Mirrors/syft

mirror of https://github.com/anchore/syft synced 2024-11-10 06:14:16 +00:00

Author	SHA1	Message	Date
anchore-actions-token-generator[bot]	56a1ab54d2	chore(deps): update stereoscope to 4b999b76ca8901d15bb97aef445dc94c38d11d5c (#2440 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-12-18 06:43:24 -05:00
dependabot[bot]	b83cc8485a	chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.2 to 0.8.0 (#2413 )	2023-12-14 17:18:37 -05:00
dependabot[bot]	51831d303c	chore(deps): bump modernc.org/sqlite from 1.27.0 to 1.28.0 (#2429 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.27.0 to 1.28.0. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.27.0...v1.28.0) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-12-14 12:38:55 -05:00
dependabot[bot]	67dbd1fe4c	chore(deps): bump github.com/charmbracelet/bubbletea (#2424 ) Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea) from 0.24.2 to 0.25.0. - [Release notes](https://github.com/charmbracelet/bubbletea/releases) - [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.24.2...v0.25.0) --- updated-dependencies: - dependency-name: github.com/charmbracelet/bubbletea dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-12-13 12:21:22 -05:00
dependabot[bot]	402227f0b3	chore(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 (#2425 ) Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.4.0 to 1.5.0. - [Release notes](https://github.com/google/uuid/releases) - [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md) - [Commits](https://github.com/google/uuid/compare/v1.4.0...v1.5.0) --- updated-dependencies: - dependency-name: github.com/google/uuid dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-12-13 11:45:04 -05:00
dependabot[bot]	b9462db59e	chore(deps): bump github.com/saferwall/pe from 1.4.7 to 1.4.8 (#2415 ) Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe) from 1.4.7 to 1.4.8. - [Release notes](https://github.com/saferwall/pe/releases) - [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md) - [Commits](https://github.com/saferwall/pe/compare/v1.4.7...v1.4.8) --- updated-dependencies: - dependency-name: github.com/saferwall/pe dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-12-11 12:37:20 -05:00
dependabot[bot]	bfad9659a8	chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 (#2414 ) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.10.1 to 5.11.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.10.1...v5.11.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-12-11 08:58:26 -05:00
William Murphy	13758260dd	fix: bump fangs for ptr summarize fix (#2387 ) Previously, pointers to primitive types in config summarization could be printed literally (like "0x123aefef"). Pull in fangs to get the fix for this. Signed-off-by: Will Murphy <will.murphy@anchore.com>	2023-12-01 14:37:42 +00:00
Alex Goodman	4adfbeb5f0	Generalize UI events for cataloging tasks (#2369 ) * generalize ui events for cataloging tasks Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * moderate review comments Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * incorporate review comments Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * rename cataloger task progress object Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * migrate cataloger task fn to bus helper Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-11-30 16:25:50 +00:00
dependabot[bot]	e8119acf93	chore(deps): bump github.com/google/go-containerregistry (#2377 ) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.16.1 to 0.17.0. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.16.1...v0.17.0) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-30 09:24:25 -05:00
dependabot[bot]	5d44e49d2f	chore(deps): bump github.com/spf13/afero from 1.10.0 to 1.11.0 (#2361 ) Bumps [github.com/spf13/afero](https://github.com/spf13/afero) from 1.10.0 to 1.11.0. - [Release notes](https://github.com/spf13/afero/releases) - [Commits](https://github.com/spf13/afero/compare/v1.10.0...v1.11.0) --- updated-dependencies: - dependency-name: github.com/spf13/afero dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-28 10:22:21 -05:00
dependabot[bot]	5dd3b127b0	chore(deps): bump github.com/go-git/go-git/v5 from 5.10.0 to 5.10.1 (#2362 ) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.10.0 to 5.10.1. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.10.0...v5.10.1) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-28 10:21:59 -05:00
Alex Goodman	1676934c63	Add "pretty" json configuration and change default behavior to be space-efficient (#2275 ) * expose underlying format options Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * remove escape html options and address PR feedback Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * incorporate PR feedback Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix cli test Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-11-20 15:29:34 +00:00
anchore-actions-token-generator[bot]	7cfb5f630a	chore(deps): update stereoscope to 3610f4ef3e83e8ff2edf8859e8916bce326fa260 (#2336 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>	2023-11-17 20:53:01 +00:00
dependabot[bot]	58f310c390	chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.11 to 0.4.12 (#2310 ) Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.4.11 to 0.4.12. - [Release notes](https://github.com/gkampitakis/go-snaps/releases) - [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.11...v0.4.12) --- updated-dependencies: - dependency-name: github.com/gkampitakis/go-snaps dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-09 08:06:50 -08:00
dependabot[bot]	a383239217	chore(deps): bump golang.org/x/net from 0.17.0 to 0.18.0 (#2311 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.18.0. - [Commits](https://github.com/golang/net/compare/v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-09 08:06:19 -08:00
dependabot[bot]	220655743b	chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (#2293 ) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.7.0 to 1.8.0. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.7.0...v1.8.0) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-08 10:23:40 -08:00
dependabot[bot]	a4b895d31f	chore(deps): bump golang.org/x/mod from 0.13.0 to 0.14.0 (#2292 ) Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.13.0 to 0.14.0. - [Commits](https://github.com/golang/mod/compare/v0.13.0...v0.14.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-06 14:12:40 +00:00
dependabot[bot]	a6d73e5659	chore(deps): bump modernc.org/sqlite from 1.26.0 to 1.27.0 (#2279 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.26.0 to 1.27.0. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.26.0...v1.27.0) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-01 10:35:20 -04:00
dependabot[bot]	f442586ec9	chore(deps): bump github.com/docker/docker (#2263 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.6+incompatible to 24.0.7+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v24.0.6...v24.0.7) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-30 09:55:19 -04:00
