anchore-actions-token-generator[bot]
4fe50f4169
chore(deps): update stereoscope to 37291e81936d2b43b3cef56667a741ef715fbfe4 ( #2583 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-02-02 10:27:26 -05:00
dependabot[bot]
78d362f91a
chore(deps): bump github.com/charmbracelet/bubbles from 0.17.1 to 0.18.0 ( #2584 )
...
Bumps [github.com/charmbracelet/bubbles](https://github.com/charmbracelet/bubbles ) from 0.17.1 to 0.18.0.
- [Release notes](https://github.com/charmbracelet/bubbles/releases )
- [Commits](https://github.com/charmbracelet/bubbles/compare/v0.17.1...v0.18.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbles
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-02 10:27:09 -05:00
Alex Goodman
5a9b664fef
swap format readseekers for readers ( #2581 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-01 14:18:13 -05:00
Alex Goodman
6107e5e2ad
translate maps to sequences in pkg metadata ( #2553 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-01 11:58:10 -05:00
anchore-actions-token-generator[bot]
fef0e54c0f
chore(deps): update tools to latest versions ( #2576 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-02-01 10:27:01 -05:00
dependabot[bot]
4a98f9fbd3
chore(deps): bump anchore/sbom-action from 0.15.7 to 0.15.8 ( #2578 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.7 to 0.15.8.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](767b08fd88...b6a39da807
2024-02-01 10:26:47 -05:00
dependabot[bot]
db49c145f0
chore(deps): bump marocchino/sticky-pull-request-comment ( #2579 )
...
Bumps [marocchino/sticky-pull-request-comment](https://github.com/marocchino/sticky-pull-request-comment ) from 2.8.0 to 2.9.0.
- [Release notes](https://github.com/marocchino/sticky-pull-request-comment/releases )
- [Commits](efaaab3fd4...331f8f5b42
2024-02-01 10:26:37 -05:00
dependabot[bot]
3ac7e43e3e
chore(deps): bump github.com/docker/docker ( #2580 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 25.0.1+incompatible to 25.0.2+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v25.0.1...v25.0.2 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-01 10:26:25 -05:00
anchore-actions-token-generator[bot]
216e211dc8
chore(deps): update stereoscope to db7a4bedaba6ad93becf22ce794f306dfb07fcb9 ( #2577 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-02-01 08:32:13 +00:00
William Murphy
bbddac1f9d
Fix attest with --key ( #2551 )
...
Fix passing "--key" to the attest command. Additionally, pull in an update to
the clio CLI library to permit unit testing that flags and env vars are parsed
to the correct field on command options structs. This testing strategy was
needed here because testing attestation in an end to end test requires a
prohibitive amount of setup.
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-31 16:39:17 -05:00
Weston Steimel
3893f80052
fix(java): improve identification for org.apache.kafka artifacts ( #2573 )
...
Signed-off-by: Weston Steimel <weston.steimel@proton.me>
2024-01-31 16:34:56 -05:00
Christopher Angelo Phillips
630e7153e6
chore: pluralize the flag ( #2564 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-01-31 13:21:09 -05:00
anchore-actions-token-generator[bot]
28e9ee7106
chore(deps): update tools to latest versions ( #2566 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2024-01-31 13:20:34 -05:00
dependabot[bot]
43837f47f5
chore(deps): bump peter-evans/create-pull-request from 5.0.2 to 6.0.0 ( #2567 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 5.0.2 to 6.0.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](153407881e...b1ddad2c99
2024-01-31 13:20:17 -05:00
dependabot[bot]
e880e6dcd6
chore(deps): bump anchore/sbom-action from 0.15.6 to 0.15.7 ( #2568 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.6 to 0.15.7.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](c6aed38a43...767b08fd88
2024-01-31 13:19:50 -05:00
Alex Goodman
6ae5b2904d
re-add cosign signing checksums file ( #2572 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-31 13:19:41 -05:00
Alex Goodman
377538e4a6
revert cosign signing of release checksums file ( #2571 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-31 16:58:24 +00:00
Alex Goodman
bbe7fa180a
bump archiver and stereoscope ( #2570 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-31 11:24:33 -05:00
William Murphy
31e0fc36e3
fix: Better test for group ID in filename ( #2565 )
...
