anchore-actions-token-generator[bot]
d88ad07855
chore(deps): update tools to latest versions ( #4053 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-07-14 10:27:40 -04:00
dependabot[bot]
13986b7cea
chore(deps): bump golang.org/x/net from 0.41.0 to 0.42.0 ( #4056 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.41.0 to 0.42.0.
- [Commits](https://github.com/golang/net/compare/v0.41.0...v0.42.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-version: 0.42.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-14 10:27:10 -04:00
anchore-actions-token-generator[bot]
75db6527bc
chore(deps): update CPE dictionary index ( #4058 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-07-14 10:27:01 -04:00
dependabot[bot]
1c0ed133a3
chore(deps): bump github.com/olekukonko/tablewriter from 1.0.7 to 1.0.8 ( #4049 )
...
Bumps [github.com/olekukonko/tablewriter](https://github.com/olekukonko/tablewriter ) from 1.0.7 to 1.0.8.
- [Commits](https://github.com/olekukonko/tablewriter/compare/v1.0.7...v1.0.8 )
---
updated-dependencies:
- dependency-name: github.com/olekukonko/tablewriter
dependency-version: 1.0.8
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-08 15:27:02 -04:00
anchore-actions-token-generator[bot]
9928386d38
chore(deps): update CPE dictionary index ( #4050 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-07-08 15:26:50 -04:00
dependabot[bot]
9dd06981b4
chore(deps): bump github.com/hashicorp/hcl/v2 from 2.23.0 to 2.24.0 ( #4051 )
...
Bumps [github.com/hashicorp/hcl/v2](https://github.com/hashicorp/hcl ) from 2.23.0 to 2.24.0.
- [Release notes](https://github.com/hashicorp/hcl/releases )
- [Changelog](https://github.com/hashicorp/hcl/blob/main/CHANGELOG.md )
- [Commits](https://github.com/hashicorp/hcl/compare/v2.23.0...v2.24.0 )
---
updated-dependencies:
- dependency-name: github.com/hashicorp/hcl/v2
dependency-version: 2.24.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-08 15:26:34 -04:00
dependabot[bot]
f88be457ef
chore(deps): bump github.com/charmbracelet/bubbletea from 1.3.5 to 1.3.6 ( #4052 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 1.3.5 to 1.3.6.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/main/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v1.3.5...v1.3.6 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-version: 1.3.6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-08 15:26:26 -04:00
Keith Zantow
02703d5c80
feat: RHEL EUS detection ( #4023 )
...
* feat: rhel eus detection
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* chore: update tests
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* chore: update more tests
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* rename feature detection functions
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-07-07 14:11:20 +00:00
dependabot[bot]
9cbd52bdd7
chore(deps): bump anchore/sbom-action from 0.20.1 to 0.20.2 ( #4048 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.1 to 0.20.2.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](9246b90769...cee1b8e05a
2025-07-03 15:00:51 -04:00
anchore-actions-token-generator[bot]
e8b62ab9ac
chore(deps): update anchore dependencies ( #4047 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-07-02 16:09:46 +00:00
anchore-actions-token-generator[bot]
2af1bca83f
chore(deps): update anchore dependencies ( #4045 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-07-02 11:50:29 -04:00
Carlos Tadeu Panato Junior
2111d4d0e4
chore: upgrade tablewriter dependency to use new API ( #3990 )
...
* upgrade tablewriter
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
* remove header line whitespace
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix static analysis
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-07-01 16:16:16 -04:00
dependabot[bot]
179cc70a36
chore(deps): bump github.com/Masterminds/semver/v3 from 3.3.1 to 3.4.0 ( #4040 )
...
* chore(deps): bump github.com/Masterminds/semver/v3 from 3.3.1 to 3.4.0
Bumps [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver ) from 3.3.1 to 3.4.0.
