Christopher Phillips
5853129c07
wip: wip no lrg file oci client
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-11-05 11:29:53 -05:00
Christopher Phillips
9c5279cb99
chore: pr feedback
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-10-22 13:33:33 -04:00
Christopher Phillips
f7a19db98b
chore: warn -> debug
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-10-22 13:24:47 -04:00
Christopher Phillips
13756ec768
fix: role schema forward
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-10-22 13:22:58 -04:00
Christopher Phillips
3326ae44fa
Merge branch 'main' into 4184-gguf-parser
...
* main:
chore(deps): update tools to latest versions (#4302 )
chore(deps): bump github.com/github/go-spdx/v2 from 2.3.3 to 2.3.4 (#4301 )
chore(deps): bump github/codeql-action from 4.30.8 to 4.30.9 (#4299 )
support universal (fat) mach-o binary files (#4278 )
chore(deps): bump sigstore/cosign-installer from 3.10.0 to 4.0.0 (#4296 )
chore(deps): bump anchore/sbom-action from 0.20.7 to 0.20.8 (#4297 )
convert posix path back to windows (#4285 )
Remove duplicate image source providers (#4289 )
chore(deps): bump anchore/sbom-action from 0.20.6 to 0.20.7 (#4293 )
feat: add option to fetch remote licenses for pnpm-lock.yaml files (#4286 )
Add PDM parser (#4234 )
chore(deps): update tools to latest versions (#4291 )
fix: panic during java archive maven resolution (#4290 )
Extract zip archive with multiple entries (#4283 )
chore: update to use old configuration on new cosign (#4287 )
chore(deps): update anchore dependencies (#4282 )
chore(deps): bump github.com/mholt/archives from 0.1.3 to 0.1.5 (#4280 )
add docs to configs (#4281 )
2025-10-22 13:21:59 -04:00
Christopher Phillips
a08d5b78d9
fix: update gguf data to be GGUFFileHeader
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-10-22 13:20:23 -04:00
anchore-actions-token-generator[bot]
8be463911c
chore(deps): update tools to latest versions ( #4302 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-10-22 09:38:18 -04:00
Christopher Phillips
ce74ed0309
chore: refactor to use gguf-parser-go; 50mb limit
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-10-22 02:37:01 -04:00
dependabot[bot]
44b7b0947c
chore(deps): bump github.com/github/go-spdx/v2 from 2.3.3 to 2.3.4 ( #4301 )
2025-10-21 09:34:26 -04:00
dependabot[bot]
675075e882
chore(deps): bump github/codeql-action from 4.30.8 to 4.30.9 ( #4299 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.30.8 to 4.30.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f443b600d9...16140ae1a1
2025-10-20 10:08:39 -04:00
JoeyShapiro
31b2c4c090
support universal (fat) mach-o binary files ( #4278 )
...
Signed-off-by: Joseph Shapiro <joeyashapiro@gmail.com>
2025-10-17 13:41:59 -04:00
Christopher Phillips
0ff6a1af58
fix: first pass pr fixes
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-10-17 10:46:19 -04:00
dependabot[bot]
07029ead8a
chore(deps): bump sigstore/cosign-installer from 3.10.0 to 4.0.0 ( #4296 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.10.0 to 4.0.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](d7543c93d8...faadad0cce
2025-10-17 10:22:20 -04:00
dependabot[bot]
f4de1e863c
chore(deps): bump anchore/sbom-action from 0.20.7 to 0.20.8 ( #4297 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.7 to 0.20.8.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](d8a2c01300...aa0e114b2e
2025-10-17 10:22:10 -04:00
JoeyShapiro
538b4a2194
convert posix path back to windows ( #4285 )
...
Signed-off-by: Joseph Shapiro <joeyashapiro@gmail.com>
2025-10-17 09:29:06 -04:00
Kudryavcev Nikolay
fc74b07369
Remove duplicate image source providers ( #4289 )
...
Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com>
2025-10-16 16:19:11 -04:00
dependabot[bot]
6627c5214c
chore(deps): bump anchore/sbom-action from 0.20.6 to 0.20.7 ( #4293 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.6 to 0.20.7.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](f8bdd1d8ac...d8a2c01300
2025-10-16 13:57:17 -04:00
Tim Olshansky
c0f32e1dba
feat: add option to fetch remote licenses for pnpm-lock.yaml files ( #4286 )
...
Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com>
2025-10-16 12:23:06 -04:00
Pavel Buchart
e923db2a94
Add PDM parser ( #4234 )
...