anchore-actions-token-generator[bot]	12877ed863	chore(deps): update stereoscope to 5909e353ee88d7809f0e646c79f110a0e6b1d80d (#2265 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-10-30 09:51:37 -04:00
dependabot[bot]	58850d3258	chore(deps): bump github.com/google/uuid from 1.3.1 to 1.4.0 (#2262 ) Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.3.1 to 1.4.0. - [Release notes](https://github.com/google/uuid/releases) - [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md) - [Commits](https://github.com/google/uuid/compare/v1.3.1...v1.4.0) --- updated-dependencies: - dependency-name: github.com/google/uuid dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-27 09:55:04 -04:00
dependabot[bot]	ae27dcdfa9	chore(deps): bump github.com/go-git/go-git/v5 from 5.9.0 to 5.10.0 (#2256 ) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.9.0 to 5.10.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.9.0...v5.10.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-25 10:45:27 -04:00
dependabot[bot]	5a4778093d	chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.6.0 to 4.6.1 (#2248 ) Bumps [github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar) from 4.6.0 to 4.6.1. - [Release notes](https://github.com/bmatcuk/doublestar/releases) - [Commits](https://github.com/bmatcuk/doublestar/compare/v4.6.0...v4.6.1) --- updated-dependencies: - dependency-name: github.com/bmatcuk/doublestar/v4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-23 10:42:17 -04:00
Alex Goodman	f3ad8cf250	bump clio to get stderr reporting fix (#2232 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-10-16 12:47:48 -04:00
dependabot[bot]	1fe0921a5b	chore(deps): bump github.com/charmbracelet/lipgloss from 0.9.0 to 0.9.1 (#2222 ) Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.9.0 to 0.9.1. - [Release notes](https://github.com/charmbracelet/lipgloss/releases) - [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.9.0...v0.9.1) --- updated-dependencies: - dependency-name: github.com/charmbracelet/lipgloss dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-12 11:10:56 -04:00
dependabot[bot]	7732cd3b48	chore(deps): bump golang.org/x/net from 0.16.0 to 0.17.0 (#2214 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.16.0 to 0.17.0. - [Commits](https://github.com/golang/net/compare/v0.16.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-11 13:52:07 -04:00
dependabot[bot]	0302fc5b48	chore(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#2215 ) Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.5.9 to 0.6.0. - [Release notes](https://github.com/google/go-cmp/releases) - [Commits](https://github.com/google/go-cmp/compare/v0.5.9...v0.6.0) --- updated-dependencies: - dependency-name: github.com/google/go-cmp dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-11 09:53:00 -04:00
dependabot[bot]	b899536814	chore(deps): bump github.com/charmbracelet/lipgloss from 0.8.0 to 0.9.0 (#2216 ) Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.8.0 to 0.9.0. - [Release notes](https://github.com/charmbracelet/lipgloss/releases) - [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.8.0...v0.9.0) --- updated-dependencies: - dependency-name: github.com/charmbracelet/lipgloss dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-11 09:52:42 -04:00
dependabot[bot]	87e57aa925	chore(deps): bump github.com/docker/distribution from 2.8.2+incompatible to 2.8.3+incompatible (#2193 ) * chore(deps): bump github.com/docker/distribution Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.2+incompatible to 2.8.3+incompatible. - [Release notes](https://github.com/docker/distribution/releases) - [Commits](https://github.com/docker/distribution/compare/v2.8.2...v2.8.3) --- updated-dependencies: - dependency-name: github.com/docker/distribution dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore: update reference import Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-10-06 12:54:19 -04:00
dependabot[bot]	b23879fd37	chore(deps): bump golang.org/x/net from 0.15.0 to 0.16.0 (#2204 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.15.0 to 0.16.0. - [Commits](https://github.com/golang/net/compare/v0.15.0...v0.16.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-06 12:01:38 -04:00
dependabot[bot]	127fac8ca9	chore(deps): bump github.com/saferwall/pe from 1.4.6 to 1.4.7 (#2198 ) Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe) from 1.4.6 to 1.4.7. - [Release notes](https://github.com/saferwall/pe/releases) - [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md) - [Commits](https://github.com/saferwall/pe/compare/v1.4.6...v1.4.7) --- updated-dependencies: - dependency-name: github.com/saferwall/pe dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-05 13:02:30 -04:00
dependabot[bot]	37bb95f5c9	chore(deps): bump golang.org/x/mod from 0.12.0 to 0.13.0 (#2199 ) Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.12.0 to 0.13.0. - [Commits](https://github.com/golang/mod/compare/v0.12.0...v0.13.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-05 11:50:05 -04:00
dependabot[bot]	86005d1593	chore(deps): bump modernc.org/sqlite from 1.25.0 to 1.26.0 (#2189 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.25.0 to 1.26.0. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.25.0...v1.26.0) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-02 12:34:59 -04:00
dependabot[bot]	45625dae94	chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.10 to 0.4.11 (#2191 ) Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.4.10 to 0.4.11. - [Release notes](https://github.com/gkampitakis/go-snaps/releases) - [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.10...v0.4.11) --- updated-dependencies: - dependency-name: github.com/gkampitakis/go-snaps dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-02 12:33:42 -04:00
dependabot[bot]	7b1af8721d	chore(deps): bump github.com/saferwall/pe from 1.4.5 to 1.4.6 (#2180 ) Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe) from 1.4.5 to 1.4.6. - [Release notes](https://github.com/saferwall/pe/releases) - [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md) - [Commits](https://github.com/saferwall/pe/compare/v1.4.5...v1.4.6) --- updated-dependencies: - dependency-name: github.com/saferwall/pe dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-27 15:04:52 -04:00
dependabot[bot]	534a5f54b0	chore(deps): bump github.com/spf13/afero from 1.9.5 to 1.10.0 (#2174 ) Bumps [github.com/spf13/afero](https://github.com/spf13/afero) from 1.9.5 to 1.10.0. - [Release notes](https://github.com/spf13/afero/releases) - [Commits](https://github.com/spf13/afero/compare/v1.9.5...v1.10.0) --- updated-dependencies: - dependency-name: github.com/spf13/afero dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-25 15:07:19 -04:00
William Murphy	8a414b5366	chore: bump stereoscope to fix data race in UI code (#2173 ) Pulls in a fix in go-progress that prevents a race in the UI code when scanning large images. Signed-off-by: Will Murphy <will.murphy@anchore.com>	2023-09-25 10:29:56 -04:00
