Laurent Goderre
9c2799e379
Add the Ocaml ecosystem ( #3112 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-09-10 10:35:18 -04:00
dependabot[bot]
dafc6ad034
chore(deps): bump github.com/charmbracelet/bubbles from 0.19.0 to 0.20.0 ( #3209 )
...
Bumps [github.com/charmbracelet/bubbles](https://github.com/charmbracelet/bubbles ) from 0.19.0 to 0.20.0.
- [Release notes](https://github.com/charmbracelet/bubbles/releases )
- [Changelog](https://github.com/charmbracelet/bubbles/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbles/compare/v0.19.0...v0.20.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbles
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-09 16:28:01 -04:00
dependabot[bot]
16f89840fd
chore(deps): bump modernc.org/sqlite from 1.32.0 to 1.33.0 ( #3210 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.32.0 to 1.33.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.32.0...v1.33.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-09 16:27:52 -04:00
dependabot[bot]
2475f7f696
chore(deps): bump github.com/docker/docker ( #3211 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 27.2.0+incompatible to 27.2.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v27.2.0...v27.2.1 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-09 16:27:43 -04:00
dependabot[bot]
f735a428eb
chore(deps): bump github.com/dave/jennifer from 1.7.0 to 1.7.1 ( #3212 )
...
Bumps [github.com/dave/jennifer](https://github.com/dave/jennifer ) from 1.7.0 to 1.7.1.
- [Commits](https://github.com/dave/jennifer/compare/v1.7.0...v1.7.1 )
---
updated-dependencies:
- dependency-name: github.com/dave/jennifer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-09 16:27:33 -04:00
Alex Goodman
ba7bf6b85e
dont cleanup cache in forks ( #3214 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-09-09 20:27:21 +00:00
Alex Goodman
b153b1d594
less verbose java logging when non-fatal issues arise ( #3208 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-09-09 15:27:59 +00:00
Alex Goodman
0a3f513f92
Slim down docker cache size ( #3190 )
...
* slim down docker cache size
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove old centos images
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* troubleshoot test failure
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix wget version ref
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* refactor caching mechanisms
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add cache cleanup steps
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* simplify deleting cache
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix first clone issue
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add tool dep
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-09-09 11:15:13 -04:00
dependabot[bot]
deabd4115a
chore(deps): bump peter-evans/create-pull-request from 7.0.0 to 7.0.1 ( #3196 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.0 to 7.0.1.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](4320041ed3...8867c4aba1
2024-09-05 15:06:23 -04:00
dependabot[bot]
ff0bae67bd
chore(deps): bump golang.org/x/mod from 0.20.0 to 0.21.0 ( #3197 )
...
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.20.0 to 0.21.0.
- [Commits](https://github.com/golang/mod/compare/v0.20.0...v0.21.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-05 15:05:15 -04:00
witchcraze
a343825685
fix: haproxy classifier for versions with -dev suffix ( #3180 )
...
Signed-off-by: witchcraze <witchcraze@gmail.com>
2024-09-05 14:52:19 -04:00
dependabot[bot]
7c96a10cbe
chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.3 to 3.3.0 ( #3177 )
...
Bumps [github.com/Masterminds/sprig/v3](https://github.com/Masterminds/sprig ) from 3.2.3 to 3.3.0.
- [Release notes](https://github.com/Masterminds/sprig/releases )
- [Changelog](https://github.com/Masterminds/sprig/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Masterminds/sprig/compare/v3.2.3...v3.3.0 )
---
updated-dependencies:
- dependency-name: github.com/Masterminds/sprig/v3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-03 12:22:43 -04:00
anchore-actions-token-generator[bot]
8c690d000d
chore(deps): update CPE dictionary index ( #3183 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-09-03 12:22:30 -04:00
dependabot[bot]
8ade391658
chore(deps): bump actions/upload-artifact from 4.3.6 to 4.4.0 ( #3184 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.6 to 4.4.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](834a144ee9...50769540e7
2024-09-03 12:22:16 -04:00
dependabot[bot]
e299a95120
chore(deps): bump peter-evans/create-pull-request from 6.1.0 to 7.0.0 ( #3187 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 6.1.0 to 7.0.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](c5a7806660...4320041ed3
2024-09-03 12:22:07 -04:00
Mikail
f2caf45695
fix: properly decode SPDX license expressions in CycloneDX format ( #3175 )
...
