File grype.changes of Package grype
-------------------------------------------------------------------
Tue Apr 01 17:31:06 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.91.0:
* Added Features
- Add v5 namespace emulation to db search output [#2539
@wagoodman]
- Add CVSS metrics in search JSON output [#2568 @wagoodman]
- Exit with a different return code for a failed scan [#1922]
* Bug Fixes
- Use data driven approach when detecting Alpine:edge and
Debian:sid [#2556 @wagoodman]
- db list should render out full URLs for text format [#2553
@wagoodman]
- grype db import fails since v0.88 and above [#2542 #2546
@kzantow]
* Dependencies
- chore(deps): update anchore dependencies (#2570)
- chore(deps): bump actions/setup-python in
/.github/actions/bootstrap (#2564)
- chore(deps): bump actions/cache in /.github/actions/bootstrap
(#2549)
- chore(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2
(#2551)
- chore(deps): bump actions/cache from 4.2.2 to 4.2.3 (#2552)
- chore(deps): bump github/codeql-action from 3.28.12 to
3.28.13 (#2562)
- chore(deps): bump github.com/docker/docker (#2565)
- chore(deps): bump 8398a7/action-slack from 3.16.2 to 3.18.0
(#2567)
- chore(deps): update tools to latest versions (#2536)
- chore(deps): bump github.com/containerd/containerd from
1.7.26 to 1.7.27 (#2535)
- chore(deps): bump actions/setup-go in
/.github/actions/bootstrap (#2543)
- chore(deps): bump github/codeql-action from 3.28.11 to
3.28.12 (#2544)
- chore(deps): bump actions/setup-go from 5.3.0 to 5.4.0
(#2545)
-------------------------------------------------------------------
Tue Mar 18 05:47:30 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 0.90.0:
* chore(deps): update anchore dependencies (#2533)
* feat: specify distro without version (#2534)
* import DB from URL (#2532)
* Improve DB metadata regarding data provenance (#2529)
* chore(deps): bump github/codeql-action from 3.28.10 to 3.28.11
(#2519)
* chore(deps): bump github.com/charmbracelet/lipgloss from 1.0.0
to 1.1.0 (#2525)
* chore(deps): update tools to latest versions (#2512)
* chore(deps): bump docker/login-action from 3.3.0 to 3.4.0
(#2528)
-------------------------------------------------------------------
Fri Mar 14 06:27:30 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 0.89.1:
* fix: populate vulnerability.Metadata.DataSource with first
reference URL (#2523)
* fix(java): ensure fatal error from maven search bubbles up
(#2518)
* fix: exclude self from related vulnerability list (#2515)
-------------------------------------------------------------------
Fri Mar 07 06:41:48 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 0.89.0:
* chore(deps): bump github.com/muesli/termenv from 0.15.2 to
0.16.0 (#2509)
* chore(deps): bump golang.org/x/tools from 0.30.0 to 0.31.0
(#2510)
* fix regression to allow for reading listing from local FS
(#2508)
* chore(deps): bump golang.org/x/time from 0.10.0 to 0.11.0
(#2503)
* chore(deps): update tools to latest versions (#2506)
* Add suggested fixed version when there are multiple fixes
available (#2271)
* remove v6 development configuration (#2504)
-------------------------------------------------------------------
Thu Mar 06 06:18:47 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 0.88.0:
* Enumerate version ranges within a single match (don't
duplicate) (#2502)
* Fix CPE target software filtering + improve logging (#2494)
* chore(deps): bump peter-evans/create-pull-request from 7.0.7 to
7.0.8 (#2501)
* test: update quality gate db to latest version (#2495)
* chore(deps): update tools to latest versions (#2496)
* ensure azurelinux ids get same version processing as mariner
(#2499)
* ensure azure linux has 0 minor version (#2498)
* cover mariner and ubuntu namespace conversion (#2497)
* Add KEV & EPSS to db search schema (#2481)
* Refactor presenters to use static model over dynamic lookups
(#2492)
* feat: enable v6 database (#2439)
* fix(java): error out on maven search rate limiting (#2460)
* chore(deps): bump github.com/charmbracelet/bubbletea from 1.3.3
