Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sync: deps: update dependency anchore/syft to v1.14.1 #76

Open
wants to merge 284 commits into
base: redhat-latest
Choose a base branch
from
Open

sync: deps: update dependency anchore/syft to v1.14.1 #76

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
284 commits
Select commit Hold shift + click to select a range
ca0cc52
fix: separate golang license caches from mod dir (#2852)
kzantow Jun 12, 2024
9beaec2
chore(deps): bump github/codeql-action from 3.25.8 to 3.25.9 (#2956)
dependabot[bot] Jun 13, 2024
273e31e
chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 (#2955)
dependabot[bot] Jun 13, 2024
749ccc5
fix(golang): improve version extraction from ldflags for pingcap TiDB…
westonsteimel Jun 14, 2024
d5cd5f6
feat: index known CPEs for wordpress plugins and themes (#2963)
westonsteimel Jun 14, 2024
784b17f
chore(deps): bump github/codeql-action from 3.25.9 to 3.25.10 (#2964)
dependabot[bot] Jun 14, 2024
70098e2
chore(deps): update tools to latest versions (#2961)
anchore-actions-token-generator[bot] Jun 14, 2024
af3aaa0
fix: make caching options more explicit (#2966)
kzantow Jun 14, 2024
22d5731
fix: fix parsing for complex toml types (#2965)
spiffcs Jun 14, 2024
ed3774a
chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#2972)
dependabot[bot] Jun 17, 2024
5061b90
chore(deps): bump github.com/google/go-containerregistry (#2971)
dependabot[bot] Jun 17, 2024
750d37f
chore(deps): bump github.com/github/go-spdx/v2 from 2.2.0 to 2.3.1 (#…
dependabot[bot] Jun 18, 2024
246df97
chore: enable dependabot to keep boostrap action updated (#2976)
westonsteimel Jun 19, 2024
7a35de0
fix: detection of arangodb 3.12 (#2979)
LaurentGoderre Jun 20, 2024
e947779
chore(deps): bump peter-evans/create-pull-request from 6.0.5 to 6.1.0…
dependabot[bot] Jun 20, 2024
9b17817
chore(deps): bump github.com/charmbracelet/bubbletea (#2982)
dependabot[bot] Jun 21, 2024
ae06830
feat: update syft to generate cyclone-dx 1.6 by default (#2978)
ragaskar Jun 21, 2024
f5a917a
docs: update cyclone-dx documentation (#2983)
spiffcs Jun 21, 2024
bd1c1d2
fix: handle errors reading go licenses (#2985)
kzantow Jun 24, 2024
863891f
chore(deps): bump github.com/go-test/deep from 1.1.0 to 1.1.1 (#2988)
dependabot[bot] Jun 24, 2024
1eae933
chore(deps): update CPE dictionary index (#2986)
anchore-actions-token-generator[bot] Jun 24, 2024
0dce678
chore(deps): bump github.com/charmbracelet/bubbletea (#2995)
dependabot[bot] Jun 25, 2024
580c09b
chore(deps): update stereoscope to 753b5576fe42bc007b22108ad7911d1729…
anchore-actions-token-generator[bot] Jun 25, 2024
7da1589
chore(deps): update tools to latest versions (#2991)
anchore-actions-token-generator[bot] Jun 25, 2024
ceced5e
Add detection of Erlang in Alpine linux (#2996)
LaurentGoderre Jun 25, 2024
c8b449c
chore(deps): bump github.com/docker/docker (#2994)
dependabot[bot] Jun 25, 2024
4d48adf
chore(deps): bump github.com/spdx/tools-golang from 0.5.4 to 0.5.5 (#…
dependabot[bot] Jun 26, 2024
5283c46
feat: version 3 support for swift package manager of the resolved fil…
4ell0 Jul 1, 2024
875669b
chore(deps): bump github.com/saferwall/pe from 1.5.3 to 1.5.4 (#3005)
dependabot[bot] Jul 1, 2024
a876aac
chore(deps): bump github/codeql-action from 3.25.10 to 3.25.11 (#3004)
dependabot[bot] Jul 1, 2024
43e5b1b
chore(deps): bump github.com/docker/docker (#3006)
dependabot[bot] Jul 1, 2024
7f3ca65
chore(deps): update CPE dictionary index (#3002)
anchore-actions-token-generator[bot] Jul 1, 2024
c816039
chore(deps): update tools to latest versions (#3003)
anchore-actions-token-generator[bot] Jul 2, 2024
