anchore-actions-token-generator[bot]
cc4f62b3d4
chore(deps): update tools to latest versions ( #3291 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-10-02 09:07:25 -04:00
Niv Govrin
dbad17de9e
fix: don't use builtin scanner in licensecheck ( #3290 )
...
Signed-off-by: Niv Govrin <nivgo@oligosecurity.io>
2024-10-01 13:53:54 -04:00
anchore-actions-token-generator[bot]
93beceb4a2
chore(deps): update CPE dictionary index ( #3288 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-10-01 10:50:15 -04:00
dependabot[bot]
9b242b0309
chore(deps): bump github/codeql-action from 3.26.9 to 3.26.10 ( #3289 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.9 to 3.26.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](461ef6c76d...e2b3eafc8d
2024-10-01 10:48:46 -04:00
witchcraze
f5f8005fe0
update redis classifier ( #3281 )
...
* update redis classifier
Signed-off-by: witchcraze <witchcraze@gmail.com>
* Remove snippets to pass Validation.
In this case, 9000 byte was required...
Signed-off-by: witchcraze <witchcraze@gmail.com>
2024-09-30 15:37:47 -04:00
witchcraze
2a3d171c10
fix: improve node classifier version matching ( #3284 )
...
Signed-off-by: witchcraze <witchcraze@gmail.com>
2024-09-27 08:53:35 -04:00
witchcraze
1a746b2c05
fix: update ruby classifier for -rc, -dev, etc. versions ( #3285 )
...
Signed-off-by: witchcraze <witchcraze@gmail.com>
2024-09-27 08:51:50 -04:00
anchore-actions-token-generator[bot]
e37c4686c2
chore(deps): update CPE dictionary index ( #3262 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-09-26 13:49:18 -04:00
dependabot[bot]
5393cd5dec
chore(deps): bump github.com/docker/docker ( #3264 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 27.3.0+incompatible to 27.3.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v27.3.0...v27.3.1 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-26 13:49:02 -04:00
dependabot[bot]
f9ef9cf1dc
chore(deps): bump github/codeql-action from 3.26.8 to 3.26.9 ( #3275 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.8 to 3.26.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](294a9d9291...461ef6c76d
2024-09-26 13:48:45 -04:00
anchore-actions-token-generator[bot]
16122eb32d
chore(deps): update stereoscope to dc10ea61fd18efa45b516eda4de8bc19d8322429 ( #3280 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-09-26 13:48:33 -04:00
dependabot[bot]
39b2bf5518
chore(deps): bump actions/checkout from 4.1.7 to 4.2.0 ( #3283 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.7 to 4.2.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](692973e3d9...d632683dd7
2024-09-26 13:48:12 -04:00
Alex Goodman
d7005d7d8c
add awaiting response management ( #3272 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-09-25 08:56:21 -04:00
Christian Dupuis
92c1ddec5a
fix: correct excluded mount point comparison to file paths ( #3269 )
...
Signed-off-by: Christian Dupuis <cd@docker.com>
2024-09-24 17:05:16 -04:00
Alex Goodman
01de99b253
Add JVM cataloger ( #3217 )
...
* add jvm cataloger
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* simplify version selection
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* CPEs from JVM cataloger should be declared
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* ensure package overlap is enabled for sensitive use cases
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* more permissive glob
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-09-23 17:21:38 -04:00
Laurent Goderre
7815d8e4d9
feat: classifier for Dart lang binaries ( #3265 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-09-23 14:21:31 -04:00
Alex Goodman
963ea594c8
Add compliance policy for empty name and version ( #3257 )
...
* add policy for empty name and version
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* default stub version
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* modifying ids requires augmenting relationships
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-09-20 12:50:47 -04:00
dependabot[bot]
60bbd24031
chore(deps): bump github.com/github/go-spdx/v2 from 2.3.1 to 2.3.2 ( #3254 )
...