Signed-off-by: Pavel Buchart <pavel@buchart.cz>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
2025-10-16 08:50:44 -04:00
anchore-actions-token-generator[bot]
0c98a364d5
chore(deps): update tools to latest versions ( #4291 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-10-16 07:02:32 -04:00
Keith Zantow
4343d04652
fix: panic during java archive maven resolution ( #4290 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-10-16 07:00:31 -04:00
Kudryavcev Nikolay
065ac13ab7
Extract zip archive with multiple entries ( #4283 )
...
* extract zip archive with multiple entries
Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com>
* set OverwriteExisting by type assertion switch case
Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com>
---------
Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com>
2025-10-15 12:05:05 -04:00
Christopher Angelo Phillips
e9a8bc5ab9
chore: update to use old configuration on new cosign ( #4287 )
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-10-15 15:12:20 +00:00
anchore-actions-token-generator[bot]
6d790ec6ec
chore(deps): update anchore dependencies ( #4282 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-10-14 22:09:17 +00:00
dependabot[bot]
1d5bcc553a
chore(deps): bump github.com/mholt/archives from 0.1.3 to 0.1.5 ( #4280 )
...
* chore(deps): bump github.com/mholt/archives from 0.1.3 to 0.1.5
Bumps [github.com/mholt/archives](https://github.com/mholt/archives ) from 0.1.3 to 0.1.5.
- [Release notes](https://github.com/mholt/archives/releases )
- [Commits](https://github.com/mholt/archives/compare/v0.1.3...v0.1.5 )
---
updated-dependencies:
- dependency-name: github.com/mholt/archives
dependency-version: 0.1.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore: allow lzip-go in bouncer yaml
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2025-10-14 14:22:00 -04:00
Alex Goodman
d22914baf5
add docs to configs ( #4281 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-14 13:58:31 -04:00
Christopher Phillips
cd4d0ce062
test: fix local flake
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-10-14 05:45:11 -04:00
Christopher Phillips
a721a854a9
tests: account for epoch in dedupe test
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-10-14 05:27:31 -04:00
Christopher Phillips
c715e01cc2
chore: schema and test additions
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-10-14 05:02:15 -04:00
Christopher Phillips
165611d2e4
test: migrate gguf tests over
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-10-14 04:56:07 -04:00
Christopher Phillips
746f00ad68
chore: lint-fix
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-10-14 03:59:42 -04:00
Christopher Phillips
3f117a3eb5
feat: migrate gguf parser to separate PR from oci
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-10-14 02:46:34 -04:00
Doug Clarke
760bd9a50a
feat: Pom xml only archive parser ( #4272 )
...
fix: identifying jar files with a single pom.xml and no pom.properties file
fix: test works with pom.xml being found, used and reported in metadata
Signed-off-by: Doug Clarke <douglas.clarke@oracle.com>
test: check for current project path and use
Signed-off-by: Christopher Phillips <spiffcs@users.noreply.github.com>
---------
Signed-off-by: Doug Clarke <douglas.clarke@oracle.com>
Signed-off-by: Christopher Phillips <spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <spiffcs@users.noreply.github.com>
2025-10-13 15:59:08 -04:00
Hala Ali
2d1ada1d00
fix: enhance setup.py parser to handle unquoted dependencies ( #4255 )
...
* fix: add support for unquoted Python dependencies in setup.py
- Add regex pattern to match unquoted package==version format
- Handles common .split() pattern used in projects like mayan-edms
- Maintains backward compatibility with quoted dependencies
- Prevents duplicate package detection
Signed-off-by: Hala Ali alih16@vcu.edu
Signed-off-by: HalaAli198 <alih16@vcu.edu>
* fix: apply gofmt formatting
Signed-off-by: HalaAli198 <alih16@vcu.edu>
* lint: incorporate new changes and refactor complexity
Signed-off-by: Christopher Phillips <spiffcs@users.noreply.github.com>
---------
Signed-off-by: HalaAli198 <alih16@vcu.edu>
Signed-off-by: Christopher Phillips <spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <spiffcs@users.noreply.github.com>
2025-10-13 15:10:42 -04:00
dependabot[bot]
8ffe15c710
chore(deps): bump golang.org/x/tools from 0.37.0 to 0.38.0 ( #4265 )
...
Bumps [golang.org/x/tools](https://github.com/golang/tools ) from 0.37.0 to 0.38.0.
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.37.0...v0.38.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-version: 0.38.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-13 11:50:59 -04:00
dependabot[bot]
89948dfa51
chore(deps): bump golang.org/x/mod from 0.28.0 to 0.29.0 ( #4266 )
...