to 1.3.4 (#2484)
* chore(deps): bump github.com/docker/docker (#2485)
* chore(deps): bump actions/cache in /.github/actions/bootstrap
(#2490)
* chore(deps): bump actions/cache from 4.2.1 to 4.2.2 (#2491)
* chore(deps): update tools to latest versions (#2487)
* fix: golang 1.24 version handling (#2486)
* chore: update syft to 1.20 (#2473)
* chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1
(#2477)
* chore(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0
(#2475)
* chore(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1
(#2478)
* chore(deps): bump peter-evans/create-pull-request from 7.0.6 to
7.0.7 (#2479)
* chore(deps): bump github/codeql-action from 3.28.9 to 3.28.10
(#2480)
* Add EPSS models to the v6 DB (#2472)
* fix: add explicit igore for problematic CVE-2023-45853 (#2474)
* Add KEV information to v6 DB (#2464)
* Add CPE provider (#2463)
* chore(deps): bump actions/cache in /.github/actions/bootstrap
(#2467)
* chore(deps): bump actions/cache from 4.2.0 to 4.2.1 (#2469)
* detect when DB rehydration is necessary (#2470)
* chore(deps): bump sigstore/cosign-installer from 3.8.0 to 3.8.1
(#2468)
* chore(deps): update tools to latest versions (#2465)
* chore(deps): bump github.com/docker/docker (#2466)
* chore(deps): update tools to latest versions (#2433)
* chore: update rpm modularity to string pointer (#2458)
* fix jenkins plugins (#2457)
* chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.10
to 0.5.11 (#2453)
* chore(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1
(#2454)
* Additional ecosystem related v6 fixes (#2450)
* chore(deps): bump golang.org/x/tools from 0.29.0 to 0.30.0
(#2437)
* add language mapping to konwn pkg spec override (#2448)
* chore(deps): bump github.com/charmbracelet/bubbletea from 1.3.2
to 1.3.3 (#2447)
* feat: update to go 1.24.x (#2441)
* Add more logging and fix search by CPE (#2444)
* fix: only log matcher errors (#2442)
* chore: update runners to ubuntu-24.04 (#2440)
* fix: exclude unknown packages from CPE target software
component filter logic (#2438)
* chore(deps): bump github.com/charmbracelet/bubbletea from 1.3.0
to 1.3.2 (#2436)
* More complete severity parsing for v6 DBs (#2431)
* remove DB v3 and v4 schema code (#2435)
* feat: v6 database support, updated matcher interfaces (#2311)
* add optional ID to reference + advisory tag const (#2432)
* chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.9 to
0.5.10 (#2430)
* chore(deps): bump github/codeql-action from 3.28.8 to 3.28.9
(#2429)
* chore(deps): bump golang.org/x/time from 0.9.0 to 0.10.0
(#2424)
* chore(deps): update tools to latest versions (#2425)
* chore(deps): bump github.com/charmbracelet/bubbletea from 1.2.4
to 1.3.0 (#2426)
* chore(deps): bump sigstore/cosign-installer from 3.7.0 to 3.8.0
(#2427)
* test: update quality gate db to latest version (#2420)
* chore(deps): update tools to latest versions (#2419)
* docs(config): add GRYPE_CONFIG docs (#2380)
* feat: output compact JSON by default with option for pretty
format (#2406)
* chore(deps): update tools to latest versions (#2417)
* chore(deps): bump github/codeql-action from 3.28.7 to 3.28.8
(#2416)
* chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.8 to
0.5.9 (#2413)
* docs: flip descriptions to correct documentation (#2414)
* chore(deps): bump github/codeql-action from 3.28.6 to 3.28.7
(#2415)
* chore(deps): bump github/codeql-action from 3.28.5 to 3.28.6
(#2410)
* chore(deps): bump actions/setup-python in
/.github/actions/bootstrap (#2411)
* feat(external-sources): make maven rate limit configurable
(#2397)
* chore(deps): bump github/codeql-action from 3.28.4 to 3.28.5
(#2407)
* chore(deps): bump github/codeql-action from 3.28.3 to 3.28.4
(#2405)
* chore(deps): bump anchore/sbom-action from 0.17.9 to 0.18.0
(#2404)
* Performance enhancements for DB v6 writes (#2394)
* chore(deps): update tools to latest versions (#2395)
* chore(deps): bump actions/setup-python in
/.github/actions/bootstrap (#2398)
* chore(deps): bump actions/cache in /.github/actions/bootstrap
