dependabot[bot]
d4f31d6a3e
chore(deps): bump github.com/google/go-containerregistry ( #2561 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.18.0 to 0.19.0.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.18.0...v0.19.0 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-30 13:15:13 -05:00
dependabot[bot]
bd4bcc4e89
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.3 to 6.5.4 ( #2562 )
...
Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty ) from 6.5.3 to 6.5.4.
- [Release notes](https://github.com/jedib0t/go-pretty/releases )
- [Commits](https://github.com/jedib0t/go-pretty/compare/v6.5.3...v6.5.4 )
---
updated-dependencies:
- dependency-name: github.com/jedib0t/go-pretty/v6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-30 13:15:06 -05:00
anchore-actions-token-generator[bot]
cf48c3a0c9
chore(deps): update tools to latest versions ( #2554 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2024-01-29 12:32:53 -05:00
dependabot[bot]
b4f565a620
chore(deps): bump github.com/sassoftware/go-rpmutils from 0.2.0 to 0.3.0 ( #2556 )
...
Bumps [github.com/sassoftware/go-rpmutils](https://github.com/sassoftware/go-rpmutils ) from 0.2.0 to 0.3.0.
- [Release notes](https://github.com/sassoftware/go-rpmutils/releases )
- [Commits](https://github.com/sassoftware/go-rpmutils/compare/v0.2.0...v0.3.0 )
---
updated-dependencies:
- dependency-name: github.com/sassoftware/go-rpmutils
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-29 12:32:37 -05:00
dependabot[bot]
2e0149fd9e
chore(deps): bump 8398a7/action-slack from 3.15.1 to 3.16.2 ( #2557 )
...
Bumps [8398a7/action-slack](https://github.com/8398a7/action-slack ) from 3.15.1 to 3.16.2.
- [Release notes](https://github.com/8398a7/action-slack/releases )
- [Commits](fbd6aa58ba...28ba43ae48
2024-01-29 12:32:30 -05:00
dependabot[bot]
87bbc507ee
chore(deps): bump github/codeql-action from 3.23.1 to 3.23.2 ( #2558 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.23.1 to 3.23.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0b21cf2492...b7bf0a3ed3
2024-01-29 12:32:22 -05:00
Alex Goodman
f893933336
internalize format helpers ( #2543 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-26 12:16:26 -05:00
Alex Goodman
b6cbf82389
Internalize CPE generation logic ( #2541 )
...
* migrate CPE generation logic to internal
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove create function
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-26 12:16:05 -05:00
anchore-actions-token-generator[bot]
7f90b8f1eb
chore(deps): update tools to latest versions ( #2550 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2024-01-26 10:40:44 -05:00
Laurent Goderre
d7c51e5c82
Implement golang Purl subpath ( #2547 )
...
* Added test for golang package that include subpath into the module
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
* Implement golang purl subpath
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
---------
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-01-25 17:04:28 -05:00
Alex Goodman
414fb2f8ad
fix migration of integration test ( #2546 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-25 15:18:36 +00:00
Alex Goodman
a32b8d7fc6
Use the json schema as input for templating ( #2542 )
...
* use the json schema as input for templating
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix cli tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-25 14:00:35 +00:00
Alex Goodman
11c0b1c234
Unexport types and functions cataloger packages ( #2530 )
...
* unexport as many types and functions from cataloger packages as possible
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* capture type and signature information in convention test
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* check that we return pkg.Cataloger from constructors
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-24 16:12:46 -05:00
Alex Goodman
e0e1c4ba0a
Internalize majority of cmd package ( #2533 )
...
* internalize majority of cmd package and migrate integration tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add internal api encoder
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* create internal representation of all formats
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* export capability to get default encoders
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* restore test fixtures
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-24 13:29:51 -05:00
Alex Goodman
bf3cd9ed3b
allow for RPM modularity to be optional ( #2540 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-24 13:21:59 -05:00
dependabot[bot]
ad2843bf50
chore(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0 ( #2536 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](694cdabd8b...26f96dfa69
2024-01-24 10:11:43 -05:00
dependabot[bot]
0bb94099b0
chore(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0 ( #2538 )
...
