Alan Pope
761a161e7f
docs: CODE_OF_CONDUCT.md ( #3046 )
...
This PR adds a code of conduct document to the repo, as agreed at our recent OSS team catch up.
Signed-off-by: Alan Pope <alan@popey.com>
2024-07-17 14:33:17 -07:00
Keith Zantow
ba31c2f1ae
fix: include CPEs with Maven groupId as vendor ( #3045 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-07-17 11:23:58 -07:00
dependabot[bot]
5d729a5e9e
chore(deps): bump github.com/google/go-containerregistry ( #3047 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.20.0 to 0.20.1.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.20.0...v0.20.1 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-17 11:21:23 -07:00
dependabot[bot]
276df95768
chore(deps): bump github.com/moby/sys/mountinfo from 0.7.1 to 0.7.2 ( #3048 )
...
Bumps [github.com/moby/sys/mountinfo](https://github.com/moby/sys ) from 0.7.1 to 0.7.2.
- [Release notes](https://github.com/moby/sys/releases )
- [Commits](https://github.com/moby/sys/compare/signal/v0.7.1...mountinfo/v0.7.2 )
---
updated-dependencies:
- dependency-name: github.com/moby/sys/mountinfo
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-17 11:21:14 -07:00
dependabot[bot]
cca9a06a64
chore(deps): bump modernc.org/sqlite from 1.30.1 to 1.30.2 ( #3039 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.30.1 to 1.30.2.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.30.1...v1.30.2 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-17 09:10:34 -04:00
Bradley Jones
4d23990dd4
docs: link to contrib/dev docs in readme ( #3029 )
...
These docs are full of great information so make them easily accessible
from the README so they aren't overlooked.
Signed-off-by: Bradley Jones <bradley.jones@anchore.com>
2024-07-16 06:59:31 -07:00
Adam McClenaghan
d4fa61e0a2
chore: Fix apache shield in readme ( #3021 )
...
Signed-off-by: Adam McClenaghan <adam@mcclenaghan.co.uk>
2024-07-16 06:59:14 -07:00
anchore-actions-token-generator[bot]
d4d4e003e9
chore(deps): update tools to latest versions ( #3031 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-07-16 06:58:33 -07:00
dependabot[bot]
6bf91a410d
chore(deps): bump github/codeql-action from 3.25.11 to 3.25.12 ( #3034 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.11 to 3.25.12.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b611370bb5...4fa2a79536
2024-07-16 06:58:18 -07:00
dependabot[bot]
77c300d617
chore(deps): bump anchore/sbom-action from 0.16.1 to 0.17.0 ( #3044 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.16.1 to 0.17.0.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](95b086ac30...d94f46e13c
2024-07-16 06:58:07 -07:00
William Murphy
75902b0540
fix: stop panicking on "devel" version go stdlib ( #3043 )
...
Previously, if a Go binary was cataloged with build info indicating that
the go compiler version used was "deve", syft would panic on a nil
pointer dereference. Instead, skip creating a Go stdlib reference and
relationship for such a package.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2024-07-16 09:51:14 -04:00
Keith Zantow
278b72d39b
chore: pin fedora image for elf binary test ( #3041 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-07-15 16:37:09 +00:00
dependabot[bot]
37245a21cc
chore(deps): bump anchore/sbom-action from 0.16.0 to 0.16.1 ( #3023 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.16.0 to 0.16.1.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](e8d2a6937e...95b086ac30
2024-07-11 14:50:48 -04:00
anchore-actions-token-generator[bot]
e2fe955262
chore(deps): update stereoscope to 27b66b76fc6686fcf6bde656aa09e1f0e047fec1 ( #3026 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-07-11 10:38:10 -07:00
dependabot[bot]
4e09908ba1
chore(deps): bump actions/setup-go from 5.0.1 to 5.0.2 ( #3027 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 5.0.1 to 5.0.2.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](cdcb360436...0a12ed9d6a
2024-07-11 10:19:48 -07:00
dependabot[bot]
863793a3cc
chore(deps): bump github.com/charmbracelet/lipgloss ( #3028 )
...