573440b
Infer the package type from ELF package notes (#3008)
wagoodman Jul 2, 2024
04c861b
chore(deps): update CPE dictionary index (#3016)
anchore-actions-token-generator[bot] Jul 8, 2024
6dda9ed
chore(deps): bump github.com/adrg/xdg from 0.4.0 to 0.5.0 (#3020)
dependabot[bot] Jul 9, 2024
b8dce67
chore(deps): bump github.com/google/go-containerregistry (#3019)
dependabot[bot] Jul 9, 2024
7dc1b1c
chore(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4 (#3017)
dependabot[bot] Jul 9, 2024
13d01ec
chore(deps): bump golang.org/x/mod from 0.18.0 to 0.19.0 (#3014)
dependabot[bot] Jul 9, 2024
b2f9904
chore(deps): bump golang.org/x/net from 0.26.0 to 0.27.0 (#3015)
dependabot[bot] Jul 9, 2024
de3313c
chore(deps): update stereoscope to e46739e217969fa67cbe8834b64bb165a1…
anchore-actions-token-generator[bot] Jul 9, 2024
b101f44
Map the downloadLocation field for PHP Composer packages (#3011)
LaurentGoderre Jul 9, 2024
f7ffcc5
fix: stabilize cpe sorting during collection sort (#3009)
spiffcs Jul 9, 2024
863793a
chore(deps): bump github.com/charmbracelet/lipgloss (#3028)
dependabot[bot] Jul 11, 2024
4e09908
chore(deps): bump actions/setup-go from 5.0.1 to 5.0.2 (#3027)
dependabot[bot] Jul 11, 2024
e2fe955
chore(deps): update stereoscope to 27b66b76fc6686fcf6bde656aa09e1f0e0…
anchore-actions-token-generator[bot] Jul 11, 2024
37245a2
chore(deps): bump anchore/sbom-action from 0.16.0 to 0.16.1 (#3023)
dependabot[bot] Jul 11, 2024
278b72d
chore: pin fedora image for elf binary test (#3041)
kzantow Jul 15, 2024
75902b0
fix: stop panicking on "devel" version go stdlib (#3043)
willmurphyscode Jul 16, 2024
77c300d
chore(deps): bump anchore/sbom-action from 0.16.1 to 0.17.0 (#3044)
dependabot[bot] Jul 16, 2024
6bf91a4
chore(deps): bump github/codeql-action from 3.25.11 to 3.25.12 (#3034)
dependabot[bot] Jul 16, 2024
d4d4e00
chore(deps): update tools to latest versions (#3031)
anchore-actions-token-generator[bot] Jul 16, 2024
d4fa61e
chore: Fix apache shield in readme (#3021)
adammcclenaghan Jul 16, 2024
4d23990
docs: link to contrib/dev docs in readme (#3029)
bradleyjones Jul 16, 2024
cca9a06
chore(deps): bump modernc.org/sqlite from 1.30.1 to 1.30.2 (#3039)
dependabot[bot] Jul 17, 2024
276df95
chore(deps): bump github.com/moby/sys/mountinfo from 0.7.1 to 0.7.2 (…
dependabot[bot] Jul 17, 2024
5d729a5
chore(deps): bump github.com/google/go-containerregistry (#3047)
dependabot[bot] Jul 17, 2024
ba31c2f
fix: include CPEs with Maven groupId as vendor (#3045)
kzantow Jul 17, 2024
761a161
docs: CODE_OF_CONDUCT.md (#3046)
popey Jul 17, 2024
69031b0
chore(deps): update tools to latest versions (#3050)
anchore-actions-token-generator[bot] Jul 18, 2024
034a98f
chore(deps): update stereoscope to 487b11e5ba2622d976acda10c605da63b4…
anchore-actions-token-generator[bot] Jul 18, 2024
b263b1e
chore(deps): bump github/codeql-action from 3.25.12 to 3.25.13 (#3059)
dependabot[bot] Jul 22, 2024
0c53a08
chore(deps): bump docker/login-action from 3.2.0 to 3.3.0 (#3058)
dependabot[bot] Jul 22, 2024
d0a7d4c
chore(deps): bump modernc.org/sqlite from 1.30.2 to 1.31.1 (#3057)
dependabot[bot] Jul 22, 2024
536611f
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.4 to 0.5.5…
dependabot[bot] Jul 22, 2024
aead40e
chore(deps): bump github.com/docker/docker (#3055)
dependabot[bot] Jul 22, 2024
bfe6f52
chore(deps): update CPE dictionary index (#3035)
anchore-actions-token-generator[bot] Jul 22, 2024
125c787
chore: add debug logging for errors reading RPM files (#3051)
kzantow Jul 22, 2024
fe7c5a7
chore(deps): bump github.com/charmbracelet/lipgloss from 0.11.1 to 0.…
dependabot[bot] Jul 22, 2024
