Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
devel:kubic
grype
grype.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File grype.changes of Package grype
------------------------------------------------------------------- Tue Oct 29 14:02:25 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.83.0: * bump syft to v1.15.0, sterescope to v0.0.5 (#2219) * Add `grype db providers` command (#2174) * chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.1 to 1.1.2 (#2214) * chore(deps): update tools to latest versions (#2213) * docs: update config section to be valid, reference config subcommand (#2218) * chore(deps): bump github.com/charmbracelet/lipgloss (#2207) * chore(deps): bump github/codeql-action from 3.26.13 to 3.27.0 (#2208) * chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#2209) * chore(deps): bump actions/setup-go from 5.0.2 to 5.1.0 (#2211) * feat: multi-level configuration and profiles (#2194) * chore(deps): bump actions/cache from 4.1.1 to 4.1.2 (#2204) * chore(deps): bump anchore/sbom-action from 0.17.4 to 0.17.5 (#2205) ------------------------------------------------------------------- Tue Oct 22 07:09:22 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.82.2: * Update to Syft v1.14.2 (#2203) * Updated README.md with correct spellings & phrase. (#2201) * chore(deps): bump github.com/adrg/xdg from 0.5.0 to 0.5.1 (#2198) * chore(deps): update tools to latest versions (#2196) * fix: azurelinux considered as comprehensive distro (#2197) * chore(deps): bump anchore/sbom-action from 0.17.3 to 0.17.4 (#2193) ------------------------------------------------------------------- Tue Oct 15 15:36:39 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.82.1: * chore(deps): update Syft to v1.14.1 (#2191) * dependency: bump syft to main pre-release (#2189) * chore(deps): bump github/codeql-action from 3.26.12 to 3.26.13 (#2183) * Skip matching on packages with missing version info (#2182) * chore(deps): bump anchore/sbom-action from 0.17.2 to 0.17.3 (#2184) * chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.5 to 1.4.6 (#2185) * Account for implicit 0s in rpm release versions (#2188) * chore: bump syft in quality gate to v1.14.0 (#2187) * use epoch from metadata when missing from version string (#2186) * fix: exclude binary packages from CPE target software component filter logic (#2179) * add release docs (#2177) * chore(deps): bump actions/upload-artifact from 4.4.2 to 4.4.3 (#2176) * chore(deps): bump actions/upload-artifact from 4.4.1 to 4.4.2 (#2173) * chore(deps): bump actions/cache from 4.0.2 to 4.1.1 (#2172) * [chore] Add mastodon link to README.md (#2166) * chore(deps): bump actions/upload-artifact from 4.4.0 to 4.4.1 (#2167) * chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#2168) * chore(deps): bump github/codeql-action from 3.26.11 to 3.26.12 (#2169) ------------------------------------------------------------------- Wed Oct 09 04:39:05 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.82.0: * chore(deps): update Syft to v1.14.0 (#2164) * fix: use fix info from secDB in APK matcher even if NVD fix info present (#2162) * chore(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0 (#2159) * chore(deps): bump github/codeql-action from 3.26.10 to 3.26.11 (#2160) * chore(deps): update tools to latest versions (#2157) * Add v6 DB metadata store (#2146) * feat: remove `wordpress` from `known` targets due to wordpress cataloger support syft/#1553 * Add a space following the "Name:" label (#2155) * chore(deps): update tools to latest versions (#2154) * test: update quality gate db to latest version (#2153) * explicitly skip update ts on check failure (#2152) * port over tar/xz decompressors (#2139) * chore(deps): bump github/codeql-action from 3.26.9 to 3.26.10 (#2149) * chore(deps): bump github.com/docker/docker (#2147) * implement a low pass filter for update checks (#2148) * migrate legacy distribution concerns (#2144) * chore(deps): bump github/codeql-action from 3.26.8 to 3.26.9 (#2142) * chore(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#2145) ------------------------------------------------------------------- Thu Sep 26 05:02:11 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.81.0: * add awaiting response management (#2141) * feat: add distro mapping for azure linux 3 (#1848) ------------------------------------------------------------------- Tue Sep 24 17:22:08 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.80.2: * chore(deps): update Syft to v1.13.0 (#2140) * Correctly match JVM version ranges (#2114) * chore: switch to yardstick validate from custom gate.py (#2090) * chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.0 to 0.9.1 (#2118) * chore(deps): update tools to latest versions (#2123) * chore(deps): bump github/codeql-action from 3.26.7 to 3.26.8 (#2135) * chore(deps): bump peter-evans/create-pull-request from 7.0.2 to 7.0.5 (#2136) * test: fix slice init length (#2133) * fix: hash vuln db only once on load (#2054) * chore: include file specifier in help (#2121) * docs: add mention of file scheme (#2120) * fix(apk): find secdb entries for origin packages (#1602) * chore(deps): update tools to latest versions (#2115) * chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7 (#2113) * chore(deps): update tools to latest versions (#2102) * chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.0 to 1.1.1 (#2109) * chore(deps): bump peter-evans/create-pull-request from 7.0.1 to 7.0.2 (#2111) ------------------------------------------------------------------- Thu Sep 12 05:00:44 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.80.1: * chore(deps): bump github.com/anchore/syft from 1.11.1 to 1.12.2 (#2108) * fix: Update gitmodule url (#2106) * chore(deps): bump gorm.io/gorm from 1.25.11 to 1.25.12 (#2103) * chore(deps): bump github.com/dave/jennifer from 1.7.0 to 1.7.1 (#2105) * chore(deps): bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 (#2098) * chore(deps): bump peter-evans/create-pull-request from 7.0.0 to 7.0.1 (#2099) * chore(deps): bump github.com/anchore/stereoscope (#2074) * chore(deps): bump github.com/docker/docker (#2086) * chore(deps): bump github/codeql-action from 3.26.4 to 3.26.6 (#2089) * chore(sec): update Golang and runc to latest releases (#2091) CVE-2024-3154 * chore(deps): bump github.com/charmbracelet/bubbletea (#2092) * chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.3 to 3.3.0 (#2093) * test: update quality gate db to latest version (#2094) * chore(deps): bump actions/upload-artifact from 4.3.6 to 4.4.0 (#2096) * chore(deps): bump peter-evans/create-pull-request from 6.1.0 to 7.0.0 (#2097) * chore(deps): update tools to latest versions (#2082) * docs(templates): escape description in junit.tmpl (#2088) * chore(deps): update tools to latest versions (#2080) * chore(deps): bump github/codeql-action from 3.26.3 to 3.26.4 (#2078) * chore(deps): bump anchore/sbom-action from 0.17.1 to 0.17.2 (#2079) * chore(deps): update tools to latest versions (#2072) * chore(deps): bump github.com/charmbracelet/lipgloss (#2073) * chore: bump quality gate vuln match labels data (#2069) ------------------------------------------------------------------- Wed Aug 21 06:33:12 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.80.0: * chore(deps): bump github/codeql-action from 3.26.2 to 3.26.3 (#2070) * chore(deps): update Syft to v1.11.1 (#2071) * chore: add grype version to db network operations (#2062) * fix: do not panic when given empty string arg (#2064) * chore(deps): bump github.com/charmbracelet/bubbletea (#2067) * fix: correctly close the db file in v4/v5 stores (#2066) * Add "Alpine Linux" to IDMapping; handle no CPEs error in findApkPackage. (#2040) * chore(deps): update tools to latest versions (#2055) * chore(deps): bump github.com/docker/docker (#2052) * fix: fail when grype cant check for