anchore-actions-token-generator[bot]
bb8ea024e1
chore(deps): update tools to latest versions ( #4082 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-07-28 12:01:09 -04:00
anchore-actions-token-generator[bot]
3f28480b3d
chore(deps): update CPE dictionary index ( #4083 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-07-28 10:51:16 -04:00
anchore-actions-token-generator[bot]
5465bf4227
chore(deps): update tools to latest versions ( #4079 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-07-24 15:18:12 -04:00
dependabot[bot]
8b2c4a134e
chore(deps): bump github/codeql-action from 3.29.3 to 3.29.4 ( #4080 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.3 to 3.29.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](d6bbdef45e...4e828ff8d4
2025-07-24 15:17:49 -04:00
anchore-actions-token-generator[bot]
d7046099e9
chore(deps): update tools to latest versions ( #4076 )
2025-07-23 21:03:20 -04:00
Alex Goodman
f0a990b85f
chore: add source completion tester ( #4077 )
...
* add source completion tester
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add missing t.Helper calls
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-07-23 13:49:47 +00:00
Keith Zantow
48bf81cf7f
fix: align binary java detection with jvm cataloger + support IBM ( #4046 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-07-22 12:06:32 -04:00
anchore-actions-token-generator[bot]
78c7cd2cc2
chore(deps): update tools to latest versions ( #4072 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-07-22 09:49:58 -04:00
dependabot[bot]
a192787d44
chore(deps): bump github/codeql-action from 3.29.2 to 3.29.3 ( #4074 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.2 to 3.29.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](181d5eefc2...d6bbdef45e
2025-07-22 09:49:43 -04:00
dependabot[bot]
d5a562c368
chore(deps): bump anchore/sbom-action from 0.20.2 to 0.20.4 ( #4073 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.2 to 0.20.4.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](cee1b8e05a...7b36ad622f
2025-07-22 09:49:40 -04:00
Christopher Angelo Phillips
6f36b586ba
chore: update release workflow to persist credentials for git tag step ( #4069 )
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-07-21 19:23:14 +00:00
anchore-actions-token-generator[bot]
a620baff90
chore(deps): update anchore dependencies ( #4068 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-07-21 14:12:47 -04:00
dependabot[bot]
5b14d160cf
chore(deps): bump pygments ( #4064 )
...
Bumps [pygments](https://github.com/pygments/pygments ) from 1.6 to 2.15.0.
- [Release notes](https://github.com/pygments/pygments/releases )
- [Changelog](https://github.com/pygments/pygments/blob/master/CHANGES )
- [Commits](https://github.com/pygments/pygments/compare/1.6...2.15.0 )
---
updated-dependencies:
- dependency-name: pygments
dependency-version: 2.15.0
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-21 13:07:27 -04:00
anchore-actions-token-generator[bot]
0a9567e88c
chore(deps): update tools to latest versions ( #4065 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-07-21 13:07:18 -04:00
dependabot[bot]
af787d685c
chore(deps): bump sigstore/cosign-installer from 3.9.1 to 3.9.2 ( #4066 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.9.1 to 3.9.2.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](398d4b0eee...d58896d6a1
2025-07-21 13:06:59 -04:00
anchore-actions-token-generator[bot]
64b62c086c
chore(deps): update CPE dictionary index ( #4067 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-07-21 07:57:39 -04:00
Joshua Kugler
c491dab35b
feat: add parsing for uv.lock ( #3763 )
...
