Commit graph

309 commits

Author SHA1 Message Date
dependabot[bot]
b23879fd37
chore(deps): bump golang.org/x/net from 0.15.0 to 0.16.0 (#2204)
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.15.0 to 0.16.0.
- [Commits](https://github.com/golang/net/compare/v0.15.0...v0.16.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-06 12:01:38 -04:00
dependabot[bot]
127fac8ca9
chore(deps): bump github.com/saferwall/pe from 1.4.6 to 1.4.7 (#2198)
Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe) from 1.4.6 to 1.4.7.
- [Release notes](https://github.com/saferwall/pe/releases)
- [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md)
- [Commits](https://github.com/saferwall/pe/compare/v1.4.6...v1.4.7)

---
updated-dependencies:
- dependency-name: github.com/saferwall/pe
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-05 13:02:30 -04:00
dependabot[bot]
37bb95f5c9
chore(deps): bump golang.org/x/mod from 0.12.0 to 0.13.0 (#2199)
Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.12.0 to 0.13.0.
- [Commits](https://github.com/golang/mod/compare/v0.12.0...v0.13.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-05 11:50:05 -04:00
dependabot[bot]
86005d1593
chore(deps): bump modernc.org/sqlite from 1.25.0 to 1.26.0 (#2189)
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.25.0 to 1.26.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.25.0...v1.26.0)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-02 12:34:59 -04:00
dependabot[bot]
45625dae94
chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.10 to 0.4.11 (#2191)
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.4.10 to 0.4.11.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.10...v0.4.11)

---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-02 12:33:42 -04:00
dependabot[bot]
7b1af8721d
chore(deps): bump github.com/saferwall/pe from 1.4.5 to 1.4.6 (#2180)
Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe) from 1.4.5 to 1.4.6.
- [Release notes](https://github.com/saferwall/pe/releases)
- [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md)
- [Commits](https://github.com/saferwall/pe/compare/v1.4.5...v1.4.6)

---
updated-dependencies:
- dependency-name: github.com/saferwall/pe
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-27 15:04:52 -04:00
dependabot[bot]
534a5f54b0
chore(deps): bump github.com/spf13/afero from 1.9.5 to 1.10.0 (#2174)
Bumps [github.com/spf13/afero](https://github.com/spf13/afero) from 1.9.5 to 1.10.0.
- [Release notes](https://github.com/spf13/afero/releases)
- [Commits](https://github.com/spf13/afero/compare/v1.9.5...v1.10.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/afero
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-25 15:07:19 -04:00
William Murphy
8a414b5366
chore: bump stereoscope to fix data race in UI code (#2173)
Pulls in a fix in go-progress that prevents a race in the UI code when
scanning large images.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-09-25 10:29:56 -04:00
Đỗ Trọng Hải
b7fa75d7f8
chore: switch to stdlib's slices pkg (#2148)
* chore: switch to stdlib's slices pkg

Signed-off-by: hainenber <dotronghai96@gmail.com>

* fix linting

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: hainenber <dotronghai96@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-09-20 18:38:37 +00:00
Alex Goodman
58f8c852df
Require ordering of relationships when comparing parser output (#2160)
* require ordering of relationships when comparing parser output

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* [wip] fix cataloger test

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* change method of relationship sort to simple string dump

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-09-20 17:39:18 +00:00
dependabot[bot]
ba00f3328d
chore(deps): bump github.com/github/go-spdx/v2 from 2.1.2 to 2.2.0 (#2158)
Bumps [github.com/github/go-spdx/v2](https://github.com/github/go-spdx) from 2.1.2 to 2.2.0.
- [Release notes](https://github.com/github/go-spdx/releases)
- [Commits](https://github.com/github/go-spdx/compare/v2.1.2...v2.2.0)

---
updated-dependencies:
- dependency-name: github.com/github/go-spdx/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-20 10:12:33 -04:00
Christopher Angelo Phillips
650f71cbe0
chore: update to latest stereoscope (#2151)
* chore: update to latest stereoscope

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* chore: go mod tidy

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

---------

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-19 15:22:10 -04:00
anchore-actions-token-generator[bot]
51243aa65f
chore(deps): update stereoscope to 41288870305034fade27388afa7326c44eb8ff17 (#2149)
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-09-19 09:07:15 -04:00
Shane Dell
23e3de75e3
Add containerd support (#1793)
* [wip] add containerd UI handlers

