Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sync: deps: update dependency anchore/syft to v1.14.1 #76

Open
wants to merge 284 commits into
base: redhat-latest
Choose a base branch
from
Open

sync: deps: update dependency anchore/syft to v1.14.1 #76

wants to merge 284 commits into from
+43,692 −540,768
This pull request is big! We’re only showing the most recent 250 commits.

Commits on Jun 12, 2024

  1. fix: separate golang license caches from mod dir (#2852) 

    Signed-off-by: Keith Zantow <[email protected]>
    @kzantow
    kzantow authored Jun 12, 2024
    Configuration menu
    Copy the full SHA
    ca0cc52 View commit details
    Browse the repository at this point in the history

Commits on Jun 13, 2024

  1. chore(deps): bump github/codeql-action from 3.25.8 to 3.25.9 (#2956) 

    Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.8 to 3.25.9.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@2e230e8...530d4fe)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jun 13, 2024
    Configuration menu
    Copy the full SHA
    9beaec2 View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 (#2955) 

    Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.6 to 4.1.7.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@a5ac7e5...692973e)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jun 13, 2024
    Configuration menu
    Copy the full SHA
    273e31e View commit details
    Browse the repository at this point in the history

Commits on Jun 14, 2024

  1. fix(golang): improve version extraction from ldflags for pingcap TiDB… 

    … (#2962)

* fix(golang): improve version extraction from ldflags for pingcap TiDB

Signed-off-by: Weston Steimel <[email protected]>

* loosen ld flag parsing requirements

Signed-off-by: Alex Goodman <[email protected]>

---------

Signed-off-by: Weston Steimel <[email protected]>
Signed-off-by: Alex Goodman <[email protected]>
Co-authored-by: Alex Goodman <[email protected]>
    @westonsteimel @wagoodman
    westonsteimel and wagoodman authored Jun 14, 2024
    Configuration menu
    Copy the full SHA
    749ccc5 View commit details
    Browse the repository at this point in the history

  2. feat: index known CPEs for wordpress plugins and themes (#2963) 

    Signed-off-by: Weston Steimel <[email protected]>
    @westonsteimel
    westonsteimel authored Jun 14, 2024
    Configuration menu
    Copy the full SHA
    d5cd5f6 View commit details
    Browse the repository at this point in the history

  3. chore(deps): bump github/codeql-action from 3.25.9 to 3.25.10 (#2964) 

    Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.9 to 3.25.10.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@530d4fe...23acc5c)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jun 14, 2024
    Configuration menu
    Copy the full SHA
    784b17f View commit details
    Browse the repository at this point in the history

  4. chore(deps): update tools to latest versions (#2961) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <[email protected]>
    @anchore-actions-token-generator @spiffcs
    anchore-actions-token-generator[bot] and spiffcs authored Jun 14, 2024
    Configuration menu
    Copy the full SHA
    70098e2 View commit details
    Browse the repository at this point in the history

  5. fix: make caching options more explicit (#2966) 

    Signed-off-by: Keith Zantow <[email protected]>
    @kzantow
    kzantow authored Jun 14, 2024
    Configuration menu
    Copy the full SHA
    af3aaa0 View commit details
    Browse the repository at this point in the history

  6. fix: fix parsing for complex toml types (#2965) 

    * fix: fix parsing for complex toml types
---------
Signed-off-by: Christopher Phillips <[email protected]>
Signed-off-by: Alex Goodman <[email protected]>
Co-authored-by: Alex Goodman <[email protected]>
    @spiffcs
    spiffcs authored Jun 14, 2024
    Configuration menu
    Copy the full SHA
    22d5731 View commit details
    Browse the repository at this point in the history

Commits on Jun 17, 2024

  1. chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#2972) 

    Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](spf13/cobra@v1.8.0...v1.8.1)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jun 17, 2024
    Configuration menu
    Copy the full SHA
    ed3774a View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump github.com/google/go-containerregistry (#2971) 

    Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.19.1 to 0.19.2.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](google/go-containerregistry@v0.19.1...v0.19.2)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jun 17, 2024
    Configuration menu
    Copy the full SHA
    5061b90 View commit details
    Browse the repository at this point in the history

Commits on Jun 18, 2024

  1. chore(deps): bump github.com/github/go-spdx/v2 from 2.2.0 to 2.3.1 (#… 

    …2973)

Bumps [github.com/github/go-spdx/v2](https://github.com/github/go-spdx) from 2.2.0 to 2.3.1.
- [Release notes](https://github.com/github/go-spdx/releases)
- [Commits](github/go-spdx@v2.2.0...v2.3.1)

---
updated-dependencies:
- dependency-name: github.com/github/go-spdx/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jun 18, 2024
    Configuration menu
    Copy the full SHA
    750d37f View commit details
    Browse the repository at this point in the history

Commits on Jun 19, 2024

  1. chore: enable dependabot to keep boostrap action updated (#2976) 

    Signed-off-by: Weston Steimel <[email protected]>
    @westonsteimel
    westonsteimel authored Jun 19, 2024
    Configuration menu
    Copy the full SHA
    246df97 View commit details
    Browse the repository at this point in the history

Commits on Jun 20, 2024

  1. fix: detection of arangodb 3.12 (#2979) 

    Signed-off-by: Laurent Goderre <[email protected]>
    @LaurentGoderre
    LaurentGoderre authored Jun 20, 2024
    Configuration menu
    Copy the full SHA
    7a35de0 View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump peter-evans/create-pull-request from 6.0.5 to 6.1.0… 

    … (#2975)
    @dependabot
    dependabot[bot] authored Jun 20, 2024
    Configuration menu
    Copy the full SHA
    e947779 View commit details
    Browse the repository at this point in the history

Commits on Jun 21, 2024

  1. chore(deps): bump github.com/charmbracelet/bubbletea (#2982) 

    Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea) from 0.26.4 to 0.26.5.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases)
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/master/.goreleaser.yml)
- [Commits](charmbracelet/bubbletea@v0.26.4...v0.26.5)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jun 21, 2024
    Configuration menu
    Copy the full SHA
    9b17817 View commit details
    Browse the repository at this point in the history

  2. feat: update syft to generate cyclone-dx 1.6 by default (#2978) 

    - Resolves #2974
- add detailed instructions re: updating schemas (a necessary task
  when a new CycloneDX spec version becomes available).
- The DefaultVersion constant has been updated to "1.6" -- it's not
  clear to me how this is used at this time (it may be redundant given
  other code), but effectively unless a specific spec version is
  configured, `syft` will emit the "most recent" spec version available
  for cyclonedx. Users who wish to pin back to a "older" specVersion
  (e.g. to preserve compatibilty with utilities that have not yet bumped
  to latest) can either set this in a syft config file or pass a
  name@spec_version pair to the output flag (e.g. `-o
  [email protected]=some-1.5-spec-bom.cdx.json`)
- Regenerate relevant .golden files (there seems to be a way to do this
  via flags, but I couldn't quite figure out the right set to pass
  correctly, esp. since (as a relative go novice) I found it difficult
  to run just a single test file. I ended up "brute-forcing it" by
  changing the *updateSnapshot val to "true" and running it in Goland.
  A brief comment giving an example of regenerating fixtures usage would
  be helpful.

Signed-off-by: Rajan Agaskar <[email protected]>
    @ragaskar
    ragaskar authored Jun 21, 2024
    Configuration menu
    Copy the full SHA
    ae06830 View commit details
    Browse the repository at this point in the history

  3. docs: update cyclone-dx documentation (#2983) 

    * chore: update docs to show 1.6 for cyclone-dx by default
* chore: update README showing version information for formats

---------

Signed-off-by: Christopher Phillips <[email protected]>
    @spiffcs
    spiffcs authored Jun 21, 2024
    Configuration menu
    Copy the full SHA
    f5a917a View commit details
    Browse the repository at this point in the history

Commits on Jun 24, 2024

  1. fix: handle errors reading go licenses (#2985) 

    Signed-off-by: Keith Zantow <[email protected]>
    @kzantow
    kzantow authored Jun 24, 2024
    Configuration menu
    Copy the full SHA
    bd1c1d2 View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump github.com/go-test/deep from 1.1.0 to 1.1.1 (#2988) 

    Bumps [github.com/go-test/deep](https://github.com/go-test/deep) from 1.1.0 to 1.1.1.
- [Release notes](https://github.com/go-test/deep/releases)
- [Changelog](https://github.com/go-test/deep/blob/master/CHANGES.md)
- [Commits](go-test/deep@v1.1.0...v1.1.1)

---
updated-dependencies:
- dependency-name: github.com/go-test/deep
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jun 24, 2024
    Configuration menu
    Copy the full SHA
    863891f View commit details
    Browse the repository at this point in the history

  3. chore(deps): update CPE dictionary index (#2986) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <[email protected]>
    @anchore-actions-token-generator @wagoodman
    anchore-actions-token-generator[bot] and wagoodman authored Jun 24, 2024
    Configuration menu
    Copy the full SHA
    1eae933 View commit details
    Browse the repository at this point in the history

Commits on Jun 25, 2024

  1. chore(deps): bump github.com/charmbracelet/bubbletea (#2995) 

    Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea) from 0.26.5 to 0.26.6.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases)
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/master/.goreleaser.yml)
- [Commits](charmbracelet/bubbletea@v0.26.5...v0.26.6)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jun 25, 2024
    Configuration menu
    Copy the full SHA
    0dce678 View commit details
    Browse the repository at this point in the history

  2. chore(deps): update stereoscope to 753b5576fe42bc007b22108ad7911d1729… 

    …957a46 (#2992)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <[email protected]>
    @anchore-actions-token-generator @kzantow
    anchore-actions-token-generator[bot] and kzantow authored Jun 25, 2024
    Configuration menu
    Copy the full SHA
    580c09b View commit details
    Browse the repository at this point in the history

  3. chore(deps): update tools to latest versions (#2991) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <[email protected]>
    @anchore-actions-token-generator @spiffcs
    anchore-actions-token-generator[bot] and spiffcs authored Jun 25, 2024
    Configuration menu
    Copy the full SHA
    7da1589 View commit details
    Browse the repository at this point in the history

  4. Add detection of Erlang in Alpine linux (#2996) 

    Signed-off-by: Laurent Goderre <[email protected]>
    @LaurentGoderre
    LaurentGoderre authored Jun 25, 2024
    Configuration menu
    Copy the full SHA
    ceced5e View commit details
    Browse the repository at this point in the history

  5. chore(deps): bump github.com/docker/docker (#2994) 

    Bumps [github.com/docker/docker](https://github.com/docker/docker) from 26.1.4+incompatible to 27.0.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](moby/moby@v26.1.4...v27.0.1)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jun 25, 2024
    Configuration menu
    Copy the full SHA
    c8b449c View commit details
    Browse the repository at this point in the history

Commits on Jun 26, 2024

  1. chore(deps): bump github.com/spdx/tools-golang from 0.5.4 to 0.5.5 (#… 

    …2999)
    @dependabot
    dependabot[bot] authored Jun 26, 2024
    Configuration menu
    Copy the full SHA
    4d48adf View commit details
    Browse the repository at this point in the history

Commits on Jul 1, 2024

  1. feat: version 3 support for swift package manager of the resolved fil… 

    …es (#3001)

Signed-off-by: Danielle Featherstone <[email protected]>
    @4ell0
    4ell0 authored Jul 1, 2024
    Configuration menu
    Copy the full SHA
    5283c46 View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump github.com/saferwall/pe from 1.5.3 to 1.5.4 (#3005)

    @dependabot
    dependabot[bot] authored Jul 1, 2024
    Configuration menu
    Copy the full SHA
    875669b View commit details
    Browse the repository at this point in the history