Bumps [github.com/github/go-spdx/v2](https://github.com/github/go-spdx ) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/github/go-spdx/releases )
- [Commits](https://github.com/github/go-spdx/compare/v2.3.1...v2.3.2 )
---
updated-dependencies:
- dependency-name: github.com/github/go-spdx/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-20 10:50:16 -04:00
dependabot[bot]
7c12e3f3b3
chore(deps): bump peter-evans/create-pull-request from 7.0.3 to 7.0.5 ( #3255 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.3 to 7.0.5.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](6cd32fd936...5e914681df
2024-09-20 10:50:03 -04:00
dependabot[bot]
9b5cf1db51
chore(deps): bump github/codeql-action from 3.26.7 to 3.26.8 ( #3256 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.7 to 3.26.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8214744c54...294a9d9291
2024-09-20 10:49:55 -04:00
anchore-actions-token-generator[bot]
a08ea86aa6
chore(deps): update tools to latest versions ( #3259 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-09-20 10:49:37 -04:00
dependabot[bot]
98c96ce361
chore(deps): bump github.com/docker/docker ( #3260 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 27.2.1+incompatible to 27.3.0+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v27.2.1...v27.3.0 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-20 10:49:22 -04:00
Krystian G.
6a95a5f2ed
feat: add binary classifiers for lighttp, proftpd, zstd, xz, gzip, jq, and sqlcipher ( #3252 )
...
* feat: detect lighttpd binaries
Signed-off-by: Krystian Gorny <krystian.gorny@wipotec.com>
* feat: detect proftpd binaries
Signed-off-by: Krystian Gorny <krystian.gorny@wipotec.com>
* feat: detect zstd binaries
Signed-off-by: Krystian Gorny <krystian.gorny@wipotec.com>
* feat: detect xz utils binarie
Signed-off-by: Krystian Gorny <krystian.gorny@wipotec.com>
* feat: detect gzip binaries
Signed-off-by: Krystian Gorny <krystian.gorny@wipotec.com>
* feat: detect sqlcipher binaries
Signed-off-by: Krystian Gorny <krystian.gorny@wipotec.com>
* feat: detect jq binaries
Signed-off-by: Krystian Gorny <krystian.gorny@wipotec.com>
* add tests + snippets
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Krystian Gorny <krystian.gorny@wipotec.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Krystian Gorny <krystian.gorny@wipotec.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-09-19 13:21:02 +00:00
Krystian G.
cb0de97bc3
fix: capture-snippet.sh can handle leading whitespaces now ( #3249 ) ( #3250 )
...
Signed-off-by: Gorny Krystian <krystian.gorny@wipotec.com>
Co-authored-by: Gorny Krystian <krystian.gorny@wipotec.com>
2024-09-19 09:15:54 -04:00
anchore-actions-token-generator[bot]
50016c3172
chore(deps): update tools to latest versions ( #3251 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-09-19 09:15:12 -04:00
anchore-actions-token-generator[bot]
a2f12fef0c
chore(deps): update tools to latest versions ( #3247 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-09-18 13:13:24 -04:00
anchore-actions-token-generator[bot]
7934696463
chore(deps): update tools to latest versions ( #3243 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-09-17 12:30:07 -04:00
dependabot[bot]
b9efac4d78
chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.0 to 0.9.1 ( #3242 )
...
Bumps [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go ) from 0.9.0 to 0.9.1.
- [Release notes](https://github.com/CycloneDX/cyclonedx-go/releases )
- [Changelog](https://github.com/CycloneDX/cyclonedx-go/blob/master/.goreleaser.yml )
- [Commits](https://github.com/CycloneDX/cyclonedx-go/compare/v0.9.0...v0.9.1 )
---
updated-dependencies:
- dependency-name: github.com/CycloneDX/cyclonedx-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-16 11:54:12 -04:00
dependabot[bot]
48c1c45d12
chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7 ( #3241 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.6 to 3.26.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](4dd16135b6...8214744c54
2024-09-16 11:54:01 -04:00
dependabot[bot]
9cc3641ac6
chore(deps): bump peter-evans/create-pull-request from 7.0.2 to 7.0.3 ( #3240 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.2 to 7.0.3.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](d121e62763...6cd32fd936
2024-09-16 11:53:51 -04:00
anchore-actions-token-generator[bot]
7b4feb7c16
chore(deps): update tools to latest versions ( #3231 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-09-16 09:09:11 -04:00
anchore-actions-token-generator[bot]
41e9630409
chore(deps): update CPE dictionary index ( #3232 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-09-16 09:08:50 -04:00
anchore-actions-token-generator[bot]
58100fec9f
chore(deps): update tools to latest versions ( #3205 )
...
