dependabot[bot]
defb08d120
chore(deps): bump anchore/sbom-action from 0.17.6 to 0.17.7 ( #3418 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.6 to 0.17.7.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](251a468eed...fc46e51fd3
2024-11-06 10:41:45 -05:00
Keith Zantow
16eedd81ec
chore: build release sbom from go.mod ( #3417 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-11-05 09:51:23 -05:00
Christopher Angelo Phillips
8a41d77250
chore: prevent file resolver from bubbling errors in binary cataloger ( #3410 )
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
2024-11-04 20:23:27 +00:00
anchore-actions-token-generator[bot]
eb56f2e4bb
chore(deps): update stereoscope to cbd43fb4e5d348fe680066ee6329385fd6a4f827 ( #3411 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-11-04 10:20:27 -05:00
anchore-actions-token-generator[bot]
849e325408
chore(deps): update CPE dictionary index ( #3414 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-11-04 10:13:22 -05:00
dependabot[bot]
203df65a65
chore(deps): bump github.com/adrg/xdg from 0.5.2 to 0.5.3 ( #3408 )
...
Bumps [github.com/adrg/xdg](https://github.com/adrg/xdg ) from 0.5.2 to 0.5.3.
- [Release notes](https://github.com/adrg/xdg/releases )
- [Commits](https://github.com/adrg/xdg/compare/v0.5.2...v0.5.3 )
---
updated-dependencies:
- dependency-name: github.com/adrg/xdg
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-01 11:43:54 -04:00
dependabot[bot]
2c70090d10
chore(deps): bump github.com/charmbracelet/lipgloss from 0.13.1 to 1.0.0 ( #3409 )
...
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss ) from 0.13.1 to 1.0.0.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases )
- [Changelog](https://github.com/charmbracelet/lipgloss/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.13.1...v1.0.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-01 11:43:47 -04:00
anchore-actions-token-generator[bot]
8f179e6961
chore(deps): update stereoscope to 2ce1e520983b1c21d5150d7fae2b39e8e5ab9063 ( #3405 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-11-01 11:43:39 -04:00
Artemii
6a1e3f32fe
Issue #3143 – fixed format conversion docs link ( #3407 )
...
* chore: fixed format conversion docs link (#3143 )
Signed-off-by: Artemii Fedotov <artemii.fedotov@tutamail.com>
* changed link to wiki docs
Signed-off-by: Artemii Fedotov <artemii.fedotov@tutamail.com>
---------
Signed-off-by: Artemii Fedotov <artemii.fedotov@tutamail.com>
2024-11-01 11:43:00 -04:00
Joel Rudsberg
fcf1350a0e
feat: support dependencies and purl for Native Image SBOMs ( #3399 )
...
Signed-off-by: Joel Rudsberg <joel.rudsberg@oracle.com>
2024-10-31 12:12:54 -04:00
anchore-actions-token-generator[bot]
9302e20d62
chore(deps): update stereoscope to 9c92fe30492ffeba14ed2e23ad1fd923341dda4f ( #3398 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-10-31 10:22:14 -04:00
Nathan Voss
a55b71d4ef
feat: exclude devDependencies from package-lock.json parsing ( #3371 )
...