db update (#1247) * chore(deps): bump anchore/sbom-action from 0.17.0 to 0.17.1 (#2053) * chore(deps): bump github.com/hashicorp/go-getter from 1.7.5 to 1.7.6 (#2056) * chore(deps): bump github/codeql-action from 3.26.0 to 3.26.2 (#2060) * feat: add db search subcommand (#2031) ------------------------------------------------------------------- Mon Aug 12 18:29:35 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.79.6: * do not fail when inflating DB records (#2049) * chore: remove quality gate Makefile db age check (#2036) * doc: Updates for the Slack to Discourse migration (#2046) ------------------------------------------------------------------- Mon Aug 12 06:25:09 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.79.5: * feat: update to Syft 1.11.0 (#2047) * fix: higher default timeout for database download (#2033) * chore(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0 (#2045) * chore(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 (#2035) * chore(deps): update tools to latest versions (#2038) * chore(deps): bump github.com/google/go-containerregistry (#2043) * chore(deps): bump github/codeql-action from 3.25.15 to 3.26.0 (#2044) * test: update quality gate db to latest version (#2034) * chore(deps): update tools to latest versions (#2027) * chore(deps): bump actions/upload-artifact from 4.3.4 to 4.3.5 (#2028) * chore: add grype version to application update check headers (#2021) * test: update quality gate db to latest version (#2026) * chore: use the .tool/gh for release script (#2022) ------------------------------------------------------------------- Thu Aug 01 07:21:37 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.79.4: * chore(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 (#2016) * chore(deps): update Syft to v1.10.0 (#2019) * chore(deps): bump github/codeql-action from 3.25.14 to 3.25.15 (#2011) * chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.4 to 1.4.5 (#2012) * chore(deps): update tools to latest versions (#2015) * chore(deps): bump github/codeql-action from 3.25.13 to 3.25.14 (#2010) * disable ui before run function on db status (#2008) * chore(deps): bump github.com/docker/docker (#2007) * chore(deps): update tools to latest versions (#2003) * chore(deps): bump github.com/docker/docker (#2000) * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.4 to 0.5.5 (#2001) * chore(deps): bump docker/login-action from 3.2.0 to 3.3.0 (#2002) * chore(deps): bump github/codeql-action from 3.25.12 to 3.25.13 (#1999) * chore: request artifact in issue template (#1996) * chore(deps): update tools to latest versions (#1998) * docs: CODE_OF_CONDUCT.md (#1994) * chore(deps): bump github.com/google/go-containerregistry (#1997) * chore(deps): bump anchore/sbom-action from 0.16.1 to 0.17.0 (#1992) * chore(deps): update tools to latest versions (#1989) * chore(deps): bump github/codeql-action from 3.25.11 to 3.25.12 (#1990) * chore(deps): bump github.com/charmbracelet/lipgloss (#1991) ------------------------------------------------------------------- Tue Jul 16 05:52:51 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.79.3: * chore(deps): bump gorm.io/gorm from 1.25.10 to 1.25.11 (#1985) * chore(deps): bump anchore/sbom-action from 0.16.0 to 0.16.1 (#1981) * chore(deps): bump actions/setup-go from 5.0.1 to 5.0.2 (#1982) * chore(deps): update Syft to v1.9.0 (#1986) * fix: correct cpe target software comparison to syft language (#1658) * chore(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4 (#1977) * docs: update readme with new default format (#1974) ------------------------------------------------------------------- Wed Jul 03 15:45:38 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.79.2: * chore(deps): bump github/codeql-action from 3.25.10 to 3.25.11 (#1968) * chore(deps): update tools to latest versions (#1969) * test: update quality gate db to latest version (#1972) * chore: pin new sign installer to commit sha (#1966) * chore(deps): bump github.com/charmbracelet/bubbletea (#1963) * chore(deps): update tools to latest versions (#1962) * chore: add workflow to update quality test db (#1961) * chore(deps): bump github.com/anchore/syft from 1.7.0 to 1.8.0 (#1957) * chore(deps): bump github.com/go-test/deep from 1.1.0 to 1.1.1 (#1958) * chore(deps): bump github.com/hashicorp/go-getter from 1.7.4 to 1.7.5 (#1959) * chore: update test_db_url; remove white space (#1960) * chore(deps): bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#1954) * chore(deps): bump github.com/charmbracelet/bubbletea (#1955) * chore: enable dependabot to keep boostrap action updated (#1953) * fix: use location RealPath not String() (#1950) ------------------------------------------------------------------- Tue Jun 18 10:49:00 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.79.1: * chore: update CI to install golang at latest version (#1949) * chore(deps): bump github.com/google/go-containerregistry (#1948) * chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#1947) ------------------------------------------------------------------- Sat Jun 15 16:15:49 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.79.0: * chore: Update syft v1.7.0 (#1945) * chore(deps): bump github/codeql-action from 3.25.8 to 3.25.10 (#1940) * chore(deps): update tools to latest versions (#1943) * fix match sort ordering for different locations (#1944) * chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 (#1941) * Updating maven URLs in README.md (#1934) * sort order for matches should consider fix info (#1933) * chore(deps): update tools to latest versions (#1925) * chore(deps): update tools to latest versions (#1921) * chore(deps): update tools to latest versions (#1919) * chore(deps): bump actions/checkout from 4.1.1 to 4.1.6 (#1920) * feat(signature): Checksum signature verification (#1670) * add skopeo to managed utilities (#1915) * chore(deps): bump github/codeql-action from 3.25.7 to 3.25.8 (#1909) * chore(deps): bump github.com/docker/docker (#1916) * remove dco workflow (#1914) * use dco tool during gh app outage (#1910) * chore(deps): bump github/codeql-action from 3.25.6 to 3.25.7 (#1901) * chore(deps): bump github.com/charmbracelet/bubbletea (#1902) * fix: add note about TMPDIR env var (#1880) * fix: uppercased package in json (#1900) * fix: main mod pseudo version default off (#1894) * chore(deps): update tools to latest versions (#1898) ------------------------------------------------------------------- Thu May 30 09:30:59 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.78.0: * update syft to v1.5.0 (#1897) * chore(deps): bump docker/login-action from 3.1.0 to 3.2.0 (#1896) * Update syft to 1.4.2-0.20240528141306-ac34808b9c55 (#1895) * chore(deps): bump github.com/charmbracelet/lipgloss (#1888) * chore(deps): bump github.com/hashicorp/go-version from 1.6.0 to 1.7.0 (#1887) * chore(deps): update tools to latest versions (#1891) * chore(deps): bump github.com/charmbracelet/bubbletea (#1890) * chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.3 to 1.4.4 (#1889) * chore(deps): update tools to latest versions (#1883) * feat: add config command (#1876) * disable TUI for simpler commands (#1872) * chore(deps): bump github.com/docker/docker (#1867) * chore(deps): bump actions/checkout from 4.1.5 to 4.1.6 (#1868) * chore(deps): update tools to latest versions (#1864) * chore(deps): bump github/codeql-action from 2.13.4 to 3.25.6 (#1870) * chore(deps): bump anchore/sbom-action from 0.15.11 to 0.16.0 (#1871) * chore(deps): update tools to latest versions (#1862) * chore: add top level permissions to new workflow (#1860) * chore(deps): update tools to latest versions (#1856) * chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 (#1858) * chore(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 (#1859) * fix: ask catalog for package rather than type asserting (#1857) ------------------------------------------------------------------- Sun May 12 07:52:24 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de> - add completion subpackages - fix version output ------------------------------------------------------------------- Fri May 10 05:07:49 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.77.4: * Upgrade tool management (#1842) * chore(deps): update Syft to v1.4.0 (#1855) * chore(deps): update bootstrap tools to latest versions (#1852) * chore(deps): bump github.com/charmbracelet/bubbletea (#1853) * chore(deps): bump github.com/docker/docker (#1854) * chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 (#1847) ------------------------------------------------------------------- Wed May 08 11:40:40 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.77.3: * Revert "feat: modify metadata structure for providers' pull date (#1795)" (#1846) * chore(deps): bump github.com/charmbracelet/bubbletea (#1844) * chore(deps): update bootstrap tools to latest versions (#1845) * chore(deps): bump actions/setup-go from 5.0.0 to 5.0.1 (#1840) * chore(deps): bump github.com/charmbracelet/bubbletea (#1841) * chore(deps): bump github.com/docker/docker (#1839) ------------------------------------------------------------------- Thu May 02 07:23:26 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.77.2: * fix: update ignored vulnerability count in tui (#1837) * fix: update sarif to pass microsoft validator (#1838) * chore(deps): bump anchore/sbom-action from 0.15.10 to 0.15.11 (#1835) ------------------------------------------------------------------- Fri Apr 26 18:51:37 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.77.1: * chore(deps): bump gorm.io/gorm from 1.25.9 to 1.25.10 (#1831) * chore(deps): update Syft to v1.3.0 (#1832) * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.3 to 0.5.4 (#1824) * chore(deps): bump actions/checkout from 4.1.3 to 4.1.4 (#1823) * chore(deps): bump github.com/anchore/stereoscope (#1825) * chore(deps): bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#1828) * fix: update grype version to support darwin arm64 (#1830) * chore(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 (#1820) * docs: update README with newer data sources (#1819) * chore(deps): bump github.com/docker/docker (#1821) * Add some more examples for the `config.yaml` file in the README. (#1811) * chore(deps): bump github.com/docker/docker (#1817) * chore(deps): bump actions/checkout from 4.1.2 to 4.1.3 (#1818) ------------------------------------------------------------------- Fri Apr 19 05:44:51 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.77.0: * config: add config opt in golang pseudo version main module comparison (#1816) * chore(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 (#1814) * feat: modify metadata structure for providers' pull date (#1795) * fix: add linux and libc-dev headers ignore rules for debian packages (#1809) * chore(deps): bump peter-evans/create-pull-request from 6.0.3 to 6.0.4 (#1808) * feat: add html template (#1806) * fix: use Go main module version (#1797) ------------------------------------------------------------------- Tue Apr 16 06:07:59 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.76.0: * fix: adds ignore rules for kernel-headers indirect matches (#1787) * chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 (#1805) * chore: fix function name in comment (#1798) * chore(deps): bump peter-evans/create-pull-request from 6.0.2 to 6.0.3 (#1802) * chore(deps): update Syft to v1.2.0 (#1803) * chore(deps): bump github.com/docker/docker (#1800) * chore(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 (#1801) * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.2 to 0.5.3 (#1791) * test: fuzzy version comparison for java versions (#1788) * chore: readme formats updated with sarif option (#1786) ------------------------------------------------------------------- Thu Apr 04 16:56:26 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.75.0: * chore: update syft to latest v1.1.1 (#1784) * fix: enable http timeout (#1777) * chore(deps): update bootstrap tools to latest versions (#1781) * chore(deps): update bootstrap tools to latest versions (#1776) * chore(deps): bump gorm.io/gorm from 1.25.8 to 1.25.9 (#1775) * fix: make bootstrap-tools failed (#1739) * fix: use "path/filepath" to build file path (#1767) * update release token from readonly to write token (#1768) * chore(deps): bump anchore/sbom-action from 0.15.9 to 0.15.10 (#1771) * chore(deps): update Syft to v1.1.0 (#1769) * chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.33.0 (#1750) * chore(deps): bump github.com/glebarez/sqlite from 1.10.0 to 1.11.0 (#1751) * chore(deps): bump fountainhead/action-wait-for-check from 1.1.0 to 1.2.0 (#1753) * chore(deps): bump gorm.io/gorm from 1.25.7 to 1.25.8 (#1756) * chore(deps): bump github.com/google/go-containerregistry (#1754) * chore(deps): update bootstrap tools to latest versions (#1758) * chore(deps): bump actions/cache from 4.0.1 to 4.0.2 (#1761) * updating credentials to scoped permissions (#1755) * dont warn on golang devel version (#1752) * chore(deps): bump docker/login-action from 3.0.0 to 3.1.0 (#1748) * chore(deps): bump peter-evans/create-pull-request from 6.0.1 to 6.0.2 (#1746) * chore(deps): bump actions/checkout from 4.1.1 to 4.1.2 (#1747) * chore(code-comments): typo (#1745) * chore: slice loop replace (#1738) * chore(deps): update Syft to v1.0.1 (#1742) * chore(deps): bump github.com/anchore/syft from 1.0.0 to 1.0.1 (#1743) * chore(deps): bump github.com/docker/docker (#1744) * chore(deps): bump anchore/sbom-action from 0.15.8 to 0.15.9 (#1740) * chore(deps): bump github.com/charmbracelet/lipgloss from 0.9.1 to 0.10.0 (#1741) * chore(deps): bump actions/cache from 4.0.0 to 4.0.1 (#1735) * chore(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#1736) * chore(deps): bump github.com/anchore/syft (#1734) * chore(deps): bump peter-evans/create-pull-request from 6.0.0 to 6.0.1 (#1733) * chore: update syft source providers (#1727) ------------------------------------------------------------------- Sat Mar 16 14:01:10 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.74.7: * chore(deps): update Syft to v0.105.1 (#1728) * fix(install): return appropriate exit codes (#1725) * chore(test): update quality test grype db (#1726) * fix: improve sarif descriptive text and fingerprint (#1720) * chore: remove unused file internal/file/tar.go and its test (#1724) * Added instruction to install with choco (#1716) * chore(deps): update bootstrap tools to latest versions (#1719) * chore: remove unused file internal/logger/logrus.go (#1721) ------------------------------------------------------------------- Thu Feb 15 05:57:08 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.74.6: * chore(deps): update Syft to v0.105.0 (#1714) * chore(deps): update bootstrap tools to latest versions (#1707) * test(quality): bump label dataset and images (#1712) * fix: only warn missing CPEs if CPEs wanted (#1710) * fix: ensure version output to stdout (#1709) * chore(deps): update bootstrap tools to latest versions (#1706) ------------------------------------------------------------------- Thu Feb 08 11:54:49 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.74.5: * chore(deps): update Syft to v0.104.0 (#1704) * Bump Syft in Grype to pull in unmarshaling fix (#1703) * chore(deps): bump github.com/docker/docker (#1702) * chore(deps): bump gorm.io/gorm from 1.25.6 to 1.25.7 (#1700) * chore(deps): update bootstrap tools to latest versions (#1698) * chore(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 (#1699) * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.0 to 0.5.2 (#1697) * chore(deps): bump peter-evans/create-pull-request from 5.0.2 to 6.0.0 (#1687) * chore(deps): bump anchore/sbom-action from 