anchore-actions-token-generator[bot]
849e325408
chore(deps): update CPE dictionary index ( #3414 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-11-04 10:13:22 -05:00
dependabot[bot]
203df65a65
chore(deps): bump github.com/adrg/xdg from 0.5.2 to 0.5.3 ( #3408 )
...
Bumps [github.com/adrg/xdg](https://github.com/adrg/xdg ) from 0.5.2 to 0.5.3.
- [Release notes](https://github.com/adrg/xdg/releases )
- [Commits](https://github.com/adrg/xdg/compare/v0.5.2...v0.5.3 )
---
updated-dependencies:
- dependency-name: github.com/adrg/xdg
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-01 11:43:54 -04:00
dependabot[bot]
2c70090d10
chore(deps): bump github.com/charmbracelet/lipgloss from 0.13.1 to 1.0.0 ( #3409 )
...
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss ) from 0.13.1 to 1.0.0.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases )
- [Changelog](https://github.com/charmbracelet/lipgloss/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.13.1...v1.0.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-01 11:43:47 -04:00
anchore-actions-token-generator[bot]
8f179e6961
chore(deps): update stereoscope to 2ce1e520983b1c21d5150d7fae2b39e8e5ab9063 ( #3405 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-11-01 11:43:39 -04:00
Artemii
6a1e3f32fe
Issue #3143 – fixed format conversion docs link ( #3407 )
...
* chore: fixed format conversion docs link (#3143 )
Signed-off-by: Artemii Fedotov <artemii.fedotov@tutamail.com>
* changed link to wiki docs
Signed-off-by: Artemii Fedotov <artemii.fedotov@tutamail.com>
---------
Signed-off-by: Artemii Fedotov <artemii.fedotov@tutamail.com>
2024-11-01 11:43:00 -04:00
Joel Rudsberg
fcf1350a0e
feat: support dependencies and purl for Native Image SBOMs ( #3399 )
...
Signed-off-by: Joel Rudsberg <joel.rudsberg@oracle.com>
2024-10-31 12:12:54 -04:00
anchore-actions-token-generator[bot]
9302e20d62
chore(deps): update stereoscope to 9c92fe30492ffeba14ed2e23ad1fd923341dda4f ( #3398 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-10-31 10:22:14 -04:00
Nathan Voss
a55b71d4ef
feat: exclude devDependencies from package-lock.json parsing ( #3371 )
...
Signed-off-by: Nathan Voss <njvoss299@gmail.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
2024-10-30 12:02:27 -04:00
dependabot[bot]
df3998b4f1
chore(deps): bump github.com/adrg/xdg from 0.5.1 to 0.5.2 ( #3394 )
2024-10-29 16:32:14 +00:00
dependabot[bot]
9dc9be645a
chore(deps): bump anchore/sbom-action from 0.17.5 to 0.17.6 ( #3393 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.5 to 0.17.6.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](1ca97d9028...251a468eed
2024-10-29 10:07:28 -04:00
Keith Zantow
798c18a698
fix: stack overflow in spyingIoReadCloser ( #3392 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-10-29 08:23:57 -04:00
Keith Zantow
1118ac4ace
fix: bad pom files may cause infinite loop ( #3391 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-10-28 18:09:04 -04:00
anchore-actions-token-generator[bot]
55cc1877ef
chore(deps): update stereoscope to bcc40c6817524718277256d6b774ce643f98640a ( #3388 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <12529630+willmurphyscode@users.noreply.github.com>
2024-10-28 19:48:04 +00:00
dependabot[bot]
367c699585
chore(deps): bump actions/setup-go from 5.0.2 to 5.1.0 ( #3384 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 5.0.2 to 5.1.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](0a12ed9d6a...41dfa10bad
2024-10-28 14:09:45 -04:00
dependabot[bot]
46445ff29f
chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.1 to 1.1.2 ( #3385 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 1.1.1 to 1.1.2.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/main/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v1.1.1...v1.1.2 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-28 14:08:44 -04:00
anchore-actions-token-generator[bot]
5faa6d34d5
chore(deps): update tools to latest versions ( #3383 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-10-28 14:08:14 -04:00
anchore-actions-token-generator[bot]
c7c036660c
chore(deps): update CPE dictionary index ( #3387 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-10-28 08:03:08 -04:00
dependabot[bot]
a0c62da747
chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 ( #3380 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.2.1 to 4.2.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](eef61447b9...11bd71901b
2024-10-24 10:35:47 -04:00
Keith Zantow
759b898df5
feat: multi-level configuration and profiles ( #3337 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-10-23 12:15:59 -04:00
Keith Zantow
a00533c836
feat: Java dependency graph information ( #3363 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-10-23 11:17:34 -04:00
Nathan Voss
b505317e10
Expanded dpkg cataloger globs ( #3373 )
...