(#2400)
* chore(deps): bump actions/setup-go in
/.github/actions/bootstrap (#2399)
* chore(deps): bump github/codeql-action from 3.28.2 to 3.28.3
(#2401)
* chore(deps): bump github.com/docker/docker (#2402)
* chore(deps): bump golang.org/x/time from 0.8.0 to 0.9.0 (#2403)
* chore(ci): fix composite GitHub action path in dependabot
config (#2396)
-------------------------------------------------------------------
Thu Jan 23 05:36:33 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 0.87.0:
* chore(deps): update anchore dependencies (#2388)
* external-sources: throttle requests to maven central to avoid
being rate limited for large sets of java dependencies (#2384)
* chore(deps): bump github.com/aquasecurity/go-pep440-version
(#2391)
* chore(deps): bump github/codeql-action from 3.28.1 to 3.28.2
(#2390)
* chore(deps): bump github.com/anchore/stereoscope from 0.0.12 to
0.0.13 (#2392)
* chore(deps): update tools to latest versions (#2389)
* chore(deps): bump github.com/invopop/jsonschema from 0.7.0 to
0.13.0 (#2378)
* chore(deps): update tools to latest versions (#2381)
* chore(deps): bump actions/setup-go from 5.2.0 to 5.3.0 (#2386)
* remove db debug statements for v6 (#2387)
* chore: disable v1 images in quality tests (#2385)
* Add package spec alias + case insensitivity for v6 DBs (#2376)
* chore(deps): bump github.com/google/go-containerregistry
(#2377)
* chore(deps): bump golang.org/x/tools from 0.23.0 to 0.29.0
(#2379)
* fix: upstream match for linux-.*-headers-.* (#2320)
* chore(deps): bump github.com/go-git/go-git/v5 from 5.12.0 to
5.13.0 (#2371)
* chore(deps): bump actions/upload-artifact from 4.5.0 to 4.6.0
(#2370)
* chore(deps): bump github.com/anchore/stereoscope from 0.0.11 to
0.0.12 (#2369)
* chore(deps): bump github.com/spf13/afero from 1.11.0 to 1.12.0
(#2368)
* chore(deps): bump github.com/hashicorp/go-getter from 1.7.6 to
1.7.8 (#2374)
* Enhance v6 search command (#2303)
* chore(deps): bump github/codeql-action from 3.28.0 to 3.28.1
(#2372)
* feat: add OpenVEX matching on local package name + tags (#2355)
* use v6 vuln status enum (#2366)
* Clean up config help text (#2347)
* have aliases for non standard names (#2352)
* chore(deps): update tools to latest versions (#2364)
* chore(deps): update tools to latest versions (#2362)
* chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.7
to 1.4.8 (#2363)
* chore(deps): update tools to latest versions (#2361)
* chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.7 to
0.5.8 (#2353)
* chore(deps): bump peter-evans/create-pull-request from 7.0.5 to
7.0.6 (#2354)
* test: update quality gate db to latest version (#2358)
* chore(deps): update tools to latest versions (#2359)
* have aliases for non standard names (#2351)
* finalize label version and add release id to OS model (#2349)
* chore(deps): update tools to latest versions (#2346)
* chore(deps): bump github/codeql-action from 3.27.9 to 3.28.0
(#2350)
* do not warn if DB missing (#2341)
* Allow v6 store to support multiple qualifiers (#2338)
* chore(deps): bump github.com/docker/docker (#2339)
* chore(deps): bump actions/upload-artifact from 4.4.3 to 4.5.0
(#2340)
* Drop DB v6 indexes on close (#2335)
* chore(deps): bump anchore/sbom-action from 0.17.8 to 0.17.9
(#2334)
-------------------------------------------------------------------
Sat Dec 14 21:22:36 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.86.1:
* chore(deps): update anchore dependencies (#2331)
* chore(deps): bump github/codeql-action from 3.27.7 to 3.27.9
(#2330)
* fix: do not panic on cdx/sairf output from PURL file (#2328)
* chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.1
to 0.9.2 (#2329)
* chore: move v5-specific interfaces and implementations to the
v5 package (#2322)
* chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0
(#2323)
* docs: fix link to cosign documentation (#2321)
* deduplicate vulns on store write (#2319)
* chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#2317)
* chore(deps): bump actions/setup-go from 5.1.0 to 5.2.0 (#2318)
