anchore-actions-token-generator[bot]
7c69367b65
chore(deps): update stereoscope to 93f8a11331e3d50f751e4d0ec5b63f3df309e9e5 ( #3331 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <12529630+willmurphyscode@users.noreply.github.com>
2024-10-14 20:03:16 +00:00
dependabot[bot]
39146aaf62
chore(deps): bump anchore/sbom-action from 0.17.2 to 0.17.3 ( #3326 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.2 to 0.17.3.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](61119d458a...f5e124a5e5
2024-10-14 11:46:47 -04:00
dependabot[bot]
67faca4208
chore(deps): bump github/codeql-action from 3.26.12 to 3.26.13 ( #3327 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.12 to 3.26.13.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](c36620d31a...f779452ac5
2024-10-14 14:06:08 +00:00
anchore-actions-token-generator[bot]
f6e5405eb8
chore(deps): update CPE dictionary index ( #3323 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-10-14 09:42:20 -04:00
Weston Steimel
e962c10da7
fix: improve go binary semver extraction for traefik ( #3325 )
...
Improves the go cataloger semver extraction logic to include getting the
release version of traefik. This is based off of the regex pattern that
already existed in the traefik binary classifier.
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-10-14 09:41:34 -04:00
anchore-actions-token-generator[bot]
8095f7b8c1
chore(deps): update stereoscope to 92e97a1cf36d162bad51ccc6aba0cce7a4dcfbf4 ( #3322 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-10-13 10:53:58 -04:00
anchore-actions-token-generator[bot]
84877369e5
chore(deps): update stereoscope to c04af061af62ab3ba6ab6760613526eaa7fcb163 ( #3319 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-10-11 12:30:20 -04:00
dependabot[bot]
6124d72a29
chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.6.1 to 4.7.0 ( #3321 )
...
Bumps [github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar ) from 4.6.1 to 4.7.0.
- [Release notes](https://github.com/bmatcuk/doublestar/releases )
- [Commits](https://github.com/bmatcuk/doublestar/compare/v4.6.1...v4.7.0 )
---
updated-dependencies:
- dependency-name: github.com/bmatcuk/doublestar/v4
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-11 10:09:14 -04:00
dependabot[bot]
c2c8c793d2
chore(deps): bump actions/upload-artifact from 4.4.1 to 4.4.3 ( #3314 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.4.1 to 4.4.3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](604373da63...b4b15b8c7c
2024-10-11 05:17:35 -04:00
Alex Goodman
fbff87fc6d
shorten release docs ( #3318 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-10-11 05:17:01 -04:00
William Murphy
0c71bf23c5
docs: clearer deprecation message for --file ( #3310 )
...
It's not clear to users that they shoudl use --output FORMAT=PATH
instead of --file. Directly suggest the FORMAT=PATH syntax.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2024-10-10 13:11:45 -04:00
Alan Pope
b62b0cb800
[docs] Add mastodon link to README.md ( #3306 )
...
Hello friends.
This follows the same pattern as the other badges at the top of the readme. It adds the mastodon link to the Syft account.
This also means that the link back here from the Mastodon account's profile page will show as 'Validated' once landed, which gives more authenticity to the account.
Signed-off-by: Alan Pope <alan.pope@anchore.com>
2024-10-10 15:28:55 +01:00
anchore-actions-token-generator[bot]
223a52d07e
chore(deps): update stereoscope to 5bc91bf166769e43d8d0f86c02e877c55eb04aed ( #3313 )
2024-10-10 06:03:55 -04:00
dependabot[bot]
5d068f30c0
chore(deps): bump actions/cache from 4.1.0 to 4.1.1 ( #3312 )
2024-10-10 06:01:06 -04:00
dependabot[bot]
5d165e0230
chore(deps): bump github/codeql-action from 3.26.11 to 3.26.12 ( #3307 )
2024-10-09 08:07:36 -04:00
dependabot[bot]
56ed131247
chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 ( #3308 )
2024-10-09 08:07:14 -04:00
dependabot[bot]
37c179b530
chore(deps): bump actions/upload-artifact from 4.4.0 to 4.4.1 ( #3309 )
2024-10-09 08:06:49 -04:00
Keith Zantow
ccbee94b87
feat: report unknowns in sbom ( #2998 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-10-07 16:11:37 -04:00
dependabot[bot]
4d7ed9f749
chore(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0 ( #3299 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.6.0 to 3.7.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/v3.6.0...v3.7.0 )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-07 15:21:34 -04:00
anchore-actions-token-generator[bot]
4c4e5cb06c
chore(deps): update stereoscope to efa76446cc1c7e6c4117350943a2754b2453aec4 ( #3301 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-10-07 15:21:26 -04:00
dependabot[bot]
8b6159dbd8
chore(deps): bump golang.org/x/net from 0.29.0 to 0.30.0 ( #3304 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.29.0 to 0.30.0.