ca945d1
chore(deps): update tools to latest versions (#3061)
anchore-actions-token-generator[bot] Jul 23, 2024
9573f55
better go mod detection from partial package builds (#3060)
wagoodman Jul 24, 2024
741c8fb
fix: SPDX output performance with many relationships (#3053)
kzantow Jul 24, 2024
3917989
chore(deps): bump github/codeql-action from 3.25.13 to 3.25.14 (#3072)
dependabot[bot] Jul 25, 2024
68b96ae
chore(deps): bump github.com/docker/docker (#3066)
dependabot[bot] Jul 25, 2024
36f95d6
python-cataloger: normalize package names (#3069)
Mikcl Jul 25, 2024
b3848f7
python cataloger: allow dots in python package names (#3070)
Mikcl Jul 25, 2024
4882d2e
Only match ldflag version if it matches the main module or targets ma…
LaurentGoderre Jul 25, 2024
1cd75b7
python-cataloger: fix normalization test (#3073)
Mikcl Jul 25, 2024
490e05a
fix: traefik classifier (#3077)
witchcraze Jul 29, 2024
8dd7c9c
chore(deps): bump github/codeql-action from 3.25.14 to 3.25.15 (#3083)
dependabot[bot] Jul 29, 2024
a35e410
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.5 to 0.5.6…
dependabot[bot] Jul 29, 2024
a2042e6
chore(deps): update CPE dictionary index (#3079)
anchore-actions-token-generator[bot] Jul 29, 2024
06526e2
chore(deps): update stereoscope to 50ce3be7aa1fb8829234ae648215e79071…
anchore-actions-token-generator[bot] Jul 29, 2024
a4b5dcd
fix: improve determinism in java archive identification (#3085)
kzantow Jul 30, 2024
92d63df
Added the SWI Prolog (swipl) ecosystem (#3076)
LaurentGoderre Jul 31, 2024
05a10e8
chore: update release script to use gh from binny (#3084)
kzantow Aug 1, 2024
c84cb2c
fix: update mainModuleVersion function to always prefix `v` to findin…
spiffcs Aug 1, 2024
48f1e97
fix: update 'guessMainPackageNameAndVersionFromPomInfo' and 'artifact…
dor-hayun Aug 1, 2024
623532e
chore(deps): update tools to latest versions (#3091)
anchore-actions-token-generator[bot] Aug 2, 2024
cc15edc
fix: use organization for package supplier when reading Java vendor f…
harippriyas Aug 3, 2024
9d40d11
feat: improved java maven property resolution (#2769)
GijsCalis Aug 5, 2024
703330a
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.6 to 0.5.7…
dependabot[bot] Aug 6, 2024
0f9df80
chore(deps): bump golang.org/x/mod from 0.19.0 to 0.20.0 (#3096)
dependabot[bot] Aug 6, 2024
214a049
chore(deps): update CPE dictionary index (#3094)
anchore-actions-token-generator[bot] Aug 6, 2024
dcd87d1
chore(deps): bump actions/upload-artifact from 4.3.4 to 4.3.5 (#3095)
dependabot[bot] Aug 6, 2024
040b683
chore(deps): bump golang.org/x/net from 0.27.0 to 0.28.0 (#3104)
dependabot[bot] Aug 7, 2024
47d192d
chore(deps): bump github.com/google/go-containerregistry (#3103)
dependabot[bot] Aug 7, 2024
9031592
chore(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 (#3102)
dependabot[bot] Aug 7, 2024
2339743
chore(deps): bump github/codeql-action from 3.25.15 to 3.26.0 (#3101)
dependabot[bot] Aug 7, 2024
1fb47d9
chore(deps): update tools to latest versions (#3099)
anchore-actions-token-generator[bot] Aug 7, 2024
6267d69
chore(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0 (#3107)
dependabot[bot] Aug 8, 2024
64a9ecb
chore(deps): bump modernc.org/sqlite from 1.31.1 to 1.32.0 (#3106)
dependabot[bot] Aug 8, 2024
19cc664
test: increase java purl generation test coverage (#3110)
westonsteimel Aug 9, 2024
49d4e32
update-slack-to-discourse (#3111)
popey Aug 12, 2024
cf85450
chore: fix failing python relationship test (#3117)
kzantow Aug 12, 2024
c19cf62
chore: fix some comments (#3114)
luozexuan Aug 12, 2024
91cf066
support .kar files (#3113)
tomersein Aug 12, 2024
d2b33f1