- [Release notes](https://github.com/Masterminds/semver/releases )
- [Changelog](https://github.com/Masterminds/semver/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Masterminds/semver/compare/v3.3.1...v3.4.0 )
---
updated-dependencies:
- dependency-name: github.com/Masterminds/semver/v3
dependency-version: 3.4.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* update error message expectations
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-07-01 19:21:02 +00:00
Christopher Angelo Phillips
1e3d2a2927
chore: update tests to read from latest test-fixture-cache and fix cache publish ( #4042 )
...
* feat: update integration test with correct package for httpd
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
* chore: update integration and cli tests with new upstream expectations
- php interpreter 8.3.21 => 8.3.22
- runCycloneDXInDocker update for local arm64 qemu emulation CycloneDX
- getSyftBinaryLocationByOS update to detect arm64 v8.0 artifact path
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
* chore: add snalshot to test command for fixture builds
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
* chore: update cdx in docker for all GOOS
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-07-01 14:11:36 +00:00
dependabot[bot]
421afac532
chore(deps): bump github.com/mholt/archives from 0.1.2 to 0.1.3 ( #4032 )
...
Bumps [github.com/mholt/archives](https://github.com/mholt/archives ) from 0.1.2 to 0.1.3.
- [Release notes](https://github.com/mholt/archives/releases )
- [Commits](https://github.com/mholt/archives/compare/v0.1.2...v0.1.3 )
---
updated-dependencies:
- dependency-name: github.com/mholt/archives
dependency-version: 0.1.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-30 17:58:41 -04:00
dependabot[bot]
b0b10acb40
chore(deps): bump marocchino/sticky-pull-request-comment ( #4019 )
...
Bumps [marocchino/sticky-pull-request-comment](https://github.com/marocchino/sticky-pull-request-comment ) from 2.9.2 to 2.9.3.
- [Release notes](https://github.com/marocchino/sticky-pull-request-comment/releases )
- [Commits](67d0dec7b0...d2ad0de260
2025-06-30 17:58:32 -04:00
dependabot[bot]
b90028bd1f
chore(deps): bump sigstore/cosign-installer from 3.9.0 to 3.9.1 ( #4022 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.9.0 to 3.9.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/v3.9.0...v3.9.1 )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-version: 3.9.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-30 17:58:23 -04:00
anchore-actions-token-generator[bot]
b5a1b309ca
chore(deps): update tools to latest versions ( #4035 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-06-30 17:17:49 -04:00
anchore-actions-token-generator[bot]
841f963e70
chore(deps): update CPE dictionary index ( #4037 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-06-30 17:17:34 -04:00
dependabot[bot]
ba59f57bfe
chore(deps): bump github/codeql-action from 3.29.0 to 3.29.2 ( #4039 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.0 to 3.29.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ce28f5bb42...181d5eefc2
2025-06-30 17:17:20 -04:00
Alex Goodman
2bda086423
Add ability to scan snaps (as a source) ( #3929 )
2025-06-25 16:53:35 -04:00
anchore-actions-token-generator[bot]
4eb8ba4575
chore(deps): update CPE dictionary index ( #4021 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-06-23 11:30:19 -04:00
anchore-actions-token-generator[bot]
49115355d4
chore(deps): update tools to latest versions ( #4016 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-06-19 14:02:03 -04:00
anchore-actions-token-generator[bot]
d9eb1d7c1b
chore(deps): update tools to latest versions ( #4012 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-06-17 11:35:22 -04:00
dependabot[bot]
32a30f76c6
chore(deps): bump github.com/go-viper/mapstructure/v2 ( #4014 )
...
Bumps [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure ) from 2.2.1 to 2.3.0.
