Mikail
f2caf45695
fix: properly decode SPDX license expressions in CycloneDX format ( #3175 )
...
Signed-off-by: Mikail Kocak <mikail-gh@pm.me>
2024-08-29 11:05:43 -04:00
dependabot[bot]
731fc77641
chore(deps): bump github.com/docker/docker ( #3168 )
2024-08-29 14:16:50 +00:00
dependabot[bot]
3499d92c6d
chore(deps): bump github.com/charmbracelet/bubbletea ( #3171 )
2024-08-29 14:16:43 +00:00
dependabot[bot]
19d2735aff
chore(deps): bump github/codeql-action from 3.26.5 to 3.26.6 ( #3173 )
2024-08-29 14:16:34 +00:00
Keith Zantow
11d77b4a94
fix: cycles resolving relative path parent poms with parent-defined variables ( #3170 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-08-28 15:12:13 -04:00
Weston Steimel
2c25f81b68
fix: improve generated cpes for binaries with existing classifiers ( #3169 )
...
The existing syft binary classifiers already specify any known CPEs for
the defined binary; however, sometimes these end up getting suppressed
(such as when there are ELF notes extracted) and the CPE generator ends
up being used instead. This adds enough detail to at least ensure the
correct ones get appended to the generation list for the currently
covered classifiers.
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-08-28 16:46:35 +01:00
GGMU
04e3371cce
fix: add log time of task ( #3105 )
...
Signed-off-by: tomersein <tomersein@gmail.com>
2024-08-28 11:04:26 -04:00
Weston Steimel
5ab43bafec
fix: improve known CPEs and set NVD as source for all current binary classifiers ( #3167 )
...
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-08-27 17:36:34 +01:00
Alex Goodman
e9a8c27be1
respond to authoratative CPEs from catalogers ( #3166 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-08-27 10:26:35 -04:00
Alex Goodman
4ee6c179f8
set cataloger names within package cataloger task ( #3165 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-08-27 09:23:43 -04:00
Weston Steimel
99be365f62
fix: use official CPE for curl binary cataloger ( #3164 )
...
The official CPE for curl is `cpe:2.3🅰️ haxx:curl:*:*:*:*:*:*:*:*`
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-08-27 14:03:19 +01:00
anchore-actions-token-generator[bot]
cf9bb13f2b
chore(deps): update tools to latest versions ( #3160 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-08-26 10:07:59 -04:00
anchore-actions-token-generator[bot]
0cd6185716
chore(deps): update CPE dictionary index ( #3161 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-08-26 10:07:44 -04:00
dependabot[bot]
6549ec9831
chore(deps): bump github/codeql-action from 3.26.4 to 3.26.5 ( #3162 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.4 to 3.26.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f0f3afee80...2c779ab0d0
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-26 10:07:18 -04:00
Alex Goodman
b6b5c8e308
fix ELF package correlations ( #3151 )
2024-08-26 08:44:39 -04:00
anchore-actions-token-generator[bot]
dad253785e
chore(deps): update tools to latest versions ( #3144 )
2024-08-23 14:42:12 -04:00
KrysGor
cff9d494df
feat: detect curl binaries ( #3146 )
2024-08-23 14:41:08 -04:00
dependabot[bot]
9ab3de1819
chore(deps): bump anchore/sbom-action from 0.17.1 to 0.17.2 ( #3155 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.1 to 0.17.2.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](ab9d16d4b4...61119d458a
)
---
updated-dependencies:
- dependency-name: anchore/sbom-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-22 13:52:58 -04:00
dependabot[bot]
6f0230879a
chore(deps): bump github/codeql-action from 3.26.3 to 3.26.4 ( #3154 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.3 to 3.26.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](883d8588e5...f0f3afee80
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-22 13:52:48 -04:00
anchore-actions-token-generator[bot]
691f34ce27
chore(deps): update stereoscope to e6d086e8bef5fab4fcfbd60c9a759c4cb229decf ( #3152 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-08-22 13:52:34 -04:00
dependabot[bot]
ac977246c9
chore(deps): bump github.com/charmbracelet/bubbles from 0.18.0 to 0.19.0 ( #3148 )
...
Bumps [github.com/charmbracelet/bubbles](https://github.com/charmbracelet/bubbles ) from 0.18.0 to 0.19.0.
- [Release notes](https://github.com/charmbracelet/bubbles/releases )
- [Changelog](https://github.com/charmbracelet/bubbles/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbles/compare/v0.18.0...v0.19.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbles
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-22 13:52:06 -04:00
dependabot[bot]
78d48b4209
chore(deps): bump github.com/charmbracelet/lipgloss ( #3147 )
...
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss ) from 0.12.1 to 0.13.0.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases )
- [Changelog](https://github.com/charmbracelet/lipgloss/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.12.1...v0.13.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-22 13:51:57 -04:00
dependabot[bot]
bd80eeafac
chore(deps): bump github.com/anchore/stereoscope ( #3153 )
...
Bumps [github.com/anchore/stereoscope](https://github.com/anchore/stereoscope ) from 0.0.3-0.20240725180315-50ce3be7aa1f to 0.0.3.