chore(deps): update CPE dictionary index (#3116)
anchore-actions-token-generator[bot] Aug 12, 2024
df1e5b5
fix: improve groupid extraction for Jenkins plugins (#2815)
westonsteimel Aug 12, 2024
3161e18
fix: read CycloneDX BOM components from metadata (#3092)
dervoeti Aug 12, 2024
cd3b828
fix: add nil check to CycloneDX toBomProperties (#3119)
lucasrod16 Aug 13, 2024
a447884
chore(deps): bump github/codeql-action from 3.26.0 to 3.26.2 (#3129)
dependabot[bot] Aug 15, 2024
965000d
chore(deps): bump anchore/sbom-action from 0.17.0 to 0.17.1 (#3124)
dependabot[bot] Aug 15, 2024
4ff60ee
chore(deps): bump github.com/docker/docker (#3123)
dependabot[bot] Aug 15, 2024
4b7ae0e
chore(deps): update tools to latest versions (#3121)
anchore-actions-token-generator[bot] Aug 16, 2024
360983f
chore(deps): bump github.com/charmbracelet/bubbletea (#3137)
dependabot[bot] Aug 19, 2024
511cc9c
chore(deps): update CPE dictionary index (#3135)
anchore-actions-token-generator[bot] Aug 19, 2024
95b4a88
fix: logging for remote network calls (#3140)
kzantow Aug 20, 2024
f786233
chore(deps): bump github/codeql-action from 3.26.2 to 3.26.3 (#3139)
dependabot[bot] Aug 20, 2024
73b9d5a
fix: mysql 8.0.3x binary detection (#3142)
kzantow Aug 21, 2024
bd80eea
chore(deps): bump github.com/anchore/stereoscope (#3153)
dependabot[bot] Aug 22, 2024
78d48b4
chore(deps): bump github.com/charmbracelet/lipgloss (#3147)
dependabot[bot] Aug 22, 2024
ac97724
chore(deps): bump github.com/charmbracelet/bubbles from 0.18.0 to 0.1…
dependabot[bot] Aug 22, 2024
691f34c
chore(deps): update stereoscope to e6d086e8bef5fab4fcfbd60c9a759c4cb2…
anchore-actions-token-generator[bot] Aug 22, 2024
6f02308
chore(deps): bump github/codeql-action from 3.26.3 to 3.26.4 (#3154)
dependabot[bot] Aug 22, 2024
9ab3de1
chore(deps): bump anchore/sbom-action from 0.17.1 to 0.17.2 (#3155)
dependabot[bot] Aug 22, 2024
cff9d49
feat: detect curl binaries (#3146)
krysgor Aug 23, 2024
dad2537
chore(deps): update tools to latest versions (#3144)
anchore-actions-token-generator[bot] Aug 23, 2024
b6b5c8e
fix ELF package correlations (#3151)
wagoodman Aug 26, 2024
6549ec9
chore(deps): bump github/codeql-action from 3.26.4 to 3.26.5 (#3162)
dependabot[bot] Aug 26, 2024
0cd6185
chore(deps): update CPE dictionary index (#3161)
anchore-actions-token-generator[bot] Aug 26, 2024
cf9bb13
chore(deps): update tools to latest versions (#3160)
anchore-actions-token-generator[bot] Aug 26, 2024
99be365
fix: use official CPE for curl binary cataloger (#3164)
westonsteimel Aug 27, 2024
4ee6c17
set cataloger names within package cataloger task (#3165)
wagoodman Aug 27, 2024
e9a8c27
respond to authoratative CPEs from catalogers (#3166)
wagoodman Aug 27, 2024
5ab43ba
fix: improve known CPEs and set NVD as source for all current binary …
westonsteimel Aug 27, 2024
04e3371
fix: add log time of task (#3105)
tomersein Aug 28, 2024
2c25f81
fix: improve generated cpes for binaries with existing classifiers (#…
westonsteimel Aug 28, 2024
11d77b4
fix: cycles resolving relative path parent poms with parent-defined v…
kzantow Aug 28, 2024
19d2735
chore(deps): bump github/codeql-action from 3.26.5 to 3.26.6 (#3173)
dependabot[bot] Aug 29, 2024
3499d92
chore(deps): bump github.com/charmbracelet/bubbletea (#3171)
dependabot[bot] Aug 29, 2024
731fc77
chore(deps): bump github.com/docker/docker (#3168)
dependabot[bot] Aug 29, 2024
f2caf45
fix: properly decode SPDX license expressions in CycloneDX format (#3…
NyanKiyoshi Aug 29, 2024
e299a95
chore(deps): bump peter-evans/create-pull-request from 6.1.0 to 7.0.0…
dependabot[bot] Sep 3, 2024
8ade391