  3. chore(deps): bump github/codeql-action from 3.25.10 to 3.25.11 (#3004)

    @dependabot
    dependabot[bot] authored Jul 1, 2024
    Configuration menu
    Copy the full SHA
    a876aac View commit details
    Browse the repository at this point in the history

  4. chore(deps): bump github.com/docker/docker (#3006)

    @dependabot
    dependabot[bot] authored Jul 1, 2024
    Configuration menu
    Copy the full SHA
    43e5b1b View commit details
    Browse the repository at this point in the history

  5. chore(deps): update CPE dictionary index (#3002)

    @anchore-actions-token-generator
    anchore-actions-token-generator[bot] authored Jul 1, 2024
    Configuration menu
    Copy the full SHA
    7f3ca65 View commit details
    Browse the repository at this point in the history

Commits on Jul 2, 2024

  1. chore(deps): update tools to latest versions (#3003)

    @anchore-actions-token-generator
    anchore-actions-token-generator[bot] authored Jul 2, 2024
    Configuration menu
    Copy the full SHA
    c816039 View commit details
    Browse the repository at this point in the history

  2. Infer the package type from ELF package notes (#3008) 

    * fix ELF package types to be honored

Signed-off-by: Alex Goodman <[email protected]>

* prefer OS packages over binary packages when there are duplicates

Signed-off-by: Alex Goodman <[email protected]>

---------

Signed-off-by: Alex Goodman <[email protected]>
    @wagoodman
    wagoodman authored Jul 2, 2024
    Configuration menu
    Copy the full SHA
    573440b View commit details
    Browse the repository at this point in the history

Commits on Jul 8, 2024

  1. chore(deps): update CPE dictionary index (#3016)

    @anchore-actions-token-generator
    anchore-actions-token-generator[bot] authored Jul 8, 2024
    Configuration menu
    Copy the full SHA
    04c861b View commit details
    Browse the repository at this point in the history

Commits on Jul 9, 2024

  1. chore(deps): bump github.com/adrg/xdg from 0.4.0 to 0.5.0 (#3020) 

    Bumps [github.com/adrg/xdg](https://github.com/adrg/xdg) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/adrg/xdg/releases)
- [Commits](adrg/xdg@v0.4.0...v0.5.0)

---
updated-dependencies:
- dependency-name: github.com/adrg/xdg
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jul 9, 2024
    Configuration menu
    Copy the full SHA
    6dda9ed View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump github.com/google/go-containerregistry (#3019) 

    Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.19.2 to 0.20.0.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](google/go-containerregistry@v0.19.2...v0.20.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jul 9, 2024
    Configuration menu
    Copy the full SHA
    b8dce67 View commit details
    Browse the repository at this point in the history

  3. chore(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4 (#3017) 

    Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.3 to 4.3.4.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@6546280...0b2256b)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jul 9, 2024
    Configuration menu
    Copy the full SHA
    7dc1b1c View commit details
    Browse the repository at this point in the history

  4. chore(deps): bump golang.org/x/mod from 0.18.0 to 0.19.0 (#3014) 

    Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.18.0 to 0.19.0.
- [Commits](golang/mod@v0.18.0...v0.19.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jul 9, 2024
    Configuration menu
    Copy the full SHA
    13d01ec View commit details
    Browse the repository at this point in the history

  5. chore(deps): bump golang.org/x/net from 0.26.0 to 0.27.0 (#3015) 

    Bumps [golang.org/x/net](https://github.com/golang/net) from 0.26.0 to 0.27.0.
- [Commits](golang/net@v0.26.0...v0.27.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jul 9, 2024
    Configuration menu
    Copy the full SHA
    b2f9904 View commit details
    Browse the repository at this point in the history

  6. chore(deps): update stereoscope to e46739e217969fa67cbe8834b64bb165a1… 

    …0a1548 (#3013)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <[email protected]>
    @anchore-actions-token-generator @kzantow
    anchore-actions-token-generator[bot] and kzantow authored Jul 9, 2024
    Configuration menu
    Copy the full SHA
    de3313c View commit details
    Browse the repository at this point in the history

  7. Map the downloadLocation field for PHP Composer packages (#3011) 

    Signed-off-by: Laurent Goderre <[email protected]>
    @LaurentGoderre
    LaurentGoderre authored Jul 9, 2024
    Configuration menu
    Copy the full SHA
    b101f44 View commit details
    Browse the repository at this point in the history

  8. fix: stabilize cpe sorting during collection sort (#3009)

    @spiffcs
    spiffcs authored Jul 9, 2024
    Configuration menu
    Copy the full SHA
    f7ffcc5 View commit details
    Browse the repository at this point in the history

Commits on Jul 11, 2024

  1. chore(deps): bump github.com/charmbracelet/lipgloss (#3028) 

    Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.11.0 to 0.11.1.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases)
- [Changelog](https://github.com/charmbracelet/lipgloss/blob/master/.goreleaser.yml)
- [Commits](charmbracelet/lipgloss@v0.11.0...v0.11.1)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jul 11, 2024
    Configuration menu
    Copy the full SHA
    863793a View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump actions/setup-go from 5.0.1 to 5.0.2 (#3027) 

    Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.0.1 to 5.0.2.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@cdcb360...0a12ed9)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jul 11, 2024
    Configuration menu
    Copy the full SHA
    4e09908 View commit details
    Browse the repository at this point in the history

  3. chore(deps): update stereoscope to 27b66b76fc6686fcf6bde656aa09e1f0e0… 

    …47fec1 (#3026)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <[email protected]>
    @anchore-actions-token-generator @kzantow
    anchore-actions-token-generator[bot] and kzantow authored Jul 11, 2024
    Configuration menu
    Copy the full SHA
    e2fe955 View commit details
    Browse the repository at this point in the history

  4. chore(deps): bump anchore/sbom-action from 0.16.0 to 0.16.1 (#3023) 

    Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.16.0 to 0.16.1.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](anchore/sbom-action@e8d2a69...95b086a)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jul 11, 2024
    Configuration menu
    Copy the full SHA
    37245a2 View commit details
    Browse the repository at this point in the history

Commits on Jul 15, 2024

  1. chore: pin fedora image for elf binary test (#3041) 

    Signed-off-by: Keith Zantow <[email protected]>
    @kzantow
    kzantow authored Jul 15, 2024
    Configuration menu
    Copy the full SHA
    278b72d View commit details
    Browse the repository at this point in the history

Commits on Jul 16, 2024

  1. fix: stop panicking on "devel" version go stdlib (#3043) 

    Previously, if a Go binary was cataloged with build info indicating that
the go compiler version used was "deve", syft would panic on a nil
pointer dereference. Instead, skip creating a Go stdlib reference and
relationship for such a package.

Signed-off-by: Will Murphy <[email protected]>
    @willmurphyscode
    willmurphyscode authored Jul 16, 2024
    Configuration menu
    Copy the full SHA
    75902b0 View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump anchore/sbom-action from 0.16.1 to 0.17.0 (#3044) 

    Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.16.1 to 0.17.0.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](anchore/sbom-action@95b086a...d94f46e)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jul 16, 2024
    Configuration menu
    Copy the full SHA
    77c300d View commit details
    Browse the repository at this point in the history

  3. chore(deps): bump github/codeql-action from 3.25.11 to 3.25.12 (#3034) 

    Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.11 to 3.25.12.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@b611370...4fa2a79)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jul 16, 2024
    Configuration menu
    Copy the full SHA
    6bf91a4 View commit details
    Browse the repository at this point in the history

  4. chore(deps): update tools to latest versions (#3031) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <[email protected]>
    @anchore-actions-token-generator @spiffcs
    anchore-actions-token-generator[bot] and spiffcs authored Jul 16, 2024
    Configuration menu
    Copy the full SHA
    d4d4e00 View commit details
    Browse the repository at this point in the history

  5. chore: Fix apache shield in readme (#3021) 

    Signed-off-by: Adam McClenaghan <[email protected]>
    @adammcclenaghan
    adammcclenaghan authored Jul 16, 2024
    Configuration menu
    Copy the full SHA
    d4fa61e View commit details
    Browse the repository at this point in the history

  6. docs: link to contrib/dev docs in readme (#3029) 

    These docs are full of great information so make them easily accessible
from the README so they aren't overlooked.

Signed-off-by: Bradley Jones <[email protected]>
    @bradleyjones
    bradleyjones authored Jul 16, 2024
    Configuration menu
    Copy the full SHA
    4d23990 View commit details
    Browse the repository at this point in the history

Commits on Jul 17, 2024

  1. chore(deps): bump modernc.org/sqlite from 1.30.1 to 1.30.2 (#3039) 

    Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.30.1 to 1.30.2.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.30.1...v1.30.2)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jul 17, 2024
    Configuration menu
    Copy the full SHA
    cca9a06 View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump github.com/moby/sys/mountinfo from 0.7.1 to 0.7.2 (… 

    …#3048)

Bumps [github.com/moby/sys/mountinfo](https://github.com/moby/sys) from 0.7.1 to 0.7.2.
- [Release notes](https://github.com/moby/sys/releases)
- [Commits](moby/sys@signal/v0.7.1...mountinfo/v0.7.2)

---
updated-dependencies:
- dependency-name: github.com/moby/sys/mountinfo
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jul 17, 2024
    Configuration menu
    Copy the full SHA
    276df95 View commit details
    Browse the repository at this point in the history

  3. chore(deps): bump github.com/google/go-containerregistry (#3047) 

    Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.20.0 to 0.20.1.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](google/go-containerregistry@v0.20.0...v0.20.1)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jul 17, 2024
    Configuration menu
    Copy the full SHA
    5d729a5 View commit details
    Browse the repository at this point in the history

  4. fix: include CPEs with Maven groupId as vendor (#3045) 

    Signed-off-by: Keith Zantow <[email protected]>
    @kzantow
    kzantow authored Jul 17, 2024
    Configuration menu
    Copy the full SHA
    ba31c2f View commit details
    Browse the repository at this point in the history

  5. docs: CODE_OF_CONDUCT.md (#3046) 

    This PR adds a code of conduct document to the repo, as agreed at our recent OSS team catch up.