- [Release notes](https://github.com/anchore/stereoscope/releases )
- [Changelog](https://github.com/anchore/stereoscope/blob/main/.goreleaser.yaml )
- [Commits](https://github.com/anchore/stereoscope/commits/v0.0.3 )
---
updated-dependencies:
- dependency-name: github.com/anchore/stereoscope
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-22 13:51:50 -04:00
Keith Zantow
73b9d5aa42
fix: mysql 8.0.3x binary detection ( #3142 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-08-21 09:48:28 -04:00
dependabot[bot]
f786233e97
chore(deps): bump github/codeql-action from 3.26.2 to 3.26.3 ( #3139 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.2 to 3.26.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](429e197704...883d8588e5
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-20 23:04:58 +00:00
Keith Zantow
95b4a88256
fix: logging for remote network calls ( #3140 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-08-20 11:45:33 -04:00
anchore-actions-token-generator[bot]
511cc9c2d5
chore(deps): update CPE dictionary index ( #3135 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-08-19 12:49:43 -04:00
dependabot[bot]
360983f75b
chore(deps): bump github.com/charmbracelet/bubbletea ( #3137 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 0.26.6 to 0.27.0.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.26.6...v0.27.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-19 12:48:24 -04:00
anchore-actions-token-generator[bot]
4b7ae0ed3b
chore(deps): update tools to latest versions ( #3121 )
...
* chore(deps): update tools to latest versions
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* chore: update code to reflect new linter settings for error messages
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---------
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-08-16 17:56:36 +00:00
dependabot[bot]
4ff60ee837
chore(deps): bump github.com/docker/docker ( #3123 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 27.1.1+incompatible to 27.1.2+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v27.1.1...v27.1.2 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-15 13:50:51 -04:00
dependabot[bot]
965000dcbb
chore(deps): bump anchore/sbom-action from 0.17.0 to 0.17.1 ( #3124 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.0 to 0.17.1.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](d94f46e13c...ab9d16d4b4
)
---
updated-dependencies:
- dependency-name: anchore/sbom-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-15 13:16:47 -04:00
dependabot[bot]
a447884084
chore(deps): bump github/codeql-action from 3.26.0 to 3.26.2 ( #3129 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.0 to 3.26.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](eb055d739a...429e197704
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-15 13:16:39 -04:00
Lucas Rodriguez
cd3b828905
fix: add nil check to CycloneDX toBomProperties ( #3119 )
...
Signed-off-by: Lucas Rodriguez <lucas.rodriguez9616@gmail.com>
2024-08-13 16:02:15 -04:00
Lukas Voetmand
3161e1847e
fix: read CycloneDX BOM components from metadata ( #3092 )
...
Signed-off-by: dervoeti <lukas.voetmand@stackable.tech>
2024-08-12 16:37:23 -04:00
Weston Steimel
df1e5b57fe
fix: improve groupid extraction for Jenkins plugins ( #2815 )
...
* fix: improve groupid extraction for Jenkins plugins
Consider the `Group-Id` java manifest property as this is typically set
for Jenkins plugins if there is no pom file
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
* test: update java purl integration test image
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
---------
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-08-12 13:01:44 -04:00
anchore-actions-token-generator[bot]
d2b33f1acb
chore(deps): update CPE dictionary index ( #3116 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-08-12 16:57:47 +00:00
GGMU
91cf066db6
support .kar files ( #3113 )
...
* add kar
Signed-off-by: tomersein <tomersein@gmail.com>
2024-08-12 12:10:03 -04:00
luozexuan
c19cf626ab
chore: fix some comments ( #3114 )
...
Signed-off-by: luozexuan <fetchcode@139.com>
2024-08-12 12:08:04 -04:00
Keith Zantow
cf85450e08
chore: fix failing python relationship test ( #3117 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-08-12 12:07:47 -04:00
Alan Pope
49d4e32241
update-slack-to-discourse ( #3111 )
...
Signed-off-by: Alan Pope <alan@popey.com>
2024-08-12 11:49:10 +01:00
Weston Steimel
19cc664cf8
test: increase java purl generation test coverage ( #3110 )
...
ensures correct package url generation for more java packages now that
syft has more deterministic results per https://github.com/anchore/syft/pull/3085
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-08-09 10:14:10 +00:00
dependabot[bot]
64a9ecbf7a
chore(deps): bump modernc.org/sqlite from 1.31.1 to 1.32.0 ( #3106 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.31.1 to 1.32.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.31.1...v1.32.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-08 15:49:45 -04:00
dependabot[bot]
6267d69930
chore(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0 ( #3107 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.5.0 to 3.6.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/v3.5.0...v3.6.0 )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-08 15:49:37 -04:00
anchore-actions-token-generator[bot]
1fb47d908e
chore(deps): update tools to latest versions ( #3099 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-08-07 14:26:05 -04:00
dependabot[bot]
2339743c8c
chore(deps): bump github/codeql-action from 3.25.15 to 3.26.0 ( #3101 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.15 to 3.26.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](afb54ba388...eb055d739a
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-07 14:25:52 -04:00
dependabot[bot]
9031592649
chore(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 ( #3102 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.5 to 4.3.6.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](89ef406dd8...834a144ee9
)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-07 14:25:44 -04:00
dependabot[bot]
47d192d79b
chore(deps): bump github.com/google/go-containerregistry ( #3103 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.20.1 to 0.20.2.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.20.1...v0.20.2 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-07 14:25:36 -04:00
dependabot[bot]
040b683da8
chore(deps): bump golang.org/x/net from 0.27.0 to 0.28.0 ( #3104 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.27.0 to 0.28.0.
- [Commits](https://github.com/golang/net/compare/v0.27.0...v0.28.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-07 14:25:28 -04:00
dependabot[bot]
dcd87d1fef
chore(deps): bump actions/upload-artifact from 4.3.4 to 4.3.5 ( #3095 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.4 to 4.3.5.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](0b2256b8c0...89ef406dd8
)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-06 13:17:36 -04:00
anchore-actions-token-generator[bot]
214a0498e0
chore(deps): update CPE dictionary index ( #3094 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-08-06 13:07:48 -04:00