- [Release notes](https://github.com/go-viper/mapstructure/releases )
- [Changelog](https://github.com/go-viper/mapstructure/blob/main/CHANGELOG.md )
- [Commits](https://github.com/go-viper/mapstructure/compare/v2.2.1...v2.3.0 )
---
updated-dependencies:
- dependency-name: github.com/go-viper/mapstructure/v2
dependency-version: 2.3.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-17 11:35:09 -04:00
dependabot[bot]
b52b13c03c
chore(deps): bump sigstore/cosign-installer from 3.8.2 to 3.9.0 ( #4015 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.8.2 to 3.9.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/v3.8.2...v3.9.0 )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-version: 3.9.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-17 11:34:58 -04:00
anchore-actions-token-generator[bot]
0bfda2c514
chore(deps): update CPE dictionary index ( #4007 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-06-16 11:15:50 -04:00
dependabot[bot]
0b57d03958
chore(deps): bump anchore/sbom-action from 0.20.0 to 0.20.1 ( #4008 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.0 to 0.20.1.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](e11c554f70...9246b90769
2025-06-16 11:15:37 -04:00
dependabot[bot]
72f9c42562
chore(deps): bump github.com/google/go-containerregistry ( #4009 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.20.5 to 0.20.6.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.20.5...v0.20.6 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-version: 0.20.6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-16 11:15:22 -04:00
anchore-actions-token-generator[bot]
181e180284
chore(deps): update tools to latest versions ( #3992 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-06-13 10:38:44 -04:00
dependabot[bot]
c19558dd73
chore(deps): bump github/codeql-action from 3.28.19 to 3.29.0 ( #4000 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.28.19 to 3.29.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](fca7ace96b...ce28f5bb42
2025-06-12 10:37:53 -04:00
Keith Zantow
10f0631710
fix: provide separate nonroot image ( #3998 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-06-11 17:00:55 -04:00
Alex Goodman
96c34ffc43
account for non-import shapes ( #3997 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-06-11 13:11:40 -04:00
Alex Goodman
79b6d5daa4
Allow decoding of anchorectl json files ( #3973 )
...
* allow decoding of import sbom file shape
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* address formatting
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add file mode and type processing
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* use type to interpret the raw value
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* safe mode convert should use uint32
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* simpler decoder type
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-06-10 15:03:50 -04:00
dependabot[bot]
cfa7cc5be9
chore(deps): bump github.com/anchore/stereoscope ( #3991 )
...
Bumps [github.com/anchore/stereoscope](https://github.com/anchore/stereoscope ) from 0.1.5-0.20250604132324-344e29f37f05 to 0.1.5.
- [Release notes](https://github.com/anchore/stereoscope/releases )
- [Changelog](https://github.com/anchore/stereoscope/blob/main/RELEASE.md )
- [Commits](https://github.com/anchore/stereoscope/commits/v0.1.5 )
---
updated-dependencies:
- dependency-name: github.com/anchore/stereoscope
dependency-version: 0.1.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-10 11:47:40 -04:00
Alex Goodman
18f9b5ab58
remove benchmark utils ( #3982 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-06-09 18:24:49 +00:00
Keith Zantow
9090c69708
fix: exclude packages with SPDX GENERATED_FROM source package indication ( #3981 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-06-09 14:12:23 -04:00
dependabot[bot]
1396a14550
chore(deps): bump modernc.org/sqlite from 1.37.1 to 1.38.0 ( #3979 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.37.1 to 1.38.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.37.1...v1.38.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-version: 1.38.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-09 10:31:10 -04:00
dependabot[bot]
592bc0af7d
chore(deps): bump github.com/go-git/go-git/v5 from 5.16.1 to 5.16.2 ( #3978 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.16.1 to 5.16.2.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.16.1...v5.16.2 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-version: 5.16.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-09 10:26:47 -04:00
anchore-actions-token-generator[bot]
b6b8a8f52e
chore(deps): update tools to latest versions ( #3977 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-06-09 08:56:36 -04:00
anchore-actions-token-generator[bot]
a196cc9215
chore(deps): update CPE dictionary index ( #3976 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-06-09 08:56:18 -04:00
dependabot[bot]
12c8003317
chore(deps): bump golang.org/x/net from 0.40.0 to 0.41.0 ( #3970 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.40.0 to 0.41.0.
