dependabot[bot]
36c198ac67
chore(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 ( #3687 )
...
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp ) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/google/go-cmp/releases )
- [Commits](https://github.com/google/go-cmp/compare/v0.6.0...v0.7.0 )
---
updated-dependencies:
- dependency-name: github.com/google/go-cmp
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-06 09:04:14 -05:00
dependabot[bot]
f68351c457
chore(deps): bump modernc.org/sqlite from 1.35.0 to 1.36.0 ( #3692 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.35.0 to 1.36.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.35.0...v1.36.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-06 09:04:10 -05:00
dependabot[bot]
3bdc24dfd7
chore(deps): bump github.com/go-git/go-git/v5 from 5.13.2 to 5.14.0 ( #3693 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.13.2 to 5.14.0.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.13.2...v5.14.0 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-06 09:04:07 -05:00
dependabot[bot]
eaca1921bf
chore(deps): bump github.com/docker/docker ( #3694 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 28.0.0+incompatible to 28.0.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v28.0.0...v28.0.1 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-06 09:03:51 -05:00
dependabot[bot]
6e0cc6fe04
chore(deps): bump actions/cache from 4.2.1 to 4.2.2 ( #3698 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.2.1 to 4.2.2.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](0c907a75c2...d4323d4df1
2025-03-06 09:03:48 -05:00
dependabot[bot]
2251b83315
chore(deps): bump actions/cache in /.github/actions/bootstrap ( #3699 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.2.1 to 4.2.2.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](0c907a75c2...d4323d4df1
2025-03-06 09:03:44 -05:00
anchore-actions-token-generator[bot]
90761f449a
chore(deps): update CPE dictionary index ( #3702 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-03-06 09:03:31 -05:00
dependabot[bot]
a860c4738f
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.6 to 6.6.7 ( #3703 )
...
Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty ) from 6.6.6 to 6.6.7.
- [Release notes](https://github.com/jedib0t/go-pretty/releases )
- [Commits](https://github.com/jedib0t/go-pretty/compare/v6.6.6...v6.6.7 )
---
updated-dependencies:
- dependency-name: github.com/jedib0t/go-pretty/v6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-06 09:03:14 -05:00
dependabot[bot]
92e8ee74c8
chore(deps): bump golang.org/x/net from 0.35.0 to 0.36.0 ( #3709 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.35.0 to 0.36.0.
- [Commits](https://github.com/golang/net/compare/v0.35.0...v0.36.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-06 09:03:03 -05:00
dependabot[bot]
705e59b107
chore(deps): bump peter-evans/create-pull-request from 7.0.7 to 7.0.8 ( #3706 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.7 to 7.0.8.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](dd2324fc52...271a8d0340
2025-03-04 11:10:24 -05:00
Alex Goodman
f6605a3817
suppress file already closed errors ( #3695 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-02-27 21:52:50 +00:00
Alex Goodman
5e2723187d
Fix /etc/redhat-release file parsing when resolving distro details ( #3688 )
2025-02-26 12:42:29 +00:00
dependabot[bot]
f44b709542
chore(deps): bump sigstore/cosign-installer from 3.8.0 to 3.8.1 ( #3675 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.8.0 to 3.8.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/v3.8.0...v3.8.1 )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-24 10:04:27 -05:00
Keith Zantow
2792013eb2
chore: disable line wrapping glow output ( #3679 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-02-24 10:04:14 -05:00
anchore-actions-token-generator[bot]
3b951648a8
chore(deps): update CPE dictionary index ( #3682 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-02-24 10:03:13 -05:00
dependabot[bot]
e4d9ccde47
chore(deps): bump peter-evans/create-pull-request from 7.0.6 to 7.0.7 ( #3684 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.6 to 7.0.7.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](67ccf781d6...dd2324fc52
2025-02-24 10:02:32 -05:00
dependabot[bot]
3c5a71156e
chore(deps): bump github/codeql-action from 3.28.9 to 3.28.10 ( #3685 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.28.9 to 3.28.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](9e8d0789d4...b56ba49b26
2025-02-24 10:02:11 -05:00
dependabot[bot]
ed66988928
chore(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 ( #3686 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.6.0 to 4.6.1.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](65c4c4a1dd...4cec3d8aa0
2025-02-24 10:01:42 -05:00
Keith Zantow
46522bcc5d
chore: update packageurl-go ( #3678 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-02-21 15:31:16 -05:00
RogueAI
aeea170b19
fix: disable cert validation in dotnet-portable-executable-cataloger by default ( #3677 )
...
Signed-off-by: rogueai <rogueai@users.noreply.github.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
2025-02-21 15:08:06 -05:00
William Murphy
dd2ee2bbf7
fix: find bitnami files even when no relationships ( #3676 )
...