Đỗ Trọng Hải	b7fa75d7f8	chore: switch to stdlib's slices pkg (#2148 ) * chore: switch to stdlib's slices pkg Signed-off-by: hainenber <dotronghai96@gmail.com> * fix linting Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: hainenber <dotronghai96@gmail.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-09-20 18:38:37 +00:00
Alex Goodman	58f8c852df	Require ordering of relationships when comparing parser output (#2160 ) * require ordering of relationships when comparing parser output Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * [wip] fix cataloger test Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * change method of relationship sort to simple string dump Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-09-20 17:39:18 +00:00
dependabot[bot]	ba00f3328d	chore(deps): bump github.com/github/go-spdx/v2 from 2.1.2 to 2.2.0 (#2158 ) Bumps [github.com/github/go-spdx/v2](https://github.com/github/go-spdx) from 2.1.2 to 2.2.0. - [Release notes](https://github.com/github/go-spdx/releases) - [Commits](https://github.com/github/go-spdx/compare/v2.1.2...v2.2.0) --- updated-dependencies: - dependency-name: github.com/github/go-spdx/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-20 10:12:33 -04:00
Christopher Angelo Phillips	650f71cbe0	chore: update to latest stereoscope (#2151 ) * chore: update to latest stereoscope Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * chore: go mod tidy Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-09-19 15:22:10 -04:00
anchore-actions-token-generator[bot]	51243aa65f	chore(deps): update stereoscope to 41288870305034fade27388afa7326c44eb8ff17 (#2149 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-09-19 09:07:15 -04:00
Shane Dell	23e3de75e3	Add containerd support (#1793 ) * [wip] add containerd UI handlers Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * Add containerd support - Add UI handlers (done by @wagoodman) - Add containerd types and wrappers (done by @wagoodman) - Add flag for specifying containerd address Closes #201 Signed-off-by: Shane Dell <shanedell100@gmail.com> * Fix lint Signed-off-by: Shane Dell <shanedell100@gmail.com> * add containerd ui handler Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add containerd scheme to readme Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add test for scheme detection Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Shane Dell <shanedell100@gmail.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-09-18 11:33:43 -04:00
Christopher Angelo Phillips	3e16c6813f	feat: add cyclonedx schema version selection (#2123 ) --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-09-13 14:50:22 -04:00
dependabot[bot]	4a2fc226dd	chore(deps): bump github.com/go-git/go-git/v5 from 5.8.1 to 5.9.0 (#2125 ) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.8.1 to 5.9.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.8.1...v5.9.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-13 10:33:47 -04:00
anchore-actions-token-generator[bot]	3a45653cfa	chore(deps): update stereoscope to 2fc2d6c2503b6e2212e04c64ceffd57c3395ae70 (#2117 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-09-12 11:49:20 -04:00
anchore-actions-token-generator[bot]	e3c525b4b8	chore(deps): update stereoscope to 057dda3667e7f2b5e6ec6716747badd5f403c6de (#2109 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-09-08 14:10:00 -04:00
dlorenc	9f22ab6137	Bump the golang.org/x/exp dependency and fix a build breakage. (#2088 ) * Bump the golang.org/x/exp dependency and fix a build breakage. --------- Signed-off-by: Dan Lorenc <dlorenc@chainguard.dev> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-09-07 14:55:52 -04:00
dependabot[bot]	212aa9b6cf	chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.7 to 0.4.10 (#2106 ) Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.4.7 to 0.4.10. - [Release notes](https://github.com/gkampitakis/go-snaps/releases) - [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.7...v0.4.10) --- updated-dependencies: - dependency-name: github.com/gkampitakis/go-snaps dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-07 09:56:41 -04:00
dependabot[bot]	9caf51596e	chore(deps): bump github.com/saferwall/pe from 1.4.4 to 1.4.5 (#2096 ) Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe) from 1.4.4 to 1.4.5. - [Release notes](https://github.com/saferwall/pe/releases) - [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md) - [Commits](https://github.com/saferwall/pe/compare/v1.4.4...v1.4.5) --- updated-dependencies: - dependency-name: github.com/saferwall/pe dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-07 09:29:06 -04:00
dependabot[bot]	7645d5759d	chore(deps): bump github.com/docker/docker (#2098 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.5+incompatible to 24.0.6+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v24.0.5...v24.0.6) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-07 09:27:21 -04:00
dependabot[bot]	ce32f8bb74	chore(deps): bump golang.org/x/net from 0.14.0 to 0.15.0 (#2099 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.14.0 to 0.15.0. - [Commits](https://github.com/golang/net/compare/v0.14.0...v0.15.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-07 09:26:56 -04:00
Keith Zantow	2b7a9d0be3	chore: update CLI to CLIO (#2001 ) Signed-off-by: Keith Zantow <kzantow@gmail.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-08-29 15:52:26 -04:00
5p2O5pe25ouT	b03e9c6868	Add registry certificate verification support (#1734 ) * add registry certificate verification support * replace stereoscope version * modify go.mod * pull in stereoscope update Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * rename registry cert options, add docs, and add test Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update to account for changes in anchore/stereoscope#195 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix cli tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: lishituo <24578666@qq.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-08-29 11:45:20 -04:00
Sirish Bathina	62f689824c	Detect golang boring crypto and fipsonly modules (#2021 ) * Extending build info to include crypto settings Signed-off-by: Sirish Bathina <sirish@kasten.io> * Use kasten fork for goversion module Signed-off-by: Sirish Bathina <sirish@kasten.io> * go mod tidy Signed-off-by: Sirish Bathina <sirish@kasten.io> * change key to GoCryptoSettings and lint fix Signed-off-by: Sirish Bathina <sirish@kasten.io> * Addressing feedback Signed-off-by: Sirish Bathina <sirish@kasten.io> --------- Signed-off-by: Sirish Bathina <sirish@kasten.io>	2023-08-24 09:49:59 -04:00
dependabot[bot]	a2b389523d	chore(deps): bump github.com/charmbracelet/lipgloss from 0.7.1 to 0.8.0 (#2053 ) Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.7.1 to 0.8.0. - [Release notes](https://github.com/charmbracelet/lipgloss/releases) - [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.7.1...v0.8.0) --- updated-dependencies: - dependency-name: github.com/charmbracelet/lipgloss dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-23 13:41:17 -04:00
