anchore-actions-token-generator[bot]
8fb32dfc13
chore(deps): update tools to latest versions ( #3739 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-03-19 08:32:30 -04:00
Alex Goodman
2738291a96
swap centos images for rocky ( #3741 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-03-18 14:25:03 +00:00
anchore-actions-token-generator[bot]
7bdbfc0478
chore(deps): update anchore dependencies ( #3727 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-03-17 15:59:13 +00:00
anchore-actions-token-generator[bot]
6e7386a4fd
chore(deps): update CPE dictionary index ( #3735 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-03-17 10:22:53 -04:00
anchore-actions-token-generator[bot]
f889c4c014
chore(deps): update tools to latest versions ( #3722 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-03-17 10:22:21 -04:00
dependabot[bot]
06571af855
chore(deps): bump github.com/spf13/afero from 1.12.0 to 1.14.0 ( #3736 )
...
Bumps [github.com/spf13/afero](https://github.com/spf13/afero ) from 1.12.0 to 1.14.0.
- [Release notes](https://github.com/spf13/afero/releases )
- [Commits](https://github.com/spf13/afero/compare/v1.12.0...v1.14.0 )
---
updated-dependencies:
- dependency-name: github.com/spf13/afero
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-17 10:22:10 -04:00
dependabot[bot]
d6693c8504
chore(deps): bump modernc.org/sqlite from 1.36.0 to 1.36.1 ( #3737 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.36.0 to 1.36.1.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.36.0...v1.36.1 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-17 10:22:02 -04:00
dependabot[bot]
2d33bcf84f
chore(deps): bump github.com/charmbracelet/lipgloss from 1.0.0 to 1.1.0 ( #3732 )
...
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss ) from 1.0.0 to 1.1.0.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases )
- [Changelog](https://github.com/charmbracelet/lipgloss/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v1.0.0...v1.1.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-14 11:47:58 -04:00
dependabot[bot]
ae878f7dfd
chore(deps): bump docker/login-action from 3.3.0 to 3.4.0 ( #3733 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 3.3.0 to 3.4.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](9780b0c442...74a5d14239
2025-03-14 11:47:51 -04:00
Yoav Alon
6f70927bcc
fix(performance): reduce memory allocation in containsPath ( #3730 )
...
Signed-off-by: Yoav Alon <yoav@orca.security>
2025-03-13 14:39:57 -04:00
Keith Zantow
9a2c2ad401
chore: upload individual binaries as artifacts ( #3714 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-03-13 12:15:13 -04:00
Sven Gregori
2846bb18d2
fix: fetch Dart package versions from sdk entries ( #3572 )
...
* fix: fetch Dart package versions from sdk entries
Packages that are provided by an SDK, mainly Flutter, will have their
version set to 0.0.0 in Dart's pubspec.lock file. Their actual version
is linked to that SDK, which is defined either as a version range or a
minimum supported version, rather than an explicit, single version.
The pubspec.lock file has a dedicated section to define those SDK
version range constraints, which is already stored internally when
parsing the file itself. The solution now is to look up such a package's
SDK name, retrieve the defined version range / lower version boundary,
and set the minimum supported version as the package's new version.
Signed-off-by: Sven Gregori <sven@craplab.fi>
* Ignore Dart package if SDK version cannot be fetched
Signed-off-by: Sven Gregori <sven@craplab.fi>
* fix linting issues
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Sven Gregori <sven@craplab.fi>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-03-13 06:10:32 -04:00
anchore-actions-token-generator[bot]
616c8dfe2a
chore(deps): update tools to latest versions ( #3713 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-03-11 14:13:34 -04:00
anchore-actions-token-generator[bot]
d387f612ca
chore(deps): update CPE dictionary index ( #3715 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-03-11 14:09:54 -04:00
mikey strauss
6a28c1c604
Add set ID to dotnet packages ( #3719 )
...
Signed-off-by: houdini91 <mdstrauss91@gmail.com>
2025-03-11 14:09:25 -04:00
dependabot[bot]
c613476347
chore(deps): bump github/codeql-action from 3.28.10 to 3.28.11 ( #3716 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.28.10 to 3.28.11.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b56ba49b26...6bb031afdd
2025-03-11 14:08:54 -04:00
Alex Goodman
34e5ff753f
Location order on packages should consider evidence annotations when sorting ( #3720 )
...
