dependabot[bot]
26792fc12d
chore(deps): bump github/codeql-action from 3.29.10 to 3.29.11 ( #4149 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.10 to 3.29.11.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](96f518a34f...3c3833e0f8
2025-08-21 10:43:25 -04:00
Simeon Stoykov
a433045d51
feat: basic Conda ecosystem support ( #4002 )
...
----------------------------------------------------------------
Signed-off-by: Simeon Stoykov <simeon.stoykov@quantco.com>
Signed-off-by: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-08-19 22:37:27 -04:00
dependabot[bot]
8e51e8d995
chore(deps): bump github/codeql-action from 3.29.9 to 3.29.10 ( #4145 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.9 to 3.29.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](df559355d5...96f518a34f
2025-08-18 15:29:36 -04:00
anchore-actions-token-generator[bot]
ba2eb5701f
chore(deps): update CPE dictionary index ( #4143 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-08-18 10:14:39 -04:00
dependabot[bot]
c4292ad79b
chore(deps): bump github.com/hashicorp/go-getter from 1.7.8 to 1.7.9 ( #4144 )
...
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter ) from 1.7.8 to 1.7.9.
- [Release notes](https://github.com/hashicorp/go-getter/releases )
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml )
- [Commits](https://github.com/hashicorp/go-getter/compare/v1.7.8...v1.7.9 )
---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
dependency-version: 1.7.9
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-18 11:42:13 +01:00
dependabot[bot]
0e669faecd
chore(deps): bump anchore/sbom-action from 0.20.4 to 0.20.5 ( #4141 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.4 to 0.20.5.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](7b36ad622f...da167eac91
2025-08-15 10:22:24 -04:00
anchore-actions-token-generator[bot]
10ea022fe7
chore(deps): update tools to latest versions ( #4139 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-08-14 13:34:24 -04:00
Alan Pope
87e1d8cb87
feat: add support for authors, maintainers, and contributors in package.json. ( #4003 )
...
Fixes #2250
---------
Signed-off-by: Alan Pope <alan.pope@anchore.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-08-13 17:55:15 -04:00
dependabot[bot]
ab9db0024e
chore(deps): bump zizmorcore/zizmor-action from 0.1.1 to 0.1.2 ( #4135 )
...
Bumps [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action ) from 0.1.1 to 0.1.2.
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases )
- [Commits](f52a838cfa...5ca5fc7a47
2025-08-13 10:07:03 -04:00
Christopher Angelo Phillips
6b48bd4b5e
feat: add package supplier flag ( #4131 )
...
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-08-12 14:49:41 -04:00
Christopher Angelo Phillips
89470ecdd3
feat: update syft license construction to be able to look up by URL ( #4132 )
...
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-08-12 14:30:32 -04:00
dependabot[bot]
104df88143
chore(deps): bump github/codeql-action from 3.29.8 to 3.29.9 ( #4134 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.8 to 3.29.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](76621b61de...df559355d5
2025-08-12 18:23:39 +00:00
honigbot
80e61175ad
fix: support multiple letters in openssl patch version ( #4106 )
...
Signed-off-by: honigbot <thesoftbear@gmail.com>
2025-08-12 10:30:41 -04:00
Keith Zantow
9f956dca8f
fix: closed reader during java binary detection ( #4129 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-08-12 08:58:28 -04:00
dependabot[bot]
6452a19009
chore(deps): bump actions/checkout from 4.2.2 to 5.0.0 ( #4130 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.2.2 to 5.0.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](11bd71901b...08c6903cd8
2025-08-11 16:54:59 -04:00
Emmanuel Ferdman
21496e7a81
chore: update GoReleaser configurations ( #4128 )
...