Signed-off-by: Alan Pope <[email protected]>
    @popey
    popey authored Jul 17, 2024
    Configuration menu
    Copy the full SHA
    761a161 View commit details
    Browse the repository at this point in the history

Commits on Jul 18, 2024

  1. chore(deps): update tools to latest versions (#3050) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <[email protected]>
    @anchore-actions-token-generator @spiffcs
    anchore-actions-token-generator[bot] and spiffcs authored Jul 18, 2024
    Configuration menu
    Copy the full SHA
    69031b0 View commit details
    Browse the repository at this point in the history

  2. chore(deps): update stereoscope to 487b11e5ba2622d976acda10c605da63b4… 

    …fbbb0a (#3032)

* chore(deps): update stereoscope to 487b11e5ba2622d976acda10c605da63b4fbbb0a

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* chore: allow unlicense

Signed-off-by: Christopher Phillips <[email protected]>

---------

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Christopher Phillips <[email protected]>
Co-authored-by: kzantow <[email protected]>
Co-authored-by: Christopher Phillips <[email protected]>
    @anchore-actions-token-generator @kzantow @spiffcs
    3 people authored Jul 18, 2024
    Configuration menu
    Copy the full SHA
    034a98f View commit details
    Browse the repository at this point in the history

Commits on Jul 22, 2024

  1. chore(deps): bump github/codeql-action from 3.25.12 to 3.25.13 (#3059) 

    Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.12 to 3.25.13.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@4fa2a79...2d79040)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jul 22, 2024
    Configuration menu
    Copy the full SHA
    b263b1e View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump docker/login-action from 3.2.0 to 3.3.0 (#3058) 

    Bumps [docker/login-action](https://github.com/docker/login-action) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@0d4c9c5...9780b0c)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jul 22, 2024
    Configuration menu
    Copy the full SHA
    0c53a08 View commit details
    Browse the repository at this point in the history

  3. chore(deps): bump modernc.org/sqlite from 1.30.2 to 1.31.1 (#3057) 

    Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.30.2 to 1.31.1.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.30.2...v1.31.1)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jul 22, 2024
    Configuration menu
    Copy the full SHA
    d0a7d4c View commit details
    Browse the repository at this point in the history

  4. chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.4 to 0.5.5… 

    … (#3056)

Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.5.4 to 0.5.5.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](gkampitakis/go-snaps@v0.5.4...v0.5.5)

---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jul 22, 2024
    Configuration menu
    Copy the full SHA
    536611f View commit details
    Browse the repository at this point in the history

  5. chore(deps): bump github.com/docker/docker (#3055) 

    Bumps [github.com/docker/docker](https://github.com/docker/docker) from 27.0.3+incompatible to 27.1.0+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](moby/moby@v27.0.3...v27.1.0)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jul 22, 2024
    Configuration menu
    Copy the full SHA
    aead40e View commit details
    Browse the repository at this point in the history

  6. chore(deps): update CPE dictionary index (#3035) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <[email protected]>
    @anchore-actions-token-generator @wagoodman
    anchore-actions-token-generator[bot] and wagoodman authored Jul 22, 2024
    Configuration menu
    Copy the full SHA
    bfe6f52 View commit details
    Browse the repository at this point in the history

  7. chore: add debug logging for errors reading RPM files (#3051) 

    Signed-off-by: Keith Zantow <[email protected]>
    @kzantow
    kzantow authored Jul 22, 2024
    Configuration menu
    Copy the full SHA
    125c787 View commit details
    Browse the repository at this point in the history

  8. chore(deps): bump github.com/charmbracelet/lipgloss from 0.11.1 to 0.… 

    …12.1 (#3040)

* chore(deps): bump github.com/charmbracelet/lipgloss

Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.11.1 to 0.12.1.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases)
- [Changelog](https://github.com/charmbracelet/lipgloss/blob/master/.goreleaser.yml)
- [Commits](charmbracelet/lipgloss@v0.11.1...v0.12.1)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* chore: pin fedora linux/amd64 to sha

Signed-off-by: Christopher Phillips <[email protected]>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Christopher Phillips <[email protected]>
Signed-off-by: Christopher Angelo Phillips <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Christopher Phillips <[email protected]>
    @dependabot @spiffcs
    dependabot[bot] and spiffcs authored Jul 22, 2024
    Configuration menu
    Copy the full SHA
    fe7c5a7 View commit details
    Browse the repository at this point in the history

Commits on Jul 23, 2024

  1. chore(deps): update tools to latest versions (#3061) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <[email protected]>
    @anchore-actions-token-generator @spiffcs
    anchore-actions-token-generator[bot] and spiffcs authored Jul 23, 2024
    Configuration menu
    Copy the full SHA
    ca945d1 View commit details
    Browse the repository at this point in the history

Commits on Jul 24, 2024

  1. better go mod detection from partial package builds (#3060) 

    Signed-off-by: Alex Goodman <[email protected]>
    @wagoodman
    wagoodman authored Jul 24, 2024
    Configuration menu
    Copy the full SHA
    9573f55 View commit details
    Browse the repository at this point in the history

  2. fix: SPDX output performance with many relationships (#3053)

    @kzantow
    kzantow authored Jul 24, 2024
    Configuration menu
    Copy the full SHA
    741c8fb View commit details
    Browse the repository at this point in the history

Commits on Jul 25, 2024

  1. chore(deps): bump github/codeql-action from 3.25.13 to 3.25.14 (#3072) 

    Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.13 to 3.25.14.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@2d79040...5cf07d8)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jul 25, 2024
    Configuration menu
    Copy the full SHA
    3917989 View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump github.com/docker/docker (#3066) 

    Bumps [github.com/docker/docker](https://github.com/docker/docker) from 27.1.0+incompatible to 27.1.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](moby/moby@v27.1.0...v27.1.1)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jul 25, 2024
    Configuration menu
    Copy the full SHA
    68b96ae View commit details
    Browse the repository at this point in the history

  3. python-cataloger: normalize package names (#3069) 

    Signed-off-by: mikcl <[email protected]>
    @Mikcl
    Mikcl authored Jul 25, 2024
    Configuration menu
    Copy the full SHA
    36f95d6 View commit details
    Browse the repository at this point in the history

  4. python cataloger: allow dots in python package names (#3070) 

    Signed-off-by: mikcl <[email protected]>
    @Mikcl
    Mikcl authored Jul 25, 2024
    Configuration menu
    Copy the full SHA
    b3848f7 View commit details
    Browse the repository at this point in the history

  5. Only match ldflag version if it matches the main module or targets ma… 

    …in.version (#3062)

Signed-off-by: Laurent Goderre <[email protected]>
    @LaurentGoderre
    LaurentGoderre authored Jul 25, 2024
    Configuration menu
    Copy the full SHA
    4882d2e View commit details
    Browse the repository at this point in the history

  6. python-cataloger: fix normalization test (#3073) 

    Signed-off-by: mikcl <[email protected]>
    @Mikcl
    Mikcl authored Jul 25, 2024
    Configuration menu
    Copy the full SHA
    1cd75b7 View commit details
    Browse the repository at this point in the history

Commits on Jul 29, 2024

  1. fix: traefik classifier (#3077) 

    Signed-off-by: witchcraze <[email protected]>
    @witchcraze
    witchcraze authored Jul 29, 2024
    Configuration menu
    Copy the full SHA
    490e05a View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump github/codeql-action from 3.25.14 to 3.25.15 (#3083) 

    Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.14 to 3.25.15.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@5cf07d8...afb54ba)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jul 29, 2024
    Configuration menu
    Copy the full SHA
    8dd7c9c View commit details
    Browse the repository at this point in the history

  3. chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.5 to 0.5.6… 

    … (#3082)

Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.5.5 to 0.5.6.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](gkampitakis/go-snaps@v0.5.5...v0.5.6)

---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jul 29, 2024
    Configuration menu
    Copy the full SHA
    a35e410 View commit details
    Browse the repository at this point in the history

  4. chore(deps): update CPE dictionary index (#3079) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <[email protected]>
    @anchore-actions-token-generator @wagoodman
    anchore-actions-token-generator[bot] and wagoodman authored Jul 29, 2024
    Configuration menu
    Copy the full SHA
    a2042e6 View commit details
    Browse the repository at this point in the history

  5. chore(deps): update stereoscope to 50ce3be7aa1fb8829234ae648215e79071… 

    …96bfa5 (#3075)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <[email protected]>
    @anchore-actions-token-generator @kzantow
    anchore-actions-token-generator[bot] and kzantow authored Jul 29, 2024
    Configuration menu
    Copy the full SHA
    06526e2 View commit details
    Browse the repository at this point in the history

Commits on Jul 30, 2024

  1. fix: improve determinism in java archive identification (#3085) 

    Signed-off-by: Keith Zantow <[email protected]>
    @kzantow
    kzantow authored Jul 30, 2024
    Configuration menu
    Copy the full SHA
    a4b5dcd View commit details
    Browse the repository at this point in the history

Commits on Jul 31, 2024

  1. Added the SWI Prolog (swipl) ecosystem (#3076) 

    * Add binary classifier for swipl

Signed-off-by: Laurent Goderre <[email protected]>

* Added cataloger for SWI Prolog Pack packages

Signed-off-by: Laurent Goderre <[email protected]>

---------

Signed-off-by: Laurent Goderre <[email protected]>
    @LaurentGoderre
    LaurentGoderre authored Jul 31, 2024
    Configuration menu
    Copy the full SHA
    92d63df View commit details
    Browse the repository at this point in the history

Commits on Aug 1, 2024

  1. chore: update release script to use gh from binny (#3084) 

    Signed-off-by: Keith Zantow <[email protected]>
    @kzantow
    kzantow authored Aug 1, 2024
    Configuration menu
    Copy the full SHA
    05a10e8 View commit details
    Browse the repository at this point in the history

  2. fix: update mainModuleVersion function to always prefix v to findin… 

    …gs (#3087)

* chore: basic fix
Signed-off-by: Christopher Phillips <[email protected]>
* test: make sure ldflags are prefixed with v
---------
Signed-off-by: Christopher Phillips <[email protected]>
    @spiffcs
    spiffcs authored Aug 1, 2024
    Configuration menu
    Copy the full SHA
    c84cb2c View commit details
    Browse the repository at this point in the history

  3. fix: update 'guessMainPackageNameAndVersionFromPomInfo' and 'artifact… 

    …IDMatchesFilename' (#3054)

- Correct retrieval of package name when main POM file exists
- Address issue where wrong package name was retrieved for certain jars
- Example case: 'jansi' jar containing multiple jars like 'jansi-win32'
- Ensure true is returned when filename matches the artifact ID, prevent random retrieval by checking prefix and suffix
- Use fallback check with suffix and prefix if no POM properties file matches the exact artifact name

Signed-off-by: dor-hayun <[email protected]>
Co-authored-by: dor-hayun <[email protected]>
    @dor-hayun
    dor-hayun and dor-hayun authored Aug 1, 2024
    Configuration menu
    Copy the full SHA
    48f1e97 View commit details
    Browse the repository at this point in the history

Commits on Aug 2, 2024

  1. chore(deps): update tools to latest versions (#3091) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <[email protected]>
    @anchore-actions-token-generator @spiffcs
    anchore-actions-token-generator[bot] and spiffcs authored Aug 2, 2024
    Configuration menu
    Copy the full SHA
    623532e View commit details
    Browse the repository at this point in the history

Commits on Aug 3, 2024

  1. fix: use organization for package supplier when reading Java vendor f… 

    …ields (#3093)

Signed-off-by: Harippriya Sivapatham <[email protected]>
    @harippriyas
    harippriyas authored Aug 3, 2024
    Configuration menu
    Copy the full SHA
    cc15edc View commit details
    Browse the repository at this point in the history

Commits on Aug 5, 2024

  1. feat: improved java maven property resolution (#2769) 

    Signed-off-by: Gijs Calis <[email protected]>
Signed-off-by: Keith Zantow <[email protected]>
Co-authored-by: Keith Zantow <[email protected]>
    @GijsCalis @kzantow
    GijsCalis and kzantow authored Aug 5, 2024
    Configuration menu
    Copy the full SHA
    9d40d11 View commit details
    Browse the repository at this point in the history

Commits on Aug 6, 2024

  1. chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.6 to 0.5.7… 

    … (#3097)

Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.5.6 to 0.5.7.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](gkampitakis/go-snaps@v0.5.6...v0.5.7)

---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Aug 6, 2024
    Configuration menu
    Copy the full SHA
    703330a View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump golang.org/x/mod from 0.19.0 to 0.20.0 (#3096) 

    Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.19.0 to 0.20.0.
- [Commits](golang/mod@v0.19.0...v0.20.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Aug 6, 2024
    Configuration menu
    Copy the full SHA
    0f9df80 View commit details
    Browse the repository at this point in the history

  3. chore(deps): update CPE dictionary index (#3094) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <[email protected]>
    @anchore-actions-token-generator @wagoodman
    anchore-actions-token-generator[bot] and wagoodman authored Aug 6, 2024
    Configuration menu
    Copy the full SHA
    214a049 View commit details
    Browse the repository at this point in the history

  4. chore(deps): bump actions/upload-artifact from 4.3.4 to 4.3.5 (#3095) 

    Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.4 to 4.3.5.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@0b2256b...89ef406)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Aug 6, 2024
    Configuration menu
    Copy the full SHA
    dcd87d1 View commit details
    Browse the repository at this point in the history