- [Commits](https://github.com/golang/net/compare/v0.40.0...v0.41.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-version: 0.41.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-06 10:23:02 -04:00
dependabot[bot]
0a25c0ec5c
chore(deps): bump github.com/sergi/go-diff ( #3971 )
...
Bumps [github.com/sergi/go-diff](https://github.com/sergi/go-diff ) from 1.3.2-0.20230802210424-5b0b94c5c0d3 to 1.4.0.
- [Commits](https://github.com/sergi/go-diff/commits/v1.4.0 )
---
updated-dependencies:
- dependency-name: github.com/sergi/go-diff
dependency-version: 1.4.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-06 10:22:54 -04:00
Christoph Blessing
5ae11bd1f7
Fix Python package dependency detection ( #3965 )
...
Previously a dependency relationship between two Python packages was not
detected if there were no parentheses around the version specifier in
the wheel metadata of the parent package. This commit allows detection
of such relationships.
Signed-off-by: Christoph Blessing <chris24.blessing@gmail.com>
2025-06-06 09:46:16 -04:00
John Vandenberg
bc1cbde4f7
fix: Remove three Rust crate false positive CPE matches ( #3967 )
...
Signed-off-by: John Vandenberg <jayvdb@gmail.com>
2025-06-06 04:29:06 -04:00
Michael Briley
868a6a7584
Harden Container Runtime with Non-Root User ( #3941 )
...
* Update Dockerfile
Signed-off-by: Michael Briley <michael.briley937@gmail.com>
* Update Dockerfile
Signed-off-by: Michael Briley <michael.briley937@gmail.com>
* Update validations.yaml
Signed-off-by: Michael Briley <michael.briley937@gmail.com>
* Update validations.yaml
Signed-off-by: Michael Briley <michael.briley937@gmail.com>
* Update Dockerfile
Signed-off-by: Michael Briley <michael.briley937@gmail.com>
* Update validations.yaml
Signed-off-by: Michael Briley <michael.briley937@gmail.com>
* Update Dockerfile
Signed-off-by: Michael Briley <michael.briley937@gmail.com>
* Update .goreleaser.yaml
Signed-off-by: Michael Briley <michael.briley937@gmail.com>
* Update .goreleaser.yaml
Signed-off-by: Michael Briley <michael.briley937@gmail.com>
* use distroless/static-debian12:nonroot directly
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* keep manual manifest curation
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove qemu usage
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add smoke test for snapshot
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* split up manifests section with comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* correct ci step name
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix arch condition
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* keep path prefix
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Michael Briley <michael.briley937@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-06-05 12:36:23 -04:00
John Vandenberg
bd894b9c4d
fix: Remove two Rust crate false positive CPE matches ( #3962 )
...
Rust crates opentelemetry and redis are being given CPEs that
match CVEs such as CVE-2023-45142 and CVE-2022-24735 respectively.
The vendor overrides added here prevent that.
Signed-off-by: John Vandenberg <jayvdb@gmail.com>
2025-06-05 10:28:54 -04:00
dependabot[bot]
c36c69779a
chore(deps): bump golang.org/x/mod from 0.24.0 to 0.25.0 ( #3963 )
...
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.24.0 to 0.25.0.
- [Commits](https://github.com/golang/mod/compare/v0.24.0...v0.25.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-version: 0.25.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-05 13:46:58 +00:00
dependabot[bot]
cd23ccc6e6
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.12 to 0.5.13 ( #3964 )
...
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) from 0.5.12 to 0.5.13.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.12...v0.5.13 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-version: 0.5.13
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-05 13:45:40 +00:00
Keith Zantow
71d84603c1
fix: bump stereoscope to fix symlink performance issue ( #3953 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-06-04 15:50:03 +00:00