chore(deps): bump actions/upload-artifact from 4.3.6 to 4.4.0 (#3184)
dependabot[bot] Sep 3, 2024
8c690d0
chore(deps): update CPE dictionary index (#3183)
anchore-actions-token-generator[bot] Sep 3, 2024
7c96a10
chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.3 to 3.3.0…
dependabot[bot] Sep 3, 2024
a343825
fix: haproxy classifier for versions with -dev suffix (#3180)
witchcraze Sep 5, 2024
ff0bae6
chore(deps): bump golang.org/x/mod from 0.20.0 to 0.21.0 (#3197)
dependabot[bot] Sep 5, 2024
deabd41
chore(deps): bump peter-evans/create-pull-request from 7.0.0 to 7.0.1…
dependabot[bot] Sep 5, 2024
0a3f513
Slim down docker cache size (#3190)
wagoodman Sep 9, 2024
b153b1d
less verbose java logging when non-fatal issues arise (#3208)
wagoodman Sep 9, 2024
ba7bf6b
dont cleanup cache in forks (#3214)
wagoodman Sep 9, 2024
f735a42
chore(deps): bump github.com/dave/jennifer from 1.7.0 to 1.7.1 (#3212)
dependabot[bot] Sep 9, 2024
2475f7f
chore(deps): bump github.com/docker/docker (#3211)
dependabot[bot] Sep 9, 2024
16f8984
chore(deps): bump modernc.org/sqlite from 1.32.0 to 1.33.0 (#3210)
dependabot[bot] Sep 9, 2024
dafc6ad
chore(deps): bump github.com/charmbracelet/bubbles from 0.19.0 to 0.2…
dependabot[bot] Sep 9, 2024
9c2799e
Add the Ocaml ecosystem (#3112)
LaurentGoderre Sep 10, 2024
98bd4e9
chore(deps): bump golang.org/x/net from 0.28.0 to 0.29.0 (#3203)
dependabot[bot] Sep 10, 2024
fce14fd
chore(deps): update CPE dictionary index (#3206)
anchore-actions-token-generator[bot] Sep 10, 2024
dbc4238
Add haskell binaries cataloger (#3078)
LaurentGoderre Sep 10, 2024
c33a51d
chore: restore ci-check.sh script (#3218)
kzantow Sep 10, 2024
61a9fde
chore(deps): bump github.com/opencontainers/runc from 1.1.12 to 1.1.1…
dependabot[bot] Sep 10, 2024
fcd5ec9
chore: make ci-check.sh an executable file (#3220)
okuryu Sep 11, 2024
1b86326
feat: --enrich flag for data enrichment feature enablement (#3182)
kzantow Sep 12, 2024
38e51f1
chore(deps): bump modernc.org/sqlite from 1.33.0 to 1.33.1 (#3229)
dependabot[bot] Sep 13, 2024
2b4d5c2
chore(deps): bump peter-evans/create-pull-request from 7.0.1 to 7.0.2…
dependabot[bot] Sep 13, 2024
834027e
chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.0 to 1.…
dependabot[bot] Sep 13, 2024
58100fe
chore(deps): update tools to latest versions (#3205)
anchore-actions-token-generator[bot] Sep 13, 2024
41e9630
chore(deps): update CPE dictionary index (#3232)
anchore-actions-token-generator[bot] Sep 16, 2024
7b4feb7
chore(deps): update tools to latest versions (#3231)
anchore-actions-token-generator[bot] Sep 16, 2024
9cc3641
chore(deps): bump peter-evans/create-pull-request from 7.0.2 to 7.0.3…
dependabot[bot] Sep 16, 2024
48c1c45
chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7 (#3241)
dependabot[bot] Sep 16, 2024
b9efac4
chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.0 to 0.9…
dependabot[bot] Sep 16, 2024
7934696
chore(deps): update tools to latest versions (#3243)
anchore-actions-token-generator[bot] Sep 17, 2024
a2f12fe
chore(deps): update tools to latest versions (#3247)
anchore-actions-token-generator[bot] Sep 18, 2024
50016c3
chore(deps): update tools to latest versions (#3251)
anchore-actions-token-generator[bot] Sep 19, 2024
cb0de97
fix: capture-snippet.sh can handle leading whitespaces now (#3249) (#…
krysgor Sep 19, 2024
6a95a5f
feat: add binary classifiers for lighttp, proftpd, zstd, xz, gzip, jq…
krysgor Sep 19, 2024
98c96ce
chore(deps): bump github.com/docker/docker (#3260)
dependabot[bot] Sep 20, 2024
a08ea86
chore(deps): update tools to latest versions (#3259)
anchore-actions-token-generator[bot] Sep 20, 2024
9b5cf1d