This fixes an issue where filenames containing a period that aren't a
group ID, such as some-jar.12.jar, would be mistakenly be reported as
having the name "12" by syft, instead of the name "some-jar.12".
It works by testing whether the parts of the filename split on "."
are all valid Java identifiers.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2024-01-31 08:21:33 -05:00
Alex Goodman
aa702a72b4
Sign checksums file and add SBOMs on release ( #2548 )
...
* with release signature of checksums file
* attach SBOMs to the release
* update acceptance tests
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-30 13:16:40 -05:00
dependabot[bot]
b113391638
chore(deps): bump anchore/sbom-action from 0.15.5 to 0.15.6 ( #2560 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.5 to 0.15.6.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](24b0d52385...c6aed38a43
2024-01-30 13:15:22 -05:00
dependabot[bot]
d4f31d6a3e
chore(deps): bump github.com/google/go-containerregistry ( #2561 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.18.0 to 0.19.0.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.18.0...v0.19.0 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-30 13:15:13 -05:00
dependabot[bot]
bd4bcc4e89
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.3 to 6.5.4 ( #2562 )
...
Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty ) from 6.5.3 to 6.5.4.
- [Release notes](https://github.com/jedib0t/go-pretty/releases )
- [Commits](https://github.com/jedib0t/go-pretty/compare/v6.5.3...v6.5.4 )
---
updated-dependencies:
- dependency-name: github.com/jedib0t/go-pretty/v6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-30 13:15:06 -05:00
anchore-actions-token-generator[bot]
cf48c3a0c9
chore(deps): update tools to latest versions ( #2554 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2024-01-29 12:32:53 -05:00
dependabot[bot]
b4f565a620
chore(deps): bump github.com/sassoftware/go-rpmutils from 0.2.0 to 0.3.0 ( #2556 )
...
Bumps [github.com/sassoftware/go-rpmutils](https://github.com/sassoftware/go-rpmutils ) from 0.2.0 to 0.3.0.
- [Release notes](https://github.com/sassoftware/go-rpmutils/releases )
- [Commits](https://github.com/sassoftware/go-rpmutils/compare/v0.2.0...v0.3.0 )
---
updated-dependencies:
- dependency-name: github.com/sassoftware/go-rpmutils
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-29 12:32:37 -05:00
dependabot[bot]
2e0149fd9e
chore(deps): bump 8398a7/action-slack from 3.15.1 to 3.16.2 ( #2557 )
...
Bumps [8398a7/action-slack](https://github.com/8398a7/action-slack ) from 3.15.1 to 3.16.2.
- [Release notes](https://github.com/8398a7/action-slack/releases )
- [Commits](fbd6aa58ba...28ba43ae48
2024-01-29 12:32:30 -05:00
dependabot[bot]
87bbc507ee
chore(deps): bump github/codeql-action from 3.23.1 to 3.23.2 ( #2558 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.23.1 to 3.23.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0b21cf2492...b7bf0a3ed3
2024-01-29 12:32:22 -05:00
Alex Goodman
f893933336
internalize format helpers ( #2543 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-26 12:16:26 -05:00
Alex Goodman
b6cbf82389
Internalize CPE generation logic ( #2541 )
...
* migrate CPE generation logic to internal
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove create function
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-26 12:16:05 -05:00
anchore-actions-token-generator[bot]
7f90b8f1eb
chore(deps): update tools to latest versions ( #2550 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2024-01-26 10:40:44 -05:00
Laurent Goderre
d7c51e5c82
Implement golang Purl subpath ( #2547 )
...
* Added test for golang package that include subpath into the module
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
* Implement golang purl subpath
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
---------
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-01-25 17:04:28 -05:00
Alex Goodman
414fb2f8ad
fix migration of integration test ( #2546 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-25 15:18:36 +00:00
Alex Goodman
a32b8d7fc6
Use the json schema as input for templating ( #2542 )
...
* use the json schema as input for templating
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix cli tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-25 14:00:35 +00:00
Alex Goodman
11c0b1c234
Unexport types and functions cataloger packages ( #2530 )
...