Signed-off-by: Mikail Kocak <mikail-gh@pm.me>
2024-08-29 11:05:43 -04:00
dependabot[bot]
731fc77641
chore(deps): bump github.com/docker/docker ( #3168 )
2024-08-29 14:16:50 +00:00
dependabot[bot]
3499d92c6d
chore(deps): bump github.com/charmbracelet/bubbletea ( #3171 )
2024-08-29 14:16:43 +00:00
dependabot[bot]
19d2735aff
chore(deps): bump github/codeql-action from 3.26.5 to 3.26.6 ( #3173 )
2024-08-29 14:16:34 +00:00
Keith Zantow
11d77b4a94
fix: cycles resolving relative path parent poms with parent-defined variables ( #3170 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-08-28 15:12:13 -04:00
Weston Steimel
2c25f81b68
fix: improve generated cpes for binaries with existing classifiers ( #3169 )
...
The existing syft binary classifiers already specify any known CPEs for
the defined binary; however, sometimes these end up getting suppressed
(such as when there are ELF notes extracted) and the CPE generator ends
up being used instead. This adds enough detail to at least ensure the
correct ones get appended to the generation list for the currently
covered classifiers.
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-08-28 16:46:35 +01:00
GGMU
04e3371cce
fix: add log time of task ( #3105 )
...
Signed-off-by: tomersein <tomersein@gmail.com>
2024-08-28 11:04:26 -04:00
Weston Steimel
5ab43bafec
fix: improve known CPEs and set NVD as source for all current binary classifiers ( #3167 )
...
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-08-27 17:36:34 +01:00
Alex Goodman
e9a8c27be1
respond to authoratative CPEs from catalogers ( #3166 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-08-27 10:26:35 -04:00
Alex Goodman
4ee6c179f8
set cataloger names within package cataloger task ( #3165 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-08-27 09:23:43 -04:00
Weston Steimel
99be365f62
fix: use official CPE for curl binary cataloger ( #3164 )
...
The official CPE for curl is `cpe:2.3🅰️ haxx:curl:*:*:*:*:*:*:*:*`
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-08-27 14:03:19 +01:00
anchore-actions-token-generator[bot]
cf9bb13f2b
chore(deps): update tools to latest versions ( #3160 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-08-26 10:07:59 -04:00
anchore-actions-token-generator[bot]
0cd6185716
chore(deps): update CPE dictionary index ( #3161 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-08-26 10:07:44 -04:00
dependabot[bot]
6549ec9831
chore(deps): bump github/codeql-action from 3.26.4 to 3.26.5 ( #3162 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.4 to 3.26.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f0f3afee80...2c779ab0d0
2024-08-26 10:07:18 -04:00
Alex Goodman
b6b5c8e308
fix ELF package correlations ( #3151 )
2024-08-26 08:44:39 -04:00
anchore-actions-token-generator[bot]
dad253785e
chore(deps): update tools to latest versions ( #3144 )
2024-08-23 14:42:12 -04:00
KrysGor
cff9d494df
feat: detect curl binaries ( #3146 )
2024-08-23 14:41:08 -04:00
dependabot[bot]
9ab3de1819
chore(deps): bump anchore/sbom-action from 0.17.1 to 0.17.2 ( #3155 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.1 to 0.17.2.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](ab9d16d4b4...61119d458a
2024-08-22 13:52:58 -04:00
dependabot[bot]
6f0230879a
chore(deps): bump github/codeql-action from 3.26.3 to 3.26.4 ( #3154 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.3 to 3.26.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](883d8588e5...f0f3afee80
2024-08-22 13:52:48 -04:00
anchore-actions-token-generator[bot]
691f34ce27
chore(deps): update stereoscope to e6d086e8bef5fab4fcfbd60c9a759c4cb229decf ( #3152 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-08-22 13:52:34 -04:00
dependabot[bot]
ac977246c9
chore(deps): bump github.com/charmbracelet/bubbles from 0.18.0 to 0.19.0 ( #3148 )
...