Alex Goodman	17d4203bbb	Enable reading non-utf-8 encodings for java pom.xml files (#2047 ) * fix reading non utf8 encodings Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * in cases where we cant tell the encoding use the UTF8 replacement char Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * decompose the xml decoding func to get a valid utf8 reader first and test unknown encoding Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-08-23 10:06:34 -04:00
dependabot[bot]	cf37b17869	chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 (#2049 ) Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.3.0 to 1.3.1. - [Release notes](https://github.com/google/uuid/releases) - [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md) - [Commits](https://github.com/google/uuid/compare/v1.3.0...v1.3.1) --- updated-dependencies: - dependency-name: github.com/google/uuid dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-22 10:42:19 -04:00
dependabot[bot]	f58425a305	chore(deps): bump github.com/jinzhu/copier from 0.3.5 to 0.4.0 (#2045 ) Bumps [github.com/jinzhu/copier](https://github.com/jinzhu/copier) from 0.3.5 to 0.4.0. - [Commits](https://github.com/jinzhu/copier/compare/v0.3.5...v0.4.0) --- updated-dependencies: - dependency-name: github.com/jinzhu/copier dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-21 10:37:11 -04:00
dependabot[bot]	82eafeaf4a	chore(deps): bump github.com/vifraa/gopom from 0.2.2 to 1.0.0 (#2008 ) * chore(deps): bump github.com/vifraa/gopom from 0.2.2 to 1.0.0 * refactor: update consumer code to use new optional values Bumps [github.com/vifraa/gopom](https://github.com/vifraa/gopom) from 0.2.2 to 1.0.0. - [Release notes](https://github.com/vifraa/gopom/releases) - [Commits](https://github.com/vifraa/gopom/compare/v0.2.2...v1.0.0) --- updated-dependencies: - dependency-name: github.com/vifraa/gopom dependency-type: direct:production update-type: version-update:semver-major ... --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-08-09 17:22:51 -04:00
dependabot[bot]	6bf6f85584	chore(deps): bump github.com/dave/jennifer from 1.6.1 to 1.7.0 (#2009 ) Bumps [github.com/dave/jennifer](https://github.com/dave/jennifer) from 1.6.1 to 1.7.0. - [Commits](https://github.com/dave/jennifer/compare/v1.6.1...v1.7.0) --- updated-dependencies: - dependency-name: github.com/dave/jennifer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-09 14:46:11 -04:00
dependabot[bot]	2fc65094b7	chore(deps): bump golang.org/x/net from 0.13.0 to 0.14.0 (#2004 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.13.0 to 0.14.0. - [Commits](https://github.com/golang/net/compare/v0.13.0...v0.14.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-07 10:34:00 -04:00
dependabot[bot]	d7ff77072a	chore(deps): bump modernc.org/sqlite from 1.24.0 to 1.25.0 (#1998 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.24.0 to 1.25.0. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.24.0...v1.25.0) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-04 14:24:31 -04:00
dependabot[bot]	c150b4e358	chore(deps): bump github.com/google/go-containerregistry (#1993 ) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.15.2 to 0.16.1. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.15.2...v0.16.1) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-03 10:53:09 -04:00
Keith Zantow	3f0475efb7	chore: update bubbly to fix hanging (#1990 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-08-02 10:28:35 -04:00
dependabot[bot]	2e376d067f	chore(deps): bump golang.org/x/net from 0.12.0 to 0.13.0 (#1989 )	2023-08-02 14:16:49 +00:00
anchore-actions-token-generator[bot]	f14742b3f3	chore(deps): update stereoscope to d1f3d766295ed3c8362ac1be68070e2a1dba4d03 (#1975 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-07-31 12:02:33 -04:00
Christopher Angelo Phillips	3aae316456	chore: update to latest commit in tools-golang (#1969 ) * chore: update to latest commit in tools-golang --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-07-27 15:29:22 -04:00
Alex Goodman	063e9da65d	Guess unpinned versions in python requirements.txt (#1966 ) * feat: python requirements.txt parsing inclusive Signed-off-by: manifestori <ori@manifestcyber.com> * refactor: parseVersion Signed-off-by: manifestori <ori@manifestcyber.com> * add python config for optional requirements version constraint resolution Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * allow for python requirements metadata to be optional Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * restore cyclonedx dependency Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: manifestori <ori@manifestcyber.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: manifestori <ori@manifestcyber.com>	2023-07-27 14:26:59 -04:00
dependabot[bot]	bf1102c3f1	chore(deps): bump github.com/vifraa/gopom from 0.2.1 to 0.2.2 (#1965 ) Bumps [github.com/vifraa/gopom](https://github.com/vifraa/gopom) from 0.2.1 to 0.2.2. - [Release notes](https://github.com/vifraa/gopom/releases) - [Commits](https://github.com/vifraa/gopom/compare/v0.2.1...v0.2.2) --- updated-dependencies: - dependency-name: github.com/vifraa/gopom dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-27 13:28:42 -04:00
dependabot[bot]	1e4d26f526	chore(deps): bump github.com/go-git/go-git/v5 from 5.8.0 to 5.8.1 (#1959 ) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.8.0 to 5.8.1. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.8.0...v5.8.1) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-26 13:34:03 +00:00
anchore-actions-token-generator[bot]	9a73380f29	chore(deps): update stereoscope to d515761c6ca2743a67d7d08053db69235ae76d1d (#1953 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-07-25 10:49:21 -04:00
dependabot[bot]	2e718cf865	chore(deps): bump github.com/docker/docker (#1955 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.2+incompatible to 24.0.5+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v24.0.2...v24.0.5) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-25 10:37:16 -04:00
dependabot[bot]	4000a84624	chore(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to 5.8.0 (#1951 ) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.7.0 to 5.8.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.7.0...v5.8.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-24 11:28:54 -04:00
dependabot[bot]	3f5c601620	chore(deps): bump github.com/gookit/color from 1.5.3 to 1.5.4 (#1949 ) Bumps [github.com/gookit/color](https://github.com/gookit/color) from 1.5.3 to 1.5.4. - [Release notes](https://github.com/gookit/color/releases) - [Commits](https://github.com/gookit/color/compare/v1.5.3...v1.5.4) --- updated-dependencies: - dependency-name: github.com/gookit/color dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-21 08:50:47 -04:00