Signed-off-by: Nathan Voss <njvoss299@gmail.com>
2024-10-23 14:59:28 +00:00
Ariel Miculas-Trif
06d300e662
Enable cargo-auditable-binary-cataloger for files/directories ( #3376 )
...
Especially when scanning a single binary file, the
cargo-auditable-binary-cataloger should run and report the rust binary's
dependencies:
```
scan --select-catalogers rust <binary_file>
```
This is in line with other binary catalogers, such as the
go-module-binary-cataloger.
Signed-off-by: Ariel Miculas-Trif <amiculas@cisco.com>
2024-10-23 14:55:04 +00:00
dependabot[bot]
80333d39e3
chore(deps): bump github/codeql-action from 3.26.13 to 3.27.0 ( #3374 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.13 to 3.27.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f779452ac5...662472033e
2024-10-23 10:47:12 -04:00
dependabot[bot]
11335466b6
chore(deps): bump github.com/charmbracelet/lipgloss ( #3375 )
...
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss ) from 0.13.0 to 0.13.1.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases )
- [Changelog](https://github.com/charmbracelet/lipgloss/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.13.0...v0.13.1 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-23 10:46:52 -04:00
anchore-actions-token-generator[bot]
260d80974f
chore(deps): update stereoscope to 6db3c175f1f836e552b01ee70e5d5528cc04bce4 ( #3362 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-10-22 12:23:29 -04:00
dependabot[bot]
fc524a0565
chore(deps): bump actions/cache from 4.1.1 to 4.1.2 ( #3364 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.1.1 to 4.1.2.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](3624ceb22c...6849a64899
2024-10-22 12:23:13 -04:00
dependabot[bot]
b5cde1304b
chore(deps): bump anchore/sbom-action from 0.17.4 to 0.17.5 ( #3365 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.4 to 0.17.5.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](8d0a6505bf...1ca97d9028
2024-10-22 12:22:27 -04:00
dependabot[bot]
6a2898e00d
chore(deps): bump github.com/go-git/go-billy/v5 from 5.5.0 to 5.6.0 ( #3367 )
...
Bumps [github.com/go-git/go-billy/v5](https://github.com/go-git/go-billy ) from 5.5.0 to 5.6.0.
- [Release notes](https://github.com/go-git/go-billy/releases )
- [Commits](https://github.com/go-git/go-billy/compare/v5.5.0...v5.6.0 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-billy/v5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-22 12:22:19 -04:00
Alex Goodman
e4e985b9b0
Create single license scanner for all catalogers ( #3348 )
...
* add single license scanner instance
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* rename testing license scanner
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-10-21 16:17:12 +00:00
anchore-actions-token-generator[bot]
14355aac21
chore(deps): update stereoscope to a38c93517fc7d67ca1af826ac529a06c05b571d2 ( #3357 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-10-21 10:05:43 -04:00
anchore-actions-token-generator[bot]
e38825a0a2
chore(deps): update CPE dictionary index ( #3358 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-10-21 10:04:25 -04:00
dependabot[bot]
5a37b4a996
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.0 to 6.6.1 ( #3361 )
...
Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty ) from 6.6.0 to 6.6.1.
- [Release notes](https://github.com/jedib0t/go-pretty/releases )
- [Commits](https://github.com/jedib0t/go-pretty/compare/v6.6.0...v6.6.1 )
---
updated-dependencies:
- dependency-name: github.com/jedib0t/go-pretty/v6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-21 14:02:07 +00:00
Alex Goodman
56dbb342ef
update to latest packageurl-go ( #3347 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-10-18 14:47:02 -04:00
anchore-actions-token-generator[bot]
3267545097
chore(deps): update tools to latest versions ( #3342 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-10-17 10:05:38 -04:00
anchore-actions-token-generator[bot]
7adbdfe624
chore(deps): update stereoscope to 9e57bce5efeb0ffe27770dd0b8eb2eef8b38512f ( #3338 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-10-17 10:05:18 -04:00
dependabot[bot]
f2646d0156
chore(deps): bump github.com/adrg/xdg from 0.5.0 to 0.5.1 ( #3344 )
...