* feat: add parsing for uv.lock (#3268 )
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* Still no tests, but much more complete
Next up: start writing tests! :)
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* chore: finish out functionality and write tests
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* Merge the .NET deps.json and PE binary catalogers (#3563 )
* add combined deps.json + pe binary cataloger
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* deprecate pe and deps standalone catalogers
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* parse resource names + add tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix integration and CLI tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add some helpful code comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* allow for dropping Dep packages that are missing DLLs
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* migrate json schema changes to 24
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* keep application configuration
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* correct config help
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* [wip] detect claims of dlls within deps.json
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* [wip] fix tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add assembly repack detection
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* .net package count is lower due to dll claim requirement
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* better .NET cpe generation (#3764 )
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* Better represent .NET runtime packages (#3768 )
* clean up .NET runtime packages
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add runtime relationships
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove runtime references from binary package name
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* chore(deps): update CPE dictionary index (#3769 )
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* chore(deps): bump modernc.org/sqlite from 1.36.1 to 1.37.0 (#3771 )
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.36.1 to 1.37.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.36.1...v1.37.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* chore(deps): bump 8398a7/action-slack from 3.16.2 to 3.18.0 (#3767 )
Bumps [8398a7/action-slack](https://github.com/8398a7/action-slack ) from 3.16.2 to 3.18.0.
- [Release notes](https://github.com/8398a7/action-slack/releases )
- [Commits](28ba43ae48...1750b5085f#3766 )
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.37.0 to 0.38.0.
- [Commits](https://github.com/golang/net/compare/v0.37.0...v0.38.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* chore: move/modify code for lint issues
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* chore: make sure private structs are not exported
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* fix tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* generate json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* chore: update readme to include uv
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
* chore: use uv as the package manager name
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
---------
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: anchore-actions-token-generator[bot] <102182147+anchore-actions-token-generator[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-17 18:26:56 +00:00
dependabot[bot]
0e5db45aad
chore(deps): bump marocchino/sticky-pull-request-comment ( #4063 )
...
Bumps [marocchino/sticky-pull-request-comment](https://github.com/marocchino/sticky-pull-request-comment ) from 2.9.3 to 2.9.4.
- [Release notes](https://github.com/marocchino/sticky-pull-request-comment/releases )
- [Commits](d2ad0de260...773744901b
2025-07-17 09:27:02 -04:00
Will Murphy
9cda2de2ad
chore: lint gh actions with zizmor ( #4062 )
...
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2025-07-16 17:12:38 -04:00
anchore-actions-token-generator[bot]
37c182d5be
chore(deps): update tools to latest versions ( #4060 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-07-15 11:32:27 -04:00
dependabot[bot]
cef2a38117
chore(deps): bump github.com/go-viper/mapstructure/v2 ( #4061 )
...
Bumps [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure ) from 2.3.0 to 2.4.0.
- [Release notes](https://github.com/go-viper/mapstructure/releases )
- [Changelog](https://github.com/go-viper/mapstructure/blob/main/CHANGELOG.md )
- [Commits](https://github.com/go-viper/mapstructure/compare/v2.3.0...v2.4.0 )
---
updated-dependencies:
- dependency-name: github.com/go-viper/mapstructure/v2
dependency-version: 2.4.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-15 11:32:11 -04:00
dependabot[bot]
75eda3976d
chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.8.1 to 4.9.0 ( #4059 )
...
Bumps [github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar ) from 4.8.1 to 4.9.0.
- [Release notes](https://github.com/bmatcuk/doublestar/releases )
- [Commits](https://github.com/bmatcuk/doublestar/compare/v4.8.1...v4.9.0 )
---
updated-dependencies:
- dependency-name: github.com/bmatcuk/doublestar/v4
dependency-version: 4.9.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-14 17:14:11 +00:00
dependabot[bot]
2b1710b009
chore(deps): bump golang.org/x/mod from 0.25.0 to 0.26.0 ( #4054 )
...
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.25.0 to 0.26.0.
- [Commits](https://github.com/golang/mod/compare/v0.25.0...v0.26.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-version: 0.26.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-14 14:43:04 +00:00
mikey strauss
9caad26ee5
Pkg Metadata type unmarshal bug ( #4043 )
...
Signed-off-by: houdini91 <mdstrauss91@gmail.com>
2025-07-14 10:28:38 -04:00
anchore-actions-token-generator[bot]
d88ad07855
chore(deps): update tools to latest versions ( #4053 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-07-14 10:27:40 -04:00
dependabot[bot]
13986b7cea
chore(deps): bump golang.org/x/net from 0.41.0 to 0.42.0 ( #4056 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.41.0 to 0.42.0.