0.15.6 to 0.15.8 (#1690) * chore(deps): bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (#1691) * chore(deps): bump github.com/docker/docker (#1692) * chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.12 (#1689) ------------------------------------------------------------------- Thu Feb 01 06:30:10 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.74.4: * Security fixes: - Upgrade syft to v0.103.1 (#1688) * chore(deps): bump github.com/google/go-containerregistry (#1685) * chore(deps): bump anchore/sbom-action from 0.15.5 to 0.15.6 (#1684) * ensure releases only use released versions of syft (#1680) * chore(deps): bump gorm.io/gorm from 1.25.5 to 1.25.6 (#1683) * chore(deps): bump 8398a7/action-slack from 3.15.1 to 3.16.2 (#1682) ------------------------------------------------------------------- Fri Jan 26 19:27:04 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.74.3: * chore(deps): update Syft to v0.102.0 (#1681) * Fix matching when RPM modularity is a factor (#1679) * chore: break assumption that syft cpe.CPE is wfn.Attributes (#1675) * chore(deps): bump github.com/docker/docker (#1677) * chore(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0 (#1678) * chore(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0 (#1676) * chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.12 to 0.5.0 (#1674) * fix: take VEX docs into account when --fail-on is set (#1657) * chore(deps): bump anchore/sbom-action from 0.15.4 to 0.15.5 (#1671) ------------------------------------------------------------------- Sat Jan 20 17:00:18 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.74.2: * chore(deps): update Syft to v0.101.1 (#1669) * chore(deps): bump github.com/docker/docker (#1667) * chore(deps): bump anchore/sbom-action from 0.15.3 to 0.15.4 (#1666) * chore(deps): bump actions/upload-artifact from 4.1.0 to 4.2.0 (#1668) * chore(deps): bump github.com/google/go-containerregistry (#1665) * chore: enable automatic approval of dependabot PRs (#1664) ------------------------------------------------------------------- Thu Jan 18 08:10:56 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.74.1: * chore(deps): update Syft to v0.101.0 (#1663) * upgrade syft with latest SBOM creation API (#1662) * chore(deps): bump actions/cache from 3.3.3 to 4.0.0 (#1661) * chore(tests): fix logging configuration in tests (#1655) * chore(deps): bump actions/cache from 3.3.2 to 3.3.3 (#1656) * chore(deps): bump actions/upload-artifact from 4.0.0 to 4.1.0 (#1659) * chore(deps): bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 (#1651) * chore(deps): bump anchore/sbom-action from 0.15.2 to 0.15.3 (#1650) ------------------------------------------------------------------- Sun Jan 07 13:36:53 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.74.0: * chore(deps): update Syft to v0.100.0 (#1649) * fix: distro FP data not applied correctly (#1603) * chore(deps): bump anchore/sbom-action from 0.15.1 to 0.15.2 (#1647) * chore(deps): update bootstrap tools to latest versions (#1644) * docs: fix logging configuration in README (#1646) ------------------------------------------------------------------- Thu Dec 21 19:04:26 UTC 2023 - opensuse_buildservice@ojkastl.de - Update to version 0.73.5: * chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.2 to 0.8.0 (#1633) * chore(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#1641) * chore(deps): bump github.com/containerd/containerd from 1.7.8 to 1.7.11 (#1642) * chore(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0 (#1638) * chore(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (#1632) * chore(deps): bump github.com/charmbracelet/bubbletea (#1635) * chore(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 (#1636) * chore(deps): bump actions/setup-go from 4.1.0 to 5.0.0 (#1630) * chore(deps): bump anchore/sbom-action from 0.15.0 to 0.15.1 (#1626) * chore: pin action to correct sha (#1598) * chore(deps): bump github.com/google/go-containerregistry (#1625) ------------------------------------------------------------------- Thu Nov 30 16:24:35 UTC 2023 - kastl@b1-systems.de - Update to version 0.73.4: * chore: bump to syft v0.98.0 in quality gate tests (#1623) * chore: update syft; go mod tidy (#1621) * chore(deps): bump github.com/spf13/afero from 1.10.0 to 1.11.0 (#1618) * chore: explicitly test maven suffixes (#1617) * chore(deps): bump anchore/sbom-action from 0.14.3 to 0.15.0 (#1611) ------------------------------------------------------------------- Mon Nov 20 05:38:32 UTC 2023 - kastl@b1-systems.de - Update to version 0.73.3: * chore(deps): update Syft to v0.97.1 (#1610) ------------------------------------------------------------------- Fri Nov 17 05:48:01 UTC 2023 - kastl@b1-systems.de - Update to version 0.73.2: * chore(deps): update Syft to v0.97.0 (#1608) * chore: bump vulnerability match label dataset (#1606) * fix: golang version parsing (#1599) * chore(deps): update bootstrap tools to latest versions (#1595) * chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.11 to 0.4.12 (#1597) ------------------------------------------------------------------- Thu Nov 09 15:04:58 UTC 2023 - kastl@b1-systems.de - Update to version 0.73.1: * chore(deps): update Syft to v0.96.0 (#1596) * fix: match against debian unstable (#1593) * perf: avoid allocations with `(*regexp.Regexp).MatchString` (#1592) * chore(deps): bump sigstore/cosign-installer from 3.1.2 to 3.2.0 (#1590) ------------------------------------------------------------------- Wed Nov 08 05:53:19 UTC 2023 - kastl@b1-systems.de - Update to version 0.73.0: * chore(deps): update Syft to v0.95.0 (#1591) * chore: account for syft package metadata changes (#1423) * fix: bump fangs to enable setting golang CPE config using env var (#1585) * chore(deps): update bootstrap tools to latest versions (#1588) * chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (#1586) * chore: bootstrap action cleanup (#1587) * chore(deps): update bootstrap tools to latest versions (#1584) * Incorporate format API changes from syft (#1582) * chore(deps): bump github.com/docker/docker (#1579) * feat(config): added reason field (#1532) * chore(deps): bump github.com/glebarez/sqlite from 1.9.0 to 1.10.0 (#1583) * Colorize severity in table output (#1284) * feat: add custom maven comparator (#1571) * chore: fix path to quality tests (#1578) * capture quality gate state on failures (#1576) * chore(deps): bump github.com/google/uuid from 1.3.1 to 1.4.0 (#1575) * chore(deps): update bootstrap tools to latest versions (#1574) * chore(deps): bump google.golang.org/grpc from 1.56.0 to 1.56.3 (#1573) * docs: add cbl-mariner to supported distro (#1569) * chore(deps): bump ossf/scorecard-action from 2.3.0 to 2.3.1 (#1570) * chore(deps): update bootstrap tools to latest versions (#1567) ------------------------------------------------------------------- Fri Nov 3 09:14:08 UTC 2023 - Johannes Kastl <kastl@b1-systems.de> - BuildRequire go1.21 ------------------------------------------------------------------- Sat Oct 21 18:17:32 UTC 2023 - kastl@b1-systems.de - Update to version 0.72.0: * chore(deps): update Syft to v0.94.0 (#1566) * Incorporate Syft java detection improvements (#1555) * add exception for go stdlib search by CPE (#1565) * chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#1564) * Add --ignore-states flag for ignoring findings with specific fix states (#1473) * feat: update go-sarif library to use latest release (#1563) * bump clio to get stderr reporting fix (#1561) * chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.2 to 1.4.3 (#1558) * chore(deps): bump github.com/charmbracelet/lipgloss from 0.9.0 to 0.9.1 (#1557) * Add checksum signing (#1535) ------------------------------------------------------------------- Fri Oct 13 05:01:03 UTC 2023 - kastl@b1-systems.de - Update to version 0.71.0: * chore(deps): bump