Dan Luhring	8478e0bef7	Add support for parsing .NET assemblies (#1943 ) * Add support for parsing .NET assemblies Signed-off-by: Dan Luhring <dluhring@chainguard.dev> Former-commit-id: 69c33fe4d77357d843c11590f3b07825bc6249ac * Add dll and exe files Signed-off-by: Dan Luhring <dluhring@chainguard.dev> Former-commit-id: b9d204efa6d2ef385b5fbb7a59a3474ecabea641 * Add PE cataloger to directory catalogers Signed-off-by: Dan Luhring <dluhring@chainguard.dev> Former-commit-id: 9711c00d9da92e2887e0c1f92edd740ea5345849 * Don't set language to dotnet for PEs Signed-off-by: Dan Luhring <dluhring@chainguard.dev> Former-commit-id: 368313fddac9160d8a06a01ebe8c5ac7990232f5 * Fix spelling of cataloger in constructor Signed-off-by: Dan Luhring <dluhring@chainguard.dev> Former-commit-id: e42fd77b2f8b6d42e076a84f6cce386861260941 * Adjust which cases in PE parsing return errors Signed-off-by: Dan Luhring <dluhring@chainguard.dev> Former-commit-id: 95b25f8fc3a7d4e18fe30e489b09851f316795ff * remove build binary from branch Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Former-commit-id: fa54c0d0aef0998d5520e9f44cae51f5f9cd38a2 * Fix failing CLI tests Signed-off-by: Dan Luhring <dluhring@chainguard.dev> --------- Signed-off-by: Dan Luhring <dluhring@chainguard.dev> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-07-19 15:34:07 -04:00
Alex Goodman	35699f6fdc	remove jotframe UI (#1932 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-07-13 13:21:52 -04:00
Christopher Angelo Phillips	2e7fd031d4	fix: remove indirect dependency of circl v1.1.0 (#1940 ) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-07-13 12:30:37 -04:00
Alex Goodman	4fc17edd14	implement ui handle waiter (#1930 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-07-12 13:14:54 -04:00
dependabot[bot]	05a61897f2	chore(deps): bump modernc.org/sqlite from 1.23.1 to 1.24.0 (#1928 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.23.1 to 1.24.0. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.23.1...v1.24.0) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-11 14:01:48 -04:00
dependabot[bot]	8ce88e11fd	chore(deps): bump golang.org/x/net from 0.11.0 to 0.12.0 (#1916 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.11.0 to 0.12.0. - [Commits](https://github.com/golang/net/compare/v0.11.0...v0.12.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-06 16:02:44 -04:00
Alex Goodman	f8b832e6c3	Switch UI to bubbletea (#1888 ) * add bubbletea UI Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * swap pipeline to go 1.20.x and add attest guard for cosign binary Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update note in developing.md about the required golang version Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix merge conflict for windows path handling Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * temp test for attest handler Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add addtional test iterations for background reader Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-07-06 09:00:46 -04:00
dependabot[bot]	e8f7108e6e	chore(deps): bump golang.org/x/mod from 0.11.0 to 0.12.0 (#1912 ) Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.11.0 to 0.12.0. - [Commits](https://github.com/golang/mod/compare/v0.11.0...v0.12.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-05 11:06:05 -04:00
dependabot[bot]	023ca1be32	chore(deps): bump golang.org/x/term from 0.9.0 to 0.10.0 (#1913 ) Bumps [golang.org/x/term](https://github.com/golang/term) from 0.9.0 to 0.10.0. - [Commits](https://github.com/golang/term/compare/v0.9.0...v0.10.0) --- updated-dependencies: - dependency-name: golang.org/x/term dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-05 11:05:46 -04:00
anchore-actions-token-generator[bot]	791d1f9552	chore(deps): update stereoscope to cd49355d934e9e09339e0b690398afe7bd9f63f1 (#1903 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-06-28 12:05:12 -04:00
anchore-actions-token-generator[bot]	0d4f19043e	chore(deps): update stereoscope to 8c7173ebcf69187d480d4d8b0c6cafaa7aef7024 (#1890 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-06-26 13:58:44 -04:00
dependabot[bot]	badb957888	chore(deps): bump golang.org/x/mod from 0.10.0 to 0.11.0 (#1878 ) Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.10.0 to 0.11.0. - [Commits](https://github.com/golang/mod/compare/v0.10.0...v0.11.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-15 14:10:11 -04:00
dependabot[bot]	a1bba36d51	chore(deps): bump modernc.org/sqlite from 1.23.0 to 1.23.1 (#1874 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.23.0 to 1.23.1. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.23.0...v1.23.1) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-14 11:45:39 -04:00
anchore-actions-token-generator[bot]	c019cd51da	chore(deps): update stereoscope to 5b5049bf4d3a99df9a2b1c31d5d52ddff7b5cec2 (#1871 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-06-14 11:29:39 -04:00
dependabot[bot]	5406d8a366	chore(deps): bump golang.org/x/net from 0.10.0 to 0.11.0 (#1876 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.11.0. - [Commits](https://github.com/golang/net/compare/v0.10.0...v0.11.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-14 10:30:19 -04:00
dependabot[bot]	2c5d64ac9e	chore(deps): bump github.com/spdx/tools-golang from 0.5.1 to 0.5.2 (#1868 ) Bumps [github.com/spdx/tools-golang](https://github.com/spdx/tools-golang) from 0.5.1 to 0.5.2. - [Release notes](https://github.com/spdx/tools-golang/releases) - [Changelog](https://github.com/spdx/tools-golang/blob/main/RELEASE-NOTES.md) - [Commits](https://github.com/spdx/tools-golang/compare/v0.5.1...v0.5.2) --- updated-dependencies: - dependency-name: github.com/spdx/tools-golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-08 17:01:19 -04:00
dependabot[bot]	c560ffd811	chore(deps): bump github.com/spdx/tools-golang from 0.5.0 to 0.5.1 (#1850 ) * chore(deps): bump github.com/spdx/tools-golang from 0.5.0 to 0.5.1 Bumps [github.com/spdx/tools-golang](https://github.com/spdx/tools-golang) from 0.5.0 to 0.5.1. - [Release notes](https://github.com/spdx/tools-golang/releases) - [Changelog](https://github.com/spdx/tools-golang/blob/main/RELEASE-NOTES.md) - [Commits](https://github.com/spdx/tools-golang/compare/v0.5.0...v0.5.1) --- updated-dependencies: - dependency-name: github.com/spdx/tools-golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore: update fixtures for spdx with new library changes Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-06-05 15:01:06 -04:00
dependabot[bot]	d676e5e781	chore(deps): bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 (#1862 ) Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.2 to 1.9.3. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](https://github.com/sirupsen/logrus/compare/v1.9.2...v1.9.3) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-05 10:48:18 -04:00
dependabot[bot]	903d29b6f7	chore(deps): bump modernc.org/sqlite from 1.22.1 to 1.23.0 (#1863 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.22.1 to 1.23.0. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.22.1...v1.23.0) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-05 10:47:59 -04:00