* add update anchore dependencies workflow (#2312)
* chore: replace archiver with anchore fork (#2313)
* chore(deps): bump github.com/docker/docker (#2310)
* chore(deps): bump github/codeql-action from 3.27.6 to 3.27.7
(#2309)
-------------------------------------------------------------------
Tue Dec 10 08:54:29 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.86.0:
* chore(deps): update anchore dependencies (#2308)
* chore(deps): update tools to latest versions (#2307)
* chore(deps): update tools to latest versions (#2305)
* chore(deps): bump actions/cache from 4.1.2 to 4.2.0 (#2306)
* add initial os aliases to the DB after migration (#2301)
* latest doc from reader should allow for empty (#2294)
* Migrate searchable vulnerability data out of v6 blob (#2300)
* fix: add PURLs in SARIF report (#2254)
* ignore linux-aws-headers-.* as well like linux-headers-.*
(#2295)
* chore(deps): bump github/codeql-action from 3.27.5 to 3.27.6
(#2296)
* chore(deps): update tools to latest versions (#2298)
* chore: refactor v5-specific code out of core packages (#2299)
* modify store to be one getter-per-noun (#2297)
* Add ability to map CPEs directly to packages (v6 schema)
(#2285)
* Fix DB v6 curator directory creation (#2293)
* test: update quality gate db to latest version (#2291)
* chore(deps): update tools to latest versions (#2290)
* add db v6 feature flag and wire to db commands (#2288)
* Simplify v6 distribution material (#2277)
* chore(deps): bump anchore/sbom-action from 0.17.7 to 0.17.8
(#2279)
* chore(deps): bump github.com/stretchr/testify from 1.9.0 to
1.10.0 (#2284)
* chore(deps): update tools to latest versions (#2280)
* chore(deps): bump github.com/charmbracelet/bubbletea from 1.2.3
to 1.2.4 (#2283)
* note supported grype versions (#2287)
* remove support for v1 & v2 schemas (#2278)
* allow distro search to be entirely data driven (#2265)
-------------------------------------------------------------------
Fri Nov 22 09:34:28 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.85.0:
* dependencies: latest syft and stereoscope (#2275)
* chore(deps): bump github/codeql-action from 3.27.4 to 3.27.5
(#2272)
* chore(deps): bump github.com/charmbracelet/bubbletea from 1.2.2
to 1.2.3 (#2273)
* chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.6
to 1.4.7 (#2274)
* chore(deps): update tools to latest versions (#2269)
* fix: bump clio to fix logging when no tty present (#2268)
* chore(deps): bump github/codeql-action from 3.27.3 to 3.27.4
(#2260)
* fix failing tests (#2261)
* Add v6 DB curator (#2151)
* Add affected CPE store (#2258)
* chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.2
to 1.2.2 (#2256)
* Add AffectedPackage store (#2245)
* Add v6 vulnerability & blob stores (#2243)
* chore(deps): bump anchore/sbom-action from 0.17.6 to 0.17.7
(#2238)
* chore(deps): bump github.com/anchore/stereoscope (#2246)
* chore(deps): bump github/codeql-action from 3.27.0 to 3.27.3
(#2257)
* Add v6 distribution client (#2150)
* restore log on ui teardown (#2248)
* Merge indirect matches with direct matches (#2241)
* doc: Add official Grype logo license information (#2244)
* add v6 provider store (#2232)
-------------------------------------------------------------------
Tue Nov 12 08:13:47 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.84.0:
* chore(deps): update Syft to v1.16.0 (#2237)
* test: update quality gate db to latest version (#2231)
* chore(deps): bump github.com/adrg/xdg from 0.5.2 to 0.5.3
(#2230)
* chore(deps): bump github.com/charmbracelet/lipgloss from 0.13.1
to 1.0.0 (#2228)
* fix and cleanup namespace search to account for missing info
(#2226)
* Remove gentoo integration test (#2227)
* Improve purl input (#2223)
* chore(deps): bump github.com/adrg/xdg from 0.5.1 to 0.5.2
(#2220)
* chore(deps): bump anchore/sbom-action from 0.17.5 to 0.17.6
(#2221)
-------------------------------------------------------------------
Tue Oct 29 14:02:25 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.83.0:
* bump syft to v1.15.0, sterescope to v0.0.5 (#2219)
