Nathan Voss
b505317e10
Expanded dpkg cataloger globs ( #3373 )
...
Signed-off-by: Nathan Voss <njvoss299@gmail.com>
2024-10-23 14:59:28 +00:00
Ariel Miculas-Trif
06d300e662
Enable cargo-auditable-binary-cataloger for files/directories ( #3376 )
...
Especially when scanning a single binary file, the
cargo-auditable-binary-cataloger should run and report the rust binary's
dependencies:
```
scan --select-catalogers rust <binary_file>
```
This is in line with other binary catalogers, such as the
go-module-binary-cataloger.
Signed-off-by: Ariel Miculas-Trif <amiculas@cisco.com>
2024-10-23 14:55:04 +00:00
dependabot[bot]
80333d39e3
chore(deps): bump github/codeql-action from 3.26.13 to 3.27.0 ( #3374 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.13 to 3.27.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f779452ac5...662472033e
2024-10-23 10:47:12 -04:00
dependabot[bot]
11335466b6
chore(deps): bump github.com/charmbracelet/lipgloss ( #3375 )
...
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss ) from 0.13.0 to 0.13.1.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases )
- [Changelog](https://github.com/charmbracelet/lipgloss/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.13.0...v0.13.1 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-23 10:46:52 -04:00
anchore-actions-token-generator[bot]
260d80974f
chore(deps): update stereoscope to 6db3c175f1f836e552b01ee70e5d5528cc04bce4 ( #3362 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-10-22 12:23:29 -04:00
dependabot[bot]
fc524a0565
chore(deps): bump actions/cache from 4.1.1 to 4.1.2 ( #3364 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.1.1 to 4.1.2.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](3624ceb22c...6849a64899
2024-10-22 12:23:13 -04:00
dependabot[bot]
b5cde1304b
chore(deps): bump anchore/sbom-action from 0.17.4 to 0.17.5 ( #3365 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.4 to 0.17.5.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](8d0a6505bf...1ca97d9028
2024-10-22 12:22:27 -04:00
dependabot[bot]
6a2898e00d
chore(deps): bump github.com/go-git/go-billy/v5 from 5.5.0 to 5.6.0 ( #3367 )
...
Bumps [github.com/go-git/go-billy/v5](https://github.com/go-git/go-billy ) from 5.5.0 to 5.6.0.
- [Release notes](https://github.com/go-git/go-billy/releases )
- [Commits](https://github.com/go-git/go-billy/compare/v5.5.0...v5.6.0 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-billy/v5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-22 12:22:19 -04:00
Alex Goodman
e4e985b9b0
Create single license scanner for all catalogers ( #3348 )
...
* add single license scanner instance
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* rename testing license scanner
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-10-21 16:17:12 +00:00
anchore-actions-token-generator[bot]
14355aac21
chore(deps): update stereoscope to a38c93517fc7d67ca1af826ac529a06c05b571d2 ( #3357 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-10-21 10:05:43 -04:00
anchore-actions-token-generator[bot]
e38825a0a2
chore(deps): update CPE dictionary index ( #3358 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-10-21 10:04:25 -04:00
dependabot[bot]
5a37b4a996
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.0 to 6.6.1 ( #3361 )
...
Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty ) from 6.6.0 to 6.6.1.
- [Release notes](https://github.com/jedib0t/go-pretty/releases )
- [Commits](https://github.com/jedib0t/go-pretty/compare/v6.6.0...v6.6.1 )
---
updated-dependencies:
- dependency-name: github.com/jedib0t/go-pretty/v6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-21 14:02:07 +00:00
Alex Goodman
56dbb342ef
update to latest packageurl-go ( #3347 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-10-18 14:47:02 -04:00
anchore-actions-token-generator[bot]
3267545097
chore(deps): update tools to latest versions ( #3342 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-10-17 10:05:38 -04:00
anchore-actions-token-generator[bot]
7adbdfe624
chore(deps): update stereoscope to 9e57bce5efeb0ffe27770dd0b8eb2eef8b38512f ( #3338 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-10-17 10:05:18 -04:00
dependabot[bot]
f2646d0156
chore(deps): bump github.com/adrg/xdg from 0.5.0 to 0.5.1 ( #3344 )
...
Bumps [github.com/adrg/xdg](https://github.com/adrg/xdg ) from 0.5.0 to 0.5.1.
