions
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update schema with python poetry dependency refs
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* dep specification data structure should not be recursive in nature
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-04 20:00:05 +00:00
Alex Goodman
4bdbd1aa2a
remove unused test fixtures and empty dirs ( #2924 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-04 15:22:49 -04:00
William Murphy
557ad73ee6
fix: only skip tmpfs mounts for some paths ( #2918 )
...
* fix: only skip tmpfs mounts for some paths
Signed-off-by: Will Murphy <will.murphy@anchore.com>
* refactor and add tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add regression test for archive processing
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bump to golang 1.22
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove rule 1 and add more tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-04 15:21:45 -04:00
Alex Goodman
cb09dd9e19
match existing DCO GH check name
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-04 13:34:29 -04:00
Alex Goodman
2f39322f81
use dco tool during gh app outage ( #2926 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-04 17:31:29 +00:00
William Tang
fe0b78b7fe
fix: close sql driver after testing sqlite availability ( #2922 )
...
Signed-off-by: William Tang <ttc0419@outlook.com>
2024-06-03 14:42:13 +00:00