Commits on Aug 7, 2024

  1. chore(deps): bump golang.org/x/net from 0.27.0 to 0.28.0 (#3104) 

    Bumps [golang.org/x/net](https://github.com/golang/net) from 0.27.0 to 0.28.0.
- [Commits](golang/net@v0.27.0...v0.28.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Aug 7, 2024
    Configuration menu
    Copy the full SHA
    040b683 View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump github.com/google/go-containerregistry (#3103) 

    Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.20.1 to 0.20.2.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](google/go-containerregistry@v0.20.1...v0.20.2)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Aug 7, 2024
    Configuration menu
    Copy the full SHA
    47d192d View commit details
    Browse the repository at this point in the history

  3. chore(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 (#3102) 

    Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.5 to 4.3.6.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@89ef406...834a144)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Aug 7, 2024
    Configuration menu
    Copy the full SHA
    9031592 View commit details
    Browse the repository at this point in the history

  4. chore(deps): bump github/codeql-action from 3.25.15 to 3.26.0 (#3101) 

    Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.15 to 3.26.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@afb54ba...eb055d7)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Aug 7, 2024
    Configuration menu
    Copy the full SHA
    2339743 View commit details
    Browse the repository at this point in the history

  5. chore(deps): update tools to latest versions (#3099) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <[email protected]>
    @anchore-actions-token-generator @spiffcs
    anchore-actions-token-generator[bot] and spiffcs authored Aug 7, 2024
    Configuration menu
    Copy the full SHA
    1fb47d9 View commit details
    Browse the repository at this point in the history

Commits on Aug 8, 2024

  1. chore(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0 (#3107) 

    Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.5.0 to 3.6.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](sigstore/cosign-installer@v3.5.0...v3.6.0)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Aug 8, 2024
    Configuration menu
    Copy the full SHA
    6267d69 View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump modernc.org/sqlite from 1.31.1 to 1.32.0 (#3106) 

    Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.31.1 to 1.32.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.31.1...v1.32.0)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Aug 8, 2024
    Configuration menu
    Copy the full SHA
    64a9ecb View commit details
    Browse the repository at this point in the history

Commits on Aug 9, 2024

  1. test: increase java purl generation test coverage (#3110) 

    ensures correct package url generation for more java packages now that
syft has more deterministic results per anchore/syft#3085

Signed-off-by: Weston Steimel <[email protected]>
    @westonsteimel
    westonsteimel authored Aug 9, 2024
    Configuration menu
    Copy the full SHA
    19cc664 View commit details
    Browse the repository at this point in the history

Commits on Aug 12, 2024

  1. update-slack-to-discourse (#3111) 

    Signed-off-by: Alan Pope <[email protected]>
    @popey
    popey authored Aug 12, 2024
    Configuration menu
    Copy the full SHA
    49d4e32 View commit details
    Browse the repository at this point in the history

  2. chore: fix failing python relationship test (#3117) 

    Signed-off-by: Keith Zantow <[email protected]>
    @kzantow
    kzantow authored Aug 12, 2024
    Configuration menu
    Copy the full SHA
    cf85450 View commit details
    Browse the repository at this point in the history

  3. chore: fix some comments (#3114) 

    Signed-off-by: luozexuan <[email protected]>
    @luozexuan
    luozexuan authored Aug 12, 2024
    Configuration menu
    Copy the full SHA
    c19cf62 View commit details
    Browse the repository at this point in the history

  4. support .kar files (#3113) 

    * add kar

Signed-off-by: tomersein <[email protected]>
    @tomersein
    tomersein authored Aug 12, 2024
    Configuration menu
    Copy the full SHA
    91cf066 View commit details
    Browse the repository at this point in the history

  5. chore(deps): update CPE dictionary index (#3116) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <[email protected]>
Co-authored-by: Christopher Phillips <[email protected]>
    @anchore-actions-token-generator @wagoodman @spiffcs
    3 people authored Aug 12, 2024
    Configuration menu
    Copy the full SHA
    d2b33f1 View commit details
    Browse the repository at this point in the history

  6. fix: improve groupid extraction for Jenkins plugins (#2815) 

    * fix: improve groupid extraction for Jenkins plugins

Consider the `Group-Id` java manifest property as this is typically set
for Jenkins plugins if there is no pom file

Signed-off-by: Weston Steimel <[email protected]>

* test: update java purl integration test image

Signed-off-by: Weston Steimel <[email protected]>

---------

Signed-off-by: Weston Steimel <[email protected]>
    @westonsteimel
    westonsteimel authored Aug 12, 2024
    Configuration menu
    Copy the full SHA
    df1e5b5 View commit details
    Browse the repository at this point in the history

  7. fix: read CycloneDX BOM components from metadata (#3092) 

    Signed-off-by: dervoeti <[email protected]>
    @dervoeti
    dervoeti authored Aug 12, 2024
    Configuration menu
    Copy the full SHA
    3161e18 View commit details
    Browse the repository at this point in the history

Commits on Aug 13, 2024

  1. fix: add nil check to CycloneDX toBomProperties (#3119) 

    Signed-off-by: Lucas Rodriguez <[email protected]>
    @lucasrod16
    lucasrod16 authored Aug 13, 2024
    Configuration menu
    Copy the full SHA
    cd3b828 View commit details
    Browse the repository at this point in the history

Commits on Aug 15, 2024

  1. chore(deps): bump github/codeql-action from 3.26.0 to 3.26.2 (#3129) 

    Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.0 to 3.26.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@eb055d7...429e197)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Aug 15, 2024
    Configuration menu
    Copy the full SHA
    a447884 View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump anchore/sbom-action from 0.17.0 to 0.17.1 (#3124) 

    Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.17.0 to 0.17.1.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](anchore/sbom-action@d94f46e...ab9d16d)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Aug 15, 2024
    Configuration menu
    Copy the full SHA
    965000d View commit details
    Browse the repository at this point in the history

  3. chore(deps): bump github.com/docker/docker (#3123) 

    Bumps [github.com/docker/docker](https://github.com/docker/docker) from 27.1.1+incompatible to 27.1.2+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](moby/moby@v27.1.1...v27.1.2)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Aug 15, 2024
    Configuration menu
    Copy the full SHA
    4ff60ee View commit details
    Browse the repository at this point in the history

Commits on Aug 16, 2024

  1. chore(deps): update tools to latest versions (#3121) 

    * chore(deps): update tools to latest versions

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* chore: update code to reflect new linter settings for error messages

Signed-off-by: Christopher Phillips <[email protected]>

---------

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Christopher Phillips <[email protected]>
Co-authored-by: spiffcs <[email protected]>
    @anchore-actions-token-generator @spiffcs
    anchore-actions-token-generator[bot] and spiffcs authored Aug 16, 2024
    Configuration menu
    Copy the full SHA
    4b7ae0e View commit details
    Browse the repository at this point in the history

Commits on Aug 19, 2024

  1. chore(deps): bump github.com/charmbracelet/bubbletea (#3137) 

    Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea) from 0.26.6 to 0.27.0.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases)
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/master/.goreleaser.yml)
- [Commits](charmbracelet/bubbletea@v0.26.6...v0.27.0)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Aug 19, 2024
    Configuration menu
    Copy the full SHA
    360983f View commit details
    Browse the repository at this point in the history

  2. chore(deps): update CPE dictionary index (#3135) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <[email protected]>
    @anchore-actions-token-generator @wagoodman
    anchore-actions-token-generator[bot] and wagoodman authored Aug 19, 2024
    Configuration menu
    Copy the full SHA
    511cc9c View commit details
    Browse the repository at this point in the history

Commits on Aug 20, 2024

  1. fix: logging for remote network calls (#3140) 

    Signed-off-by: Keith Zantow <[email protected]>
    @kzantow
    kzantow authored Aug 20, 2024
    Configuration menu
    Copy the full SHA
    95b4a88 View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump github/codeql-action from 3.26.2 to 3.26.3 (#3139) 

    Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.2 to 3.26.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@429e197...883d858)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Aug 20, 2024
    Configuration menu
    Copy the full SHA
    f786233 View commit details
    Browse the repository at this point in the history

Commits on Aug 21, 2024

  1. fix: mysql 8.0.3x binary detection (#3142) 

    Signed-off-by: Keith Zantow <[email protected]>
    @kzantow
    kzantow authored Aug 21, 2024
    Configuration menu
    Copy the full SHA
    73b9d5a View commit details
    Browse the repository at this point in the history

Commits on Aug 22, 2024

  1. chore(deps): bump github.com/anchore/stereoscope (#3153) 

    Bumps [github.com/anchore/stereoscope](https://github.com/anchore/stereoscope) from 0.0.3-0.20240725180315-50ce3be7aa1f to 0.0.3.
- [Release notes](https://github.com/anchore/stereoscope/releases)
- [Changelog](https://github.com/anchore/stereoscope/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/anchore/stereoscope/commits/v0.0.3)

---
updated-dependencies:
- dependency-name: github.com/anchore/stereoscope
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Aug 22, 2024
    Configuration menu
    Copy the full SHA
    bd80eea View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump github.com/charmbracelet/lipgloss (#3147) 

    Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.12.1 to 0.13.0.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases)
- [Changelog](https://github.com/charmbracelet/lipgloss/blob/master/.goreleaser.yml)
- [Commits](charmbracelet/lipgloss@v0.12.1...v0.13.0)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Aug 22, 2024
    Configuration menu
    Copy the full SHA
    78d48b4 View commit details
    Browse the repository at this point in the history

  3. chore(deps): bump github.com/charmbracelet/bubbles from 0.18.0 to 0.1… 

    …9.0 (#3148)

Bumps [github.com/charmbracelet/bubbles](https://github.com/charmbracelet/bubbles) from 0.18.0 to 0.19.0.
- [Release notes](https://github.com/charmbracelet/bubbles/releases)
- [Changelog](https://github.com/charmbracelet/bubbles/blob/master/.goreleaser.yml)
- [Commits](charmbracelet/bubbles@v0.18.0...v0.19.0)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbles
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Aug 22, 2024
    Configuration menu
    Copy the full SHA
    ac97724 View commit details
    Browse the repository at this point in the history

  4. chore(deps): update stereoscope to e6d086e8bef5fab4fcfbd60c9a759c4cb2… 

    …29decf (#3152)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <[email protected]>
    @anchore-actions-token-generator @kzantow
    anchore-actions-token-generator[bot] and kzantow authored Aug 22, 2024
    Configuration menu
    Copy the full SHA
    691f34c View commit details
    Browse the repository at this point in the history

  5. chore(deps): bump github/codeql-action from 3.26.3 to 3.26.4 (#3154) 

    Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.3 to 3.26.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@883d858...f0f3afe)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Aug 22, 2024
    Configuration menu
    Copy the full SHA
    6f02308 View commit details
    Browse the repository at this point in the history

  6. chore(deps): bump anchore/sbom-action from 0.17.1 to 0.17.2 (#3155) 

    Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.17.1 to 0.17.2.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](anchore/sbom-action@ab9d16d...61119d4)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Aug 22, 2024
    Configuration menu
    Copy the full SHA
    9ab3de1 View commit details
    Browse the repository at this point in the history

Commits on Aug 23, 2024

  1. feat: detect curl binaries (#3146)

    @krysgor
    krysgor authored Aug 23, 2024
    Configuration menu
    Copy the full SHA
    cff9d49 View commit details
    Browse the repository at this point in the history

  2. chore(deps): update tools to latest versions (#3144)

    @anchore-actions-token-generator
    anchore-actions-token-generator[bot] authored Aug 23, 2024
    Configuration menu
    Copy the full SHA
    dad2537 View commit details
    Browse the repository at this point in the history