dependabot[bot]	1bd9de9047	chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 (#1851 ) Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.15.0 to 1.16.0. - [Release notes](https://github.com/spf13/viper/releases) - [Commits](https://github.com/spf13/viper/compare/v1.15.0...v1.16.0) --- updated-dependencies: - dependency-name: github.com/spf13/viper dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-01 08:35:14 -04:00
dependabot[bot]	5842fc2a64	chore(deps): bump github.com/stretchr/testify from 1.8.3 to 1.8.4 (#1852 ) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.3 to 1.8.4. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.3...v1.8.4) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-30 13:48:54 -04:00
dependabot[bot]	f0307fdd62	chore(deps): bump github.com/docker/docker (#1849 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.1+incompatible to 24.0.2+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v24.0.1...v24.0.2) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-26 16:08:20 -04:00
Alex Goodman	74013d7da7	Add test to ensure package metadata is represented in the JSON schema (#1841 ) * [wip] try to reflect metadata types... probably wont work Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * refactor to add unit test to ensure there is coverage in the schema Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * [wip] generate metadata container Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add generation of metadata container struct for JSON schema generation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update linter script to account for code generation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2023-05-25 13:26:56 -04:00
dependabot[bot]	4bf17a94b9	chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#1843 ) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-24 11:40:11 -04:00
anchore-actions-token-generator[bot]	798af57853	chore(deps): update stereoscope to e14bc4437b2eac481c5b6f101890b22df4f33596 (#1834 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-05-23 10:18:39 -04:00
dependabot[bot]	f50302b2ba	chore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#1829 ) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.2 to 1.8.3. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.2...v1.8.3) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-22 14:01:17 -04:00
dependabot[bot]	b09cf6c6b5	chore(deps): bump github.com/docker/docker (#1833 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.0+incompatible to 24.0.1+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v24.0.0...v24.0.1) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-22 13:07:24 -04:00
Alex Goodman	334a775cb9	Keep original FileInfo persisted on file.Metadata structs (#1794 ) * pull in fileinfo changes from stereoscope #172 Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix CLI test assumption about the docker daemon Signed-off-by: Alex Goodman <alex.goodman@anchore.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: <>	2023-05-19 14:21:10 +00:00
dependabot[bot]	f1b6f38ea8	chore(deps): bump github.com/sirupsen/logrus from 1.9.1 to 1.9.2 (#1827 ) Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.1 to 1.9.2. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](https://github.com/sirupsen/logrus/compare/v1.9.1...v1.9.2) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-19 09:01:05 -04:00
dependabot[bot]	f6f8332b7f	chore(deps): bump github.com/google/go-containerregistry (#1823 ) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.15.1 to 0.15.2. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.15.1...v0.15.2) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-17 14:34:27 -04:00
dependabot[bot]	74351567ab	chore(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.1 (#1822 ) Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.0 to 1.9.1. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](https://github.com/sirupsen/logrus/compare/v1.9.0...v1.9.1) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-17 14:33:48 -04:00
dependabot[bot]	51d4c9b4ab	chore(deps): bump github.com/docker/docker (#1824 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.6+incompatible to 24.0.0+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v23.0.6...v24.0.0) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-17 14:33:30 -04:00
Christopher Angelo Phillips	42fa9e4965	feat: update syft license concept to complex struct (#1743 ) this PR makes the following changes to update the underlying license model to have more expressive capabilities it also provides some guarantee's surrounding the license values themselves - Licenses are updated from string -> pkg.LicenseSet which contain pkg.License with the following fields: - original `Value` read by syft - If it's possible to construct licenses will always have a valid SPDX expression for downstream consumption - the above is run against a generated list of SPDX license ID to try and find the correct ID - SPDX concluded vs declared is added to the new struct - URL source for license is added to the new struct - Location source is added to the new struct to show where the expression was pulled from	2023-05-15 16:23:39 -04:00
William Murphy	e925d9d4a5	feat: warn if parsing newer SBOM (#1810 ) If syft is asked to parse an SBOM that was written by a newer version of syft, emit a warning, since the current version of syft doesn't know about fields that may be added in the future. Signed-off-by: Will Murphy <will.murphy@anchore.com>	2023-05-11 08:55:27 -04:00
dependabot[bot]	ef08d0fa39	chore(deps): bump golang.org/x/net from 0.9.0 to 0.10.0 (#1802 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.9.0 to 0.10.0. - [Commits](https://github.com/golang/net/compare/v0.9.0...v0.10.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-09 11:59:39 -04:00
dependabot[bot]	75d625b697	chore(deps): bump github.com/docker/docker (#1795 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.5+incompatible to 23.0.6+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v23.0.5...v23.0.6) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-08 12:45:50 -04:00
dependabot[bot]	88ba8b78fc	chore(deps): bump github.com/google/go-containerregistry (#1796 ) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.14.0 to 0.15.1. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.14.0...v0.15.1) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-08 12:45:30 -04:00
dependabot[bot]	e31839a370	chore(deps): bump golang.org/x/term from 0.7.0 to 0.8.0 (#1787 )	2023-05-05 18:56:40 +00:00
dependabot[bot]	dd458a2b33	chore(deps): bump github.com/docker/docker (#1767 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.4+incompatible to 23.0.5+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v23.0.4...v23.0.5) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-02 16:43:16 -04:00