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* Add containerd support

- Add UI handlers (done by @wagoodman)
- Add containerd types and wrappers (done by @wagoodman)
- Add flag for specifying containerd address

Closes #201

Signed-off-by: Shane Dell <shanedell100@gmail.com>

* Fix lint

Signed-off-by: Shane Dell <shanedell100@gmail.com>

* add containerd ui handler

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add containerd scheme to readme

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add test for scheme detection

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Shane Dell <shanedell100@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-09-18 11:33:43 -04:00
Christopher Angelo Phillips
3e16c6813f
feat: add cyclonedx schema version selection (#2123)
---------

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-13 14:50:22 -04:00
dependabot[bot]
4a2fc226dd
chore(deps): bump github.com/go-git/go-git/v5 from 5.8.1 to 5.9.0 (#2125)
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.8.1 to 5.9.0.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.8.1...v5.9.0)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-13 10:33:47 -04:00
anchore-actions-token-generator[bot]
3a45653cfa
chore(deps): update stereoscope to 2fc2d6c2503b6e2212e04c64ceffd57c3395ae70 (#2117)
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-09-12 11:49:20 -04:00
anchore-actions-token-generator[bot]
e3c525b4b8
chore(deps): update stereoscope to 057dda3667e7f2b5e6ec6716747badd5f403c6de (#2109)
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-09-08 14:10:00 -04:00
dlorenc
9f22ab6137
Bump the golang.org/x/exp dependency and fix a build breakage. (#2088)
* Bump the golang.org/x/exp dependency and fix a build breakage.

---------

Signed-off-by: Dan Lorenc <dlorenc@chainguard.dev>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-07 14:55:52 -04:00
dependabot[bot]
212aa9b6cf
chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.7 to 0.4.10 (#2106)
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.4.7 to 0.4.10.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.7...v0.4.10)

---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-07 09:56:41 -04:00
dependabot[bot]
9caf51596e
chore(deps): bump github.com/saferwall/pe from 1.4.4 to 1.4.5 (#2096)
Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe) from 1.4.4 to 1.4.5.
- [Release notes](https://github.com/saferwall/pe/releases)
- [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md)
- [Commits](https://github.com/saferwall/pe/compare/v1.4.4...v1.4.5)

---
updated-dependencies:
- dependency-name: github.com/saferwall/pe
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-07 09:29:06 -04:00
dependabot[bot]
7645d5759d
chore(deps): bump github.com/docker/docker (#2098)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.5+incompatible to 24.0.6+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v24.0.5...v24.0.6)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-07 09:27:21 -04:00
dependabot[bot]
ce32f8bb74
chore(deps): bump golang.org/x/net from 0.14.0 to 0.15.0 (#2099)
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.14.0 to 0.15.0.
- [Commits](https://github.com/golang/net/compare/v0.14.0...v0.15.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-07 09:26:56 -04:00
Keith Zantow
2b7a9d0be3
chore: update CLI to CLIO (#2001)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-08-29 15:52:26 -04:00
5p2O5pe25ouT
b03e9c6868
Add registry certificate verification support (#1734)
* add registry certificate verification support

* replace stereoscope version

* modify go.mod

* pull in stereoscope update

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* rename registry cert options, add docs, and add test

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* update to account for changes in anchore/stereoscope#195

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix cli tests

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: lishituo <24578666@qq.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-08-29 11:45:20 -04:00
Sirish Bathina
62f689824c
Detect golang boring crypto and fipsonly modules (#2021)
* Extending build info to include crypto settings

Signed-off-by: Sirish Bathina <sirish@kasten.io>

* Use kasten fork for goversion module

Signed-off-by: Sirish Bathina <sirish@kasten.io>

* go mod tidy

Signed-off-by: Sirish Bathina <sirish@kasten.io>

* change key to GoCryptoSettings and lint fix

Signed-off-by: Sirish Bathina <sirish@kasten.io>

* Addressing feedback

Signed-off-by: Sirish Bathina <sirish@kasten.io>

---------

Signed-off-by: Sirish Bathina <sirish@kasten.io>
2023-08-24 09:49:59 -04:00
dependabot[bot]
a2b389523d
chore(deps): bump github.com/charmbracelet/lipgloss from 0.7.1 to 0.8.0 (#2053)
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.7.1 to 0.8.0.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases)
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.7.1...v0.8.0)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-23 13:41:17 -04:00
Alex Goodman
17d4203bbb
Enable reading non-utf-8 encodings for java pom.xml files (#2047)
* fix reading non utf8 encodings