- [Release notes](https://github.com/adrg/xdg/releases )
- [Commits](https://github.com/adrg/xdg/compare/v0.5.0...v0.5.1 )
---
updated-dependencies:
- dependency-name: github.com/adrg/xdg
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-17 09:58:16 -04:00
Weston Steimel
5b9601d9c6
fix: use official CPE for linux kernel ( #3343 )
...
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-10-17 12:01:40 +00:00
dependabot[bot]
80c8bc1afb
chore(deps): bump anchore/sbom-action from 0.17.3 to 0.17.4 ( #3340 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.3 to 0.17.4.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](f5e124a5e5...8d0a6505bf
2024-10-16 12:44:07 -04:00
Weston Steimel
d7194bb00f
fix: improve mariadb binary classifer to detect older versions ( #3339 )
...
With older versions of mariadb the binary name was `mysql`, so this
adjusts the binary classifier to additionally search for the expected
version pattern in `mysql` binaries.
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-10-16 12:43:50 -04:00
William Murphy
754cebee64
fix: stop some log.Warn spam due parsing an empty string as a CPE ( #3330 )
...
* chore: don't try to parse empty string as CPE
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* chore: improve OS name and version extraction from ELF metadata
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
---------
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2024-10-15 08:50:47 -04:00
anchore-actions-token-generator[bot]
138c6e3420
chore(deps): update stereoscope to 1cc8a41d447d0d092699be2b700b8ba62e870434 ( #3334 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <12529630+willmurphyscode@users.noreply.github.com>
2024-10-15 12:45:07 +00:00
anchore-actions-token-generator[bot]
5c0df6386f
chore(deps): update stereoscope to 1cc8a41d447d0d092699be2b700b8ba62e870434 ( #3332 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <12529630+willmurphyscode@users.noreply.github.com>
2024-10-14 21:37:26 +00:00
anchore-actions-token-generator[bot]
7c69367b65
chore(deps): update stereoscope to 93f8a11331e3d50f751e4d0ec5b63f3df309e9e5 ( #3331 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <12529630+willmurphyscode@users.noreply.github.com>
2024-10-14 20:03:16 +00:00
dependabot[bot]
39146aaf62
chore(deps): bump anchore/sbom-action from 0.17.2 to 0.17.3 ( #3326 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.2 to 0.17.3.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](61119d458a...f5e124a5e5
2024-10-14 11:46:47 -04:00
dependabot[bot]
67faca4208
chore(deps): bump github/codeql-action from 3.26.12 to 3.26.13 ( #3327 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.12 to 3.26.13.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](c36620d31a...f779452ac5
2024-10-14 14:06:08 +00:00
anchore-actions-token-generator[bot]
f6e5405eb8
chore(deps): update CPE dictionary index ( #3323 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-10-14 09:42:20 -04:00
Weston Steimel
e962c10da7
fix: improve go binary semver extraction for traefik ( #3325 )
...
Improves the go cataloger semver extraction logic to include getting the
release version of traefik. This is based off of the regex pattern that
already existed in the traefik binary classifier.
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-10-14 09:41:34 -04:00
anchore-actions-token-generator[bot]
8095f7b8c1
chore(deps): update stereoscope to 92e97a1cf36d162bad51ccc6aba0cce7a4dcfbf4 ( #3322 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-10-13 10:53:58 -04:00
anchore-actions-token-generator[bot]
84877369e5
chore(deps): update stereoscope to c04af061af62ab3ba6ab6760613526eaa7fcb163 ( #3319 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-10-11 12:30:20 -04:00
dependabot[bot]
6124d72a29
chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.6.1 to 4.7.0 ( #3321 )
...
Bumps [github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar ) from 4.6.1 to 4.7.0.
- [Release notes](https://github.com/bmatcuk/doublestar/releases )
- [Commits](https://github.com/bmatcuk/doublestar/compare/v4.6.1...v4.7.0 )
---
updated-dependencies:
- dependency-name: github.com/bmatcuk/doublestar/v4
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-11 10:09:14 -04:00
dependabot[bot]
c2c8c793d2
chore(deps): bump actions/upload-artifact from 4.4.1 to 4.4.3 ( #3314 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.4.1 to 4.4.3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](604373da63...b4b15b8c7c
2024-10-11 05:17:35 -04:00
Alex Goodman
fbff87fc6d
shorten release docs ( #3318 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-10-11 05:17:01 -04:00
William Murphy
0c71bf23c5
docs: clearer deprecation message for --file ( #3310 )
...