dependabot[bot]	10c3cc27e8	chore(deps): bump modernc.org/sqlite from 1.22.0 to 1.22.1 (#1768 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.22.0 to 1.22.1. - [Release notes](https://gitlab.com/cznic/sqlite/tags) - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.22.0...v1.22.1) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-27 11:58:59 -04:00
dependabot[bot]	02bd52728e	chore(deps): bump modernc.org/sqlite from 1.21.2 to 1.22.0 (#1758 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.21.2 to 1.22.0. - [Release notes](https://gitlab.com/cznic/sqlite/tags) - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.21.2...v1.22.0) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-26 10:37:49 -04:00
Christopher Angelo Phillips	c038f13d44	chore: go-rpmdb update (#1757 ) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2023-04-24 10:34:13 -04:00
dependabot[bot]	8102ad4edc	chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.1-0.20221222100750-41a1ac565cce to 0.7.1 (#1706 )	2023-04-24 10:20:12 -04:00
Weston Steimel	ee80349ea0	chore: bump stereoscope to latest version (#1741 ) Resolves reporting of GHSA-hw7c-3rfg-p46j Signed-off-by: Weston Steimel <weston.steimel@anchore.com>	2023-04-18 15:44:03 +00:00
dependabot[bot]	66d9c5637b	chore(deps): bump github.com/docker/docker (#1746 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.3+incompatible to 23.0.4+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v23.0.3...v23.0.4) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-18 10:22:41 -04:00
Avi Deitcher	b69259534d	feat: Support scanning license files in golang packages over the network (#1630 ) Signed-off-by: Avi Deitcher <avi@deitcher.net> Signed-off-by: Keith Zantow <kzantow@gmail.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Keith Zantow <kzantow@gmail.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2023-04-14 15:13:29 -04:00
Avi Deitcher	cc731c7b19	Add Linux Kernel cataloger (#1694 ) * add kernel handler Signed-off-by: Avi Deitcher <avi@deitcher.net> * [wip] combine kernel and kernel module cataloging Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * [wip] combine kernel and kernel module cataloging Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Avi Deitcher <avi@deitcher.net> * rename Kernel package to LinuxKernel package Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * split kernel and module packages within cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * wire up application configuration with kernel cataloger options Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * dont use references for packages on relationships Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting and tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * kernel cataloger should be resistent to partial failure Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * log upon kernel module metadata missing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add tests for linux kernel cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update integration tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update cli package test counts Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add evidence annotations for kernel packages Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * reduce noise in cli test output Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * missed cli test to reduce noise for Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix package counts Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update docs with linux kernel cataloging refs Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump json schema with new metadata fields Signed-off-by: Alex Goodman <alex.goodman@anchore.com> --------- Signed-off-by: Avi Deitcher <avi@deitcher.net> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: <> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2023-04-14 14:33:36 -04:00
dependabot[bot]	a260fb2774	chore(deps): bump golang.org/x/net from 0.8.0 to 0.9.0 (#1722 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.8.0 to 0.9.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](https://github.com/golang/net/compare/v0.8.0...v0.9.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-07 15:58:21 -04:00
anchore-actions-token-generator[bot]	f83cae35f2	chore(deps): update stereoscope to e95d60a265e384df29b7a139f5c5402d6ad72e06 (#1721 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-04-07 08:48:17 -04:00
dependabot[bot]	da44db92e9	chore(deps): bump github.com/docker/docker (#1715 )	2023-04-06 13:44:51 +00:00
dependabot[bot]	4a499c946e	chore(deps): bump golang.org/x/mod from 0.9.0 to 0.10.0 (#1713 )	2023-04-06 13:44:41 +00:00
dependabot[bot]	99c28a94a4	chore(deps): bump golang.org/x/term from 0.6.0 to 0.7.0 (#1714 )	2023-04-06 13:36:16 +00:00
dependabot[bot]	f7ac4e98af	chore(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0 (#1716 ) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.6.1 to 1.7.0. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.6.1...v1.7.0) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-06 09:34:59 -04:00
Keith Zantow	7845381331	chore: update tools-golang to v0.5.0 (#1717 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-04-05 13:59:52 -04:00
dependabot[bot]	2fa238af7c	chore(deps): bump github.com/docker/docker (#1699 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.1+incompatible to 23.0.2+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v23.0.1...v23.0.2) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-29 10:00:37 -04:00
anchore-actions-token-generator[bot]	81b87dd108	chore(deps): update stereoscope to d7551b7f46f53179922d6229709d3d1602881080 (#1693 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>	2023-03-23 16:30:08 +00:00
dependabot[bot]	539bc2afcb	chore(deps): bump github.com/vbatts/go-mtree from 0.5.2 to 0.5.3 (#1692 ) Bumps [github.com/vbatts/go-mtree](https://github.com/vbatts/go-mtree) from 0.5.2 to 0.5.3. - [Release notes](https://github.com/vbatts/go-mtree/releases) - [Changelog](https://github.com/vbatts/go-mtree/blob/main/releases.md) - [Commits](https://github.com/vbatts/go-mtree/compare/v0.5.2...v0.5.3) --- updated-dependencies: - dependency-name: github.com/vbatts/go-mtree dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-23 11:09:32 -04:00
Avi Deitcher	9fd532246a	feat: scan local go mod cache for licenses of golang packages (#1645 ) Signed-off-by: Avi Deitcher <avi@deitcher.net> Co-authored-by: Keith Zantow <kzantow@gmail.com>	2023-03-23 10:38:15 -04:00
dependabot[bot]	168c5aed51	chore(deps): bump github.com/gookit/color from 1.5.2 to 1.5.3 (#1689 )	2023-03-22 14:26:58 -04:00
anchore-actions-token-generator[bot]	7998520848	chore: Update Stereoscope to 7928713c391e20abaede6a029f4ce37b628a4c8b (#1681 )	2023-03-18 10:32:39 -04:00
dependabot[bot]	1899eb50d0	chore(deps): bump github.com/google/go-containerregistry (#1672 ) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.13.0 to 0.14.0. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.13.0...v0.14.0) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-16 12:07:47 -04:00
dependabot[bot]	f43953d225	chore(deps): bump golang.org/x/mod from 0.8.0 to 0.9.0 (#1655 )	2023-03-06 15:49:34 +00:00