- [Commits](https://github.com/golang/net/compare/v0.41.0...v0.42.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-version: 0.42.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-14 10:27:10 -04:00
anchore-actions-token-generator[bot]
75db6527bc
chore(deps): update CPE dictionary index ( #4058 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-07-14 10:27:01 -04:00
dependabot[bot]
1c0ed133a3
chore(deps): bump github.com/olekukonko/tablewriter from 1.0.7 to 1.0.8 ( #4049 )
...
Bumps [github.com/olekukonko/tablewriter](https://github.com/olekukonko/tablewriter ) from 1.0.7 to 1.0.8.
- [Commits](https://github.com/olekukonko/tablewriter/compare/v1.0.7...v1.0.8 )
---
updated-dependencies:
- dependency-name: github.com/olekukonko/tablewriter
dependency-version: 1.0.8
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-08 15:27:02 -04:00
anchore-actions-token-generator[bot]
9928386d38
chore(deps): update CPE dictionary index ( #4050 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-07-08 15:26:50 -04:00
dependabot[bot]
9dd06981b4
chore(deps): bump github.com/hashicorp/hcl/v2 from 2.23.0 to 2.24.0 ( #4051 )
...
Bumps [github.com/hashicorp/hcl/v2](https://github.com/hashicorp/hcl ) from 2.23.0 to 2.24.0.
- [Release notes](https://github.com/hashicorp/hcl/releases )
- [Changelog](https://github.com/hashicorp/hcl/blob/main/CHANGELOG.md )
- [Commits](https://github.com/hashicorp/hcl/compare/v2.23.0...v2.24.0 )
---
updated-dependencies:
- dependency-name: github.com/hashicorp/hcl/v2
dependency-version: 2.24.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-08 15:26:34 -04:00
dependabot[bot]
f88be457ef
chore(deps): bump github.com/charmbracelet/bubbletea from 1.3.5 to 1.3.6 ( #4052 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 1.3.5 to 1.3.6.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/main/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v1.3.5...v1.3.6 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-version: 1.3.6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-08 15:26:26 -04:00
Keith Zantow
02703d5c80
feat: RHEL EUS detection ( #4023 )
...
* feat: rhel eus detection
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* chore: update tests
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* chore: update more tests
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* rename feature detection functions
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-07-07 14:11:20 +00:00
dependabot[bot]
9cbd52bdd7
chore(deps): bump anchore/sbom-action from 0.20.1 to 0.20.2 ( #4048 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.1 to 0.20.2.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](9246b90769...cee1b8e05a
2025-07-03 15:00:51 -04:00
anchore-actions-token-generator[bot]
e8b62ab9ac
chore(deps): update anchore dependencies ( #4047 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-07-02 16:09:46 +00:00
anchore-actions-token-generator[bot]
2af1bca83f
chore(deps): update anchore dependencies ( #4045 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-07-02 11:50:29 -04:00
Carlos Tadeu Panato Junior
2111d4d0e4
chore: upgrade tablewriter dependency to use new API ( #3990 )
...
* upgrade tablewriter
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
* remove header line whitespace
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix static analysis
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-07-01 16:16:16 -04:00
dependabot[bot]
179cc70a36
chore(deps): bump github.com/Masterminds/semver/v3 from 3.3.1 to 3.4.0 ( #4040 )
...
* chore(deps): bump github.com/Masterminds/semver/v3 from 3.3.1 to 3.4.0
Bumps [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver ) from 3.3.1 to 3.4.0.
- [Release notes](https://github.com/Masterminds/semver/releases )
- [Changelog](https://github.com/Masterminds/semver/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Masterminds/semver/compare/v3.3.1...v3.4.0 )
---
updated-dependencies:
- dependency-name: github.com/Masterminds/semver/v3
dependency-version: 3.4.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* update error message expectations
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-07-01 19:21:02 +00:00
Christopher Angelo Phillips
1e3d2a2927
chore: update tests to read from latest test-fixture-cache and fix cache publish ( #4042 )
...