Bumps [github.com/google/uuid](https://github.com/google/uuid ) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/google/uuid/releases )
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md )
- [Commits](https://github.com/google/uuid/compare/v1.5.0...v1.6.0 )
---
updated-dependencies:
- dependency-name: github.com/google/uuid
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-24 10:11:33 -05:00
dependabot[bot]
97d0108bd5
chore(deps): bump github.com/docker/docker ( #2537 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 25.0.0+incompatible to 25.0.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v25.0.0...v25.0.1 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-24 10:11:24 -05:00
William Murphy
878df69330
chore: stop re-exporting wfn.Attributes ( #2534 )
...
* chore: stop re-exporting wfn.Attributes
Previously, Syft re-exported wfn.Attributes from the nvdtools package as
a member of the Package struct. However, Syft doesn't own this struct,
and so after Syft 1.0, might be forced to bump a semver major version
due to a breaking change in wfn.Attributes. Rather than incur this risk
going into 1.0, instead replace Syft's use of wfn.Attributes with Syft's
own cpe.CPE type. That type has some pass-through calls to
wfn.Attributes, but hides the dependency from the rest of the
application.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
* chore: make cpe.CPE type a Stringer
Previously, the cpe.CPE type was an alias for wfn.Attributes from
nvdtools. Now that it is a type we control, make the String method take
the CPE as a receiver, rather than as a normal parameter, so that Syft's
cpe.CPE type implements Stringer.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
---------
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2024-01-24 08:59:03 -05:00
Alex Goodman
0fe13888d5
swap format readseekers for readers ( #2515 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-23 16:44:57 -05:00
dependabot[bot]
8e39ca6dfc
chore(deps): bump anchore/sbom-action from 0.15.4 to 0.15.5 ( #2531 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.4 to 0.15.5.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](41f7a6c033...24b0d52385
2024-01-23 10:14:05 -05:00
dependabot[bot]
935b885ba2
chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.12 to 0.5.0 ( #2532 )
...
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) from 0.4.12 to 0.5.0.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.12...v0.5.0 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-23 10:13:51 -05:00
Alex Goodman
cdad5e767a
plumb context through catalogers ( #2528 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-22 15:54:51 -05:00
Alex Goodman
c5d15d1d6c
Remove CLI and API deprecations ( #2508 )
...
* remove api deprecations
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove deprecated NAME cli flag
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-22 12:55:30 -05:00
Alex Goodman
03b7938fbf
Turn off the SBOM cataloger by default ( #2527 )
...
* turn off the SBOM cataloger by default
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix integration tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-22 12:32:45 -05:00
Alex Goodman
4c77783461
Re-introduce linux kernel cataloger ( #2526 )
...
* re-add linux kernel cataloger
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* ensure there is at least a directory or image tag on each task
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix CLI tests to account for kernel finding (+2)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-22 16:31:41 +00:00
William Murphy
c6ce1de928
make AllLocations accept a context ( #2518 )
...
The previous implementation would leak a goroutine if the caller of
AllLocations stopped iterating early. Now, accept a context so that the
caller can cancel the AllLocations iterator rather than leak the
goroutine.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2024-01-22 11:05:59 -05:00
anchore-actions-token-generator[bot]
3046d43a8a
chore(deps): update CPE dictionary index ( #2523 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
2024-01-22 08:32:31 -05:00
Dan Luhring
df582e8463
fix: minor cataloger and docs nits ( #2519 )
...
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
2024-01-19 17:29:47 -05:00
Alex Goodman
3eab5932e5
Deduplicate digests from user configuration ( #2522 )
...
* deduplicate digests from user configuration
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* backout pointer reciever change on imageSource
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-19 21:51:55 +00:00
Alex Goodman
0bc31f4e27
update readme and help output to be accurate to syft api ( #2520 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-19 16:18:47 -05:00
Christopher Angelo Phillips
22f3a29fd7
fix: remove second call to finalize as the task handles it ( #2516 )
...