Signed-off-by: Nathan Voss <njvoss299@gmail.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
2024-10-30 12:02:27 -04:00
dependabot[bot]
df3998b4f1
chore(deps): bump github.com/adrg/xdg from 0.5.1 to 0.5.2 ( #3394 )
2024-10-29 16:32:14 +00:00
dependabot[bot]
9dc9be645a
chore(deps): bump anchore/sbom-action from 0.17.5 to 0.17.6 ( #3393 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.5 to 0.17.6.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](1ca97d9028...251a468eed
2024-10-29 10:07:28 -04:00
Keith Zantow
798c18a698
fix: stack overflow in spyingIoReadCloser ( #3392 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-10-29 08:23:57 -04:00
Keith Zantow
1118ac4ace
fix: bad pom files may cause infinite loop ( #3391 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-10-28 18:09:04 -04:00
anchore-actions-token-generator[bot]
55cc1877ef
chore(deps): update stereoscope to bcc40c6817524718277256d6b774ce643f98640a ( #3388 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <12529630+willmurphyscode@users.noreply.github.com>
2024-10-28 19:48:04 +00:00
dependabot[bot]
367c699585
chore(deps): bump actions/setup-go from 5.0.2 to 5.1.0 ( #3384 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 5.0.2 to 5.1.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](0a12ed9d6a...41dfa10bad
2024-10-28 14:09:45 -04:00
dependabot[bot]
46445ff29f
chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.1 to 1.1.2 ( #3385 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 1.1.1 to 1.1.2.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/main/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v1.1.1...v1.1.2 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-28 14:08:44 -04:00
anchore-actions-token-generator[bot]
5faa6d34d5
chore(deps): update tools to latest versions ( #3383 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-10-28 14:08:14 -04:00
anchore-actions-token-generator[bot]
c7c036660c
chore(deps): update CPE dictionary index ( #3387 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-10-28 08:03:08 -04:00
dependabot[bot]
a0c62da747
chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 ( #3380 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.2.1 to 4.2.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](eef61447b9...11bd71901b
2024-10-24 10:35:47 -04:00
Keith Zantow
759b898df5
feat: multi-level configuration and profiles ( #3337 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-10-23 12:15:59 -04:00
Keith Zantow
a00533c836
feat: Java dependency graph information ( #3363 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-10-23 11:17:34 -04:00
Nathan Voss
b505317e10
Expanded dpkg cataloger globs ( #3373 )
...
Signed-off-by: Nathan Voss <njvoss299@gmail.com>
2024-10-23 14:59:28 +00:00
Ariel Miculas-Trif
06d300e662
Enable cargo-auditable-binary-cataloger for files/directories ( #3376 )
...
Especially when scanning a single binary file, the
cargo-auditable-binary-cataloger should run and report the rust binary's
dependencies:
```
scan --select-catalogers rust <binary_file>
```
This is in line with other binary catalogers, such as the
go-module-binary-cataloger.
Signed-off-by: Ariel Miculas-Trif <amiculas@cisco.com>
2024-10-23 14:55:04 +00:00
dependabot[bot]
80333d39e3
chore(deps): bump github/codeql-action from 3.26.13 to 3.27.0 ( #3374 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.13 to 3.27.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f779452ac5...662472033e
2024-10-23 10:47:12 -04:00
dependabot[bot]
11335466b6
chore(deps): bump github.com/charmbracelet/lipgloss ( #3375 )
...
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss ) from 0.13.0 to 0.13.1.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases )
- [Changelog](https://github.com/charmbracelet/lipgloss/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.13.0...v0.13.1 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-23 10:46:52 -04:00
anchore-actions-token-generator[bot]
260d80974f
chore(deps): update stereoscope to 6db3c175f1f836e552b01ee70e5d5528cc04bce4 ( #3362 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-10-22 12:23:29 -04:00
dependabot[bot]
fc524a0565
chore(deps): bump actions/cache from 4.1.1 to 4.1.2 ( #3364 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.1.1 to 4.1.2.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](3624ceb22c...6849a64899
2024-10-22 12:23:13 -04:00
dependabot[bot]
b5cde1304b
chore(deps): bump anchore/sbom-action from 0.17.4 to 0.17.5 ( #3365 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.4 to 0.17.5.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](8d0a6505bf...1ca97d9028
2024-10-22 12:22:27 -04:00
dependabot[bot]
6a2898e00d
chore(deps): bump github.com/go-git/go-billy/v5 from 5.5.0 to 5.6.0 ( #3367 )
...
Bumps [github.com/go-git/go-billy/v5](https://github.com/go-git/go-billy ) from 5.5.0 to 5.6.0.
- [Release notes](https://github.com/go-git/go-billy/releases )
- [Commits](https://github.com/go-git/go-billy/compare/v5.5.0...v5.6.0 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-billy/v5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-22 12:22:19 -04:00
Alex Goodman
e4e985b9b0
Create single license scanner for all catalogers ( #3348 )
...
* add single license scanner instance
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* rename testing license scanner
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-10-21 16:17:12 +00:00
anchore-actions-token-generator[bot]
14355aac21
chore(deps): update stereoscope to a38c93517fc7d67ca1af826ac529a06c05b571d2 ( #3357 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-10-21 10:05:43 -04:00
anchore-actions-token-generator[bot]
e38825a0a2
chore(deps): update CPE dictionary index ( #3358 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-10-21 10:04:25 -04:00
dependabot[bot]
5a37b4a996
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.0 to 6.6.1 ( #3361 )
...
Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty ) from 6.6.0 to 6.6.1.
- [Release notes](https://github.com/jedib0t/go-pretty/releases )
- [Commits](https://github.com/jedib0t/go-pretty/compare/v6.6.0...v6.6.1 )
---
updated-dependencies:
- dependency-name: github.com/jedib0t/go-pretty/v6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-21 14:02:07 +00:00
Alex Goodman
56dbb342ef
update to latest packageurl-go ( #3347 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-10-18 14:47:02 -04:00
anchore-actions-token-generator[bot]
3267545097
chore(deps): update tools to latest versions ( #3342 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-10-17 10:05:38 -04:00
anchore-actions-token-generator[bot]
7adbdfe624
chore(deps): update stereoscope to 9e57bce5efeb0ffe27770dd0b8eb2eef8b38512f ( #3338 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-10-17 10:05:18 -04:00
dependabot[bot]
f2646d0156
chore(deps): bump github.com/adrg/xdg from 0.5.0 to 0.5.1 ( #3344 )
...
Bumps [github.com/adrg/xdg](https://github.com/adrg/xdg ) from 0.5.0 to 0.5.1.
- [Release notes](https://github.com/adrg/xdg/releases )
- [Commits](https://github.com/adrg/xdg/compare/v0.5.0...v0.5.1 )
---
updated-dependencies:
- dependency-name: github.com/adrg/xdg
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-17 09:58:16 -04:00
Weston Steimel
5b9601d9c6
fix: use official CPE for linux kernel ( #3343 )
...
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-10-17 12:01:40 +00:00
dependabot[bot]
80c8bc1afb
chore(deps): bump anchore/sbom-action from 0.17.3 to 0.17.4 ( #3340 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.3 to 0.17.4.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](f5e124a5e5...8d0a6505bf
2024-10-16 12:44:07 -04:00
Weston Steimel
d7194bb00f
fix: improve mariadb binary classifer to detect older versions ( #3339 )
...
With older versions of mariadb the binary name was `mysql`, so this
adjusts the binary classifier to additionally search for the expected
version pattern in `mysql` binaries.
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-10-16 12:43:50 -04:00
William Murphy
754cebee64
fix: stop some log.Warn spam due parsing an empty string as a CPE ( #3330 )
...
* chore: don't try to parse empty string as CPE
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* chore: improve OS name and version extraction from ELF metadata
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
---------
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2024-10-15 08:50:47 -04:00
anchore-actions-token-generator[bot]
138c6e3420
chore(deps): update stereoscope to 1cc8a41d447d0d092699be2b700b8ba62e870434 ( #3334 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <12529630+willmurphyscode@users.noreply.github.com>
2024-10-15 12:45:07 +00:00
anchore-actions-token-generator[bot]
5c0df6386f
chore(deps): update stereoscope to 1cc8a41d447d0d092699be2b700b8ba62e870434 ( #3332 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <12529630+willmurphyscode@users.noreply.github.com>
2024-10-14 21:37:26 +00:00
anchore-actions-token-generator[bot]
7c69367b65
chore(deps): update stereoscope to 93f8a11331e3d50f751e4d0ec5b63f3df309e9e5 ( #3331 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <12529630+willmurphyscode@users.noreply.github.com>
2024-10-14 20:03:16 +00:00
dependabot[bot]
39146aaf62
chore(deps): bump anchore/sbom-action from 0.17.2 to 0.17.3 ( #3326 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.2 to 0.17.3.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](61119d458a...f5e124a5e5
2024-10-14 11:46:47 -04:00
dependabot[bot]
67faca4208
chore(deps): bump github/codeql-action from 3.26.12 to 3.26.13 ( #3327 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.12 to 3.26.13.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](c36620d31a...f779452ac5
2024-10-14 14:06:08 +00:00
anchore-actions-token-generator[bot]
f6e5405eb8
chore(deps): update CPE dictionary index ( #3323 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-10-14 09:42:20 -04:00