Commits on Aug 26, 2024

  1. fix ELF package correlations (#3151)

    @wagoodman
    wagoodman authored Aug 26, 2024
    Configuration menu
    Copy the full SHA
    b6b5c8e View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump github/codeql-action from 3.26.4 to 3.26.5 (#3162) 

    Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.4 to 3.26.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@f0f3afe...2c779ab)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Aug 26, 2024
    Configuration menu
    Copy the full SHA
    6549ec9 View commit details
    Browse the repository at this point in the history

  3. chore(deps): update CPE dictionary index (#3161) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <[email protected]>
    @anchore-actions-token-generator @wagoodman
    anchore-actions-token-generator[bot] and wagoodman authored Aug 26, 2024
    Configuration menu
    Copy the full SHA
    0cd6185 View commit details
    Browse the repository at this point in the history

  4. chore(deps): update tools to latest versions (#3160) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <[email protected]>
    @anchore-actions-token-generator @spiffcs
    anchore-actions-token-generator[bot] and spiffcs authored Aug 26, 2024
    Configuration menu
    Copy the full SHA
    cf9bb13 View commit details
    Browse the repository at this point in the history

Commits on Aug 27, 2024

  1. fix: use official CPE for curl binary cataloger (#3164) 

    The official CPE for curl is `cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*`

Signed-off-by: Weston Steimel <[email protected]>
    @westonsteimel
    westonsteimel authored Aug 27, 2024
    Configuration menu
    Copy the full SHA
    99be365 View commit details
    Browse the repository at this point in the history

  2. set cataloger names within package cataloger task (#3165) 

    Signed-off-by: Alex Goodman <[email protected]>
    @wagoodman
    wagoodman authored Aug 27, 2024
    Configuration menu
    Copy the full SHA
    4ee6c17 View commit details
    Browse the repository at this point in the history

  3. respond to authoratative CPEs from catalogers (#3166) 

    Signed-off-by: Alex Goodman <[email protected]>
    @wagoodman
    wagoodman authored Aug 27, 2024
    Configuration menu
    Copy the full SHA
    e9a8c27 View commit details
    Browse the repository at this point in the history

  4. fix: improve known CPEs and set NVD as source for all current binary … 

    …classifiers (#3167)

Signed-off-by: Weston Steimel <[email protected]>
    @westonsteimel
    westonsteimel authored Aug 27, 2024
    Configuration menu
    Copy the full SHA
    5ab43ba View commit details
    Browse the repository at this point in the history

Commits on Aug 28, 2024

  1. fix: add log time of task (#3105) 

    Signed-off-by: tomersein <[email protected]>
    @tomersein
    tomersein authored Aug 28, 2024
    Configuration menu
    Copy the full SHA
    04e3371 View commit details
    Browse the repository at this point in the history

  2. fix: improve generated cpes for binaries with existing classifiers (#… 

    …3169)

The existing syft binary classifiers already specify any known CPEs for
the defined binary; however, sometimes these end up getting suppressed
(such as when there are ELF notes extracted) and the CPE generator ends
up being used instead.  This adds enough detail to at least ensure the
correct ones get appended to the generation list for the currently
covered classifiers.

Signed-off-by: Weston Steimel <[email protected]>
    @westonsteimel
    westonsteimel authored Aug 28, 2024
    Configuration menu
    Copy the full SHA
    2c25f81 View commit details
    Browse the repository at this point in the history

  3. fix: cycles resolving relative path parent poms with parent-defined v… 

    …ariables (#3170)

Signed-off-by: Keith Zantow <[email protected]>
    @kzantow
    kzantow authored Aug 28, 2024
    Configuration menu
    Copy the full SHA
    11d77b4 View commit details
    Browse the repository at this point in the history

Commits on Aug 29, 2024

  1. chore(deps): bump github/codeql-action from 3.26.5 to 3.26.6 (#3173)

    @dependabot
    dependabot[bot] authored Aug 29, 2024
    Configuration menu
    Copy the full SHA
    19d2735 View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump github.com/charmbracelet/bubbletea (#3171)

    @dependabot
    dependabot[bot] authored Aug 29, 2024
    Configuration menu
    Copy the full SHA
    3499d92 View commit details
    Browse the repository at this point in the history

  3. chore(deps): bump github.com/docker/docker (#3168)

    @dependabot
    dependabot[bot] authored Aug 29, 2024
    Configuration menu
    Copy the full SHA
    731fc77 View commit details
    Browse the repository at this point in the history

  4. fix: properly decode SPDX license expressions in CycloneDX format (#3… 

    …175)

Signed-off-by: Mikail Kocak <[email protected]>
    @NyanKiyoshi
    NyanKiyoshi authored Aug 29, 2024
    Configuration menu
    Copy the full SHA
    f2caf45 View commit details
    Browse the repository at this point in the history

Commits on Sep 3, 2024

  1. chore(deps): bump peter-evans/create-pull-request from 6.1.0 to 7.0.0… 

    … (#3187)

Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 6.1.0 to 7.0.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](peter-evans/create-pull-request@c5a7806...4320041)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Sep 3, 2024
    Configuration menu
    Copy the full SHA
    e299a95 View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump actions/upload-artifact from 4.3.6 to 4.4.0 (#3184) 

    Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.6 to 4.4.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@834a144...5076954)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Sep 3, 2024
    Configuration menu
    Copy the full SHA
    8ade391 View commit details
    Browse the repository at this point in the history

  3. chore(deps): update CPE dictionary index (#3183) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <[email protected]>
    @anchore-actions-token-generator @wagoodman
    anchore-actions-token-generator[bot] and wagoodman authored Sep 3, 2024
    Configuration menu
    Copy the full SHA
    8c690d0 View commit details
    Browse the repository at this point in the history

  4. chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.3 to 3.3.0… 

    … (#3177)

Bumps [github.com/Masterminds/sprig/v3](https://github.com/Masterminds/sprig) from 3.2.3 to 3.3.0.
- [Release notes](https://github.com/Masterminds/sprig/releases)
- [Changelog](https://github.com/Masterminds/sprig/blob/master/CHANGELOG.md)
- [Commits](Masterminds/sprig@v3.2.3...v3.3.0)

---
updated-dependencies:
- dependency-name: github.com/Masterminds/sprig/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Sep 3, 2024
    Configuration menu
    Copy the full SHA
    7c96a10 View commit details
    Browse the repository at this point in the history

Commits on Sep 5, 2024

  1. fix: haproxy classifier for versions with -dev suffix (#3180) 

    Signed-off-by: witchcraze <[email protected]>
    @witchcraze
    witchcraze authored Sep 5, 2024
    Configuration menu
    Copy the full SHA
    a343825 View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump golang.org/x/mod from 0.20.0 to 0.21.0 (#3197) 

    Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.20.0 to 0.21.0.
- [Commits](golang/mod@v0.20.0...v0.21.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Sep 5, 2024
    Configuration menu
    Copy the full SHA
    ff0bae6 View commit details
    Browse the repository at this point in the history

  3. chore(deps): bump peter-evans/create-pull-request from 7.0.0 to 7.0.1… 

    … (#3196)

Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7.0.0 to 7.0.1.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](peter-evans/create-pull-request@4320041...8867c4a)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Sep 5, 2024
    Configuration menu
    Copy the full SHA
    deabd41 View commit details
    Browse the repository at this point in the history

Commits on Sep 9, 2024

  1. Slim down docker cache size (#3190) 

    * slim down docker cache size

Signed-off-by: Alex Goodman <[email protected]>

* remove old centos images

Signed-off-by: Alex Goodman <[email protected]>

* troubleshoot test failure

Signed-off-by: Alex Goodman <[email protected]>

* fix wget version ref

Signed-off-by: Alex Goodman <[email protected]>

* refactor caching mechanisms

Signed-off-by: Alex Goodman <[email protected]>

* add cache cleanup steps

Signed-off-by: Alex Goodman <[email protected]>

* simplify deleting cache

Signed-off-by: Alex Goodman <[email protected]>

* fix first clone issue

Signed-off-by: Alex Goodman <[email protected]>

* add tool dep

Signed-off-by: Alex Goodman <[email protected]>

---------

Signed-off-by: Alex Goodman <[email protected]>
    @wagoodman
    wagoodman authored Sep 9, 2024
    Configuration menu
    Copy the full SHA
    0a3f513 View commit details
    Browse the repository at this point in the history

  2. less verbose java logging when non-fatal issues arise (#3208) 

    Signed-off-by: Alex Goodman <[email protected]>
    @wagoodman
    wagoodman authored Sep 9, 2024
    Configuration menu
    Copy the full SHA
    b153b1d View commit details
    Browse the repository at this point in the history

  3. dont cleanup cache in forks (#3214) 

    Signed-off-by: Alex Goodman <[email protected]>
    @wagoodman
    wagoodman authored Sep 9, 2024
    Configuration menu
    Copy the full SHA
    ba7bf6b View commit details
    Browse the repository at this point in the history

  4. chore(deps): bump github.com/dave/jennifer from 1.7.0 to 1.7.1 (#3212) 

    Bumps [github.com/dave/jennifer](https://github.com/dave/jennifer) from 1.7.0 to 1.7.1.
- [Commits](dave/jennifer@v1.7.0...v1.7.1)

---
updated-dependencies:
- dependency-name: github.com/dave/jennifer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Sep 9, 2024
    Configuration menu
    Copy the full SHA
    f735a42 View commit details
    Browse the repository at this point in the history

  5. chore(deps): bump github.com/docker/docker (#3211) 

    Bumps [github.com/docker/docker](https://github.com/docker/docker) from 27.2.0+incompatible to 27.2.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](moby/moby@v27.2.0...v27.2.1)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Sep 9, 2024
    Configuration menu
    Copy the full SHA
    2475f7f View commit details
    Browse the repository at this point in the history

  6. chore(deps): bump modernc.org/sqlite from 1.32.0 to 1.33.0 (#3210) 

    Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.32.0 to 1.33.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.32.0...v1.33.0)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Sep 9, 2024
    Configuration menu
    Copy the full SHA
    16f8984 View commit details
    Browse the repository at this point in the history

  7. chore(deps): bump github.com/charmbracelet/bubbles from 0.19.0 to 0.2… 

    …0.0 (#3209)

Bumps [github.com/charmbracelet/bubbles](https://github.com/charmbracelet/bubbles) from 0.19.0 to 0.20.0.
- [Release notes](https://github.com/charmbracelet/bubbles/releases)
- [Changelog](https://github.com/charmbracelet/bubbles/blob/master/.goreleaser.yml)
- [Commits](charmbracelet/bubbles@v0.19.0...v0.20.0)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbles
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Sep 9, 2024
    Configuration menu
    Copy the full SHA
    dafc6ad View commit details
    Browse the repository at this point in the history

Commits on Sep 10, 2024

  1. Add the Ocaml ecosystem (#3112) 

    Signed-off-by: Laurent Goderre <[email protected]>
    @LaurentGoderre
    LaurentGoderre authored Sep 10, 2024
    Configuration menu
    Copy the full SHA
    9c2799e View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump golang.org/x/net from 0.28.0 to 0.29.0 (#3203) 

    Bumps [golang.org/x/net](https://github.com/golang/net) from 0.28.0 to 0.29.0.
- [Commits](golang/net@v0.28.0...v0.29.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Sep 10, 2024
    Configuration menu
    Copy the full SHA
    98bd4e9 View commit details
    Browse the repository at this point in the history

  3. chore(deps): update CPE dictionary index (#3206) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <[email protected]>
    @anchore-actions-token-generator @wagoodman
    anchore-actions-token-generator[bot] and wagoodman authored Sep 10, 2024
    Configuration menu
    Copy the full SHA
    fce14fd View commit details
    Browse the repository at this point in the history