- [Commits](https://github.com/golang/net/compare/v0.29.0...v0.30.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-07 15:20:38 -04:00
dependabot[bot]
7b30ce15d7
chore(deps): bump actions/cache from 4.0.2 to 4.1.0 ( #3305 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.0.2 to 4.1.0.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](0c45773b62...2cdf405574
2024-10-07 15:20:29 -04:00
anchore-actions-token-generator[bot]
27ee203495
chore(deps): update CPE dictionary index ( #3302 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-10-07 15:20:12 -04:00
Piotr Radkowski
3b9c55d28b
Fix: Parse package.json with non-standard fields in 'author' section ( #3300 )
...
* Improved parsing of package.json 'author' section
Signed-off-by: Piotr Radkowski <piotr.radkowski@contractors.roche.com>
* test: parse 'package.json' files with non-standard fields in author section
Signed-off-by: Piotr Radkowski <piotr.radkowski@contractors.roche.com>
---------
Signed-off-by: Piotr Radkowski <piotr.radkowski@contractors.roche.com>
Co-authored-by: Piotr Radkowski <piotr.radkowski@contractors.roche.com>
2024-10-07 10:26:04 -04:00
dependabot[bot]
25f5c6729f
chore(deps): bump github/codeql-action from 3.26.10 to 3.26.11 ( #3298 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.10 to 3.26.11.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](e2b3eafc8d...6db8d6351f
2024-10-05 09:25:01 -04:00
William Murphy
0d457142cc
chore: add pull request template ( #3294 )
...
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2024-10-05 09:05:11 -04:00
anchore-actions-token-generator[bot]
fc8457418a
chore(deps): update tools to latest versions ( #3296 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-10-05 07:32:32 -04:00
Alex Goodman
13c6876906
Track supporting DPKG evidence ( #3228 )
...
* add dpkg evidence support
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* use path over filepath
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-10-04 11:07:29 -04:00
William Murphy
770fdc53ea
Fix: make failed CPE validation correctly return error ( #2762 )
...
* Test CPE attributes correctly returns error
Previously, this method incorrectly return an empty Attributes object
and a nil error, leading to callers attempting to use the empty
attributes object.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
* chore: merge with main and refactor call that relied on old nil behavior
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
* test: add test to cover new OSCPE err pattern
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---------
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-10-03 16:42:57 -04:00
dependabot[bot]
32c0d1e673
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.9 to 6.6.0 ( #3293 )
...
Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty ) from 6.5.9 to 6.6.0.
- [Release notes](https://github.com/jedib0t/go-pretty/releases )
- [Commits](https://github.com/jedib0t/go-pretty/compare/v6.5.9...v6.6.0 )
---
updated-dependencies:
- dependency-name: github.com/jedib0t/go-pretty/v6
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-03 10:14:13 -04:00
witchcraze
263ea6b1bb
feat: update haproxy classifier ( #3277 )
...
Signed-off-by: witchcraze <witchcraze@gmail.com>
2024-10-02 15:10:39 -04:00
anchore-actions-token-generator[bot]
cc4f62b3d4
chore(deps): update tools to latest versions ( #3291 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-10-02 09:07:25 -04:00
Niv Govrin
dbad17de9e
fix: don't use builtin scanner in licensecheck ( #3290 )
...