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.28.0 to 0.29.0.
- [Commits](https://github.com/golang/mod/compare/v0.28.0...v0.29.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-version: 0.29.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-13 11:50:49 -04:00
anchore-actions-token-generator[bot]
1a58f27f87
chore(deps): update tools to latest versions ( #4274 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-10-13 11:50:41 -04:00
dependabot[bot]
450cd72da5
chore(deps): bump modernc.org/sqlite from 1.39.0 to 1.39.1 ( #4276 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.39.0 to 1.39.1.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.39.0...v1.39.1 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-version: 1.39.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-13 11:50:25 -04:00
dependabot[bot]
5056c7f861
chore(deps): bump github/codeql-action from 4.30.7 to 4.30.8 ( #4277 )
2025-10-13 10:47:50 -04:00
Alex Goodman
4ae8f73583
migrate json schema generation ( #4270 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-10 14:16:28 +00:00
dependabot[bot]
18e789c4fd
chore(deps): bump github.com/gohugoio/hashstructure from 0.5.0 to 0.6.0 ( #4267 )
...
Bumps [github.com/gohugoio/hashstructure](https://github.com/gohugoio/hashstructure ) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/gohugoio/hashstructure/releases )
- [Commits](https://github.com/gohugoio/hashstructure/compare/v0.5.0...v0.6.0 )
---
updated-dependencies:
- dependency-name: github.com/gohugoio/hashstructure
dependency-version: 0.6.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-09 15:10:47 -04:00
dependabot[bot]
7d4680bc08
chore(deps): bump golang.org/x/net from 0.45.0 to 0.46.0 ( #4268 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.45.0 to 0.46.0.
- [Commits](https://github.com/golang/net/compare/v0.45.0...v0.46.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-version: 0.46.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-09 15:10:36 -04:00
Bernardo de Araujo
231f04ae0e
feat: Parse pnpm v9 lockfiles ( #4256 )
...
Signed-off-by: bernardoamc <bernardo.amc@gmail.com>
2025-10-09 15:07:59 -04:00
dependabot[bot]
3b82a3724a
chore(deps): bump github/codeql-action from 3.30.6 to 4.30.7 ( #4262 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.30.6 to 4.30.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](64d10c1313...e296a93559
2025-10-08 16:44:21 -04:00
dependabot[bot]
337a2754e5
chore(deps): bump golang.org/x/net from 0.44.0 to 0.45.0 ( #4263 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.44.0 to 0.45.0.
- [Commits](https://github.com/golang/net/compare/v0.44.0...v0.45.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-version: 0.45.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-08 16:44:13 -04:00
anchore-actions-token-generator[bot]
190f3068d8
chore(deps): update tools to latest versions ( #4261 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-10-08 16:44:05 -04:00
Sebastien Dionne
bd013fe99a
docs: Fix typos and linguistic errors in documentation ( #4257 )
...
Signed-off-by: Sebastien Dionne <survivant00@gmail.com>
2025-10-06 14:22:22 +00:00
Parthib Mukherjee
c732052cf1
feat(cpegenerate): add support for binary package digit-suffix variations in CPE generation ( #4093 )
...
* feat(cpegenerate): add support for binary package digit-suffix variations in CPE generation
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.13 to 0.5.14 (#4089 )
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) from 0.5.13 to 0.5.14.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.13...v0.5.14 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-version: 0.5.14
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump modernc.org/sqlite from 1.38.1 to 1.38.2 (#4088 )
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.38.1 to 1.38.2.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.38.1...v1.38.2 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-version: 1.38.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump github.com/docker/docker (#4092 )
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 28.2.2+incompatible to 28.3.3+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v28.2.2...v28.3.3 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-version: 28.3.3+incompatible
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump github.com/anchore/stereoscope (#4091 )
Bumps [github.com/anchore/stereoscope](https://github.com/anchore/stereoscope ) from 0.1.7-0.20250716200927-94c6f92877d4 to 0.1.7.
