anchore-actions-token-generator[bot]
7adbdfe624
chore(deps): update stereoscope to 9e57bce5efeb0ffe27770dd0b8eb2eef8b38512f ( #3338 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-10-17 10:05:18 -04:00
dependabot[bot]
f2646d0156
chore(deps): bump github.com/adrg/xdg from 0.5.0 to 0.5.1 ( #3344 )
...
Bumps [github.com/adrg/xdg](https://github.com/adrg/xdg ) from 0.5.0 to 0.5.1.
- [Release notes](https://github.com/adrg/xdg/releases )
- [Commits](https://github.com/adrg/xdg/compare/v0.5.0...v0.5.1 )
---
updated-dependencies:
- dependency-name: github.com/adrg/xdg
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-17 09:58:16 -04:00
Weston Steimel
5b9601d9c6
fix: use official CPE for linux kernel ( #3343 )
...
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-10-17 12:01:40 +00:00
dependabot[bot]
80c8bc1afb
chore(deps): bump anchore/sbom-action from 0.17.3 to 0.17.4 ( #3340 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.3 to 0.17.4.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](f5e124a5e5...8d0a6505bf
2024-10-16 12:44:07 -04:00
Weston Steimel
d7194bb00f
fix: improve mariadb binary classifer to detect older versions ( #3339 )
...
With older versions of mariadb the binary name was `mysql`, so this
adjusts the binary classifier to additionally search for the expected
version pattern in `mysql` binaries.
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-10-16 12:43:50 -04:00
William Murphy
754cebee64
fix: stop some log.Warn spam due parsing an empty string as a CPE ( #3330 )
...
* chore: don't try to parse empty string as CPE
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* chore: improve OS name and version extraction from ELF metadata
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
---------
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2024-10-15 08:50:47 -04:00
anchore-actions-token-generator[bot]
138c6e3420
chore(deps): update stereoscope to 1cc8a41d447d0d092699be2b700b8ba62e870434 ( #3334 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <12529630+willmurphyscode@users.noreply.github.com>
2024-10-15 12:45:07 +00:00
anchore-actions-token-generator[bot]
5c0df6386f
chore(deps): update stereoscope to 1cc8a41d447d0d092699be2b700b8ba62e870434 ( #3332 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <12529630+willmurphyscode@users.noreply.github.com>
2024-10-14 21:37:26 +00:00
anchore-actions-token-generator[bot]
7c69367b65
chore(deps): update stereoscope to 93f8a11331e3d50f751e4d0ec5b63f3df309e9e5 ( #3331 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <12529630+willmurphyscode@users.noreply.github.com>
2024-10-14 20:03:16 +00:00
dependabot[bot]
39146aaf62
chore(deps): bump anchore/sbom-action from 0.17.2 to 0.17.3 ( #3326 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.2 to 0.17.3.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](61119d458a...f5e124a5e5
2024-10-14 11:46:47 -04:00
dependabot[bot]
67faca4208
chore(deps): bump github/codeql-action from 3.26.12 to 3.26.13 ( #3327 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.12 to 3.26.13.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](c36620d31a...f779452ac5
2024-10-14 14:06:08 +00:00
anchore-actions-token-generator[bot]
f6e5405eb8
chore(deps): update CPE dictionary index ( #3323 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-10-14 09:42:20 -04:00
Weston Steimel
e962c10da7
fix: improve go binary semver extraction for traefik ( #3325 )
...
Improves the go cataloger semver extraction logic to include getting the
release version of traefik. This is based off of the regex pattern that
already existed in the traefik binary classifier.
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-10-14 09:41:34 -04:00
anchore-actions-token-generator[bot]
8095f7b8c1
chore(deps): update stereoscope to 92e97a1cf36d162bad51ccc6aba0cce7a4dcfbf4 ( #3322 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-10-13 10:53:58 -04:00
anchore-actions-token-generator[bot]
84877369e5
chore(deps): update stereoscope to c04af061af62ab3ba6ab6760613526eaa7fcb163 ( #3319 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-10-11 12:30:20 -04:00
dependabot[bot]
6124d72a29
chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.6.1 to 4.7.0 ( #3321 )
...
Bumps [github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar ) from 4.6.1 to 4.7.0.