It's not clear to users that they shoudl use --output FORMAT=PATH
instead of --file. Directly suggest the FORMAT=PATH syntax.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2024-10-10 13:11:45 -04:00
Alan Pope
b62b0cb800
[docs] Add mastodon link to README.md ( #3306 )
...
Hello friends.
This follows the same pattern as the other badges at the top of the readme. It adds the mastodon link to the Syft account.
This also means that the link back here from the Mastodon account's profile page will show as 'Validated' once landed, which gives more authenticity to the account.
Signed-off-by: Alan Pope <alan.pope@anchore.com>
2024-10-10 15:28:55 +01:00
anchore-actions-token-generator[bot]
223a52d07e
chore(deps): update stereoscope to 5bc91bf166769e43d8d0f86c02e877c55eb04aed ( #3313 )
2024-10-10 06:03:55 -04:00
dependabot[bot]
5d068f30c0
chore(deps): bump actions/cache from 4.1.0 to 4.1.1 ( #3312 )
2024-10-10 06:01:06 -04:00
dependabot[bot]
5d165e0230
chore(deps): bump github/codeql-action from 3.26.11 to 3.26.12 ( #3307 )
2024-10-09 08:07:36 -04:00
dependabot[bot]
56ed131247
chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 ( #3308 )
2024-10-09 08:07:14 -04:00
dependabot[bot]
37c179b530
chore(deps): bump actions/upload-artifact from 4.4.0 to 4.4.1 ( #3309 )
2024-10-09 08:06:49 -04:00
Keith Zantow
ccbee94b87
feat: report unknowns in sbom ( #2998 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-10-07 16:11:37 -04:00
dependabot[bot]
4d7ed9f749
chore(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0 ( #3299 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.6.0 to 3.7.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/v3.6.0...v3.7.0 )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-07 15:21:34 -04:00
anchore-actions-token-generator[bot]
4c4e5cb06c
chore(deps): update stereoscope to efa76446cc1c7e6c4117350943a2754b2453aec4 ( #3301 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-10-07 15:21:26 -04:00
dependabot[bot]
8b6159dbd8
chore(deps): bump golang.org/x/net from 0.29.0 to 0.30.0 ( #3304 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.29.0 to 0.30.0.
- [Commits](https://github.com/golang/net/compare/v0.29.0...v0.30.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-07 15:20:38 -04:00
dependabot[bot]
7b30ce15d7
chore(deps): bump actions/cache from 4.0.2 to 4.1.0 ( #3305 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.0.2 to 4.1.0.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](0c45773b62...2cdf405574
2024-10-07 15:20:29 -04:00
anchore-actions-token-generator[bot]
27ee203495
chore(deps): update CPE dictionary index ( #3302 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-10-07 15:20:12 -04:00
Piotr Radkowski
3b9c55d28b
Fix: Parse package.json with non-standard fields in 'author' section ( #3300 )
...
* Improved parsing of package.json 'author' section
Signed-off-by: Piotr Radkowski <piotr.radkowski@contractors.roche.com>
* test: parse 'package.json' files with non-standard fields in author section
Signed-off-by: Piotr Radkowski <piotr.radkowski@contractors.roche.com>
---------
Signed-off-by: Piotr Radkowski <piotr.radkowski@contractors.roche.com>
Co-authored-by: Piotr Radkowski <piotr.radkowski@contractors.roche.com>
2024-10-07 10:26:04 -04:00
dependabot[bot]
25f5c6729f
chore(deps): bump github/codeql-action from 3.26.10 to 3.26.11 ( #3298 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.10 to 3.26.11.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](e2b3eafc8d...6db8d6351f
2024-10-05 09:25:01 -04:00
William Murphy
0d457142cc
chore: add pull request template ( #3294 )
...
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2024-10-05 09:05:11 -04:00
anchore-actions-token-generator[bot]
fc8457418a
chore(deps): update tools to latest versions ( #3296 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-10-05 07:32:32 -04:00
Alex Goodman
13c6876906
Track supporting DPKG evidence ( #3228 )
...
* add dpkg evidence support
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* use path over filepath
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-10-04 11:07:29 -04:00