* fix: sorting locations should consider pkg evidence
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* simplify location test options for comparison
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-03-11 10:34:37 -04:00
TechVest
04941c8b97
chore: fix some function names in comment ( #3717 )
...
Signed-off-by: TechVest <techdashen@qq.com>
2025-03-10 11:34:10 -04:00
Alan Pope
c687b7bfa5
fix: improve fluent-bit binary detection regex pattern ( #3701 )
...
* fix: improve fluent-bit binary detection regex pattern
This fixes issue #3133 by updating the regex pattern for fluent-bit binary detection
to better handle ANSI escape sequences and multiple null bytes between the version
string and "Fluent Bit" text. The change also makes the %s format specifier optional,
supporting all variations in fluent-bit binary signatures.
Signed-off-by: Alan Pope <alan.pope@anchore.com>
* test: add fluent-bit 1.7.0-dev-3 test fixture for issue #3133
Signed-off-by: Alan Pope <alan.pope@anchore.com>
---------
Signed-off-by: Alan Pope <alan.pope@anchore.com>
2025-03-07 14:56:37 +00:00
Keith Zantow
7571f8dfba
chore: updates for go 1.24.1 ( #3712 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-03-06 15:35:26 +00:00
dependabot[bot]
e8c62faefc
chore(deps): bump golang.org/x/mod from 0.23.0 to 0.24.0 ( #3708 )
...
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.23.0 to 0.24.0.
- [Commits](https://github.com/golang/mod/compare/v0.23.0...v0.24.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-06 15:20:45 +00:00
Tom Fay
24133be4e6
Update rustaudit module name ( #3689 )
...
Signed-off-by: Tom Fay <tom@teamfay.co.uk>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-03-06 15:07:05 +00:00
dependabot[bot]
8e28b13a3d
chore(deps): bump golang.org/x/net from 0.35.0 to 0.37.0 ( #3711 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.35.0 to 0.37.0.
- [Commits](https://github.com/golang/net/compare/v0.35.0...v0.37.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-06 15:01:39 +00:00
dependabot[bot]
6b0425ebad
chore(deps): bump github.com/charmbracelet/bubbletea from 1.2.4 to 1.3.4 ( #3690 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 1.2.4 to 1.3.4.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/main/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v1.2.4...v1.3.4 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-06 15:00:19 +00:00
Stef Graces
694eec4079
Add downloadLocation URI validation ( #3697 )
...
* Add downloadLocation URI validation
Signed-off-by: Stef Graces <stefgraces@hotmail.com>
* Update function names
Signed-off-by: Stef Graces <stefgraces@hotmail.com>
* Fixes for make lint-fix + Changes to when NONE and NOASSERTION in downloadLocation
Signed-off-by: Stef Graces <stefgraces@hotmail.com>
---------
Signed-off-by: Stef Graces <stefgraces@hotmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
2025-03-06 14:45:47 +00:00
Joel Rudsberg
974ce23722
Native Image SBOM: support extracting symbols in .dynsym section for ELF files ( #3647 )
...
Signed-off-by: Joel Rudsberg <joel.rudsberg@oracle.com>
2025-03-06 09:12:14 -05:00
dependabot[bot]
36c198ac67
chore(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 ( #3687 )
...
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp ) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/google/go-cmp/releases )
- [Commits](https://github.com/google/go-cmp/compare/v0.6.0...v0.7.0 )
---
updated-dependencies:
- dependency-name: github.com/google/go-cmp
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-06 09:04:14 -05:00
dependabot[bot]
f68351c457
chore(deps): bump modernc.org/sqlite from 1.35.0 to 1.36.0 ( #3692 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.35.0 to 1.36.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.35.0...v1.36.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-06 09:04:10 -05:00
dependabot[bot]
3bdc24dfd7
chore(deps): bump github.com/go-git/go-git/v5 from 5.13.2 to 5.14.0 ( #3693 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.13.2 to 5.14.0.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.13.2...v5.14.0 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-06 09:04:07 -05:00
dependabot[bot]
eaca1921bf
chore(deps): bump github.com/docker/docker ( #3694 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 28.0.0+incompatible to 28.0.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v28.0.0...v28.0.1 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-06 09:03:51 -05:00
dependabot[bot]
6e0cc6fe04
chore(deps): bump actions/cache from 4.2.1 to 4.2.2 ( #3698 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.2.1 to 4.2.2.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](0c907a75c2...d4323d4df1
2025-03-06 09:03:48 -05:00
dependabot[bot]
2251b83315
chore(deps): bump actions/cache in /.github/actions/bootstrap ( #3699 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.2.1 to 4.2.2.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](0c907a75c2...d4323d4df1
2025-03-06 09:03:44 -05:00
anchore-actions-token-generator[bot]
90761f449a
chore(deps): update CPE dictionary index ( #3702 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-03-06 09:03:31 -05:00
dependabot[bot]
a860c4738f
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.6 to 6.6.7 ( #3703 )
...
Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty ) from 6.6.6 to 6.6.7.
- [Release notes](https://github.com/jedib0t/go-pretty/releases )
- [Commits](https://github.com/jedib0t/go-pretty/compare/v6.6.6...v6.6.7 )
---
updated-dependencies:
- dependency-name: github.com/jedib0t/go-pretty/v6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-06 09:03:14 -05:00
dependabot[bot]
92e8ee74c8
chore(deps): bump golang.org/x/net from 0.35.0 to 0.36.0 ( #3709 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.35.0 to 0.36.0.
- [Commits](https://github.com/golang/net/compare/v0.35.0...v0.36.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-06 09:03:03 -05:00
dependabot[bot]
705e59b107
chore(deps): bump peter-evans/create-pull-request from 7.0.7 to 7.0.8 ( #3706 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.7 to 7.0.8.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](dd2324fc52...271a8d0340
2025-03-04 11:10:24 -05:00
Alex Goodman
f6605a3817
suppress file already closed errors ( #3695 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-02-27 21:52:50 +00:00
Alex Goodman
5e2723187d
Fix /etc/redhat-release file parsing when resolving distro details ( #3688 )
2025-02-26 12:42:29 +00:00
dependabot[bot]
f44b709542
chore(deps): bump sigstore/cosign-installer from 3.8.0 to 3.8.1 ( #3675 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.8.0 to 3.8.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/v3.8.0...v3.8.1 )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-24 10:04:27 -05:00
Keith Zantow
2792013eb2
chore: disable line wrapping glow output ( #3679 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-02-24 10:04:14 -05:00
anchore-actions-token-generator[bot]
3b951648a8
chore(deps): update CPE dictionary index ( #3682 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-02-24 10:03:13 -05:00
dependabot[bot]
e4d9ccde47
chore(deps): bump peter-evans/create-pull-request from 7.0.6 to 7.0.7 ( #3684 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.6 to 7.0.7.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](67ccf781d6...dd2324fc52
2025-02-24 10:02:32 -05:00
dependabot[bot]
3c5a71156e
chore(deps): bump github/codeql-action from 3.28.9 to 3.28.10 ( #3685 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.28.9 to 3.28.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](9e8d0789d4...b56ba49b26
2025-02-24 10:02:11 -05:00
dependabot[bot]
ed66988928
chore(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 ( #3686 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.6.0 to 4.6.1.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](65c4c4a1dd...4cec3d8aa0
2025-02-24 10:01:42 -05:00
Keith Zantow
46522bcc5d
chore: update packageurl-go ( #3678 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-02-21 15:31:16 -05:00
RogueAI
aeea170b19
fix: disable cert validation in dotnet-portable-executable-cataloger by default ( #3677 )
...
Signed-off-by: rogueai <rogueai@users.noreply.github.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
2025-02-21 15:08:06 -05:00
William Murphy
dd2ee2bbf7
fix: find bitnami files even when no relationships ( #3676 )
...
The bitnami cataloger assigns files under /opt/bitnami/PACKAGE to be
owned by PACKAGE unless they are otherwise owned. Previously, this main
package was identified only by relationships, leading to an edge case
where if there was a bitnami SBOM with a single package in it, there
were no relationships, and so there would be no main package to assign
the files to, leading to deduplication failures.
Instead, when encountering a bitnami SBOM with exactly one package in
it, assume that package is the main package of that SBOM.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2025-02-21 14:22:37 +00:00
anchore-actions-token-generator[bot]
edcfbe2f0d
chore(deps): update tools to latest versions ( #3652 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-02-20 14:59:23 -05:00
anchore-actions-token-generator[bot]
aff025ba35
chore(deps): update CPE dictionary index ( #3666 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-02-20 14:59:10 -05:00
dependabot[bot]
97a99e1132
chore(deps): bump actions/cache from 4.2.0 to 4.2.1 ( #3670 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.2.0 to 4.2.1.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](1bd1e32a3b...0c907a75c2
2025-02-20 10:45:27 -05:00