* chore(deps): update tools to latest versions
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* chore: disable gosec(G115)
A change to the rule gosec(G115) made a large amount of FP for gosec appear when updating to the
latest golang-ci linter.
https://github.com/securego/gosec/issues/1185
https://github.com/securego/gosec/pull/1149
We're going to ignore this rule for the time being while waiting for gosec to get updates so that
bound checking and example snippets of `valid` code is added for this rule
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---------
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-09-13 15:05:50 -04:00
dependabot[bot]
834027e32d
chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.0 to 1.1.1 ( #3225 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 1.1.0 to 1.1.1.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/main/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v1.1.0...v1.1.1 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-13 13:51:17 -04:00
dependabot[bot]
2b4d5c275f
chore(deps): bump peter-evans/create-pull-request from 7.0.1 to 7.0.2 ( #3226 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.1 to 7.0.2.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](8867c4aba1...d121e62763
2024-09-13 11:31:09 -04:00
dependabot[bot]
38e51f16ec
chore(deps): bump modernc.org/sqlite from 1.33.0 to 1.33.1 ( #3229 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.33.0 to 1.33.1.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.33.0...v1.33.1 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-13 11:30:58 -04:00
Keith Zantow
1b863268df
feat: --enrich flag for data enrichment feature enablement ( #3182 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-09-12 10:45:18 -04:00
Ryuichi Okumura
fcd5ec951d
chore: make ci-check.sh an executable file ( #3220 )
...
Signed-off-by: Ryuichi Okumura <okuryu@okuryu.com>
2024-09-11 10:02:37 -04:00
dependabot[bot]
61a9fde01c
chore(deps): bump github.com/opencontainers/runc from 1.1.12 to 1.1.14 ( #3219 )
...
Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc ) from 1.1.12 to 1.1.14.
- [Release notes](https://github.com/opencontainers/runc/releases )
- [Changelog](https://github.com/opencontainers/runc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/opencontainers/runc/compare/v1.1.12...v1.1.14 )
---
updated-dependencies:
- dependency-name: github.com/opencontainers/runc
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-10 21:20:43 +00:00
Keith Zantow
c33a51d3d8
chore: restore ci-check.sh script ( #3218 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-09-10 15:19:05 -04:00
Laurent Goderre
dbc4238f63
Add haskell binaries cataloger ( #3078 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-09-10 10:58:20 -04:00
anchore-actions-token-generator[bot]
fce14fd537
chore(deps): update CPE dictionary index ( #3206 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-09-10 10:36:50 -04:00
dependabot[bot]
98bd4e99b6
chore(deps): bump golang.org/x/net from 0.28.0 to 0.29.0 ( #3203 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.28.0 to 0.29.0.
- [Commits](https://github.com/golang/net/compare/v0.28.0...v0.29.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-10 10:35:43 -04:00
Laurent Goderre
9c2799e379
Add the Ocaml ecosystem ( #3112 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-09-10 10:35:18 -04:00
dependabot[bot]
dafc6ad034
chore(deps): bump github.com/charmbracelet/bubbles from 0.19.0 to 0.20.0 ( #3209 )
...
Bumps [github.com/charmbracelet/bubbles](https://github.com/charmbracelet/bubbles ) from 0.19.0 to 0.20.0.
- [Release notes](https://github.com/charmbracelet/bubbles/releases )
- [Changelog](https://github.com/charmbracelet/bubbles/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbles/compare/v0.19.0...v0.20.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbles
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-09 16:28:01 -04:00
dependabot[bot]
16f89840fd
chore(deps): bump modernc.org/sqlite from 1.32.0 to 1.33.0 ( #3210 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.32.0 to 1.33.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.32.0...v1.33.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-09 16:27:52 -04:00
dependabot[bot]
2475f7f696
chore(deps): bump github.com/docker/docker ( #3211 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 27.2.0+incompatible to 27.2.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v27.2.0...v27.2.1 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-09 16:27:43 -04:00
dependabot[bot]
f735a428eb
chore(deps): bump github.com/dave/jennifer from 1.7.0 to 1.7.1 ( #3212 )
...
Bumps [github.com/dave/jennifer](https://github.com/dave/jennifer ) from 1.7.0 to 1.7.1.
- [Commits](https://github.com/dave/jennifer/compare/v1.7.0...v1.7.1 )
---
updated-dependencies:
- dependency-name: github.com/dave/jennifer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-09 16:27:33 -04:00
Alex Goodman
ba7bf6b85e
dont cleanup cache in forks ( #3214 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-09-09 20:27:21 +00:00
Alex Goodman
b153b1d594
less verbose java logging when non-fatal issues arise ( #3208 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-09-09 15:27:59 +00:00