Signed-off-by: Niv Govrin <nivgo@oligosecurity.io>
2024-10-01 13:53:54 -04:00
anchore-actions-token-generator[bot]
93beceb4a2
chore(deps): update CPE dictionary index ( #3288 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-10-01 10:50:15 -04:00
dependabot[bot]
9b242b0309
chore(deps): bump github/codeql-action from 3.26.9 to 3.26.10 ( #3289 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.9 to 3.26.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](461ef6c76d...e2b3eafc8d
2024-10-01 10:48:46 -04:00
witchcraze
f5f8005fe0
update redis classifier ( #3281 )
...
* update redis classifier
Signed-off-by: witchcraze <witchcraze@gmail.com>
* Remove snippets to pass Validation.
In this case, 9000 byte was required...
Signed-off-by: witchcraze <witchcraze@gmail.com>
2024-09-30 15:37:47 -04:00
witchcraze
2a3d171c10
fix: improve node classifier version matching ( #3284 )
...
Signed-off-by: witchcraze <witchcraze@gmail.com>
2024-09-27 08:53:35 -04:00
witchcraze
1a746b2c05
fix: update ruby classifier for -rc, -dev, etc. versions ( #3285 )
...
Signed-off-by: witchcraze <witchcraze@gmail.com>
2024-09-27 08:51:50 -04:00
anchore-actions-token-generator[bot]
e37c4686c2
chore(deps): update CPE dictionary index ( #3262 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-09-26 13:49:18 -04:00
dependabot[bot]
5393cd5dec
chore(deps): bump github.com/docker/docker ( #3264 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 27.3.0+incompatible to 27.3.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v27.3.0...v27.3.1 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-26 13:49:02 -04:00
dependabot[bot]
f9ef9cf1dc
chore(deps): bump github/codeql-action from 3.26.8 to 3.26.9 ( #3275 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.8 to 3.26.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](294a9d9291...461ef6c76d
2024-09-26 13:48:45 -04:00
anchore-actions-token-generator[bot]
16122eb32d
chore(deps): update stereoscope to dc10ea61fd18efa45b516eda4de8bc19d8322429 ( #3280 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-09-26 13:48:33 -04:00
dependabot[bot]
39b2bf5518
chore(deps): bump actions/checkout from 4.1.7 to 4.2.0 ( #3283 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.7 to 4.2.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](692973e3d9...d632683dd7
2024-09-26 13:48:12 -04:00
Alex Goodman
d7005d7d8c
add awaiting response management ( #3272 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-09-25 08:56:21 -04:00
Christian Dupuis
92c1ddec5a
fix: correct excluded mount point comparison to file paths ( #3269 )
...
Signed-off-by: Christian Dupuis <cd@docker.com>
2024-09-24 17:05:16 -04:00
Alex Goodman
01de99b253
Add JVM cataloger ( #3217 )
...
* add jvm cataloger
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* simplify version selection
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* CPEs from JVM cataloger should be declared
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* ensure package overlap is enabled for sensitive use cases
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* more permissive glob
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-09-23 17:21:38 -04:00
Laurent Goderre
7815d8e4d9
feat: classifier for Dart lang binaries ( #3265 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-09-23 14:21:31 -04:00
Alex Goodman
963ea594c8
Add compliance policy for empty name and version ( #3257 )
...
* add policy for empty name and version
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* default stub version
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* modifying ids requires augmenting relationships
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-09-20 12:50:47 -04:00
dependabot[bot]
60bbd24031
chore(deps): bump github.com/github/go-spdx/v2 from 2.3.1 to 2.3.2 ( #3254 )
...
Bumps [github.com/github/go-spdx/v2](https://github.com/github/go-spdx ) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/github/go-spdx/releases )
- [Commits](https://github.com/github/go-spdx/compare/v2.3.1...v2.3.2 )
---
updated-dependencies:
- dependency-name: github.com/github/go-spdx/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-20 10:50:16 -04:00
dependabot[bot]
7c12e3f3b3
chore(deps): bump peter-evans/create-pull-request from 7.0.3 to 7.0.5 ( #3255 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.3 to 7.0.5.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](6cd32fd936...5e914681df
2024-09-20 10:50:03 -04:00
