mirror of
https://github.com/anchore/syft
synced 2024-11-10 06:14:16 +00:00
58100fec9f
* chore(deps): update tools to latest versions Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore: disable gosec(G115) A change to the rule gosec(G115) made a large amount of FP for gosec appear when updating to the latest golang-ci linter. https://github.com/securego/gosec/issues/1185 https://github.com/securego/gosec/pull/1149 We're going to ignore this rule for the time being while waiting for gosec to get updates so that bound checking and example snippets of `valid` code is added for this rule Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
133 lines
2.7 KiB
YAML
133 lines
2.7 KiB
YAML
tools:
|
|
# we want to use a pinned version of binny to manage the toolchain (so binny manages itself!)
|
|
- name: binny
|
|
version:
|
|
want: v0.8.0
|
|
method: github-release
|
|
with:
|
|
repo: anchore/binny
|
|
|
|
# used to produce SBOMs during release
|
|
- name: syft
|
|
version:
|
|
want: latest
|
|
method: github-release
|
|
with:
|
|
repo: anchore/syft
|
|
|
|
# used to sign mac binaries at release
|
|
- name: quill
|
|
version:
|
|
want: v0.4.2
|
|
method: github-release
|
|
with:
|
|
repo: anchore/quill
|
|
|
|
# used for linting
|
|
- name: golangci-lint
|
|
version:
|
|
want: v1.61.0
|
|
method: github-release
|
|
with:
|
|
repo: golangci/golangci-lint
|
|
|
|
# used for showing the changelog at release
|
|
- name: glow
|
|
version:
|
|
want: v2.0.0
|
|
method: github-release
|
|
with:
|
|
repo: charmbracelet/glow
|
|
|
|
# used for signing the checksums file at release
|
|
- name: cosign
|
|
version:
|
|
want: v2.4.0
|
|
method: github-release
|
|
with:
|
|
repo: sigstore/cosign
|
|
|
|
# used in integration tests to verify JSON schemas
|
|
- name: yajsv
|
|
version:
|
|
want: v1.4.1
|
|
method: github-release
|
|
with:
|
|
repo: neilpa/yajsv
|
|
|
|
# used to release all artifacts
|
|
- name: goreleaser
|
|
version:
|
|
want: v2.3.0
|
|
method: github-release
|
|
with:
|
|
repo: goreleaser/goreleaser
|
|
|
|
# used for organizing imports during static analysis
|
|
- name: gosimports
|
|
version:
|
|
want: v0.3.8
|
|
method: github-release
|
|
with:
|
|
repo: rinchsan/gosimports
|
|
|
|
# used at release to generate the changelog
|
|
- name: chronicle
|
|
version:
|
|
want: v0.8.0
|
|
method: github-release
|
|
with:
|
|
repo: anchore/chronicle
|
|
|
|
# used during static analysis for license compliance
|
|
- name: bouncer
|
|
version:
|
|
want: v0.4.0
|
|
method: github-release
|
|
with:
|
|
repo: wagoodman/go-bouncer
|
|
|
|
# used for showing benchmark testing
|
|
- name: benchstat
|
|
version:
|
|
want: latest
|
|
method: go-proxy
|
|
with:
|
|
module: golang.org/x/perf
|
|
allow-unresolved-version: true
|
|
method: go-install
|
|
with:
|
|
entrypoint: cmd/benchstat
|
|
module: golang.org/x/perf
|
|
|
|
# used for running all local and CI tasks
|
|
- name: task
|
|
version:
|
|
want: v3.39.0
|
|
method: github-release
|
|
with:
|
|
repo: go-task/task
|
|
|
|
# used for triggering a release
|
|
- name: gh
|
|
version:
|
|
want: v2.56.0
|
|
method: github-release
|
|
with:
|
|
repo: cli/cli
|
|
|
|
# used to upload test fixture cache
|
|
- name: oras
|
|
version:
|
|
want: v1.2.0
|
|
method: github-release
|
|
with:
|
|
repo: oras-project/oras
|
|
|
|
# used to upload test fixture cache
|
|
- name: yq
|
|
version:
|
|
want: v4.44.3
|
|
method: github-release
|
|
with:
|
|
repo: mikefarah/yq
|