* feat: update integration test with correct package for httpd
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
* chore: update integration and cli tests with new upstream expectations
- php interpreter 8.3.21 => 8.3.22
- runCycloneDXInDocker update for local arm64 qemu emulation CycloneDX
- getSyftBinaryLocationByOS update to detect arm64 v8.0 artifact path
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
* chore: add snalshot to test command for fixture builds
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
* chore: update cdx in docker for all GOOS
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-07-01 14:11:36 +00:00
dependabot[bot]
421afac532
chore(deps): bump github.com/mholt/archives from 0.1.2 to 0.1.3 ( #4032 )
...
Bumps [github.com/mholt/archives](https://github.com/mholt/archives ) from 0.1.2 to 0.1.3.
- [Release notes](https://github.com/mholt/archives/releases )
- [Commits](https://github.com/mholt/archives/compare/v0.1.2...v0.1.3 )
---
updated-dependencies:
- dependency-name: github.com/mholt/archives
dependency-version: 0.1.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-30 17:58:41 -04:00
dependabot[bot]
b0b10acb40
chore(deps): bump marocchino/sticky-pull-request-comment ( #4019 )
...
Bumps [marocchino/sticky-pull-request-comment](https://github.com/marocchino/sticky-pull-request-comment ) from 2.9.2 to 2.9.3.
- [Release notes](https://github.com/marocchino/sticky-pull-request-comment/releases )
- [Commits](67d0dec7b0...d2ad0de260
2025-06-30 17:58:32 -04:00
dependabot[bot]
b90028bd1f
chore(deps): bump sigstore/cosign-installer from 3.9.0 to 3.9.1 ( #4022 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.9.0 to 3.9.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/v3.9.0...v3.9.1 )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-version: 3.9.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-30 17:58:23 -04:00
anchore-actions-token-generator[bot]
b5a1b309ca
chore(deps): update tools to latest versions ( #4035 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-06-30 17:17:49 -04:00
anchore-actions-token-generator[bot]
841f963e70
chore(deps): update CPE dictionary index ( #4037 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-06-30 17:17:34 -04:00
dependabot[bot]
ba59f57bfe
chore(deps): bump github/codeql-action from 3.29.0 to 3.29.2 ( #4039 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.0 to 3.29.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ce28f5bb42...181d5eefc2
2025-06-30 17:17:20 -04:00
Alex Goodman
2bda086423
Add ability to scan snaps (as a source) ( #3929 )
2025-06-25 16:53:35 -04:00
anchore-actions-token-generator[bot]
4eb8ba4575
chore(deps): update CPE dictionary index ( #4021 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-06-23 11:30:19 -04:00
anchore-actions-token-generator[bot]
49115355d4
chore(deps): update tools to latest versions ( #4016 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-06-19 14:02:03 -04:00
anchore-actions-token-generator[bot]
d9eb1d7c1b
chore(deps): update tools to latest versions ( #4012 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-06-17 11:35:22 -04:00
dependabot[bot]
32a30f76c6
chore(deps): bump github.com/go-viper/mapstructure/v2 ( #4014 )
...
Bumps [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure ) from 2.2.1 to 2.3.0.
- [Release notes](https://github.com/go-viper/mapstructure/releases )
- [Changelog](https://github.com/go-viper/mapstructure/blob/main/CHANGELOG.md )
- [Commits](https://github.com/go-viper/mapstructure/compare/v2.2.1...v2.3.0 )
---
updated-dependencies:
- dependency-name: github.com/go-viper/mapstructure/v2
dependency-version: 2.3.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-17 11:35:09 -04:00
dependabot[bot]
b52b13c03c
chore(deps): bump sigstore/cosign-installer from 3.8.2 to 3.9.0 ( #4015 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.8.2 to 3.9.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/v3.8.2...v3.9.0 )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-version: 3.9.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-17 11:34:58 -04:00