- [Release notes](https://github.com/bmatcuk/doublestar/releases )
- [Commits](https://github.com/bmatcuk/doublestar/compare/v4.6.1...v4.7.0 )
---
updated-dependencies:
- dependency-name: github.com/bmatcuk/doublestar/v4
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-11 10:09:14 -04:00
dependabot[bot]
c2c8c793d2
chore(deps): bump actions/upload-artifact from 4.4.1 to 4.4.3 ( #3314 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.4.1 to 4.4.3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](604373da63...b4b15b8c7c
2024-10-11 05:17:35 -04:00
Alex Goodman
fbff87fc6d
shorten release docs ( #3318 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-10-11 05:17:01 -04:00
William Murphy
0c71bf23c5
docs: clearer deprecation message for --file ( #3310 )
...
It's not clear to users that they shoudl use --output FORMAT=PATH
instead of --file. Directly suggest the FORMAT=PATH syntax.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2024-10-10 13:11:45 -04:00
Alan Pope
b62b0cb800
[docs] Add mastodon link to README.md ( #3306 )
...
Hello friends.
This follows the same pattern as the other badges at the top of the readme. It adds the mastodon link to the Syft account.
This also means that the link back here from the Mastodon account's profile page will show as 'Validated' once landed, which gives more authenticity to the account.
Signed-off-by: Alan Pope <alan.pope@anchore.com>
2024-10-10 15:28:55 +01:00
anchore-actions-token-generator[bot]
223a52d07e
chore(deps): update stereoscope to 5bc91bf166769e43d8d0f86c02e877c55eb04aed ( #3313 )
2024-10-10 06:03:55 -04:00
dependabot[bot]
5d068f30c0
chore(deps): bump actions/cache from 4.1.0 to 4.1.1 ( #3312 )
2024-10-10 06:01:06 -04:00
dependabot[bot]
5d165e0230
chore(deps): bump github/codeql-action from 3.26.11 to 3.26.12 ( #3307 )
2024-10-09 08:07:36 -04:00
dependabot[bot]
56ed131247
chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 ( #3308 )
2024-10-09 08:07:14 -04:00
dependabot[bot]
37c179b530
chore(deps): bump actions/upload-artifact from 4.4.0 to 4.4.1 ( #3309 )
2024-10-09 08:06:49 -04:00
Keith Zantow
ccbee94b87
feat: report unknowns in sbom ( #2998 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-10-07 16:11:37 -04:00
dependabot[bot]
4d7ed9f749
chore(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0 ( #3299 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.6.0 to 3.7.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/v3.6.0...v3.7.0 )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-07 15:21:34 -04:00
anchore-actions-token-generator[bot]
4c4e5cb06c
chore(deps): update stereoscope to efa76446cc1c7e6c4117350943a2754b2453aec4 ( #3301 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-10-07 15:21:26 -04:00
dependabot[bot]
8b6159dbd8
chore(deps): bump golang.org/x/net from 0.29.0 to 0.30.0 ( #3304 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.29.0 to 0.30.0.
- [Commits](https://github.com/golang/net/compare/v0.29.0...v0.30.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-07 15:20:38 -04:00
dependabot[bot]
7b30ce15d7
chore(deps): bump actions/cache from 4.0.2 to 4.1.0 ( #3305 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.0.2 to 4.1.0.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](0c45773b62...2cdf405574
2024-10-07 15:20:29 -04:00
anchore-actions-token-generator[bot]
27ee203495
chore(deps): update CPE dictionary index ( #3302 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-10-07 15:20:12 -04:00
Piotr Radkowski
3b9c55d28b
Fix: Parse package.json with non-standard fields in 'author' section ( #3300 )
...
* Improved parsing of package.json 'author' section
Signed-off-by: Piotr Radkowski <piotr.radkowski@contractors.roche.com>
* test: parse 'package.json' files with non-standard fields in author section
Signed-off-by: Piotr Radkowski <piotr.radkowski@contractors.roche.com>
---------
Signed-off-by: Piotr Radkowski <piotr.radkowski@contractors.roche.com>
Co-authored-by: Piotr Radkowski <piotr.radkowski@contractors.roche.com>
2024-10-07 10:26:04 -04:00
dependabot[bot]
25f5c6729f
chore(deps): bump github/codeql-action from 3.26.10 to 3.26.11 ( #3298 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.10 to 3.26.11.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](e2b3eafc8d...6db8d6351f
2024-10-05 09:25:01 -04:00
William Murphy
0d457142cc
chore: add pull request template ( #3294 )
...