golang.org/x/net from 0.16.0 to 0.17.0 (#1554) * feat: disable CPE-based matching for GHSA ecosystems by default (#1412) * chore(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#1552) ------------------------------------------------------------------- Wed Oct 11 04:28:01 UTC 2023 - kastl@b1-systems.de - Update to version 0.70.0: * chore(deps): update Syft to v0.93.0 (#1550) * chore(deps): bump gorm.io/gorm from 1.25.4 to 1.25.5 (#1547) * chore(deps): bump github.com/charmbracelet/lipgloss from 0.8.0 to 0.9.0 (#1548) * chore(deps): bump github.com/hashicorp/go-getter from 1.7.2 to 1.7.3 (#1549) * chore(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.0 (#1544) * fix: empty descriptor name and version (#1542) * chore: removes unnecessary conditional (#1539) * chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.10 to 0.4.11 (#1533) ------------------------------------------------------------------- Sat Oct 07 05:34:32 UTC 2023 - kastl@b1-systems.de - Update to version 0.69.1: * chore(deps): update Syft to v0.92.0 (#1527) * chore(deps): update bootstrap tools to latest versions (#1524) * chore: add OpenSSF Best Practices badge (#1523) * bump labels to latest (#1525) * chore(deps): bump actions/checkout from 4.0.0 to 4.1.0 (#1519) * chore(deps): update bootstrap tools to latest versions (#1520) * chore: explicitly test go pseudoversion (#1522) * chore: remove outdated comment about fuzzy matching python versions (#1521) * chore: bump stereoscope to fix data race in UI (#1517) * fix: correctly guess tool comparison (#1516) * chore(deps): update bootstrap tools to latest versions (#1515) * chore(deps): bump github.com/spf13/afero from 1.9.5 to 1.10.0 (#1514) * fix: use PEP440 for Python package version comparison (#1510) ------------------------------------------------------------------- Sat Oct 07 05:30:38 UTC 2023 - kastl@b1-systems.de - Update to version 0.69.0: * chore(deps): bump tibdex/github-app-token from 2.0.0 to 2.1.0 (#1506) * Upgrade syft to v0.91.0 (#1508) * Update chronicle to v0.8.0 (#1507) * fix: terminal clobbering when commands return errors (#1505) * Fix typo in flag (#1501) * chore(deps): bump actions/cache from 3.2.6 to 3.3.2 (#1499) * chore(deps): remove dependency on sqlite fork; bump gorm.io/gorm from 1.23.10 to 1.25.4 (#1448) * chore: pin cache versions (#1495) * chore(deps): bump actions/checkout from 3 to 4 (#1475) ------------------------------------------------------------------- Sat Oct 07 05:27:54 UTC 2023 - kastl@b1-systems.de - Update to version 0.68.1: * fix: version output including supported db schema (#1494) * chore: pin actions; pin images; add top level action permissions (#1493) ------------------------------------------------------------------- Sat Oct 07 05:23:52 UTC 2023 - kastl@b1-systems.de - Update to version 0.68.0: * feat: introduce exit code failure option for db update check (#1463) * Ignore/add match results based on OpenVEX documents (#1397) * chore(deps): bump docker/login-action from 2 to 3 (#1488) * chore: Fix race conditions around stager, enable detector (#1489) * chore(deps): update Syft to v0.90.0 (#1486) * chore(deps): bump tibdex/github-app-token from 1.8.2 to 2.0.0 (#1485) * chore: update CLI to CLIO (#1437) ------------------------------------------------------------------- Sat Oct 07 05:16:26 UTC 2023 - kastl@b1-systems.de - Update to version 0.67.0: * feat: grype explain prototype (#1367) * chore: Update go declaration to have point version (#1484) * chore: update grype to use Go v1.21 (#1480) * chore(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 (#1481) * chore(deps): bump tibdex/github-app-token from 1.8.0 to 1.8.2 (#1474) * chore(deps): bump golang.org/x/term from 0.11.0 to 0.12.0 (#1476) * chore(deps): bump github.com/docker/docker (#1478) * chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.8 to 0.4.10 (#1477) * chore: bump quality gate to use syft v0.89.0 (#1479) ------------------------------------------------------------------- Tue Sep 05 14:42:07 UTC 2023 - kastl@b1-systems.de - Update to version 0.66.0: * chore(deps): update Syft to v0.89.0 (#1472) * Add registry certificate verification support (#1232) * fix: set correct default to exclude overlapping binaries (#1452) * fix: portage version comparison (#1468) * chore: pin the vulnerability DB used in quality gate testing (#1470) * chore(deps): update Syft to v0.88.0 (#1466) * chore: update quill version (#1465) * docs: fix some typos on main README (#1455) * note supported versions of grype (#1458) * bump vml labels (#1462) * chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 (#1453) * chore(deps): update bootstrap tools to latest versions (#1450) * fill out new version notice (#1445) * feat: filter out packages owned by OS packages (#1387) * fix: Only remove packages by binary overlap (#1444) * chore: bump to syft v0.87.1 in quality gate (#1442) ------------------------------------------------------------------- Tue Sep 05 14:28:34 UTC 2023 - kastl@b1-systems.de - Update to version 0.65.2: * chore(deps): update Syft to v0.87.1 (#1432) * chore: Init submodule if missing (#1439) * chore: exclude yardstick store from filename rules (#1440) * chore: use latest yardstick (#1438) * fix: update semver regular expression constraint to allow for 1.20rc1 cases no '-' (#1434) * chore(deps): update bootstrap tools to latest versions (#1424) * chore(deps): bump actions/setup-go from 4.0.1 to 4.1.0 (#1421) * docs(example-templates): add a simple JUnit XML template (#1422) * chore(deps): bump golang.org/x/term from 0.10.0 to 0.11.0 (#1420) * chore: use syft v0.86.1 in the quality gate tests (#1418) ------------------------------------------------------------------- Sun Aug 06 07:56:46 UTC 2023 - kastl@b1-systems.de - Update to version 0.65.1: * fix: some hang conditions (#1414) * chore(deps): update bootstrap tools to latest versions (#1413) ------------------------------------------------------------------- Tue Aug 01 10:17:23 UTC 2023 - kastl@b1-systems.de - Update to version 0.65.0: * chore(deps): update Syft to v0.86.1 (#1410) * chore(deps): bump github.com/docker/docker (#1402) * chore(deps): bump github.com/hashicorp/go-getter from 1.7.1 to 1.7.2 (#1406) * chore: bump quality gate label dataset (#1404) * feat: implement secondary sorting for default json output (#1403) * feat: update table sort to be name, version, type, severity, vulnerability (#1400) * chore: in quality tests, only colorize quality output if in a tty (#1398) * chore(deps): bump github.com/gookit/color from 1.5.3 to 1.5.4 (#1396) ------------------------------------------------------------------- Thu Jul 20 13:54:06 UTC 2023 - kastl@b1-systems.de - Update to version 0.64.2: * fix: vulnerabilities should be printed when `--fail-on` fails (#1395) * chore: bump yardstick to address PyYAML cython compatibility issues (#1394) * Refactor integ test to table test (#1390) ------------------------------------------------------------------- Tue Jul 18 04:49:52 UTC 2023 - kastl@b1-systems.de - Update to version 0.64.1: * Pass correct output file (#1391) * chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.7 to 0.4.8 (#1389) * Port UI to bubbletea (#1385) ------------------------------------------------------------------- Fri Jul 14 05:26:47 UTC 2023 - kastl@b1-systems.de - Update to version 0.64.0: * chore(deps): update Syft to v0.85.0 (#1383) * feat(outputs): allow to set multiple outputs (#648) (#1346) * Remove Docker section from DEVELOPING.md (#1384) * chore(deps): update bootstrap tools to latest versions (#1381) * chore(deps): bump github.com/docker/docker (#1382) * Port to new syft source API (#1376) * chore(deps): bump golang.org/x/term from 0.9.0 to 0.10.0 (#1375) * chore: bump quality gate labels and images (#1374) * chore(deps): update bootstrap tools to latest versions (#1368) ------------------------------------------------------------------- Fri Jun 30 18:26:00 UTC 2023 - kastl@b1-systems.de - Update to version 0.63.1: * Add a simple CSV format template to the templates/ directory and tweak docs (#1366) * chore(deps): update Syft to v0.84.1 (#1372) * fix: Add more log4j-adjacent package ignore rules (#1358) * chore: bump the quality gate labels (#1369) * add oss community board auto-add workflow (#1364) * fix: totals for vulnerability matches (#1359) * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#1363) * chore(deps): bump anchore/sbom-action from 0.14.2 to 0.14.3 (#1357) ------------------------------------------------------------------- Thu Jun 22 05:08:42 UTC 2023 - kastl@b1-systems.de - Update to version 0.63.0: * Configure chronicle to pre-1.0 mode (#1356) * chore(deps): update Syft to v0.84.0 (#1354) * chore(deps): update bootstrap tools to latest versions (#1353) * chore(deps): update Syft to v0.83.1 (#1352) * chore(deps): bump golang.org/x/term from 0.8.0 to 0.9.0 (#1350) * chore(deps): bump peter-evans/create-pull-request from 5.0.1 to 5.0.2 (#1351) * chore(deps): bump github/codeql-action from 2.3.6 to 2.13.4 (#1344) * chore: Update the contributing guide (#1347) * feat: add community template folder and new table template (#1343) * chore: log unsupported package qualifier as debug (#1340) * feat: add package info to search by for all match details (#1339) ------------------------------------------------------------------- Mon Jun 12 19:46:06 UTC 2023 - kastl@b1-systems.de - Update to version 0.62.3: * chore(deps): update bootstrap tools to latest versions (#1334) * chore(deps): bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 (#1336) * chore(deps): bump github/codeql-action from 2.3.5 to 2.3.6 (#1331) * Hide suppressed vulnerabilities when --show-suppressed is not given (#1322) * chore(deps): bump github.com/stretchr/testify from 1.8.3 to 1.8.4 (#1324) * chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 (#1323) ------------------------------------------------------------------- Sat May 27 10:48:41 UTC 2023 - kastl@b1-systems.de - Update to version 0.62.2: * feat: add source and type to CVSS information (#1317) * chore(deps): bump github.com/docker/docker (#1320) * chore(deps): bump github/codeql-action from 2.3.3 to 2.3.5 (#1321) ------------------------------------------------------------------- Wed May 24 14:04:41 UTC 2023 - kastl@b1-systems.de - Update to version 0.62.1: * chore: update gomod with latest syft (#1313) * chore(deps): bump github.com/docker/docker (#1311) ------------------------------------------------------------------- Tue May 23 07:32:20 UTC 2023 - kastl@b1-systems.de - Update to version 0.62.0: * bump syft to pre-release of v0.81.0 (#1310) * add main bin ignore (#1305) * chore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#1309) * chore(deps): bump github.com/docker/docker (#1304) * chore(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.2 (#1307) * chore(deps): bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 (#1289) * chore(deps): bump github.com/docker/distribution (#1290) * chore(deps): bump actions/setup-go from 4.0.0 to 4.0.1 (#1298) * chore: update deprecated io/ioutil calls (#1296) * feat: package qualifier for platform CPE (#1291) * Fix reading syft json from stdin by redirect (#1299) * should only use hermetic functions in templates (#1288) * chore(deps): update bootstrap tools to latest versions (#1285) * feat: add non-hermetic sprig functions (#1243) (#1273) * fix: typo in logger prefix (#1283) * chore(deps): bump github.com/docker/docker (#1280) * chore(deps): bump anchore/sbom-action from 0.14.1 to 0.14.2 (#1281) * chore(deps): update Syft to v0.80.0 (#1276) * chore(deps): update bootstrap tools to latest versions (#1277) * docs: add config flag to configuration section (#1271) (#1274) * chore(deps): bump github/codeql-action from 2.3.2 to 2.3.3 (#1272) * chore(deps): bump golang.org/x/term from 0.7.0 to 0.8.0 (#1268) * chore(deps): update bootstrap tools to latest versions (#1270) * Add support for Syft IDs in JSON output (#1266) * docs: add "cyclonedx-json" to output formats (#1252) * chore(deps): bump github.com/docker/docker (#1257) * chore(deps): bump github/codeql-action from 2.3.1 to 2.3.2 (#1261) * chore(deps): bump peter-evans/create-pull-request from 5.0.0 to 5.0.1 (#1263) * Install skopeo during bootstrap (#1260) * chore(deps): bump github/codeql-action from 2.3.0 to 2.3.1 (#1258) * chore(deps): bump github/codeql-action from 2.2.12 to 2.3.0 (#1256) * chore: update quality gate labels and add keycloak (#1255) * fix: false positive for purl provider for RPM without epoch (#1237) ------------------------------------------------------------------- Sat Apr 22 14:34:27 UTC 2023 - kastl@b1-systems.de - Update to version 0.61.1: * chore: bump syft to latest version v0.79.0 (#1250) * feat: add timestamp to json output (#1170) (#1249) * chore(deps): update Syft to v0.78.0 (#1242) * chore(deps): bump github.com/docker/docker (#1241) * chore(deps): update bootstrap tools to latest versions (#1239) * chore(deps): bump github/codeql-action from 2.2.11 to 2.2.12 (#1233) * chore(deps): update bootstrap tools to latest versions (#1238) * add format make target (#1231) * chore(deps): bump 8398a7/action-slack from 3.15.0 to 3.15.1 (#1223) * chore(deps): bump github.com/docker/docker (#1218) * chore(deps): bump github/codeql-action from 2.2.9 to 2.2.11 (#1225) * chore(deps): update bootstrap tools to latest versions (#1227) * chore(deps): bump peter-evans/create-pull-request from 4.2.4 to 5.0.0 (#1219) * chore(deps): bump golang.org/x/term from 0.6.0 to 0.7.0 (#1217) * chore(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0 (#1216) ------------------------------------------------------------------- Wed Apr 05 04:10:57 UTC 2023 - kastl@b1-systems.de - Update to version 0.61.0: * chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.1-0.20221222100750-41a1ac565cce to 0.7.1 (#1213) * feat: add default-image-source-config option (#1215) * chore(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1 (#1212) * chore(deps): bump anchore/sbom-action from 0.13.4 to 0.14.1 (#1214) * chore(deps): bump github.com/anchore/syft from 0.75.0 to 0.76.0 (#1207) * chore: update syft update (#1211) * chore: update deprecated set-output calls (#1210) * chore(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3 (#1205) * chore: update quality gate dataset (#1206) * chore(deps): bump github.com/docker/docker (#1201) ------------------------------------------------------------------- Wed Mar 29 05:15:20 UTC 2023 - kastl@b1-systems.de - Update to version 0.60.0: * Implement support for Chainguard Linux (#1198) * chore(deps): update bootstrap tools to latest versions (#1194) * chore(deps): bump github/codeql-action from 2.2.8 to 2.2.9 (#1197) * chore(deps): bump github.com/gookit/color from 1.5.2 to 1.5.3 (#1192) * chore(deps): bump github/codeql-action from 2.2.7 to 2.2.8 (#1193) * chore(deps): update bootstrap tools to latest versions (#1191) * chore: tweak some workflow text (#1190) * chore(deps): bump github.com/hashicorp/go-getter from 1.7.0 to 1.7.1 (#1181) * chore(deps): bump peter-evans/create-pull-request from 4.2.3 to 4.2.4 (#1184) * chore(deps): bump anchore/sbom-action from 0.13.3 to 0.13.4 (#1189) * chore: Update grype bootstrap tools to latest versions. (#1187) * fix: by-cpe pivot by vuln metadata rather than vulnerability record (#1188) * Update grype bootstrap tools to latest versions. (#1173) * chore(deps): bump actions/setup-go from 3.5.0 to 4.0.0 (#1182) * chore(deps): bump github/codeql-action from 2.2.5 to 2.2.7 (#1183) * feat: disable CPE-based matching by default for javascript (#1180) * Update Syft to v0.75.0 (#1177) * chore: bump vuln match quality dataset (#1174) * chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.1 