oss/syft - syft - Sa' Rocí Solutions

oss/syft

mirror of https://github.com/anchore/syft.git synced 2025-11-17 16:33:21 +01:00

Author	SHA1	Message	Date
Luca Comellini	6b2dc08ffb	Add dependabot (#1451 ) Signed-off-by: Luca Comellini <luca.com@gmail.com> Signed-off-by: Luca Comellini <luca.com@gmail.com>	2023-01-18 09:29:24 -05:00
Christopher Angelo Phillips	03971ace43	chore: use checkout v3 with new depth (#1471 )	2023-01-17 21:26:39 +00:00
Christopher Angelo Phillips	07aee798b0	chore: use checkout v2 for tag depth (#1470 )	2023-01-17 21:03:29 +00:00
Alex Goodman	05611c283d	bootstrap within composite action (#1461 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2023-01-17 10:04:22 -05:00
Weston Steimel	e87cfe7319	chore: remove bumping cosign in go.mod when updating bootstrap tools (#1452 )	2023-01-12 16:21:01 -05:00
Alex Goodman	e0acfa98c7	add s3 credentials to release (#1309 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-11-02 15:48:37 +00:00
Keith Zantow	35f0f2931e	chore: update goreleaser brew token (#1306 )	2022-11-02 10:05:20 -04:00
Keith Zantow	ba57f3db51	chore: update github token permissions for goreleaser (#1305 )	2022-11-01 16:28:37 +00:00
Christopher Angelo Phillips	4c5c6f6319	fix: update ci secret to use new password (#1304 )	2022-11-01 14:30:29 +00:00
Christopher Angelo Phillips	1b69fbd566	fix: update secret value to use new cert cahin (#1303 ) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-11-01 00:05:40 +00:00
Alex Goodman	28cadfdb5d	replace signing tooling with quill (#1280 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-10-24 13:03:10 -04:00
Christopher Angelo Phillips	6e764815d0	fix: move reproduction to top of issue (#1264 )	2022-10-19 12:51:38 -04:00
Keith Zantow	b20310eaf8	Add gosimports (#1205 )	2022-09-14 13:38:18 -04:00
Keith Zantow	70db13d49e	Add RPM file scanning support (#1188 )	2022-09-07 14:16:30 -04:00
Weston Steimel	6949a2500f	Fix update-bootstrap-tools workflow (#1170 )	2022-08-22 16:17:28 +00:00
Weston Steimel	5282820b5d	workflow to create automated PRs to update bootstrap tools (#1167 )	2022-08-22 11:28:24 -04:00
Keith Zantow	69bde44c6e	Update stereoscope to get rid of the replace directive (#1140 )	2022-08-03 12:24:20 -04:00
Christopher Angelo Phillips	f5d02d4e52	improve docker release bootstrap (#1136 )	2022-08-02 15:44:24 +00:00
Christopher Angelo Phillips	b7f587f5dc	remove docker login from keychain (#1135 )	2022-08-02 09:42:12 -04:00
Christopher Angelo Phillips	d196ab70a0	remove ENV checks from siging script (#1134 )	2022-08-01 22:08:41 +00:00
Christopher Angelo Phillips	1bf97af3fb	remove docker assets from main goreleaser configuration to reduce mac-os runner friction (#1133 )	2022-08-01 21:08:38 +00:00
Christopher Angelo Phillips	ca69fb8370	remove prefixed v from tag to match release (#1131 )	2022-08-01 15:07:58 +00:00
Christopher Angelo Phillips	8f21180681	rollback actions-setup-docker to earlier version (#1130 )	2022-08-01 14:10:50 +00:00
Christopher Angelo Phillips	20ad59ad1b	Delete pr_action.yaml (#1120 )	2022-07-27 17:12:00 +00:00
Christopher Angelo Phillips	ba685eada8	Add PR action back to workflow with new token (#1086 )	2022-07-06 09:31:51 -04:00
Christopher Angelo Phillips	3ce1a4aac1	remove pr automation until service account creation (#1080 )	2022-06-30 21:43:24 +00:00
Christopher Angelo Phillips	f35a252ecf	add workflows to test new project automation (#1023 )	2022-06-08 09:42:53 -04:00
Keith Zantow	321eddf874	Auto-PR needs to run go mod tidy (#958 )	2022-04-13 16:30:35 -04:00
Keith Zantow	25bf679f8f	Add workflow for automatic PR for new stereoscope updates (#954 )	2022-04-13 13:20:40 -04:00
Alex Goodman	e415bb21e7	Update write permissions and log into ghcr.io for release (#942 )	2022-04-06 21:15:55 +00:00
Alex Goodman	7f9edf346a	Bump golangci-lint to 1.45.0 (#909 )	2022-03-22 11:02:36 -04:00
Jonas Xavier	6ef3e45ffc	Use go 1.18 buildinfo to catalog binaries (#827 ) * initial working version Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * added build settings to pkg metadata wip - unit tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * handle mach-O FatFiles Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add support to mod replace fixed golang catalger tests trying GH Actions with go 1.18rc1 Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * log error Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * use go-macholibre for extraction Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * cleaner tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add version to main module Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * check macho file with macholibre Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * run golangci in its own workflow Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip - golangci workflow Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix golangci wf yml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix golangci wf yml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip - golangci wf Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip - golangci wf Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * get arch from bin file headers upgrade macholibre Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * test new stereoscope lazy reader interface Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove devel version from golang cataloger Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * switch github workflows to go1.18 stable Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add union reader interface in golang cataloger update stereoscope Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * simpler golangci validation Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix makefile Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * get archs refactor Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * nolint for golang version Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix go bin tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * golangci nolint needs a \n before package Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * cleanup Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * move golangci-lint to its own jobs again Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix ci yaml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add support for xcoff files add arch assets to test bin file types Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * clean up golangci-lint config Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * nolint for xcoff Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * explain nolints Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove unused xcoff testdata assets Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * make go bin test-fixtures in docker Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix make clean with -f Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * update json output schema Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * update schema version in test fixture Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * explain possible empty main module Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-03-16 17:07:02 -07:00
Keith Zantow	c7cf8b0b26	Brew install gon failed (#885 )	2022-03-11 13:17:57 -05:00
Alex Goodman	635904fcb6	Reduce PR check failures (#858 )	2022-03-02 17:51:37 +00:00
Alex Goodman	24cd39089a	Share import mac code signing certificate steps for release (#851 )	2022-02-25 20:07:03 -05:00
Christopher Angelo Phillips	256e85bc12	510 - SBOM attestation stdout (#785 ) add syft attest command to produce an attestation as application/vnd.in-toto+json to standard out using on disk PKI Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-02-22 21:45:12 -05:00
Alex Goodman	55c7f3d1e7	Upgrade install.sh to support installations for previous versions (#830 )	2022-02-15 22:23:11 +00:00
Christopher Angelo Phillips	8f96adacfb	Upgrade golang to 1.17 (#809 ) * initial upgrade workflow Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * update go.mod Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-02-09 11:08:24 -05:00
Alex Goodman	b78c90d018	use parent dir for notarization zip (#804 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-02-07 22:50:48 +00:00
Alex Goodman	2c62651c82	run signing as post-build step (#803 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-02-07 16:55:15 -05:00
Alex Goodman	950ad681a0	Stabilize CI behavior (#796 ) * reduce parallelism of builds and increase install.sh test setup buffer Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * change logging mechanism for signing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * restore automatic parallelism determination for goreleaser Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rm logging goreleaser version Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-02-07 07:55:11 -08:00
Alex Goodman	e474b2f23c	docker auth must occur after setting up prod keychain (#795 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-02-05 15:23:05 +00:00
Alex Goodman	e7bef5e511	split signing setup into pre-release hook (#794 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-02-04 16:49:42 -05:00
Alex Goodman	e4ac7700dd	pass notarize arg, not original archive (#793 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-02-04 19:44:37 +00:00
Alex Goodman	d3469801fc	repackage all file in notarization temp dir (not from tar output) (#792 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-02-04 19:04:15 +00:00
Alex Goodman	3f50bb8fa7	tput requires explicit terminal type in CI (#791 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-02-04 18:23:30 +00:00
Alex Goodman	341288ba29	Normalize snapshot and release artifacts (#789 ) * refactor signing steps in release/snapshot workflows Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * show signing logs on snapshot or release failure Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update install.sh + tests to account for new goreleaser changes Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update cli tests to account for new goreleaser build names Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix acceptance test to use new snapshot bin path Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add notarization Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * address review comments Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-02-04 12:41:37 -05:00
Alex Goodman	f38b0b7256	Refactor install.sh (#765 ) * [wip] get assets based on gh api Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * put install.sh download_asset fn under test Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * put install.sh install_asset fn under test Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * use zip for darwin installs Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix install.sh negative test cases Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * allow errors to propagate in install.sh Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove exit on error from install.sh tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add more docs around install.sh helpers Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add integration tests for install.sh Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add install.sh testing to pipeline Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add install test cache to CI Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * make colors globally available Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * test download against github release Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * always test release-based install against latest release Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * use better install.sh test names Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-02-01 16:58:47 -05:00
Alex Goodman	a18fbacae7	Revert "bump goreleaser to v1.2 (#720 )" (#731 ) This reverts commit 8535ee5b2e0f2c279e8407bfa4ce3d96d37a2fde. Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2022-01-03 15:19:00 +00:00
Alex Goodman	8535ee5b2e	bump goreleaser to v1.2 (#720 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2021-12-22 20:37:48 +00:00

... 3 4 5 6 7

327 Commits