The bitnami cataloger assigns files under /opt/bitnami/PACKAGE to be
owned by PACKAGE unless they are otherwise owned. Previously, this main
package was identified only by relationships, leading to an edge case
where if there was a bitnami SBOM with a single package in it, there
were no relationships, and so there would be no main package to assign
the files to, leading to deduplication failures.
Instead, when encountering a bitnami SBOM with exactly one package in
it, assume that package is the main package of that SBOM.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2025-02-21 14:22:37 +00:00
anchore-actions-token-generator[bot]
edcfbe2f0d
chore(deps): update tools to latest versions ( #3652 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-02-20 14:59:23 -05:00
anchore-actions-token-generator[bot]
aff025ba35
chore(deps): update CPE dictionary index ( #3666 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-02-20 14:59:10 -05:00
dependabot[bot]
97a99e1132
chore(deps): bump actions/cache from 4.2.0 to 4.2.1 ( #3670 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.2.0 to 4.2.1.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](1bd1e32a3b...0c907a75c2
2025-02-20 10:45:27 -05:00
dependabot[bot]
edc361c0c7
chore(deps): bump actions/cache in /.github/actions/bootstrap ( #3671 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.2.0 to 4.2.1.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](1bd1e32a3b...0c907a75c2
2025-02-20 10:44:58 -05:00
dependabot[bot]
2317c5acfc
chore(deps): bump github.com/docker/docker ( #3673 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 27.5.1+incompatible to 28.0.0+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v27.5.1...v28.0.0 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-20 10:41:49 -05:00
idhyt
52bd4acd23
fix: correctly trim conanfile line breaks ( #3672 )
...
Signed-off-by: idhyt <idhyt3r@gmail.com>
2025-02-20 09:18:39 -05:00
dependabot[bot]
59b84f3ffd
chore(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 ( #3667 )
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.8.1 to 1.9.1.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Commits](https://github.com/spf13/cobra/compare/v1.8.1...v1.9.1 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-18 13:48:18 -05:00
dependabot[bot]
fb7444cb02
chore(deps): bump github.com/sanity-io/litter from 1.5.6 to 1.5.8 ( #3668 )
...
Bumps [github.com/sanity-io/litter](https://github.com/sanity-io/litter ) from 1.5.6 to 1.5.8.
- [Changelog](https://github.com/sanity-io/litter/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sanity-io/litter/compare/v1.5.6...v1.5.8 )
---
updated-dependencies:
- dependency-name: github.com/sanity-io/litter
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-18 13:48:08 -05:00
dependabot[bot]
e8a4667db2
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.10 to 0.5.11 ( #3669 )
...
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) from 0.5.10 to 0.5.11.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.10...v0.5.11 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-18 13:47:54 -05:00
Juan Ariza Toledano
bffe26bcc5
feat: add support for Bitnami cataloguer ( #3341 )
...
* prototype: start bitnami cataloger
Bitnami images have spdx SBOMs at predictable paths, and Syft could more
accurately identify the software in these images by scanning those
SBOMs. Start work on this by forking the sbom-cataloger as a new
bitnami-cataloger.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* wire up bitnami cataloger to run on images by default
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* feat: add support for Bitnami cataloguer
Signed-off-by: juan131 <jariza@vmware.com>
* feat: use a better SPDX sample for unit tests
Signed-off-by: juan131 <jariza@vmware.com>
* bugfix: only report bitnami pkgs
Signed-off-by: juan131 <jariza@vmware.com>
* feat: adapt JSON schema, spdxutil and packagemetadata
Signed-off-by: juan131 <jariza@vmware.com>
* bugfix: integration tests
Signed-off-by: juan131 <jariza@vmware.com>
* feat: implement FileOwner interface
Signed-off-by: juan131 <jariza@vmware.com>
* bugfix: update json schema
Signed-off-by: juan131 <jariza@vmware.com>
* [wip] add bitnami owned files and fix binary package ownership filtering
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* feat: obtain bitnami pkg files based on SPDX relationships tree
Signed-off-by: juan131 <jariza@vmware.com>
* preserve type switches
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* rename bitnami entry metadata type
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* restrict find main pkg logic
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add missing graalvm source info
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bugfix: integration tests
Signed-off-by: juan131 <jariza@vmware.com>
* bugfix: mod tidy
Signed-off-by: juan131 <jariza@vmware.com>
---------
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
Signed-off-by: juan131 <jariza@vmware.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Will Murphy <willmurphyscode@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-02-18 09:07:47 -05:00
dependabot[bot]
869908ece1
chore(deps): bump modernc.org/sqlite from 1.34.5 to 1.35.0 ( #3664 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.34.5 to 1.35.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.34.5...v1.35.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-14 08:40:30 -05:00
dependabot[bot]
91b7592a2f
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.5 to 6.6.6 ( #3653 )
...
Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty ) from 6.6.5 to 6.6.6.
- [Release notes](https://github.com/jedib0t/go-pretty/releases )
- [Commits](https://github.com/jedib0t/go-pretty/compare/v6.6.5...v6.6.6 )
---
updated-dependencies:
- dependency-name: github.com/jedib0t/go-pretty/v6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-13 10:08:20 -05:00
Weston Steimel
dce99543b2
feat: update to go 1.24.x ( #3660 )
...
* feat: update to go 1.24.x
Update to building with go 1.24.x so that the main module version gets
set during `go build`
Signed-off-by: Weston Steimel <author@code.w.steimel.me.uk>
* chore: bump golangci-lint for go 1.24.x support
Signed-off-by: Weston Steimel <author@code.w.steimel.me.uk>
* chore: appease the updated linter
Signed-off-by: Weston Steimel <author@code.w.steimel.me.uk>
* chore: fix test logging for go 1.24
Signed-off-by: Weston Steimel <author@code.w.steimel.me.uk>
---------
Signed-off-by: Weston Steimel <author@code.w.steimel.me.uk>
2025-02-13 10:08:10 -05:00
Keith Zantow
a17fe480a0
chore: update runners to ubuntu-24.04 ( #3657 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-02-11 21:34:12 +00:00
dependabot[bot]
d6fe2b08cb
chore(deps): bump golang.org/x/net from 0.34.0 to 0.35.0 ( #3655 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.34.0 to 0.35.0.
- [Commits](https://github.com/golang/net/compare/v0.34.0...v0.35.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-11 13:15:50 -05:00
dependabot[bot]
51780fba16
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.9 to 0.5.10 ( #3650 )
...
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) from 0.5.9 to 0.5.10.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.9...v0.5.10 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-10 10:19:22 -05:00
anchore-actions-token-generator[bot]
46f9bf4e4d
chore(deps): update CPE dictionary index ( #3649 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-02-09 22:45:31 -05:00
Keith Zantow
2328b20082
fix: reduce warn levels to debug for non-actionable errors ( #3645 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-02-07 13:22:55 -05:00
dependabot[bot]
52d543f3c1
chore(deps): bump github/codeql-action from 3.28.8 to 3.28.9 ( #3648 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.28.8 to 3.28.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](dd746615b3...9e8d0789d4
2025-02-07 11:18:56 -05:00
Christopher Angelo Phillips
e584c9f416
feat: 3626 add option enable license content; disable by default ( #3631 )
...
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-02-05 20:41:03 +00:00
anchore-actions-token-generator[bot]
7bab6e9851
chore(deps): update tools to latest versions ( #3641 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-02-05 14:23:36 -05:00
dependabot[bot]
10ba5aa9e6
chore(deps): bump sigstore/cosign-installer from 3.7.0 to 3.8.0 ( #3642 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.7.0 to 3.8.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/v3.7.0...v3.8.0 )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-05 14:22:21 -05:00
dependabot[bot]
79ea956f18
chore(deps): bump golang.org/x/mod from 0.22.0 to 0.23.0 ( #3644 )
...
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.22.0 to 0.23.0.
- [Commits](https://github.com/golang/mod/compare/v0.22.0...v0.23.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-05 14:22:02 -05:00
Alex Goodman
684b6e3f98
Add file catalogers to selection configuration ( #3505 )
...
* add file catalogers to selection configuration
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix typos
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* warn when there is conflicting file cataloging configuration
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* allow for explicit removal of all package and file tasks
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* address PR feedback
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-02-03 19:10:17 +00:00
Christopher Angelo Phillips
5e2ba43328
chore: replace all shorthand tags of mapstruct -> mapstructure ( #3633 )
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-02-03 10:43:06 -05:00
anchore-actions-token-generator[bot]
4dc86a06c7
chore(deps): update tools to latest versions ( #3637 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-02-03 09:44:56 -05:00
anchore-actions-token-generator[bot]
7a69f6fdd7
chore(deps): update CPE dictionary index ( #3638 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-02-03 09:44:44 -05:00
Christopher Angelo Phillips
9a9195e5c4
feat: syft 3435 - add file components to cyclonedx bom output when file metadata is available ( #3539 )
...
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-01-31 15:09:15 -05:00
anchore-actions-token-generator[bot]
a16e374a50
chore(deps): update tools to latest versions ( #3635 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-01-31 11:14:59 -05:00