  4. Add haskell binaries cataloger (#3078) 

    Signed-off-by: Laurent Goderre <[email protected]>
    @LaurentGoderre
    LaurentGoderre authored Sep 10, 2024
    Configuration menu
    Copy the full SHA
    dbc4238 View commit details
    Browse the repository at this point in the history

  5. chore: restore ci-check.sh script (#3218) 

    Signed-off-by: Keith Zantow <[email protected]>
    @kzantow
    kzantow authored Sep 10, 2024
    Configuration menu
    Copy the full SHA
    c33a51d View commit details
    Browse the repository at this point in the history

  6. chore(deps): bump github.com/opencontainers/runc from 1.1.12 to 1.1.1… 

    …4 (#3219)

Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc) from 1.1.12 to 1.1.14.
- [Release notes](https://github.com/opencontainers/runc/releases)
- [Changelog](https://github.com/opencontainers/runc/blob/main/CHANGELOG.md)
- [Commits](opencontainers/runc@v1.1.12...v1.1.14)

---
updated-dependencies:
- dependency-name: github.com/opencontainers/runc
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Sep 10, 2024
    Configuration menu
    Copy the full SHA
    61a9fde View commit details
    Browse the repository at this point in the history

Commits on Sep 11, 2024

  1. chore: make ci-check.sh an executable file (#3220) 

    Signed-off-by: Ryuichi Okumura <[email protected]>
    @okuryu
    okuryu authored Sep 11, 2024
    Configuration menu
    Copy the full SHA
    fcd5ec9 View commit details
    Browse the repository at this point in the history

Commits on Sep 12, 2024

  1. feat: --enrich flag for data enrichment feature enablement (#3182) 

    Signed-off-by: Keith Zantow <[email protected]>
    @kzantow
    kzantow authored Sep 12, 2024
    Configuration menu
    Copy the full SHA
    1b86326 View commit details
    Browse the repository at this point in the history

Commits on Sep 13, 2024

  1. chore(deps): bump modernc.org/sqlite from 1.33.0 to 1.33.1 (#3229) 

    Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.33.0 to 1.33.1.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.33.0...v1.33.1)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Sep 13, 2024
    Configuration menu
    Copy the full SHA
    38e51f1 View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump peter-evans/create-pull-request from 7.0.1 to 7.0.2… 

    … (#3226)

Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7.0.1 to 7.0.2.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](peter-evans/create-pull-request@8867c4a...d121e62)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Sep 13, 2024
    Configuration menu
    Copy the full SHA
    2b4d5c2 View commit details
    Browse the repository at this point in the history

  3. chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.0 to 1.… 

    …1.1 (#3225)

Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea) from 1.1.0 to 1.1.1.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases)
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/main/.goreleaser.yml)
- [Commits](charmbracelet/bubbletea@v1.1.0...v1.1.1)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Sep 13, 2024
    Configuration menu
    Copy the full SHA
    834027e View commit details
    Browse the repository at this point in the history

  4. chore(deps): update tools to latest versions (#3205) 

    * chore(deps): update tools to latest versions

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* chore: disable gosec(G115)

A change to the rule gosec(G115) made a large amount of FP for gosec appear when updating to the
latest golang-ci linter.

securego/gosec#1185
securego/gosec#1149

We're going to ignore this rule for the time being while waiting for gosec to get updates so that
bound checking and example snippets of `valid` code is added for this rule

Signed-off-by: Christopher Phillips <[email protected]>

---------

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Christopher Phillips <[email protected]>
Co-authored-by: spiffcs <[email protected]>
    @anchore-actions-token-generator @spiffcs
    anchore-actions-token-generator[bot] and spiffcs authored Sep 13, 2024
    Configuration menu
    Copy the full SHA
    58100fe View commit details
    Browse the repository at this point in the history

Commits on Sep 16, 2024

  1. chore(deps): update CPE dictionary index (#3232) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <[email protected]>
    @anchore-actions-token-generator @wagoodman
    anchore-actions-token-generator[bot] and wagoodman authored Sep 16, 2024
    Configuration menu
    Copy the full SHA
    41e9630 View commit details
    Browse the repository at this point in the history

  2. chore(deps): update tools to latest versions (#3231) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <[email protected]>
    @anchore-actions-token-generator @spiffcs
    anchore-actions-token-generator[bot] and spiffcs authored Sep 16, 2024
    Configuration menu
    Copy the full SHA
    7b4feb7 View commit details
    Browse the repository at this point in the history

  3. chore(deps): bump peter-evans/create-pull-request from 7.0.2 to 7.0.3… 

    … (#3240)

Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7.0.2 to 7.0.3.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](peter-evans/create-pull-request@d121e62...6cd32fd)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Sep 16, 2024
    Configuration menu
    Copy the full SHA
    9cc3641 View commit details
    Browse the repository at this point in the history

  4. chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7 (#3241) 

    Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.6 to 3.26.7.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@4dd1613...8214744)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Sep 16, 2024
    Configuration menu
    Copy the full SHA
    48c1c45 View commit details
    Browse the repository at this point in the history

  5. chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.0 to 0.9… 

    ….1 (#3242)

Bumps [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go) from 0.9.0 to 0.9.1.
- [Release notes](https://github.com/CycloneDX/cyclonedx-go/releases)
- [Changelog](https://github.com/CycloneDX/cyclonedx-go/blob/master/.goreleaser.yml)
- [Commits](CycloneDX/cyclonedx-go@v0.9.0...v0.9.1)

---
updated-dependencies:
- dependency-name: github.com/CycloneDX/cyclonedx-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Sep 16, 2024
    Configuration menu
    Copy the full SHA
    b9efac4 View commit details
    Browse the repository at this point in the history

Commits on Sep 17, 2024

  1. chore(deps): update tools to latest versions (#3243) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <[email protected]>
    @anchore-actions-token-generator @spiffcs
    anchore-actions-token-generator[bot] and spiffcs authored Sep 17, 2024
    Configuration menu
    Copy the full SHA
    7934696 View commit details
    Browse the repository at this point in the history

Commits on Sep 18, 2024

  1. chore(deps): update tools to latest versions (#3247) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <[email protected]>
    @anchore-actions-token-generator @spiffcs
    anchore-actions-token-generator[bot] and spiffcs authored Sep 18, 2024
    Configuration menu
    Copy the full SHA
    a2f12fe View commit details
    Browse the repository at this point in the history

Commits on Sep 19, 2024

  1. chore(deps): update tools to latest versions (#3251) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <[email protected]>
    @anchore-actions-token-generator @spiffcs
    anchore-actions-token-generator[bot] and spiffcs authored Sep 19, 2024
    Configuration menu
    Copy the full SHA
    50016c3 View commit details
    Browse the repository at this point in the history

  2. fix: capture-snippet.sh can handle leading whitespaces now (#3249) (#… 

    …3250)

Signed-off-by: Gorny Krystian <[email protected]>
Co-authored-by: Gorny Krystian <[email protected]>
    @krysgor
    krysgor and Gorny Krystian authored Sep 19, 2024
    Configuration menu
    Copy the full SHA
    cb0de97 View commit details
    Browse the repository at this point in the history

  3. feat: add binary classifiers for lighttp, proftpd, zstd, xz, gzip, jq… 

    …, and sqlcipher (#3252)

* feat: detect lighttpd binaries

Signed-off-by: Krystian Gorny <[email protected]>

* feat: detect proftpd binaries

Signed-off-by: Krystian Gorny <[email protected]>

* feat: detect zstd binaries

Signed-off-by: Krystian Gorny <[email protected]>

* feat: detect xz utils binarie

Signed-off-by: Krystian Gorny <[email protected]>

* feat: detect gzip binaries

Signed-off-by: Krystian Gorny <[email protected]>

* feat: detect sqlcipher binaries

Signed-off-by: Krystian Gorny <[email protected]>

* feat: detect jq binaries

Signed-off-by: Krystian Gorny <[email protected]>

* add tests + snippets

Signed-off-by: Alex Goodman <[email protected]>

---------

Signed-off-by: Krystian Gorny <[email protected]>
Signed-off-by: Alex Goodman <[email protected]>
Co-authored-by: Krystian Gorny <[email protected]>
Co-authored-by: Alex Goodman <[email protected]>
    @krysgor @wagoodman
    3 people authored Sep 19, 2024
    Configuration menu
    Copy the full SHA
    6a95a5f View commit details
    Browse the repository at this point in the history

Commits on Sep 20, 2024

  1. chore(deps): bump github.com/docker/docker (#3260) 

    Bumps [github.com/docker/docker](https://github.com/docker/docker) from 27.2.1+incompatible to 27.3.0+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](moby/moby@v27.2.1...v27.3.0)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Sep 20, 2024
    Configuration menu
    Copy the full SHA
    98c96ce View commit details
    Browse the repository at this point in the history

  2. chore(deps): update tools to latest versions (#3259) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <[email protected]>
    @anchore-actions-token-generator @spiffcs
    anchore-actions-token-generator[bot] and spiffcs authored Sep 20, 2024
    Configuration menu
    Copy the full SHA
    a08ea86 View commit details
    Browse the repository at this point in the history

  3. chore(deps): bump github/codeql-action from 3.26.7 to 3.26.8 (#3256) 

    Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.7 to 3.26.8.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@8214744...294a9d9)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Sep 20, 2024
    Configuration menu
    Copy the full SHA
    9b5cf1d View commit details
    Browse the repository at this point in the history

  4. chore(deps): bump peter-evans/create-pull-request from 7.0.3 to 7.0.5… 

    … (#3255)

Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7.0.3 to 7.0.5.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](peter-evans/create-pull-request@6cd32fd...5e91468)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Sep 20, 2024
    Configuration menu
    Copy the full SHA
    7c12e3f View commit details
    Browse the repository at this point in the history

  5. chore(deps): bump github.com/github/go-spdx/v2 from 2.3.1 to 2.3.2 (#… 

    …3254)

Bumps [github.com/github/go-spdx/v2](https://github.com/github/go-spdx) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/github/go-spdx/releases)
- [Commits](github/go-spdx@v2.3.1...v2.3.2)

---
updated-dependencies:
- dependency-name: github.com/github/go-spdx/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Sep 20, 2024
    Configuration menu
    Copy the full SHA
    60bbd24 View commit details
    Browse the repository at this point in the history

  6. Add compliance policy for empty name and version (#3257) 

    * add policy for empty name and version

Signed-off-by: Alex Goodman <[email protected]>

* default stub version

Signed-off-by: Alex Goodman <[email protected]>

* modifying ids requires augmenting relationships

Signed-off-by: Alex Goodman <[email protected]>

---------

Signed-off-by: Alex Goodman <[email protected]>
    @wagoodman
    wagoodman authored Sep 20, 2024
    Configuration menu
    Copy the full SHA
    963ea59 View commit details
    Browse the repository at this point in the history

Commits on Sep 23, 2024

  1. feat: classifier for Dart lang binaries (#3265) 

    Signed-off-by: Laurent Goderre <[email protected]>
    @LaurentGoderre
    LaurentGoderre authored Sep 23, 2024
    Configuration menu
    Copy the full SHA
    7815d8e View commit details
    Browse the repository at this point in the history

  2. Add JVM cataloger (#3217) 

    * add jvm cataloger

Signed-off-by: Alex Goodman <[email protected]>

* simplify version selection

Signed-off-by: Alex Goodman <[email protected]>

* CPEs from JVM cataloger should be declared

Signed-off-by: Alex Goodman <[email protected]>

* ensure package overlap is enabled for sensitive use cases

Signed-off-by: Alex Goodman <[email protected]>

* more permissive glob

Signed-off-by: Alex Goodman <[email protected]>

---------

Signed-off-by: Alex Goodman <[email protected]>
    @wagoodman
    wagoodman authored Sep 23, 2024
    Configuration menu
    Copy the full SHA
    01de99b View commit details
    Browse the repository at this point in the history