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* in cases where we cant tell the encoding use the UTF8 replacement char

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* decompose the xml decoding func to get a valid utf8 reader first and test unknown encoding

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-08-23 10:06:34 -04:00
dependabot[bot]
cf37b17869
chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 (#2049)
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.3.0 to 1.3.1.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.3.0...v1.3.1)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-22 10:42:19 -04:00
dependabot[bot]
f58425a305
chore(deps): bump github.com/jinzhu/copier from 0.3.5 to 0.4.0 (#2045)
Bumps [github.com/jinzhu/copier](https://github.com/jinzhu/copier) from 0.3.5 to 0.4.0.
- [Commits](https://github.com/jinzhu/copier/compare/v0.3.5...v0.4.0)

---
updated-dependencies:
- dependency-name: github.com/jinzhu/copier
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-21 10:37:11 -04:00
dependabot[bot]
82eafeaf4a
chore(deps): bump github.com/vifraa/gopom from 0.2.2 to 1.0.0 (#2008)
* chore(deps): bump github.com/vifraa/gopom from 0.2.2 to 1.0.0
* refactor: update consumer code to use new optional values

Bumps [github.com/vifraa/gopom](https://github.com/vifraa/gopom) from 0.2.2 to 1.0.0.
- [Release notes](https://github.com/vifraa/gopom/releases)
- [Commits](https://github.com/vifraa/gopom/compare/v0.2.2...v1.0.0)

---
updated-dependencies:
- dependency-name: github.com/vifraa/gopom
  dependency-type: direct:production
  update-type: version-update:semver-major
...
---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-08-09 17:22:51 -04:00
dependabot[bot]
6bf6f85584
chore(deps): bump github.com/dave/jennifer from 1.6.1 to 1.7.0 (#2009)
Bumps [github.com/dave/jennifer](https://github.com/dave/jennifer) from 1.6.1 to 1.7.0.
- [Commits](https://github.com/dave/jennifer/compare/v1.6.1...v1.7.0)

---
updated-dependencies:
- dependency-name: github.com/dave/jennifer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-09 14:46:11 -04:00
dependabot[bot]
2fc65094b7
chore(deps): bump golang.org/x/net from 0.13.0 to 0.14.0 (#2004)
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.13.0 to 0.14.0.
- [Commits](https://github.com/golang/net/compare/v0.13.0...v0.14.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-07 10:34:00 -04:00
dependabot[bot]
d7ff77072a
chore(deps): bump modernc.org/sqlite from 1.24.0 to 1.25.0 (#1998)
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.24.0 to 1.25.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.24.0...v1.25.0)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-04 14:24:31 -04:00
dependabot[bot]
c150b4e358
chore(deps): bump github.com/google/go-containerregistry (#1993)
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.15.2 to 0.16.1.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.15.2...v0.16.1)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-03 10:53:09 -04:00
Keith Zantow
3f0475efb7
chore: update bubbly to fix hanging (#1990)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-08-02 10:28:35 -04:00
dependabot[bot]
2e376d067f
chore(deps): bump golang.org/x/net from 0.12.0 to 0.13.0 (#1989) 2023-08-02 14:16:49 +00:00
anchore-actions-token-generator[bot]
f14742b3f3
chore(deps): update stereoscope to d1f3d766295ed3c8362ac1be68070e2a1dba4d03 (#1975)
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-07-31 12:02:33 -04:00
Christopher Angelo Phillips
3aae316456
chore: update to latest commit in tools-golang (#1969)
* chore: update to latest commit in tools-golang

---------

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-07-27 15:29:22 -04:00
Alex Goodman
063e9da65d
Guess unpinned versions in python requirements.txt (#1966)
* feat: python requirements.txt parsing inclusive