chore(deps): bump github/codeql-action from 3.26.7 to 3.26.8 (#3256)
dependabot[bot] Sep 20, 2024
7c12e3f
chore(deps): bump peter-evans/create-pull-request from 7.0.3 to 7.0.5…
dependabot[bot] Sep 20, 2024
60bbd24
chore(deps): bump github.com/github/go-spdx/v2 from 2.3.1 to 2.3.2 (#…
dependabot[bot] Sep 20, 2024
963ea59
Add compliance policy for empty name and version (#3257)
wagoodman Sep 20, 2024
7815d8e
feat: classifier for Dart lang binaries (#3265)
LaurentGoderre Sep 23, 2024
01de99b
Add JVM cataloger (#3217)
wagoodman Sep 23, 2024
92c1dde
fix: correct excluded mount point comparison to file paths (#3269)
cdupuis Sep 24, 2024
d7005d7
add awaiting response management (#3272)
wagoodman Sep 25, 2024
39b2bf5
chore(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#3283)
dependabot[bot] Sep 26, 2024
16122eb
chore(deps): update stereoscope to dc10ea61fd18efa45b516eda4de8bc19d8…
anchore-actions-token-generator[bot] Sep 26, 2024
f9ef9cf
chore(deps): bump github/codeql-action from 3.26.8 to 3.26.9 (#3275)
dependabot[bot] Sep 26, 2024
5393cd5
chore(deps): bump github.com/docker/docker (#3264)
dependabot[bot] Sep 26, 2024
e37c468
chore(deps): update CPE dictionary index (#3262)
anchore-actions-token-generator[bot] Sep 26, 2024
1a746b2
fix: update ruby classifier for -rc, -dev, etc. versions (#3285)
witchcraze Sep 27, 2024
2a3d171
fix: improve node classifier version matching (#3284)
witchcraze Sep 27, 2024
f5f8005
update redis classifier (#3281)
witchcraze Sep 30, 2024
9b242b0
chore(deps): bump github/codeql-action from 3.26.9 to 3.26.10 (#3289)
dependabot[bot] Oct 1, 2024
93beceb
chore(deps): update CPE dictionary index (#3288)
anchore-actions-token-generator[bot] Oct 1, 2024
dbad17d
fix: don't use builtin scanner in licensecheck (#3290)
govrin Oct 1, 2024
cc4f62b
chore(deps): update tools to latest versions (#3291)
anchore-actions-token-generator[bot] Oct 2, 2024
263ea6b
feat: update haproxy classifier (#3277)
witchcraze Oct 2, 2024
32c0d1e
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.9 to 6.6.0…
dependabot[bot] Oct 3, 2024
770fdc5
Fix: make failed CPE validation correctly return error (#2762)
willmurphyscode Oct 3, 2024
13c6876
Track supporting DPKG evidence (#3228)
wagoodman Oct 4, 2024
fc84574
chore(deps): update tools to latest versions (#3296)
anchore-actions-token-generator[bot] Oct 5, 2024
0d45714
chore: add pull request template (#3294)
willmurphyscode Oct 5, 2024
25f5c67
chore(deps): bump github/codeql-action from 3.26.10 to 3.26.11 (#3298)
dependabot[bot] Oct 5, 2024
3b9c55d
Fix: Parse package.json with non-standard fields in 'author' section …
nuada Oct 7, 2024
27ee203
chore(deps): update CPE dictionary index (#3302)
anchore-actions-token-generator[bot] Oct 7, 2024
7b30ce1
chore(deps): bump actions/cache from 4.0.2 to 4.1.0 (#3305)
dependabot[bot] Oct 7, 2024
8b6159d
chore(deps): bump golang.org/x/net from 0.29.0 to 0.30.0 (#3304)
dependabot[bot] Oct 7, 2024
4c4e5cb
chore(deps): update stereoscope to efa76446cc1c7e6c4117350943a2754b24…
anchore-actions-token-generator[bot] Oct 7, 2024
4d7ed9f
chore(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0 (#3299)
dependabot[bot] Oct 7, 2024
ccbee94
feat: report unknowns in sbom (#2998)
kzantow Oct 7, 2024
37c179b
chore(deps): bump actions/upload-artifact from 4.4.0 to 4.4.1 (#3309)
dependabot[bot] Oct 9, 2024
56ed131
chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#3308)
dependabot[bot] Oct 9, 2024
5d165e0
chore(deps): bump github/codeql-action from 3.26.11 to 3.26.12 (#3307)
dependabot[bot] Oct 9, 2024
5d068f3
chore(deps): bump actions/cache from 4.1.0 to 4.1.1 (#3312)
dependabot[bot] Oct 10, 2024