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss ) from 0.11.0 to 0.11.1.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases )
- [Changelog](https://github.com/charmbracelet/lipgloss/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.11.0...v0.11.1 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-11 10:19:14 -07:00
Christopher Angelo Phillips
f7ffcc534f
fix: stabilize cpe sorting during collection sort ( #3009 )
2024-07-09 14:24:21 -04:00
Laurent Goderre
b101f44aba
Map the downloadLocation field for PHP Composer packages ( #3011 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-07-09 09:01:58 -07:00
anchore-actions-token-generator[bot]
de3313cfb6
chore(deps): update stereoscope to e46739e217969fa67cbe8834b64bb165a10a1548 ( #3013 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-07-09 07:53:04 -07:00
dependabot[bot]
b2f9904d74
chore(deps): bump golang.org/x/net from 0.26.0 to 0.27.0 ( #3015 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.26.0 to 0.27.0.
- [Commits](https://github.com/golang/net/compare/v0.26.0...v0.27.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-09 07:52:32 -07:00
dependabot[bot]
13d01ecaff
chore(deps): bump golang.org/x/mod from 0.18.0 to 0.19.0 ( #3014 )
...
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.18.0 to 0.19.0.
- [Commits](https://github.com/golang/mod/compare/v0.18.0...v0.19.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-09 07:08:25 -07:00
dependabot[bot]
7dc1b1ce27
chore(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4 ( #3017 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.3 to 4.3.4.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](65462800fd...0b2256b8c0
2024-07-09 07:08:12 -07:00
dependabot[bot]
b8dce675fe
chore(deps): bump github.com/google/go-containerregistry ( #3019 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.19.2 to 0.20.0.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.19.2...v0.20.0 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-09 07:08:02 -07:00
dependabot[bot]
6dda9edd7c
chore(deps): bump github.com/adrg/xdg from 0.4.0 to 0.5.0 ( #3020 )
...
Bumps [github.com/adrg/xdg](https://github.com/adrg/xdg ) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/adrg/xdg/releases )
- [Commits](https://github.com/adrg/xdg/compare/v0.4.0...v0.5.0 )
---
updated-dependencies:
- dependency-name: github.com/adrg/xdg
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-09 07:07:53 -07:00
anchore-actions-token-generator[bot]
04c861bf77
chore(deps): update CPE dictionary index ( #3016 )
2024-07-08 08:13:17 -04:00
Alex Goodman
573440b7cf
Infer the package type from ELF package notes ( #3008 )
...
* fix ELF package types to be honored
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* prefer OS packages over binary packages when there are duplicates
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-07-02 16:07:08 -04:00
anchore-actions-token-generator[bot]
c816039e91
chore(deps): update tools to latest versions ( #3003 )
2024-07-01 20:04:45 -04:00
anchore-actions-token-generator[bot]
7f3ca65cf6
chore(deps): update CPE dictionary index ( #3002 )
2024-07-01 15:02:15 -04:00
dependabot[bot]
43e5b1b45f
chore(deps): bump github.com/docker/docker ( #3006 )
2024-07-01 19:01:01 +00:00
dependabot[bot]
a876aaccb2
chore(deps): bump github/codeql-action from 3.25.10 to 3.25.11 ( #3004 )
2024-07-01 19:00:35 +00:00
dependabot[bot]
875669bfd1
chore(deps): bump github.com/saferwall/pe from 1.5.3 to 1.5.4 ( #3005 )
2024-07-01 19:00:07 +00:00
Danielle Featherstone
5283c4687a
feat: version 3 support for swift package manager of the resolved files ( #3001 )
...
Signed-off-by: Danielle Featherstone <dfeatherstone@fearless.tech>
2024-07-01 14:27:37 -04:00
dependabot[bot]
4d48adfa3f
chore(deps): bump github.com/spdx/tools-golang from 0.5.4 to 0.5.5 ( #2999 )
2024-06-26 13:44:52 +00:00
dependabot[bot]
c8b449c92b
chore(deps): bump github.com/docker/docker ( #2994 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 26.1.4+incompatible to 27.0.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v26.1.4...v27.0.1 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-25 14:40:51 -07:00
Laurent Goderre
ceced5eb27
Add detection of Erlang in Alpine linux ( #2996 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-06-25 14:40:40 -07:00
anchore-actions-token-generator[bot]
7da15890eb
chore(deps): update tools to latest versions ( #2991 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-06-25 13:41:26 -07:00
anchore-actions-token-generator[bot]
580c09b01c
chore(deps): update stereoscope to 753b5576fe42bc007b22108ad7911d1729957a46 ( #2992 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-06-25 13:41:08 -07:00
dependabot[bot]
0dce67872e
chore(deps): bump github.com/charmbracelet/bubbletea ( #2995 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 0.26.5 to 0.26.6.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.26.5...v0.26.6 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-25 10:10:26 -07:00
anchore-actions-token-generator[bot]
1eae9333a9
chore(deps): update CPE dictionary index ( #2986 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-06-24 08:27:29 -07:00
dependabot[bot]
863891f325
chore(deps): bump github.com/go-test/deep from 1.1.0 to 1.1.1 ( #2988 )
...