Signed-off-by: Emmanuel Ferdman <emmanuelferdman@gmail.com>
2025-08-11 09:38:33 -04:00
anchore-actions-token-generator[bot]
3e5befc267
chore(deps): update CPE dictionary index ( #4126 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-08-10 23:48:24 -04:00
dependabot[bot]
49736e7c4a
chore(deps): bump golang.org/x/net from 0.42.0 to 0.43.0 ( #4122 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.42.0 to 0.43.0.
- [Commits](https://github.com/golang/net/compare/v0.42.0...v0.43.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-version: 0.43.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-08 17:51:06 +00:00
dependabot[bot]
7a9e1e06da
chore(deps): bump golang.org/x/mod from 0.26.0 to 0.27.0 ( #4123 )
...
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.26.0 to 0.27.0.
- [Commits](https://github.com/golang/mod/compare/v0.26.0...v0.27.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-version: 0.27.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-08 13:35:44 -04:00
dependabot[bot]
7b92913a00
chore(deps): bump github/codeql-action from 3.29.7 to 3.29.8 ( #4124 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.7 to 3.29.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](51f77329af...76621b61de
2025-08-08 13:35:35 -04:00
Will Murphy
594b309cdf
feat: add binary classifier for hashicorp vault ( #4121 )
...
* add binary classifier for hashicorp vault
The Go Binary Cataloger isn't able to parse the version out of the
binary shipped in the DockerHub images of hashicorp/vault because the
version of the main module isn't set in the binary. Therefore, add a
binary classifier cataloger for this binary.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* chore: add test fixtures, update vault
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* chore: set binary classifier package type based on PURL
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* chore: use github.com/hashicorp/vault as package name
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* chore: update tests
Signed-off-by: Keith Zantow <kzantow@gmail.com>
---------
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
2025-08-08 13:26:15 -04:00
Keith Zantow
8c6a2bcbb6
fix: nondeterministic Java archive cataloging and improve groupID ( #4118 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-08-07 10:55:10 -04:00
dependabot[bot]
d4d311155f
chore(deps): bump docker/login-action from 3.4.0 to 3.5.0 ( #4115 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](74a5d14239...184bdaa072
2025-08-07 10:48:53 -04:00
dependabot[bot]
118f564cf3
chore(deps): bump actions/cache from 4.2.3 to 4.2.4 ( #4119 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.2.3 to 4.2.4.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](5a3ec84eff...0400d5f644
2025-08-07 10:47:40 -04:00
dependabot[bot]
b59c902996
chore(deps): bump actions/cache in /.github/actions/bootstrap ( #4120 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.2.3 to 4.2.4.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](5a3ec84eff...0400d5f644
2025-08-07 10:47:25 -04:00
anchore-actions-token-generator[bot]
fad9340051
chore(deps): update tools to latest versions ( #4111 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-08-04 11:20:26 -04:00
anchore-actions-token-generator[bot]
3820cba0cd
chore(deps): update CPE dictionary index ( #4112 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-08-04 11:20:09 -04:00
anchore-actions-token-generator[bot]
5af72b6663
chore(deps): update tools to latest versions ( #4108 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-07-31 12:04:54 -04:00
dependabot[bot]
801b21bb37
chore(deps): bump github/codeql-action from 3.29.4 to 3.29.5 ( #4096 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.4 to 3.29.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](4e828ff8d4...51f77329af
2025-07-30 14:29:07 -04:00
anchore-actions-token-generator[bot]
386ef842d9
chore(deps): update anchore dependencies ( #4104 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-07-30 17:41:35 +00:00
anchore-actions-token-generator[bot]
bd79463e77
chore(deps): update anchore dependencies ( #4098 )
...
* chore(deps): update anchore dependencies
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* address reader close operations
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-07-30 17:23:07 +00:00
Alex Goodman
8a7302c5cf
migrate to get.anchore.io ( #4095 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-07-30 10:54:22 -04:00
dependabot[bot]
28ba092375
chore(deps): bump github.com/anchore/stereoscope ( #4091 )
...