- [Release notes](https://github.com/anchore/stereoscope/releases )
- [Changelog](https://github.com/anchore/stereoscope/blob/main/RELEASE.md )
- [Commits](https://github.com/anchore/stereoscope/commits/v0.1.7 )
---
updated-dependencies:
- dependency-name: github.com/anchore/stereoscope
dependency-version: 0.1.7
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* migrate to get.anchore.io (#4095 )
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): update anchore dependencies (#4098 )
* chore(deps): update anchore dependencies
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* address reader close operations
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): update anchore dependencies (#4104 )
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump github/codeql-action from 3.29.4 to 3.29.5 (#4096 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.4 to 3.29.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](4e828ff8d4...51f77329af#4108 )
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): update CPE dictionary index (#4112 )
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): update tools to latest versions (#4111 )
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump actions/cache in /.github/actions/bootstrap (#4120 )
Bumps [actions/cache](https://github.com/actions/cache ) from 4.2.3 to 4.2.4.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](5a3ec84eff...0400d5f644#4119 )
Bumps [actions/cache](https://github.com/actions/cache ) from 4.2.3 to 4.2.4.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](5a3ec84eff...0400d5f644#4115 )
Bumps [docker/login-action](https://github.com/docker/login-action ) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](74a5d14239...184bdaa072#4118 )
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* feat: add binary classifier for hashicorp vault (#4121 )
* add binary classifier for hashicorp vault
The Go Binary Cataloger isn't able to parse the version out of the
binary shipped in the DockerHub images of hashicorp/vault because the
version of the main module isn't set in the binary. Therefore, add a
binary classifier cataloger for this binary.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* chore: add test fixtures, update vault
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* chore: set binary classifier package type based on PURL
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* chore: use github.com/hashicorp/vault as package name
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* chore: update tests
Signed-off-by: Keith Zantow <kzantow@gmail.com>
---------
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump github/codeql-action from 3.29.7 to 3.29.8 (#4124 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.7 to 3.29.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](51f77329af...76621b61de#4123 )
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.26.0 to 0.27.0.
- [Commits](https://github.com/golang/mod/compare/v0.26.0...v0.27.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-version: 0.27.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump golang.org/x/net from 0.42.0 to 0.43.0 (#4122 )
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.42.0 to 0.43.0.
- [Commits](https://github.com/golang/net/compare/v0.42.0...v0.43.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-version: 0.43.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): update CPE dictionary index (#4126 )
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore: update GoReleaser configurations (#4128 )
Signed-off-by: Emmanuel Ferdman <emmanuelferdman@gmail.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump actions/checkout from 4.2.2 to 5.0.0 (#4130 )
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.2.2 to 5.0.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](11bd71901b...08c6903cd8#4129 )
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* fix: support multiple letters in openssl patch version (#4106 )
Signed-off-by: honigbot <thesoftbear@gmail.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump github/codeql-action from 3.29.8 to 3.29.9 (#4134 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.8 to 3.29.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](76621b61de...df559355d5#4132 )
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* feat: add package supplier flag (#4131 )
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump zizmorcore/zizmor-action from 0.1.1 to 0.1.2 (#4135 )
Bumps [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action ) from 0.1.1 to 0.1.2.
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases )
- [Commits](f52a838cfa...5ca5fc7a47#4003 )
Fixes #2250
---------
Signed-off-by: Alan Pope <alan.pope@anchore.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* feat(cpegentereate): added test for the addBinaryPackageDigitVariation function
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* docs(cpegenerate): made the comment more verbose
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* nit: separate digit variation concerns from case of use
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---------
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
Signed-off-by: Emmanuel Ferdman <emmanuelferdman@gmail.com>
Signed-off-by: honigbot <thesoftbear@gmail.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Alan Pope <alan.pope@anchore.com>
Signed-off-by: Parthib Mukherjee <109328510+hawkaii@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: anchore-actions-token-generator[bot] <102182147+anchore-actions-token-generator[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Will Murphy <willmurphyscode@users.noreply.github.com>
Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com>
Co-authored-by: honigbot <34426443+honigbot@users.noreply.github.com>
Co-authored-by: Alan Pope <alan.pope@anchore.com>
2025-10-06 10:09:38 -04:00
dependabot[bot]
8f1d45830d
chore(deps): bump github.com/iancoleman/orderedmap ( #4258 )
...
Bumps [github.com/iancoleman/orderedmap](https://github.com/iancoleman/orderedmap ) from 0.0.0-20190318233801-ac98e3ecb4b0 to 0.3.0.
- [Commits](https://github.com/iancoleman/orderedmap/commits/v0.3.0 )
---
updated-dependencies:
- dependency-name: github.com/iancoleman/orderedmap
dependency-version: 0.3.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-06 10:06:28 -04:00
dependabot[bot]
ea7dc8f468
chore(deps): bump github.com/go-git/go-git/v5 from 5.16.2 to 5.16.3 ( #4259 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.16.2 to 5.16.3.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.16.2...v5.16.3 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-version: 5.16.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-06 10:06:17 -04:00