Bumps [github.com/go-test/deep](https://github.com/go-test/deep ) from 1.1.0 to 1.1.1.
- [Release notes](https://github.com/go-test/deep/releases )
- [Changelog](https://github.com/go-test/deep/blob/master/CHANGES.md )
- [Commits](https://github.com/go-test/deep/compare/v1.1.0...v1.1.1 )
---
updated-dependencies:
- dependency-name: github.com/go-test/deep
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-24 08:27:13 -07:00
Keith Zantow
bd1c1d260c
fix: handle errors reading go licenses ( #2985 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-06-24 10:27:03 -04:00
Christopher Angelo Phillips
f5a917a5a2
docs: update cyclone-dx documentation ( #2983 )
...
* chore: update docs to show 1.6 for cyclone-dx by default
* chore: update README showing version information for formats
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-06-21 09:32:59 -07:00
Rajan Agaskar
ae0683074e
feat: update syft to generate cyclone-dx 1.6 by default ( #2978 )
...
- Resolves #2974
- add detailed instructions re: updating schemas (a necessary task
when a new CycloneDX spec version becomes available).
- The DefaultVersion constant has been updated to "1.6" -- it's not
clear to me how this is used at this time (it may be redundant given
other code), but effectively unless a specific spec version is
configured, `syft` will emit the "most recent" spec version available
for cyclonedx. Users who wish to pin back to a "older" specVersion
(e.g. to preserve compatibilty with utilities that have not yet bumped
to latest) can either set this in a syft config file or pass a
name@spec_version pair to the output flag (e.g. `-o
cyclonedx-json@1.5=some-1.5-spec-bom.cdx.json`)
- Regenerate relevant .golden files (there seems to be a way to do this
via flags, but I couldn't quite figure out the right set to pass
correctly, esp. since (as a relative go novice) I found it difficult
to run just a single test file. I ended up "brute-forcing it" by
changing the *updateSnapshot val to "true" and running it in Goland.
A brief comment giving an example of regenerating fixtures usage would
be helpful.
Signed-off-by: Rajan Agaskar <ragaskar@gmail.com>
2024-06-21 08:51:27 -07:00
dependabot[bot]
9b178174a7
chore(deps): bump github.com/charmbracelet/bubbletea ( #2982 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 0.26.4 to 0.26.5.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.26.4...v0.26.5 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-21 08:46:35 -07:00
dependabot[bot]
e947779886
chore(deps): bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 ( #2975 )
2024-06-20 15:12:12 +00:00
Laurent Goderre
7a35de04ee
fix: detection of arangodb 3.12 ( #2979 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-06-20 11:11:03 -04:00
Weston Steimel
246df97ae7
chore: enable dependabot to keep boostrap action updated ( #2976 )
...
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-06-19 20:17:11 +01:00
dependabot[bot]
750d37f075
chore(deps): bump github.com/github/go-spdx/v2 from 2.2.0 to 2.3.1 ( #2973 )
...
Bumps [github.com/github/go-spdx/v2](https://github.com/github/go-spdx ) from 2.2.0 to 2.3.1.
- [Release notes](https://github.com/github/go-spdx/releases )
- [Commits](https://github.com/github/go-spdx/compare/v2.2.0...v2.3.1 )
---
updated-dependencies:
- dependency-name: github.com/github/go-spdx/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-18 09:46:11 -07:00
dependabot[bot]
5061b905dc
chore(deps): bump github.com/google/go-containerregistry ( #2971 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.19.1 to 0.19.2.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.19.1...v0.19.2 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-17 08:44:19 -07:00
dependabot[bot]
ed3774afa7
chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 ( #2972 )
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Commits](https://github.com/spf13/cobra/compare/v1.8.0...v1.8.1 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-17 08:44:10 -07:00