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2024-10-05 09:05:11 -04:00
anchore-actions-token-generator[bot]
fc8457418a
chore(deps): update tools to latest versions ( #3296 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-10-05 07:32:32 -04:00
Alex Goodman
13c6876906
Track supporting DPKG evidence ( #3228 )
...
* add dpkg evidence support
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* use path over filepath
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-10-04 11:07:29 -04:00
William Murphy
770fdc53ea
Fix: make failed CPE validation correctly return error ( #2762 )
...
* Test CPE attributes correctly returns error
Previously, this method incorrectly return an empty Attributes object
and a nil error, leading to callers attempting to use the empty
attributes object.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
* chore: merge with main and refactor call that relied on old nil behavior
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
* test: add test to cover new OSCPE err pattern
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---------
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-10-03 16:42:57 -04:00
dependabot[bot]
32c0d1e673
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.9 to 6.6.0 ( #3293 )
...
Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty ) from 6.5.9 to 6.6.0.
- [Release notes](https://github.com/jedib0t/go-pretty/releases )
- [Commits](https://github.com/jedib0t/go-pretty/compare/v6.5.9...v6.6.0 )
---
updated-dependencies:
- dependency-name: github.com/jedib0t/go-pretty/v6
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-03 10:14:13 -04:00
witchcraze
263ea6b1bb
feat: update haproxy classifier ( #3277 )
...
Signed-off-by: witchcraze <witchcraze@gmail.com>
2024-10-02 15:10:39 -04:00
anchore-actions-token-generator[bot]
cc4f62b3d4
chore(deps): update tools to latest versions ( #3291 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-10-02 09:07:25 -04:00
Niv Govrin
dbad17de9e
fix: don't use builtin scanner in licensecheck ( #3290 )
...
Signed-off-by: Niv Govrin <nivgo@oligosecurity.io>
2024-10-01 13:53:54 -04:00
anchore-actions-token-generator[bot]
93beceb4a2
chore(deps): update CPE dictionary index ( #3288 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-10-01 10:50:15 -04:00
dependabot[bot]
9b242b0309
chore(deps): bump github/codeql-action from 3.26.9 to 3.26.10 ( #3289 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.9 to 3.26.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](461ef6c76d...e2b3eafc8d
2024-10-01 10:48:46 -04:00
witchcraze
f5f8005fe0
update redis classifier ( #3281 )
...
* update redis classifier
Signed-off-by: witchcraze <witchcraze@gmail.com>
* Remove snippets to pass Validation.
In this case, 9000 byte was required...
Signed-off-by: witchcraze <witchcraze@gmail.com>
2024-09-30 15:37:47 -04:00
witchcraze
2a3d171c10
fix: improve node classifier version matching ( #3284 )
...
Signed-off-by: witchcraze <witchcraze@gmail.com>
2024-09-27 08:53:35 -04:00
witchcraze
1a746b2c05
fix: update ruby classifier for -rc, -dev, etc. versions ( #3285 )
...
Signed-off-by: witchcraze <witchcraze@gmail.com>
2024-09-27 08:51:50 -04:00
anchore-actions-token-generator[bot]
e37c4686c2
chore(deps): update CPE dictionary index ( #3262 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-09-26 13:49:18 -04:00
dependabot[bot]
5393cd5dec
chore(deps): bump github.com/docker/docker ( #3264 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 27.3.0+incompatible to 27.3.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v27.3.0...v27.3.1 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-26 13:49:02 -04:00
dependabot[bot]
f9ef9cf1dc
chore(deps): bump github/codeql-action from 3.26.8 to 3.26.9 ( #3275 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.8 to 3.26.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](294a9d9291...461ef6c76d
2024-09-26 13:48:45 -04:00
anchore-actions-token-generator[bot]
16122eb32d
chore(deps): update stereoscope to dc10ea61fd18efa45b516eda4de8bc19d8322429 ( #3280 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-09-26 13:48:33 -04:00