Bumps [github.com/anchore/stereoscope](https://github.com/anchore/stereoscope ) from 0.1.7-0.20250716200927-94c6f92877d4 to 0.1.7.
- [Release notes](https://github.com/anchore/stereoscope/releases )
- [Changelog](https://github.com/anchore/stereoscope/blob/main/RELEASE.md )
- [Commits](https://github.com/anchore/stereoscope/commits/v0.1.7 )
---
updated-dependencies:
- dependency-name: github.com/anchore/stereoscope
dependency-version: 0.1.7
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-30 09:12:55 -04:00
dependabot[bot]
fa68af468d
chore(deps): bump github.com/docker/docker ( #4092 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 28.2.2+incompatible to 28.3.3+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v28.2.2...v28.3.3 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-version: 28.3.3+incompatible
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-29 16:29:03 -04:00
dependabot[bot]
700a777356
chore(deps): bump modernc.org/sqlite from 1.38.1 to 1.38.2 ( #4088 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.38.1 to 1.38.2.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.38.1...v1.38.2 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-version: 1.38.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-29 10:29:57 -04:00
dependabot[bot]
71aa59a210
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.13 to 0.5.14 ( #4089 )
...
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) from 0.5.13 to 0.5.14.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.13...v0.5.14 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-version: 0.5.14
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-29 10:29:45 -04:00
dependabot[bot]
d0d9c6a8e5
chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.9.0 to 4.9.1 ( #4087 )
2025-07-28 13:39:36 -04:00
dependabot[bot]
702b4358e9
chore(deps): bump github.com/olekukonko/tablewriter from 1.0.8 to 1.0.9 ( #4086 )
2025-07-28 13:39:22 -04:00
dependabot[bot]
4a69c00c23
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.7 to 6.6.8 ( #4085 )
2025-07-28 13:39:06 -04:00
dependabot[bot]
998742f38e
chore(deps): bump modernc.org/sqlite from 1.38.0 to 1.38.1 ( #4084 )
2025-07-28 17:38:42 +00:00
anchore-actions-token-generator[bot]
bb8ea024e1
chore(deps): update tools to latest versions ( #4082 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-07-28 12:01:09 -04:00
anchore-actions-token-generator[bot]
3f28480b3d
chore(deps): update CPE dictionary index ( #4083 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-07-28 10:51:16 -04:00
anchore-actions-token-generator[bot]
5465bf4227
chore(deps): update tools to latest versions ( #4079 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-07-24 15:18:12 -04:00
dependabot[bot]
8b2c4a134e
chore(deps): bump github/codeql-action from 3.29.3 to 3.29.4 ( #4080 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.3 to 3.29.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](d6bbdef45e...4e828ff8d4
2025-07-24 15:17:49 -04:00
anchore-actions-token-generator[bot]
d7046099e9
chore(deps): update tools to latest versions ( #4076 )
2025-07-23 21:03:20 -04:00
Alex Goodman
f0a990b85f
chore: add source completion tester ( #4077 )
...
* add source completion tester
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add missing t.Helper calls
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-07-23 13:49:47 +00:00
Keith Zantow
48bf81cf7f
fix: align binary java detection with jvm cataloger + support IBM ( #4046 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-07-22 12:06:32 -04:00
anchore-actions-token-generator[bot]
78c7cd2cc2
chore(deps): update tools to latest versions ( #4072 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-07-22 09:49:58 -04:00
dependabot[bot]
a192787d44
chore(deps): bump github/codeql-action from 3.29.2 to 3.29.3 ( #4074 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.2 to 3.29.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](181d5eefc2...d6bbdef45e
2025-07-22 09:49:43 -04:00
dependabot[bot]
d5a562c368
chore(deps): bump anchore/sbom-action from 0.20.2 to 0.20.4 ( #4073 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.2 to 0.20.4.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](cee1b8e05a...7b36ad622f
2025-07-22 09:49:40 -04:00