223a52d
chore(deps): update stereoscope to 5bc91bf166769e43d8d0f86c02e877c55e…
anchore-actions-token-generator[bot] Oct 10, 2024
b62b0cb
[docs] Add mastodon link to README.md (#3306)
popey Oct 10, 2024
0c71bf2
docs: clearer deprecation message for --file (#3310)
willmurphyscode Oct 10, 2024
fbff87f
shorten release docs (#3318)
wagoodman Oct 11, 2024
c2c8c79
chore(deps): bump actions/upload-artifact from 4.4.1 to 4.4.3 (#3314)
dependabot[bot] Oct 11, 2024
6124d72
chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.6.1 to 4.7.…
dependabot[bot] Oct 11, 2024
8487736
chore(deps): update stereoscope to c04af061af62ab3ba6ab6760613526eaa7…
anchore-actions-token-generator[bot] Oct 11, 2024
8095f7b
chore(deps): update stereoscope to 92e97a1cf36d162bad51ccc6aba0cce7a4…
anchore-actions-token-generator[bot] Oct 13, 2024
e962c10
fix: improve go binary semver extraction for traefik (#3325)
westonsteimel Oct 14, 2024
f6e5405
chore(deps): update CPE dictionary index (#3323)
anchore-actions-token-generator[bot] Oct 14, 2024
67faca4
chore(deps): bump github/codeql-action from 3.26.12 to 3.26.13 (#3327)
dependabot[bot] Oct 14, 2024
39146aa
chore(deps): bump anchore/sbom-action from 0.17.2 to 0.17.3 (#3326)
dependabot[bot] Oct 14, 2024
7c69367
chore(deps): update stereoscope to 93f8a11331e3d50f751e4d0ec5b63f3df3…
anchore-actions-token-generator[bot] Oct 14, 2024
5c0df63
chore(deps): update stereoscope to 1cc8a41d447d0d092699be2b700b8ba62e…
anchore-actions-token-generator[bot] Oct 14, 2024
138c6e3
chore(deps): update stereoscope to 1cc8a41d447d0d092699be2b700b8ba62e…
anchore-actions-token-generator[bot] Oct 15, 2024
754cebe
fix: stop some log.Warn spam due parsing an empty string as a CPE (#3…
willmurphyscode Oct 15, 2024
d7194bb
fix: improve mariadb binary classifer to detect older versions (#3339)
westonsteimel Oct 16, 2024
80c8bc1
chore(deps): bump anchore/sbom-action from 0.17.3 to 0.17.4 (#3340)
dependabot[bot] Oct 16, 2024
5b9601d
fix: use official CPE for linux kernel (#3343)
westonsteimel Oct 17, 2024
f2646d0
chore(deps): bump github.com/adrg/xdg from 0.5.0 to 0.5.1 (#3344)
dependabot[bot] Oct 17, 2024
7adbdfe
chore(deps): update stereoscope to 9e57bce5efeb0ffe27770dd0b8eb2eef8b…
anchore-actions-token-generator[bot] Oct 17, 2024
3267545
chore(deps): update tools to latest versions (#3342)
anchore-actions-token-generator[bot] Oct 17, 2024
56dbb34
update to latest packageurl-go (#3347)
wagoodman Oct 18, 2024
5a37b4a
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.0 to 6.6.1…
dependabot[bot] Oct 21, 2024
e38825a
chore(deps): update CPE dictionary index (#3358)
anchore-actions-token-generator[bot] Oct 21, 2024
14355aa
chore(deps): update stereoscope to a38c93517fc7d67ca1af826ac529a06c05…
anchore-actions-token-generator[bot] Oct 21, 2024
e4e985b
Create single license scanner for all catalogers (#3348)
wagoodman Oct 21, 2024
2f2afe4
Remove unwanted CI setup
Oct 21, 2024
cdba7d3
Remove fluff to avoid SAST false positives
Oct 21, 2024
54148f1
Apply Red Hat specific modifications
Oct 21, 2024
615ae2d
Copy Tekton pipelines from 'redhat-latest' branch
Oct 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
32 changes: 24 additions & 8 deletions .binny.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ tools:
# we want to use a pinned version of binny to manage the toolchain (so binny manages itself!)
- name: binny
version:
want: v0.7.0
want: v0.8.0
method: github-release
with:
repo: anchore/binny
Expand All @@ -18,31 +18,31 @@ tools:
# used to sign mac binaries at release
- name: quill
version:
want: v0.4.1
want: v0.4.2
method: github-release
with:
repo: anchore/quill