Commits on Sep 24, 2024

  1. fix: correct excluded mount point comparison to file paths (#3269) 

    Signed-off-by: Christian Dupuis <[email protected]>
    @cdupuis
    cdupuis authored Sep 24, 2024
    Configuration menu
    Copy the full SHA
    92c1dde View commit details
    Browse the repository at this point in the history

Commits on Sep 25, 2024

  1. add awaiting response management (#3272) 

    Signed-off-by: Alex Goodman <[email protected]>
    @wagoodman
    wagoodman authored Sep 25, 2024
    Configuration menu
    Copy the full SHA
    d7005d7 View commit details
    Browse the repository at this point in the history

Commits on Sep 26, 2024

  1. chore(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#3283) 

    Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.7 to 4.2.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@692973e...d632683)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Sep 26, 2024
    Configuration menu
    Copy the full SHA
    39b2bf5 View commit details
    Browse the repository at this point in the history

  2. chore(deps): update stereoscope to dc10ea61fd18efa45b516eda4de8bc19d8… 

    …322429 (#3280)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <[email protected]>
    @anchore-actions-token-generator @kzantow
    anchore-actions-token-generator[bot] and kzantow authored Sep 26, 2024
    Configuration menu
    Copy the full SHA
    16122eb View commit details
    Browse the repository at this point in the history

  3. chore(deps): bump github/codeql-action from 3.26.8 to 3.26.9 (#3275) 

    Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.8 to 3.26.9.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@294a9d9...461ef6c)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Sep 26, 2024
    Configuration menu
    Copy the full SHA
    f9ef9cf View commit details
    Browse the repository at this point in the history

  4. chore(deps): bump github.com/docker/docker (#3264) 

    Bumps [github.com/docker/docker](https://github.com/docker/docker) from 27.3.0+incompatible to 27.3.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](moby/moby@v27.3.0...v27.3.1)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Sep 26, 2024
    Configuration menu
    Copy the full SHA
    5393cd5 View commit details
    Browse the repository at this point in the history

  5. chore(deps): update CPE dictionary index (#3262) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <[email protected]>
    @anchore-actions-token-generator @wagoodman
    anchore-actions-token-generator[bot] and wagoodman authored Sep 26, 2024
    Configuration menu
    Copy the full SHA
    e37c468 View commit details
    Browse the repository at this point in the history

Commits on Sep 27, 2024

  1. fix: update ruby classifier for -rc, -dev, etc. versions (#3285) 

    Signed-off-by: witchcraze <[email protected]>
    @witchcraze
    witchcraze authored Sep 27, 2024
    Configuration menu
    Copy the full SHA
    1a746b2 View commit details
    Browse the repository at this point in the history

  2. fix: improve node classifier version matching (#3284) 

    Signed-off-by: witchcraze <[email protected]>
    @witchcraze
    witchcraze authored Sep 27, 2024
    Configuration menu
    Copy the full SHA
    2a3d171 View commit details
    Browse the repository at this point in the history

Commits on Sep 30, 2024

  1. update redis classifier (#3281) 

    * update redis classifier
Signed-off-by: witchcraze <[email protected]>

* Remove snippets to pass Validation.
In this case, 9000 byte was required...
Signed-off-by: witchcraze <[email protected]>
    @witchcraze
    witchcraze authored Sep 30, 2024
    Configuration menu
    Copy the full SHA
    f5f8005 View commit details
    Browse the repository at this point in the history

Commits on Oct 1, 2024

  1. chore(deps): bump github/codeql-action from 3.26.9 to 3.26.10 (#3289) 

    Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.9 to 3.26.10.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@461ef6c...e2b3eaf)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 1, 2024
    Configuration menu
    Copy the full SHA
    9b242b0 View commit details
    Browse the repository at this point in the history

  2. chore(deps): update CPE dictionary index (#3288) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <[email protected]>
    @anchore-actions-token-generator @wagoodman
    anchore-actions-token-generator[bot] and wagoodman authored Oct 1, 2024
    Configuration menu
    Copy the full SHA
    93beceb View commit details
    Browse the repository at this point in the history

  3. fix: don't use builtin scanner in licensecheck (#3290) 

    Signed-off-by: Niv Govrin <[email protected]>
    @govrin
    govrin authored Oct 1, 2024
    Configuration menu
    Copy the full SHA
    dbad17d View commit details
    Browse the repository at this point in the history

Commits on Oct 2, 2024

  1. chore(deps): update tools to latest versions (#3291) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <[email protected]>
    @anchore-actions-token-generator @spiffcs
    anchore-actions-token-generator[bot] and spiffcs authored Oct 2, 2024
    Configuration menu
    Copy the full SHA
    cc4f62b View commit details
    Browse the repository at this point in the history

  2. feat: update haproxy classifier (#3277) 

    Signed-off-by: witchcraze <[email protected]>
    @witchcraze
    witchcraze authored Oct 2, 2024
    Configuration menu
    Copy the full SHA
    263ea6b View commit details
    Browse the repository at this point in the history

Commits on Oct 3, 2024

  1. chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.9 to 6.6.0… 

    … (#3293)

Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty) from 6.5.9 to 6.6.0.
- [Release notes](https://github.com/jedib0t/go-pretty/releases)
- [Commits](jedib0t/go-pretty@v6.5.9...v6.6.0)

---
updated-dependencies:
- dependency-name: github.com/jedib0t/go-pretty/v6
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 3, 2024
    Configuration menu
    Copy the full SHA
    32c0d1e View commit details
    Browse the repository at this point in the history

  2. Fix: make failed CPE validation correctly return error (#2762) 

    * Test CPE attributes correctly returns error

Previously, this method incorrectly return an empty Attributes object
and a nil error, leading to callers attempting to use the empty
attributes object.

Signed-off-by: Will Murphy <[email protected]>

* chore: merge with main and refactor call that relied on old nil behavior

Signed-off-by: Christopher Phillips <[email protected]>

* test: add test to cover new OSCPE err pattern

Signed-off-by: Christopher Phillips <[email protected]>

---------

Signed-off-by: Will Murphy <[email protected]>
Signed-off-by: Christopher Phillips <[email protected]>
Co-authored-by: Christopher Phillips <[email protected]>
    @willmurphyscode @spiffcs
    willmurphyscode and spiffcs authored Oct 3, 2024
    Configuration menu
    Copy the full SHA
    770fdc5 View commit details
    Browse the repository at this point in the history

Commits on Oct 4, 2024

  1. Track supporting DPKG evidence (#3228) 

    * add dpkg evidence support

Signed-off-by: Alex Goodman <[email protected]>

* use path over filepath

Signed-off-by: Alex Goodman <[email protected]>

---------

Signed-off-by: Alex Goodman <[email protected]>
    @wagoodman
    wagoodman authored Oct 4, 2024
    Configuration menu
    Copy the full SHA
    13c6876 View commit details
    Browse the repository at this point in the history

Commits on Oct 5, 2024

  1. chore(deps): update tools to latest versions (#3296) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <[email protected]>
    @anchore-actions-token-generator @spiffcs
    anchore-actions-token-generator[bot] and spiffcs authored Oct 5, 2024
    Configuration menu
    Copy the full SHA
    fc84574 View commit details
    Browse the repository at this point in the history

  2. chore: add pull request template (#3294) 

    Signed-off-by: Will Murphy <[email protected]>
    @willmurphyscode
    willmurphyscode authored Oct 5, 2024
    Configuration menu
    Copy the full SHA
    0d45714 View commit details
    Browse the repository at this point in the history

  3. chore(deps): bump github/codeql-action from 3.26.10 to 3.26.11 (#3298) 

    Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.10 to 3.26.11.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@e2b3eaf...6db8d63)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 5, 2024
    Configuration menu
    Copy the full SHA
    25f5c67 View commit details
    Browse the repository at this point in the history

Commits on Oct 7, 2024

  1. Fix: Parse package.json with non-standard fields in 'author' section … 

    …(#3300)

* Improved parsing of package.json 'author' section

Signed-off-by: Piotr Radkowski <[email protected]>

* test: parse 'package.json' files with non-standard fields in author section

Signed-off-by: Piotr Radkowski <[email protected]>

---------

Signed-off-by: Piotr Radkowski <[email protected]>
Co-authored-by: Piotr Radkowski <[email protected]>
    @nuada
    nuada and Piotr Radkowski authored Oct 7, 2024
    Configuration menu
    Copy the full SHA
    3b9c55d View commit details
    Browse the repository at this point in the history

  2. chore(deps): update CPE dictionary index (#3302) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <[email protected]>
    @anchore-actions-token-generator @wagoodman
    anchore-actions-token-generator[bot] and wagoodman authored Oct 7, 2024
    Configuration menu
    Copy the full SHA
    27ee203 View commit details
    Browse the repository at this point in the history

  3. chore(deps): bump actions/cache from 4.0.2 to 4.1.0 (#3305) 

    Bumps [actions/cache](https://github.com/actions/cache) from 4.0.2 to 4.1.0.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@0c45773...2cdf405)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 7, 2024
    Configuration menu
    Copy the full SHA
    7b30ce1 View commit details
    Browse the repository at this point in the history

  4. chore(deps): bump golang.org/x/net from 0.29.0 to 0.30.0 (#3304) 

    Bumps [golang.org/x/net](https://github.com/golang/net) from 0.29.0 to 0.30.0.
- [Commits](golang/net@v0.29.0...v0.30.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 7, 2024
    Configuration menu
    Copy the full SHA
    8b6159d View commit details
    Browse the repository at this point in the history

  5. chore(deps): update stereoscope to efa76446cc1c7e6c4117350943a2754b24… 

    …53aec4 (#3301)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <[email protected]>
    @anchore-actions-token-generator @kzantow
    anchore-actions-token-generator[bot] and kzantow authored Oct 7, 2024
    Configuration menu
    Copy the full SHA
    4c4e5cb View commit details
    Browse the repository at this point in the history

  6. chore(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0 (#3299) 

    Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.6.0 to 3.7.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](sigstore/cosign-installer@v3.6.0...v3.7.0)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 7, 2024
    Configuration menu
    Copy the full SHA
    4d7ed9f View commit details
    Browse the repository at this point in the history

  7. feat: report unknowns in sbom (#2998) 

    Signed-off-by: Keith Zantow <[email protected]>
Signed-off-by: Alex Goodman <[email protected]>
Co-authored-by: Alex Goodman <[email protected]>
    @kzantow @wagoodman
    kzantow and wagoodman authored Oct 7, 2024
    Configuration menu
    Copy the full SHA
    ccbee94 View commit details
    Browse the repository at this point in the history

Commits on Oct 9, 2024

  1. chore(deps): bump actions/upload-artifact from 4.4.0 to 4.4.1 (#3309)

    @dependabot
    dependabot[bot] authored Oct 9, 2024
    Configuration menu
    Copy the full SHA
    37c179b View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#3308)

    @dependabot
    dependabot[bot] authored Oct 9, 2024
    Configuration menu
    Copy the full SHA
    56ed131 View commit details
    Browse the repository at this point in the history

  3. chore(deps): bump github/codeql-action from 3.26.11 to 3.26.12 (#3307)

    @dependabot
    dependabot[bot] authored Oct 9, 2024
    Configuration menu
    Copy the full SHA
    5d165e0 View commit details
    Browse the repository at this point in the history

Commits on Oct 10, 2024

  1. chore(deps): bump actions/cache from 4.1.0 to 4.1.1 (#3312)

    @dependabot
    dependabot[bot] authored Oct 10, 2024
    Configuration menu
    Copy the full SHA
    5d068f3 View commit details
    Browse the repository at this point in the history

  2. chore(deps): update stereoscope to 5bc91bf166769e43d8d0f86c02e877c55e… 

    …b04aed (#3313)
    @anchore-actions-token-generator
    anchore-actions-token-generator[bot] authored Oct 10, 2024
    Configuration menu
    Copy the full SHA
    223a52d View commit details
    Browse the repository at this point in the history

  3. [docs] Add mastodon link to README.md (#3306) 

    Hello friends.