Bumps [github.com/adrg/xdg](https://github.com/adrg/xdg ) from 0.5.0 to 0.5.1.
- [Release notes](https://github.com/adrg/xdg/releases )
- [Commits](https://github.com/adrg/xdg/compare/v0.5.0...v0.5.1 )
---
updated-dependencies:
- dependency-name: github.com/adrg/xdg
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-17 09:58:16 -04:00
Weston Steimel
5b9601d9c6
fix: use official CPE for linux kernel ( #3343 )
...
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-10-17 12:01:40 +00:00
dependabot[bot]
80c8bc1afb
chore(deps): bump anchore/sbom-action from 0.17.3 to 0.17.4 ( #3340 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.3 to 0.17.4.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](f5e124a5e5...8d0a6505bf
2024-10-16 12:44:07 -04:00
Weston Steimel
d7194bb00f
fix: improve mariadb binary classifer to detect older versions ( #3339 )
...
With older versions of mariadb the binary name was `mysql`, so this
adjusts the binary classifier to additionally search for the expected
version pattern in `mysql` binaries.
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-10-16 12:43:50 -04:00
William Murphy
754cebee64
fix: stop some log.Warn spam due parsing an empty string as a CPE ( #3330 )
...
* chore: don't try to parse empty string as CPE
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* chore: improve OS name and version extraction from ELF metadata
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
---------
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2024-10-15 08:50:47 -04:00
anchore-actions-token-generator[bot]
138c6e3420
chore(deps): update stereoscope to 1cc8a41d447d0d092699be2b700b8ba62e870434 ( #3334 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <12529630+willmurphyscode@users.noreply.github.com>
2024-10-15 12:45:07 +00:00
anchore-actions-token-generator[bot]
5c0df6386f
chore(deps): update stereoscope to 1cc8a41d447d0d092699be2b700b8ba62e870434 ( #3332 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <12529630+willmurphyscode@users.noreply.github.com>
2024-10-14 21:37:26 +00:00
anchore-actions-token-generator[bot]
7c69367b65
chore(deps): update stereoscope to 93f8a11331e3d50f751e4d0ec5b63f3df309e9e5 ( #3331 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <12529630+willmurphyscode@users.noreply.github.com>
2024-10-14 20:03:16 +00:00
dependabot[bot]
39146aaf62
chore(deps): bump anchore/sbom-action from 0.17.2 to 0.17.3 ( #3326 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.2 to 0.17.3.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](61119d458a...f5e124a5e5
2024-10-14 11:46:47 -04:00
dependabot[bot]
67faca4208
chore(deps): bump github/codeql-action from 3.26.12 to 3.26.13 ( #3327 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.12 to 3.26.13.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](c36620d31a...f779452ac5
2024-10-14 14:06:08 +00:00
anchore-actions-token-generator[bot]
f6e5405eb8
chore(deps): update CPE dictionary index ( #3323 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-10-14 09:42:20 -04:00
Weston Steimel
e962c10da7
fix: improve go binary semver extraction for traefik ( #3325 )
...
Improves the go cataloger semver extraction logic to include getting the
release version of traefik. This is based off of the regex pattern that
already existed in the traefik binary classifier.
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-10-14 09:41:34 -04:00
anchore-actions-token-generator[bot]
8095f7b8c1
chore(deps): update stereoscope to 92e97a1cf36d162bad51ccc6aba0cce7a4dcfbf4 ( #3322 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-10-13 10:53:58 -04:00
anchore-actions-token-generator[bot]
84877369e5
chore(deps): update stereoscope to c04af061af62ab3ba6ab6760613526eaa7fcb163 ( #3319 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-10-11 12:30:20 -04:00
dependabot[bot]
6124d72a29
chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.6.1 to 4.7.0 ( #3321 )
...
Bumps [github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar ) from 4.6.1 to 4.7.0.
- [Release notes](https://github.com/bmatcuk/doublestar/releases )
- [Commits](https://github.com/bmatcuk/doublestar/compare/v4.6.1...v4.7.0 )
---
updated-dependencies:
- dependency-name: github.com/bmatcuk/doublestar/v4
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-11 10:09:14 -04:00