# used for linting
- name: golangci-lint
version:
want: v1.59.0
want: v1.61.0
method: github-release
with:
repo: golangci/golangci-lint

# used for showing the changelog at release
- name: glow
version:
want: v1.5.1
want: v2.0.0
method: github-release
with:
repo: charmbracelet/glow

# used for signing the checksums file at release
- name: cosign
version:
want: v2.2.4
want: v2.4.1
method: github-release
with:
repo: sigstore/cosign
Expand All @@ -58,7 +58,7 @@ tools:
# used to release all artifacts
- name: goreleaser
version:
want: v1.26.2
want: v2.3.2
method: github-release
with:
repo: goreleaser/goreleaser
Expand Down Expand Up @@ -103,15 +103,31 @@ tools:
# used for running all local and CI tasks
- name: task
version:
want: v3.37.2
want: v3.39.2
method: github-release
with:
repo: go-task/task

# used for triggering a release
- name: gh
version:
want: v2.49.2
want: v2.59.0
method: github-release
with:
repo: cli/cli

# used to upload test fixture cache
- name: oras
version:
want: v1.2.0
method: github-release
with:
repo: oras-project/oras

# used to upload test fixture cache
- name: yq
version:
want: v4.44.3
method: github-release
with:
repo: mikefarah/yq
1 change: 1 addition & 0 deletions .bouncer.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ permit:
- MPL.*
- ISC
- WTFPL
- Unlicense

ignore-packages:
# packageurl-go is released under the MIT license located in the root of the repo at /mit.LICENSE
Expand Down
20 changes: 0 additions & 20 deletions .github/ISSUE_TEMPLATE/bug_report.md
View file
Open in desktop

This file was deleted.

6 changes: 0 additions & 6 deletions .github/ISSUE_TEMPLATE/config.yml
View file
Open in desktop

This file was deleted.

15 changes: 0 additions & 15 deletions .github/ISSUE_TEMPLATE/feature_request.md
View file
Open in desktop

This file was deleted.

61 changes: 0 additions & 61 deletions .github/actions/bootstrap/action.yaml
View file
Open in desktop

This file was deleted.

19 changes: 0 additions & 19 deletions .github/dependabot.yml
View file
Open in desktop

This file was deleted.

36 changes: 0 additions & 36 deletions .github/scripts/check_binary_fixture_size.sh
View file
Open in desktop

This file was deleted.

11 changes: 0 additions & 11 deletions .github/scripts/ci-check.sh
View file
Open in desktop

This file was deleted.

36 changes: 0 additions & 36 deletions .github/scripts/coverage.py
View file
Open in desktop

This file was deleted.

30 changes: 0 additions & 30 deletions .github/scripts/go-mod-tidy-check.sh
View file
Open in desktop

This file was deleted.

17 changes: 0 additions & 17 deletions .github/scripts/json-schema-drift-check.sh
View file
Open in desktop

This file was deleted.

Loading