Bumps [github.com/charmbracelet/bubbles](https://github.com/charmbracelet/bubbles ) from 0.18.0 to 0.19.0.
- [Release notes](https://github.com/charmbracelet/bubbles/releases )
- [Changelog](https://github.com/charmbracelet/bubbles/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbles/compare/v0.18.0...v0.19.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbles
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-22 13:52:06 -04:00
dependabot[bot]
78d48b4209
chore(deps): bump github.com/charmbracelet/lipgloss ( #3147 )
...
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss ) from 0.12.1 to 0.13.0.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases )
- [Changelog](https://github.com/charmbracelet/lipgloss/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.12.1...v0.13.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-22 13:51:57 -04:00
dependabot[bot]
bd80eeafac
chore(deps): bump github.com/anchore/stereoscope ( #3153 )
...
Bumps [github.com/anchore/stereoscope](https://github.com/anchore/stereoscope ) from 0.0.3-0.20240725180315-50ce3be7aa1f to 0.0.3.
- [Release notes](https://github.com/anchore/stereoscope/releases )
- [Changelog](https://github.com/anchore/stereoscope/blob/main/.goreleaser.yaml )
- [Commits](https://github.com/anchore/stereoscope/commits/v0.0.3 )
---
updated-dependencies:
- dependency-name: github.com/anchore/stereoscope
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-22 13:51:50 -04:00
Keith Zantow
73b9d5aa42
fix: mysql 8.0.3x binary detection ( #3142 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-08-21 09:48:28 -04:00
dependabot[bot]
f786233e97
chore(deps): bump github/codeql-action from 3.26.2 to 3.26.3 ( #3139 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.2 to 3.26.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](429e197704...883d8588e5
2024-08-20 23:04:58 +00:00
Keith Zantow
95b4a88256
fix: logging for remote network calls ( #3140 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-08-20 11:45:33 -04:00
anchore-actions-token-generator[bot]
511cc9c2d5
chore(deps): update CPE dictionary index ( #3135 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-08-19 12:49:43 -04:00
dependabot[bot]
360983f75b
chore(deps): bump github.com/charmbracelet/bubbletea ( #3137 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 0.26.6 to 0.27.0.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.26.6...v0.27.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-19 12:48:24 -04:00
anchore-actions-token-generator[bot]
4b7ae0ed3b
chore(deps): update tools to latest versions ( #3121 )
...
* chore(deps): update tools to latest versions
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* chore: update code to reflect new linter settings for error messages
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---------
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-08-16 17:56:36 +00:00
dependabot[bot]
4ff60ee837
chore(deps): bump github.com/docker/docker ( #3123 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 27.1.1+incompatible to 27.1.2+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v27.1.1...v27.1.2 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-15 13:50:51 -04:00
dependabot[bot]
965000dcbb
chore(deps): bump anchore/sbom-action from 0.17.0 to 0.17.1 ( #3124 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.0 to 0.17.1.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](d94f46e13c...ab9d16d4b4
2024-08-15 13:16:47 -04:00
dependabot[bot]
a447884084
chore(deps): bump github/codeql-action from 3.26.0 to 3.26.2 ( #3129 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.0 to 3.26.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](eb055d739a...429e197704
2024-08-15 13:16:39 -04:00
Lucas Rodriguez
cd3b828905
fix: add nil check to CycloneDX toBomProperties ( #3119 )
...
Signed-off-by: Lucas Rodriguez <lucas.rodriguez9616@gmail.com>
2024-08-13 16:02:15 -04:00
Lukas Voetmand
3161e1847e
fix: read CycloneDX BOM components from metadata ( #3092 )
...
Signed-off-by: dervoeti <lukas.voetmand@stackable.tech>
2024-08-12 16:37:23 -04:00
Weston Steimel
df1e5b57fe
fix: improve groupid extraction for Jenkins plugins ( #2815 )
...
* fix: improve groupid extraction for Jenkins plugins
Consider the `Group-Id` java manifest property as this is typically set
for Jenkins plugins if there is no pom file
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
* test: update java purl integration test image
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
---------
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-08-12 13:01:44 -04:00