Signed-off-by: manifestori <ori@manifestcyber.com>

* refactor: parseVersion

Signed-off-by: manifestori <ori@manifestcyber.com>

* add python config for optional requirements version constraint resolution

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* fix tests

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* allow for python requirements metadata to be optional

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* restore cyclonedx dependency

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: manifestori <ori@manifestcyber.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: manifestori <ori@manifestcyber.com>
2023-07-27 14:26:59 -04:00
dependabot[bot]
bf1102c3f1
chore(deps): bump github.com/vifraa/gopom from 0.2.1 to 0.2.2 (#1965)
Bumps [github.com/vifraa/gopom](https://github.com/vifraa/gopom) from 0.2.1 to 0.2.2.
- [Release notes](https://github.com/vifraa/gopom/releases)
- [Commits](https://github.com/vifraa/gopom/compare/v0.2.1...v0.2.2)

---
updated-dependencies:
- dependency-name: github.com/vifraa/gopom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-27 13:28:42 -04:00
dependabot[bot]
1e4d26f526
chore(deps): bump github.com/go-git/go-git/v5 from 5.8.0 to 5.8.1 (#1959)
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.8.0 to 5.8.1.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.8.0...v5.8.1)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-26 13:34:03 +00:00
anchore-actions-token-generator[bot]
9a73380f29
chore(deps): update stereoscope to d515761c6ca2743a67d7d08053db69235ae76d1d (#1953)
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-07-25 10:49:21 -04:00
dependabot[bot]
2e718cf865
chore(deps): bump github.com/docker/docker (#1955)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.2+incompatible to 24.0.5+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v24.0.2...v24.0.5)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-25 10:37:16 -04:00
dependabot[bot]
4000a84624
chore(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to 5.8.0 (#1951)
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.7.0 to 5.8.0.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.7.0...v5.8.0)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-24 11:28:54 -04:00
dependabot[bot]
3f5c601620
chore(deps): bump github.com/gookit/color from 1.5.3 to 1.5.4 (#1949)
Bumps [github.com/gookit/color](https://github.com/gookit/color) from 1.5.3 to 1.5.4.
- [Release notes](https://github.com/gookit/color/releases)
- [Commits](https://github.com/gookit/color/compare/v1.5.3...v1.5.4)

---
updated-dependencies:
- dependency-name: github.com/gookit/color
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-21 08:50:47 -04:00
Dan Luhring
8478e0bef7
Add support for parsing .NET assemblies (#1943)
* Add support for parsing .NET assemblies

Signed-off-by: Dan Luhring <dluhring@chainguard.dev>

Former-commit-id: 69c33fe4d77357d843c11590f3b07825bc6249ac

* Add dll and exe files

Signed-off-by: Dan Luhring <dluhring@chainguard.dev>

Former-commit-id: b9d204efa6d2ef385b5fbb7a59a3474ecabea641

* Add PE cataloger to directory catalogers

Signed-off-by: Dan Luhring <dluhring@chainguard.dev>

Former-commit-id: 9711c00d9da92e2887e0c1f92edd740ea5345849

* Don't set language to dotnet for PEs

Signed-off-by: Dan Luhring <dluhring@chainguard.dev>

Former-commit-id: 368313fddac9160d8a06a01ebe8c5ac7990232f5

* Fix spelling of cataloger in constructor

Signed-off-by: Dan Luhring <dluhring@chainguard.dev>

Former-commit-id: e42fd77b2f8b6d42e076a84f6cce386861260941

* Adjust which cases in PE parsing return errors

Signed-off-by: Dan Luhring <dluhring@chainguard.dev>

Former-commit-id: 95b25f8fc3a7d4e18fe30e489b09851f316795ff

* remove build binary from branch

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

Former-commit-id: fa54c0d0aef0998d5520e9f44cae51f5f9cd38a2

* Fix failing CLI tests

Signed-off-by: Dan Luhring <dluhring@chainguard.dev>

---------

Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-07-19 15:34:07 -04:00
Alex Goodman
35699f6fdc
remove jotframe UI (#1932)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-07-13 13:21:52 -04:00
Christopher Angelo Phillips
2e7fd031d4
fix: remove indirect dependency of circl v1.1.0 (#1940)
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-07-13 12:30:37 -04:00
Alex Goodman
4fc17edd14
implement ui handle waiter (#1930)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-07-12 13:14:54 -04:00