* fix: remove second call to finalize as the task handles it
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: add test to protect against dupe relationships in final SBOM
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-01-19 14:12:29 -05:00
anchore-actions-token-generator[bot]
969b5f1764
chore(deps): update stereoscope to eb656fc717935ad5abeb8e1379a5c4e11c957120 ( #2510 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2024-01-19 10:25:31 -05:00
dependabot[bot]
1b6c2470b0
chore(deps): bump github.com/docker/docker ( #2512 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 24.0.7+incompatible to 25.0.0+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v24.0.7...v25.0.0 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-19 10:04:07 -05:00
dependabot[bot]
ec802dfc80
chore(deps): bump actions/upload-artifact from 4.1.0 to 4.2.0 ( #2513 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.1.0 to 4.2.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](1eb3cb2b3e...694cdabd8b
2024-01-19 09:31:12 -05:00
dependabot[bot]
8845c938ce
chore(deps): bump anchore/sbom-action from 0.15.3 to 0.15.4 ( #2514 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.3 to 0.15.4.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](c7f031d924...41f7a6c033
2024-01-19 09:28:37 -05:00
dependabot[bot]
308dc6f9b8
chore(deps): bump github/codeql-action from 3.23.0 to 3.23.1 ( #2506 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.23.0 to 3.23.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](e5f05b81d5...0b21cf2492
2024-01-18 09:45:04 -05:00
dependabot[bot]
42dd04699f
chore(deps): bump github.com/google/go-containerregistry ( #2507 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.17.0 to 0.18.0.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.17.0...v0.18.0 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-18 09:44:45 -05:00
William Murphy
c816c73341
chore: enable automatic approval of dependabot PRs ( #2505 )
...
To reduce toil in this repo, enable dependabot PRs to be automatically
approved, but not merged. They are not automatically merged because if
the default GitHub token is used to automatically merge a PR, the
resulting commit will not trigger workflows on main. Rather than
generate a more potent token, just automatically review them, which
reduces toil by eliminating several clicks and page loads for
maintainers who are trying to merge dependabot PRs.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2024-01-18 08:35:23 -05:00
Alex Goodman
297ece6904
include binary cataloger configuration defaults ( #2504 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-17 17:06:37 +00:00
Laurent Goderre
5602c80edb
feat: classifier for wordpress cli binary ( #2473 )
...
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-01-17 11:42:03 -05:00
dependabot[bot]
fe271e89f6
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.2 to 6.5.3 ( #2502 )
...
Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty ) from 6.5.2 to 6.5.3.
- [Release notes](https://github.com/jedib0t/go-pretty/releases )
- [Commits](https://github.com/jedib0t/go-pretty/compare/v6.5.2...v6.5.3 )
---
updated-dependencies:
- dependency-name: github.com/jedib0t/go-pretty/v6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-17 10:07:57 -05:00
dependabot[bot]
0409eef615
chore(deps): bump actions/cache from 3.3.3 to 4.0.0 ( #2503 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.3.3 to 4.0.0.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](e12d46a63a...13aacd865c
2024-01-17 10:07:41 -05:00
anchore-actions-token-generator[bot]
bdda3481c7
chore(deps): update tools to latest versions ( #2500 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: spiffcs <spiffcs@users.noreply.github.com>
2024-01-17 10:33:11 +00:00
dependabot[bot]
6f4fb61a1c
chore(deps): bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 ( #2501 )
...
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl ) from 1.3.3 to 1.3.7.
- [Release notes](https://github.com/cloudflare/circl/releases )
- [Commits](https://github.com/cloudflare/circl/compare/v1.3.3...v1.3.7 )
---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-17 10:08:51 +00:00
Alex Goodman
313d9212b6
Add cataloger list command ( #2366 )
...
* add cataloger list command
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* chore: tidy go mod
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-01-16 09:41:58 -05:00
Alex Goodman
fb2b54a6dc
condense binary cataloger config in JSON output ( #2499 )
2024-01-16 09:18:18 -05:00
dependabot[bot]
3de5e98db1
chore(deps): bump actions/upload-artifact from 4.0.0 to 4.1.0 ( #2495 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](c7d193f32e...1eb3cb2b3e
2024-01-15 14:40:41 -05:00
dependabot[bot]
41601e60ca
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.2 to 6.5.3 ( #2494 )
...
Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty ) from 6.5.2 to 6.5.3.
- [Release notes](https://github.com/jedib0t/go-pretty/releases )
- [Commits](https://github.com/jedib0t/go-pretty/compare/v6.5.2...v6.5.3 )
---
updated-dependencies:
- dependency-name: github.com/jedib0t/go-pretty/v6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-15 14:40:33 -05:00
anchore-actions-token-generator[bot]
0748413d6b
chore(deps): update CPE dictionary index ( #2491 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
2024-01-15 05:56:34 +00:00