This follows the same pattern as the other badges at the top of the readme. It adds the mastodon link to the Syft account. 

This also means that the link back here from the Mastodon account's profile page will show as 'Validated' once landed, which gives more authenticity to the account.

Signed-off-by: Alan Pope <[email protected]>
    @popey
    popey authored Oct 10, 2024
    Configuration menu
    Copy the full SHA
    b62b0cb View commit details
    Browse the repository at this point in the history

  4. docs: clearer deprecation message for --file (#3310) 

    It's not clear to users that they shoudl use --output FORMAT=PATH
instead of --file. Directly suggest the FORMAT=PATH syntax.

Signed-off-by: Will Murphy <[email protected]>
    @willmurphyscode
    willmurphyscode authored Oct 10, 2024
    Configuration menu
    Copy the full SHA
    0c71bf2 View commit details
    Browse the repository at this point in the history

Commits on Oct 11, 2024

  1. shorten release docs (#3318) 

    Signed-off-by: Alex Goodman <[email protected]>
    @wagoodman
    wagoodman authored Oct 11, 2024
    Configuration menu
    Copy the full SHA
    fbff87f View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump actions/upload-artifact from 4.4.1 to 4.4.3 (#3314) 

    Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.4.1 to 4.4.3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@604373d...b4b15b8)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 11, 2024
    Configuration menu
    Copy the full SHA
    c2c8c79 View commit details
    Browse the repository at this point in the history

  3. chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.6.1 to 4.7.… 

    …0 (#3321)

Bumps [github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar) from 4.6.1 to 4.7.0.
- [Release notes](https://github.com/bmatcuk/doublestar/releases)
- [Commits](bmatcuk/doublestar@v4.6.1...v4.7.0)

---
updated-dependencies:
- dependency-name: github.com/bmatcuk/doublestar/v4
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 11, 2024
    Configuration menu
    Copy the full SHA
    6124d72 View commit details
    Browse the repository at this point in the history

  4. chore(deps): update stereoscope to c04af061af62ab3ba6ab6760613526eaa7… 

    …fcb163 (#3319)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <[email protected]>
    @anchore-actions-token-generator @kzantow
    anchore-actions-token-generator[bot] and kzantow authored Oct 11, 2024
    Configuration menu
    Copy the full SHA
    8487736 View commit details
    Browse the repository at this point in the history

Commits on Oct 13, 2024

  1. chore(deps): update stereoscope to 92e97a1cf36d162bad51ccc6aba0cce7a4… 

    …dcfbf4 (#3322)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <[email protected]>
    @anchore-actions-token-generator @kzantow
    anchore-actions-token-generator[bot] and kzantow authored Oct 13, 2024
    Configuration menu
    Copy the full SHA
    8095f7b View commit details
    Browse the repository at this point in the history

Commits on Oct 14, 2024

  1. fix: improve go binary semver extraction for traefik (#3325) 

    Improves the go cataloger semver extraction logic to include getting the
release version of traefik.  This is based off of the regex pattern that
already existed in the traefik binary classifier.

Signed-off-by: Weston Steimel <[email protected]>
    @westonsteimel
    westonsteimel authored Oct 14, 2024
    Configuration menu
    Copy the full SHA
    e962c10 View commit details
    Browse the repository at this point in the history

  2. chore(deps): update CPE dictionary index (#3323) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <[email protected]>
    @anchore-actions-token-generator @wagoodman
    anchore-actions-token-generator[bot] and wagoodman authored Oct 14, 2024
    Configuration menu
    Copy the full SHA
    f6e5405 View commit details
    Browse the repository at this point in the history

  3. chore(deps): bump github/codeql-action from 3.26.12 to 3.26.13 (#3327) 

    Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.12 to 3.26.13.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@c36620d...f779452)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 14, 2024
    Configuration menu
    Copy the full SHA
    67faca4 View commit details
    Browse the repository at this point in the history

  4. chore(deps): bump anchore/sbom-action from 0.17.2 to 0.17.3 (#3326) 

    Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.17.2 to 0.17.3.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md)
- [Commits](anchore/sbom-action@61119d4...f5e124a)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 14, 2024
    Configuration menu
    Copy the full SHA
    39146aa View commit details
    Browse the repository at this point in the history

  5. chore(deps): update stereoscope to 93f8a11331e3d50f751e4d0ec5b63f3df3… 

    …09e9e5 (#3331)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <[email protected]>
    @anchore-actions-token-generator @willmurphyscode
    anchore-actions-token-generator[bot] and willmurphyscode authored Oct 14, 2024
    Configuration menu
    Copy the full SHA
    7c69367 View commit details
    Browse the repository at this point in the history

  6. chore(deps): update stereoscope to 1cc8a41d447d0d092699be2b700b8ba62e… 

    …870434 (#3332)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <[email protected]>
    @anchore-actions-token-generator @willmurphyscode
    anchore-actions-token-generator[bot] and willmurphyscode authored Oct 14, 2024
    Configuration menu
    Copy the full SHA
    5c0df63 View commit details
    Browse the repository at this point in the history

Commits on Oct 15, 2024

  1. chore(deps): update stereoscope to 1cc8a41d447d0d092699be2b700b8ba62e… 

    …870434 (#3334)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <[email protected]>
    @anchore-actions-token-generator @willmurphyscode
    anchore-actions-token-generator[bot] and willmurphyscode authored Oct 15, 2024
    Configuration menu
    Copy the full SHA
    138c6e3 View commit details
    Browse the repository at this point in the history

  2. fix: stop some log.Warn spam due parsing an empty string as a CPE (#3… 

    …330)

* chore: don't try to parse empty string as CPE

Signed-off-by: Will Murphy <[email protected]>

* chore: improve OS name and version extraction from ELF metadata

Signed-off-by: Will Murphy <[email protected]>

---------

Signed-off-by: Will Murphy <[email protected]>
    @willmurphyscode
    willmurphyscode authored Oct 15, 2024
    Configuration menu
    Copy the full SHA
    754cebe View commit details
    Browse the repository at this point in the history

Commits on Oct 16, 2024

  1. fix: improve mariadb binary classifer to detect older versions (#3339) 

    With older versions of mariadb the binary name was `mysql`, so this
adjusts the binary classifier to additionally search for the expected
version pattern in `mysql` binaries.

Signed-off-by: Weston Steimel <[email protected]>
    @westonsteimel
    westonsteimel authored Oct 16, 2024
    Configuration menu
    Copy the full SHA
    d7194bb View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump anchore/sbom-action from 0.17.3 to 0.17.4 (#3340) 

    Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.17.3 to 0.17.4.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md)
- [Commits](anchore/sbom-action@f5e124a...8d0a650)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 16, 2024
    Configuration menu
    Copy the full SHA
    80c8bc1 View commit details
    Browse the repository at this point in the history

Commits on Oct 17, 2024

  1. fix: use official CPE for linux kernel (#3343) 

    Signed-off-by: Weston Steimel <[email protected]>
    @westonsteimel
    westonsteimel authored Oct 17, 2024
    Configuration menu
    Copy the full SHA
    5b9601d View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump github.com/adrg/xdg from 0.5.0 to 0.5.1 (#3344) 

    Bumps [github.com/adrg/xdg](https://github.com/adrg/xdg) from 0.5.0 to 0.5.1.
- [Release notes](https://github.com/adrg/xdg/releases)
- [Commits](adrg/xdg@v0.5.0...v0.5.1)

---
updated-dependencies:
- dependency-name: github.com/adrg/xdg
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 17, 2024
    Configuration menu
    Copy the full SHA
    f2646d0 View commit details
    Browse the repository at this point in the history

  3. chore(deps): update stereoscope to 9e57bce5efeb0ffe27770dd0b8eb2eef8b… 

    …38512f (#3338)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <[email protected]>
    @anchore-actions-token-generator @kzantow
    anchore-actions-token-generator[bot] and kzantow authored Oct 17, 2024
    Configuration menu
    Copy the full SHA
    7adbdfe View commit details
    Browse the repository at this point in the history

  4. chore(deps): update tools to latest versions (#3342) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <[email protected]>
    @anchore-actions-token-generator @spiffcs
    anchore-actions-token-generator[bot] and spiffcs authored Oct 17, 2024
    Configuration menu
    Copy the full SHA
    3267545 View commit details
    Browse the repository at this point in the history

Commits on Oct 18, 2024

  1. update to latest packageurl-go (#3347) 

    Signed-off-by: Alex Goodman <[email protected]>
    @wagoodman
    wagoodman authored Oct 18, 2024
    Configuration menu
    Copy the full SHA
    56dbb34 View commit details
    Browse the repository at this point in the history

Commits on Oct 21, 2024

  1. chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.0 to 6.6.1… 

    … (#3361)

Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty) from 6.6.0 to 6.6.1.
- [Release notes](https://github.com/jedib0t/go-pretty/releases)
- [Commits](jedib0t/go-pretty@v6.6.0...v6.6.1)

---
updated-dependencies:
- dependency-name: github.com/jedib0t/go-pretty/v6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 21, 2024
    Configuration menu
    Copy the full SHA
    5a37b4a View commit details
    Browse the repository at this point in the history

  2. chore(deps): update CPE dictionary index (#3358) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <[email protected]>
    @anchore-actions-token-generator @wagoodman
    anchore-actions-token-generator[bot] and wagoodman authored Oct 21, 2024
    Configuration menu
    Copy the full SHA
    e38825a View commit details
    Browse the repository at this point in the history

  3. chore(deps): update stereoscope to a38c93517fc7d67ca1af826ac529a06c05… 

    …b571d2 (#3357)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <[email protected]>
    @anchore-actions-token-generator @kzantow
    anchore-actions-token-generator[bot] and kzantow authored Oct 21, 2024
    Configuration menu
    Copy the full SHA
    14355aa View commit details
    Browse the repository at this point in the history

  4. Create single license scanner for all catalogers (#3348) 

    * add single license scanner instance

Signed-off-by: Alex Goodman <[email protected]>

* rename testing license scanner

Signed-off-by: Alex Goodman <[email protected]>

---------

Signed-off-by: Alex Goodman <[email protected]>
    @wagoodman
    wagoodman authored Oct 21, 2024
    Configuration menu
    Copy the full SHA
    e4e985b View commit details
    Browse the repository at this point in the history

  5. Remove unwanted CI setup 

    Signed-off-by: downstream-sync <[email protected]>
    downstream-sync committed Oct 21, 2024
    Configuration menu
    Copy the full SHA
    2f2afe4 View commit details
    Browse the repository at this point in the history

  6. Remove fluff to avoid SAST false positives 

    Signed-off-by: downstream-sync <[email protected]>
    downstream-sync committed Oct 21, 2024
    Configuration menu
    Copy the full SHA
    cdba7d3 View commit details
    Browse the repository at this point in the history

  7. Apply Red Hat specific modifications 

    Signed-off-by: downstream-sync <[email protected]>
    downstream-sync committed Oct 21, 2024
    Configuration menu
    Copy the full SHA
    54148f1 View commit details
    Browse the repository at this point in the history

  8. Copy Tekton pipelines from 'redhat-latest' branch 

    Signed-off-by: downstream-sync <[email protected]>
    downstream-sync committed Oct 21, 2024
    Configuration menu
    Copy the full SHA
    615ae2d View commit details
    Browse the repository at this point in the history