to 1.4.2 (#1166) ------------------------------------------------------------------- Thu Mar 09 15:31:48 UTC 2023 - kastl@b1-systems.de - Update to version 0.59.1: * Update grype bootstrap tools to latest versions. (#1163) * Update Syft to v0.74.1 (#1168) * fix: correct APK CPE version comparison logic (#1165) ------------------------------------------------------------------- Sat Mar 04 08:34:49 UTC 2023 - kastl@b1-systems.de - Update to version 0.59.0: * Grype Release Pipeline Update (#1147) * Add the total types of vulnerabilities in Grype output (#946) * chore(deps): bump gorm.io/gorm from 1.23.5 to 1.23.10 (#1157) * chore: bump quality gate labels and syft version (#1156) ------------------------------------------------------------------- Fri Mar 03 05:41:35 UTC 2023 - kastl@b1-systems.de - Update to version 0.58.0: * chore: Update Syft to v0.74.0 (#1151) * fix(distro): Disable support for Arch Linux (#1152) * chore: update progress monitor handling (#1149) * Update Syft to v0.73.0 (#1140) * chore(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.2 (#1144) * chore(deps): bump github/codeql-action from 2.2.4 to 2.2.5 (#1145) * Update grype bootstrap tools to latest versions. (#1137) * chore(deps): bump github.com/spf13/afero from 1.9.3 to 1.9.4 (#1141) * chore(deps): bump actions/cache from 3.2.5 to 3.2.6 (#1143) * chore(deps): bump github.com/hashicorp/go-getter from 1.6.2 to 1.7.0 (#1134) ------------------------------------------------------------------- Fri Feb 17 10:07:13 UTC 2023 - kastl@b1-systems.de - Update to version 0.57.1: * Update Syft to v0.72.0 (#1136) ------------------------------------------------------------------- Thu Feb 16 17:32:05 UTC 2023 - kastl@b1-systems.de - Update to version 0.57.0: * chore: bump quality gate (#1133) * fix: ignore some false-positives for ruby gems (#1132) * chore(deps): bump github/codeql-action from 2.2.3 to 2.2.4 (#1131) * fix: exclude OS packages from CPE target filtering (#1130) * chore(deps): bump actions/cache from 3.2.4 to 3.2.5 (#1129) * chore(deps): bump github.com/docker/docker (#1128) * Update Syft to v0.71.0 (#1126) * chore(deps): bump github/codeql-action from 2.2.1 to 2.2.3 (#1125) * Update grype bootstrap tools to latest versions. (#1124) * chore(deps): bump golang.org/x/term from 0.4.0 to 0.5.0 (#1123) * Update grype bootstrap tools to latest versions. (#1122) * Update grype bootstrap tools to latest versions. (#1116) * Update Syft to v0.70.0 (#1117) * chore(deps): bump github.com/docker/docker (#1114) * Update grype bootstrap tools to latest versions. (#1112) * Update Syft to v0.69.1 (#1111) * chore: prune cosign dependency for grype builds (#1100) * Update grype bootstrap tools to latest versions. (#1108) * Update Syft to v0.69.0 (#1109) * chore(deps): bump actions/cache from 3.2.3 to 3.2.4 (#1107) * chore: add new images to quality gate (#1106) * chore: bump yardstick for better quality gate filtering (#1101) * chore(deps): bump actions/cache from 3.0.11 to 3.2.3 (#1096) * chore(deps): bump github/codeql-action from 2.1.39 to 2.2.1 (#1097) * chore(deps): bump anchore/sbom-action from 0.13.2 to 0.13.3 (#1098) * chore(deps): bump tibdex/github-app-token from 1.7.0 to 1.8.0 (#1099) * bump yardstick to 2d30ea7429d0a59020e0176bba1b3b6b8b01b08a (#1095) * chore(deps): bump actions/checkout from 3.1.0 to 3.3.0 (#1090) * chore(deps): bump github.com/hashicorp/go-getter from 1.6.1 to 1.6.2 (#1087) * chore(deps): bump 8398a7/action-slack from 3.14.0 to 3.15.0 (#1088) * chore(deps): bump peter-evans/create-pull-request from 4.2.0 to 4.2.3 (#1089) * chore(deps): bump actions/setup-go from 3.3.1 to 3.5.0 (#1091) * chore(deps): bump github/codeql-action from 2.1.31 to 2.1.39 (#1092) ------------------------------------------------------------------- Fri Jan 27 06:09:00 UTC 2023 - kastl@b1-systems.de - Update to version 0.56.0: * Update Syft to v0.68.1 (#1086) * chore: update grype quality gate (#1085) * chore(deps): bump github.com/sigstore/sigstore from 1.4.4 to 1.5.1 (#1081) * chore(deps): bump actions/setup-python from 4.3.0 to 4.5.0 (#1075) * chore(deps): bump anchore/sbom-action from 0.13.1 to 0.13.2 (#1076) * chore(deps): bump actions/upload-artifact from 3.1.1 to 3.1.2 (#1077) * chore(deps): bump actions/download-artifact from 3.0.1 to 3.0.2 (#1074) * chore(deps): bump ossf/scorecard-action from 2.0.6 to 2.1.2 (#1078) * chore(deps): bump github.com/pkg/profile from 1.6.0 to 1.7.0 (#1079) * chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.0 to 1.4.1 (#1080) * chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 (#1083) * chore: align makefile and bootstrap tools scripts more with syft (#1073) * chore: enable dependabot on gomod and GitHub actions (#1072) * Update grype bootstrap tools to latest versions. (#1070) * fix: always include severity in cyclonedx output (#1067) * Update Syft to v0.68.0 (#1064) * Add protobuf FPs to default ignore list (#1062) * chore: update Syft to v0.66.2 (#1060) * Update grype bootstrap tools to latest versions. (#1055) * feat: allow grype db diff to specify local db directories (#1058) * chore: claim artifacthub package ownership from developer-guy (#661) * chore: add github token to quality tests (#1056) * chore: update yardstick to diagnose intermittent failures (#1054) * Update grype bootstrap tools to latest versions. (#1048) ------------------------------------------------------------------- Thu Jan 05 14:00:43 UTC 2023 - kastl@b1-systems.de - Update to version 0.55.0: * fix: sort vulnerability results (#1052) * Adding internal/file/hasher test cases (#1049) * fix: orient by cve merging (#1046) * Update Syft to v0.64.0 (#1047) * fix: update removing results based on ownership-by-file-overlap (#1045) * feat: swap custom cyclone-dx model for cyclone-dx library (#1038) * chore: add GitLab Community Edition image to quality gate (#1035) ------------------------------------------------------------------- Fri Dec 16 12:39:08 UTC 2022 - kastl@b1-systems.de - Update to version 0.54.0: * Update Syft to v0.63.0 (#1037) * fix: Exclude binary packages that have overlap by file ownership relationship (#1024) * docs: update quality gate docs (#1032) * Optionally orient results by CVE (#1020) * chore: bump yardstick to latest commit (#1027) * Update Syft to v0.62.3 (#1026) * chore: change CVE example to official sample (#1028) * fix: Table format sorting (#1023) * fix: update architecture release for to ppc64le (#1021) * Update grype bootstrap tools to latest versions. (#1017) * Update Syft to v0.62.2 (#1018) * chore: update quality gate with latest label data (#1016) * chore: update digest for test fixture dockerfile (#1015) * test: remove presenter tests reliance on docker from unit suite (#1013) * fix: swapped base container images (#1011) * chore: update default packages to read (#1007) ------------------------------------------------------------------- Tue Nov 22 07:29:31 UTC 2022 - kastl@b1-systems.de - Update to version 0.53.1: * Update Syft to v0.62.1 (#1006) * Update grype bootstrap tools to latest versions. (#1004) * scoped: token release for content write on image assets (#1002) ------------------------------------------------------------------- Sat Nov 19 12:05:00 UTC 2022 - kastl@b1-systems.de - Update to version 0.53.0: * chore: bump syft version v0.62.0 (#1000) * feat: vulnerability namespacing support for rolling distros (#997) * chore: bump quality gate images and label data (#995) * feat: add strong distro type for wolfi (#996) * chore: pin dependencies (#994) * chore: code-ql top level read check (#993) * Add SECURITY.md (#989) * chore: update codeql to pinned v2 with correct write permissions * Update token permissions to be read-only (#988) * Enable the Scorecard Github Action and badge (#929) ------------------------------------------------------------------- Tue Nov 15 15:42:37 UTC 2022 - kastl@b1-systems.de - Update to version 0.52.0: * chore: update syft to v0.60.3 (#978) * feat: consider well-known false-positive generating CPE target SW components in match filtering logic (#961) * chore: grype quality pipeline latest label updates and images (#976) * Implemented new CLI flag: --show-suppressed (#966) * fix: update case for alpine:edge correct vuln feed (#965) * PURL input results in incorrect artifact in JSON output (#968) * Update grype bootstrap tools to latest versions. (#956) ------------------------------------------------------------------- Tue Oct 18 05:12:14 UTC 2022 - kastl@b1-systems.de - Update to version 0.51.0: * implement v5 db schema to support improved matching between rpm appstream modules (#944) * Update Syft to v0.59.0 (#957) * expand quality gate image set to include rpm appstreams-related images (#952) * Update grype bootstrap tools to latest versions. (#947) * chore: add more quality gate images (#950) * Add in-depth quality gate checks (#949) * Update Syft to v0.58.0 (#941) * Update grype bootstrap tools to latest versions. (#945) * Update grype bootstrap tools to latest versions. (#935) * Update Syft to v0.57.0 (#930) ------------------------------------------------------------------- Wed Sep 21 08:31:07 UTC 2022 - kastl@b1-systems.de - Update to version 0.50.2: * Update Syft to v0.57.0 (#930) * Correct falsely copied app-name 'syft' in example (#922) * Bump github.com/sigstore/cosign from 1.11.1 to 1.12.0 (#927) * Update grype bootstrap tools to latest versions. (#925) ------------------------------------------------------------------- Wed Sep 14 05:40:23 UTC 2022 - kastl@b1-systems.de - Update to version 0.50.1: * Update Syft to v0.56.0 (#919) ------------------------------------------------------------------- Tue Sep 13 12:42:49 UTC 2022 - kastl@b1-systems.de - Update to version 0.50.0: * Add support for scanning RPM files (#917) * remove arch typo - add debug/reg s390x (#915) * grype release message update (#914) * feat: extract use cpes in matching logic to be configurable (#911) * docs: add Singularity to "features" in README (#912) ------------------------------------------------------------------- Wed Sep 07 05:39:15 UTC 2022 - kastl@b1-systems.de - Update to version 0.49.0: * docs: improve Singularity image source docs (#910) * Add Singularity image source (#908) * Update grype bootstrap tools to latest versions. (#907) * Update Syft to v0.55.0 (#906) * Update grype bootstrap tools to latest versions. (#905) * Update grype bootstrap tools to latest versions. (#903) * Update grype bootstrap tools to latest versions. (#896) * Add blurbs about building and running from source (#893) * Fix docker build typo (#891) ------------------------------------------------------------------- Wed Sep 07 05:36:24 UTC 2022 - kastl@b1-systems.de - Update to version 0.48.0: * disable CPE match filtering based on target software component for java packages (#889) * Update grype bootstrap tools to latest versions. (#886) * fix getting latest gosimports version (#885) * workflow to create automated PRs to update bootstrap tools (#883) * Add s390x build support (#720) * fix: only show distro warning if distro packages exist (#875) ------------------------------------------------------------------- Wed Sep 07 05:33:41 UTC 2022 - kastl@b1-systems.de - Update to version 0.47.0: * Update Syft to v0.54.0 (#881) * Update README.md (#871) * Update README.md (#868) ------------------------------------------------------------------- Wed Sep 07 05:30:47 UTC 2022 - kastl@b1-systems.de - Update to version 0.46.0: * test: rm mustConst since unused (#860) * Update Syft to v0.53.4 (#856) * feat: enrich db check cmd feedback (#853) * update syft version location for Makefile (#865) ------------------------------------------------------------------- Wed Sep 07 05:28:51 UTC 2022 - kastl@b1-systems.de - Update to version 0.45.0: * remove env variable dependencies and keychain from signing script (#864) * macos-latest for signing (#863) * move docker release into separate release workflow (#862) * revert to old docker action (#861) * additional readOptions added per 855 (#857) * Ensure database access is readonly (#854) * push older version for mac runner stability (#852) * bump bouncer to v0.4.0 (#851) * feat: simple input case to request vulnerability data via purl (#795) * update golanci-lint, goreleaser, cosign (#850) * fix: db diff default has flipped base/target url (#845) ------------------------------------------------------------------- Tue Jul 26 11:28:54 UTC 2022 - kastl@b1-systems.de - Update to version 0.44.0: * add env variables and keychain for GHCR publish (#843) * update grype to use syft v0.52.0 (#838) * add debug distroless image to published images (#835) * add new line for help block (#834) * add Gentoo matching support (#813) * feat: add filtering support using target software field in cpe (#810) ------------------------------------------------------------------- Tue Jul 19 08:19:48 UTC 2022 - kastl@b1-systems.de - Update to version 0.43.0: * Add new matcher files for golang => remove main module FP matches (#829) * Fix a cyclonedxvex typo and fix the schema document from (#830) * feat: add --only-notfixed flag (#828) * add DBCloser. Clients can aviod db connection leak if vulnerability db is loaded many times (#825) ------------------------------------------------------------------- Sat Jul 16 19:00:16 UTC 2022 - kastl@b1-systems.de - Update to version 0.42.0: * bump syft version to v0.51.0 (#822) * feat: implement `grype db diff` command (#812) * fix typo in log message (#819) ------------------------------------------------------------------- Wed Jul 06 18:11:46 UTC 2022 - kastl@b1-systems.de - Update to version 0.41.0: * update syft to v0.50.0 (#818) * Finalize v4 Grype schema (#803) * docs: update to include rust (#814) * feat: add diffing 2 databases to v3 store functionality (#789) * fix: add support for partybus ui on `grype db update` cmd (#806) * Added Docker example to Readme (#769) * fix: add vex json & xml to listed formats (#802) * docs: update php listing to be more clear that the `.json` file isn't indexed (#808) ------------------------------------------------------------------- Mon Jun 27 13:20:36 UTC 2022 - kastl@b1-systems.de - Update to version 0.40.1: * update syft => v0.49.0 (#804) * remove oss meetup message (#799) * fix: add fixed versions to cyclonedxjson output (#763) * docs: update to include php (#793) ------------------------------------------------------------------- Wed Jun 22 08:33:50 UTC 2022 - kastl@b1-systems.de - Update to version 0.40.0: * update grype to latest syft patch v0.48.1 (#790) * fix: add golang to documentation (#788) * fix: accept templates with custom functions (#786) * add db staleness check (#785) * feat: add compose workflow for local dev (#783) * ignore gemfile rich version for semVer comparison (#776) * Support namespace and language as additional criteria for ignoring vulnerability matches (#780) ------------------------------------------------------------------- Wed Jun 22 08:19:33 UTC 2022 - kastl@b1-systems.de - Update to version 0.39.0: * update syft version to v0.47.0 (#781) * use anchore fork of glebarez/sqlite (#778) * template: Check sanity for template file (#674) * Add announcement for Anchore OSS Meetup (#775) * Bump github.com/hashicorp/go-getter from 1.5.11 to 1.6.1 (#770) * publish release to reduce user friction (#766) * Update Syft to v0.46.3 (#761) * Add reference to logrus logging levels (#758) * README: add MacPorts install info (#759) ------------------------------------------------------------------- Mon Jun 6 19:46:12 UTC 2022 - Johannes Kastl <kastl@b1-systems.de> - new package grype at version 0.38.0: A vulnerability scanner for container images and filesystems
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