* Add `grype db providers` command (#2174)
* chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.1
to 1.1.2 (#2214)
* chore(deps): update tools to latest versions (#2213)
* docs: update config section to be valid, reference config
subcommand (#2218)
* chore(deps): bump github.com/charmbracelet/lipgloss (#2207)
* chore(deps): bump github/codeql-action from 3.26.13 to 3.27.0
(#2208)
* chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#2209)
* chore(deps): bump actions/setup-go from 5.0.2 to 5.1.0 (#2211)
* feat: multi-level configuration and profiles (#2194)
* chore(deps): bump actions/cache from 4.1.1 to 4.1.2 (#2204)
* chore(deps): bump anchore/sbom-action from 0.17.4 to 0.17.5
(#2205)
-------------------------------------------------------------------
Tue Oct 22 07:09:22 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.82.2:
* Update to Syft v1.14.2 (#2203)
* Updated README.md with correct spellings & phrase. (#2201)
* chore(deps): bump github.com/adrg/xdg from 0.5.0 to 0.5.1
(#2198)
* chore(deps): update tools to latest versions (#2196)
* fix: azurelinux considered as comprehensive distro (#2197)
* chore(deps): bump anchore/sbom-action from 0.17.3 to 0.17.4
(#2193)
-------------------------------------------------------------------
Tue Oct 15 15:36:39 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.82.1:
* chore(deps): update Syft to v1.14.1 (#2191)
* dependency: bump syft to main pre-release (#2189)
* chore(deps): bump github/codeql-action from 3.26.12 to 3.26.13
(#2183)
* Skip matching on packages with missing version info (#2182)
* chore(deps): bump anchore/sbom-action from 0.17.2 to 0.17.3
(#2184)
* chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.5
to 1.4.6 (#2185)
* Account for implicit 0s in rpm release versions (#2188)
* chore: bump syft in quality gate to v1.14.0 (#2187)
* use epoch from metadata when missing from version string
(#2186)
* fix: exclude binary packages from CPE target software component
filter logic (#2179)
* add release docs (#2177)
* chore(deps): bump actions/upload-artifact from 4.4.2 to 4.4.3
(#2176)
* chore(deps): bump actions/upload-artifact from 4.4.1 to 4.4.2
(#2173)
* chore(deps): bump actions/cache from 4.0.2 to 4.1.1 (#2172)
* [chore] Add mastodon link to README.md (#2166)
* chore(deps): bump actions/upload-artifact from 4.4.0 to 4.4.1
(#2167)
* chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#2168)
* chore(deps): bump github/codeql-action from 3.26.11 to 3.26.12
(#2169)
-------------------------------------------------------------------
Wed Oct 09 04:39:05 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.82.0:
* chore(deps): update Syft to v1.14.0 (#2164)
* fix: use fix info from secDB in APK matcher even if NVD fix
info present (#2162)
* chore(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0
(#2159)
* chore(deps): bump github/codeql-action from 3.26.10 to 3.26.11
(#2160)
* chore(deps): update tools to latest versions (#2157)
* Add v6 DB metadata store (#2146)
* feat: remove `wordpress` from `known` targets due to wordpress
cataloger support syft/#1553
* Add a space following the "Name:" label (#2155)
* chore(deps): update tools to latest versions (#2154)
* test: update quality gate db to latest version (#2153)
* explicitly skip update ts on check failure (#2152)
* port over tar/xz decompressors (#2139)
* chore(deps): bump github/codeql-action from 3.26.9 to 3.26.10
(#2149)
* chore(deps): bump github.com/docker/docker (#2147)
* implement a low pass filter for update checks (#2148)
* migrate legacy distribution concerns (#2144)
* chore(deps): bump github/codeql-action from 3.26.8 to 3.26.9
(#2142)
* chore(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#2145)
-------------------------------------------------------------------
Thu Sep 26 05:02:11 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.81.0:
* add awaiting response management (#2141)
* feat: add distro mapping for azure linux 3 (#1848)
-------------------------------------------------------------------