* unexport as many types and functions from cataloger packages as possible
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* capture type and signature information in convention test
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* check that we return pkg.Cataloger from constructors
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-24 16:12:46 -05:00
Alex Goodman
e0e1c4ba0a
Internalize majority of cmd package ( #2533 )
...
* internalize majority of cmd package and migrate integration tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add internal api encoder
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* create internal representation of all formats
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* export capability to get default encoders
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* restore test fixtures
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-24 13:29:51 -05:00
Alex Goodman
bf3cd9ed3b
allow for RPM modularity to be optional ( #2540 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-24 13:21:59 -05:00
dependabot[bot]
ad2843bf50
chore(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0 ( #2536 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](694cdabd8b...26f96dfa69
2024-01-24 10:11:43 -05:00
dependabot[bot]
0bb94099b0
chore(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0 ( #2538 )
...
Bumps [github.com/google/uuid](https://github.com/google/uuid ) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/google/uuid/releases )
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md )
- [Commits](https://github.com/google/uuid/compare/v1.5.0...v1.6.0 )
---
updated-dependencies:
- dependency-name: github.com/google/uuid
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-24 10:11:33 -05:00
dependabot[bot]
97d0108bd5
chore(deps): bump github.com/docker/docker ( #2537 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 25.0.0+incompatible to 25.0.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v25.0.0...v25.0.1 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-24 10:11:24 -05:00
William Murphy
878df69330
chore: stop re-exporting wfn.Attributes ( #2534 )
...
* chore: stop re-exporting wfn.Attributes
Previously, Syft re-exported wfn.Attributes from the nvdtools package as
a member of the Package struct. However, Syft doesn't own this struct,
and so after Syft 1.0, might be forced to bump a semver major version
due to a breaking change in wfn.Attributes. Rather than incur this risk
going into 1.0, instead replace Syft's use of wfn.Attributes with Syft's
own cpe.CPE type. That type has some pass-through calls to
wfn.Attributes, but hides the dependency from the rest of the
application.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
* chore: make cpe.CPE type a Stringer
Previously, the cpe.CPE type was an alias for wfn.Attributes from
nvdtools. Now that it is a type we control, make the String method take
the CPE as a receiver, rather than as a normal parameter, so that Syft's
cpe.CPE type implements Stringer.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
---------
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2024-01-24 08:59:03 -05:00
Alex Goodman
0fe13888d5
swap format readseekers for readers ( #2515 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-23 16:44:57 -05:00
dependabot[bot]
8e39ca6dfc
chore(deps): bump anchore/sbom-action from 0.15.4 to 0.15.5 ( #2531 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.4 to 0.15.5.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](41f7a6c033...24b0d52385
2024-01-23 10:14:05 -05:00
dependabot[bot]
935b885ba2
chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.12 to 0.5.0 ( #2532 )
...
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) from 0.4.12 to 0.5.0.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.12...v0.5.0 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-23 10:13:51 -05:00
Alex Goodman
cdad5e767a
plumb context through catalogers ( #2528 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-22 15:54:51 -05:00
Alex Goodman
c5d15d1d6c
Remove CLI and API deprecations ( #2508 )
...
* remove api deprecations
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove deprecated NAME cli flag
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-22 12:55:30 -05:00
Alex Goodman
03b7938fbf
Turn off the SBOM cataloger by default ( #2527 )
...
* turn off the SBOM cataloger by default
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix integration tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-22 12:32:45 -05:00
Alex Goodman
4c77783461
Re-introduce linux kernel cataloger ( #2526 )
...
* re-add linux kernel cataloger
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* ensure there is at least a directory or image tag on each task
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix CLI tests to account for kernel finding (+2)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-22 16:31:41 +00:00
William Murphy
c6ce1de928
make AllLocations accept a context ( #2518 )
...
The previous implementation would leak a goroutine if the caller of
AllLocations stopped iterating early. Now, accept a context so that the
caller can cancel the AllLocations iterator rather than leak the
goroutine.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2024-01-22 11:05:59 -05:00
anchore-actions-token-generator[bot]
3046d43a8a
chore(deps): update CPE dictionary index ( #2523 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
2024-01-22 08:32:31 -05:00
Dan Luhring
df582e8463
fix: minor cataloger and docs nits ( #2519 )
...
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
2024-01-19 17:29:47 -05:00