dependabot[bot]	eea1b48cbb	chore(deps): bump golang.org/x/net from 0.7.0 to 0.8.0 (#1653 )	2023-03-06 15:38:34 +00:00
dependabot[bot]	a063cf300b	chore(deps): bump github.com/spf13/afero from 1.9.4 to 1.9.5 (#1654 )	2023-03-06 15:21:35 +00:00
dependabot[bot]	b73903519c	chore(deps): bump golang.org/x/term from 0.5.0 to 0.6.0 (#1656 )	2023-03-06 15:20:43 +00:00
Keith Zantow	5f90d03718	fix: possible race condition (#1639 )	2023-03-01 15:35:01 -05:00
dependabot[bot]	d23b4d4cbd	chore(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.2 (#1625 ) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.1 to 1.8.2. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.1...v1.8.2) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-27 13:14:20 -05:00
dependabot[bot]	284bae9d5f	chore(deps): bump github.com/spf13/afero from 1.9.3 to 1.9.4 (#1609 ) Bumps [github.com/spf13/afero](https://github.com/spf13/afero) from 1.9.3 to 1.9.4. - [Release notes](https://github.com/spf13/afero/releases) - [Commits](https://github.com/spf13/afero/compare/v1.9.3...v1.9.4) --- updated-dependencies: - dependency-name: github.com/spf13/afero dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-24 15:07:52 -05:00
anchore-actions-token-generator[bot]	aa151da5fe	Update Stereoscope to fab1c9638abc2c21cd53dca1f205f37d71148ee0 (#1604 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>	2023-02-22 19:08:35 +00:00
anchore-actions-token-generator[bot]	bb52a25c8a	Update Stereoscope to 529924d6d5aa6c708cceffc651883b6e1e27f5df (#1602 ) Signed-off-by: GitHub <noreply@github.com>	2023-02-22 08:49:04 +00:00
anchore-actions-token-generator[bot]	2642a36161	Update Stereoscope to 4b5ebf8c7f4b81ca79c4c3f0af1d0723eab87d42 (#1576 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>	2023-02-16 10:22:43 -05:00
dependabot[bot]	1981b249f1	chore(deps): bump golang.org/x/net from 0.6.0 to 0.7.0 (#1574 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.6.0 to 0.7.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](https://github.com/golang/net/compare/v0.6.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-15 12:54:55 -05:00
dependabot[bot]	3013c8b691	chore(deps): bump github.com/docker/docker (#1563 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.0+incompatible to 23.0.1+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v23.0.0...v23.0.1) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-10 10:43:19 -05:00
Alex Goodman	988041ba6d	Speed up cataloging by replacing globs searching with index lookups (#1510 ) * replace raw globs with index equivelent operations Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add cataloger test for alpm cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix import sorting for binary cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting for mock resolver Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * separate portage cataloger parser impl from cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * enhance cataloger pkgtest utils to account for resolver responses Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for alpm cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for apkdb cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for dpkg cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for cpp cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for dart cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for dotnet cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for elixir cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for erlang cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for golang cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for haskell cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for java cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for javascript cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for php cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for portage cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for python cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for rpm cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for rust cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for sbom cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for swift cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * allow generic catloger to run all mimetype searches at once Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove stutter from php and javascript cataloger constructors Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump stereoscope Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add tests for generic.Search Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add exceptions for java archive git ignore entries Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * enhance basename and extension resolver methods to be variadic Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * dont allow * prefix on extension searches Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for ruby cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove unnecessary string casting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * incorporate surfacing of leaf link resolitions from stereoscope results Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * [wip] switch to stereoscope file metadata Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * [wip + failing] revert to old globs but keep new resolvers Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * index files, links, and dirs within the directory resolver Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix several resolver bugs and inconsistencies Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * move format testutils to internal package Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update syft json to account for file type string normalization Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * split up directory resolver from indexing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update docs to include details about searching Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * [wip] bump stereoscope to development version Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * adjust symlinks fixture to be fixed to digest Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix all-locations resolver tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix test fixture reference Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rename file.Type Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump stereoscope Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix PR comment to exclude extra * Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump to dev version of stereoscope Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump to final version of stereoscope Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * move observing resolver to pkgtest Signed-off-by: Alex Goodman <alex.goodman@anchore.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2023-02-09 16:19:47 +00:00

1 2 3 4 5 ...

439 commits