Tue Sep 24 17:22:08 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.80.2:
* chore(deps): update Syft to v1.13.0 (#2140)
* Correctly match JVM version ranges (#2114)
* chore: switch to yardstick validate from custom gate.py (#2090)
* chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.0
to 0.9.1 (#2118)
* chore(deps): update tools to latest versions (#2123)
* chore(deps): bump github/codeql-action from 3.26.7 to 3.26.8
(#2135)
* chore(deps): bump peter-evans/create-pull-request from 7.0.2 to
7.0.5 (#2136)
* test: fix slice init length (#2133)
* fix: hash vuln db only once on load (#2054)
* chore: include file specifier in help (#2121)
* docs: add mention of file scheme (#2120)
* fix(apk): find secdb entries for origin packages (#1602)
* chore(deps): update tools to latest versions (#2115)
* chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7
(#2113)
* chore(deps): update tools to latest versions (#2102)
* chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.0
to 1.1.1 (#2109)
* chore(deps): bump peter-evans/create-pull-request from 7.0.1 to
7.0.2 (#2111)
-------------------------------------------------------------------
Thu Sep 12 05:00:44 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.80.1:
* chore(deps): bump github.com/anchore/syft from 1.11.1 to 1.12.2
(#2108)
* fix: Update gitmodule url (#2106)
* chore(deps): bump gorm.io/gorm from 1.25.11 to 1.25.12 (#2103)
* chore(deps): bump github.com/dave/jennifer from 1.7.0 to 1.7.1
(#2105)
* chore(deps): bump github.com/opencontainers/runc from 1.1.13 to
1.1.14 (#2098)
* chore(deps): bump peter-evans/create-pull-request from 7.0.0 to
7.0.1 (#2099)
* chore(deps): bump github.com/anchore/stereoscope (#2074)
* chore(deps): bump github.com/docker/docker (#2086)
* chore(deps): bump github/codeql-action from 3.26.4 to 3.26.6
(#2089)
* chore(sec): update Golang and runc to latest releases (#2091)
CVE-2024-3154
* chore(deps): bump github.com/charmbracelet/bubbletea (#2092)
* chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.3 to
3.3.0 (#2093)
* test: update quality gate db to latest version (#2094)
* chore(deps): bump actions/upload-artifact from 4.3.6 to 4.4.0
(#2096)
* chore(deps): bump peter-evans/create-pull-request from 6.1.0 to
7.0.0 (#2097)
* chore(deps): update tools to latest versions (#2082)
* docs(templates): escape description in junit.tmpl (#2088)
* chore(deps): update tools to latest versions (#2080)
* chore(deps): bump github/codeql-action from 3.26.3 to 3.26.4
(#2078)
* chore(deps): bump anchore/sbom-action from 0.17.1 to 0.17.2
(#2079)
* chore(deps): update tools to latest versions (#2072)
* chore(deps): bump github.com/charmbracelet/lipgloss (#2073)
* chore: bump quality gate vuln match labels data (#2069)
-------------------------------------------------------------------
Wed Aug 21 06:33:12 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.80.0:
* chore(deps): bump github/codeql-action from 3.26.2 to 3.26.3
(#2070)
* chore(deps): update Syft to v1.11.1 (#2071)
* chore: add grype version to db network operations (#2062)
* fix: do not panic when given empty string arg (#2064)
* chore(deps): bump github.com/charmbracelet/bubbletea (#2067)
* fix: correctly close the db file in v4/v5 stores (#2066)
* Add "Alpine Linux" to IDMapping; handle no CPEs error in
findApkPackage. (#2040)
* chore(deps): update tools to latest versions (#2055)
* chore(deps): bump github.com/docker/docker (#2052)
* fix: fail when grype cant check for db update (#1247)
* chore(deps): bump anchore/sbom-action from 0.17.0 to 0.17.1
(#2053)
* chore(deps): bump github.com/hashicorp/go-getter from 1.7.5 to
1.7.6 (#2056)
* chore(deps): bump github/codeql-action from 3.26.0 to 3.26.2
(#2060)
* feat: add db search subcommand (#2031)
-------------------------------------------------------------------
Mon Aug 12 18:29:35 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.79.6:
* do not fail when inflating DB records (#2049)
* chore: remove quality gate Makefile db age check (#2036)
* doc: Updates for the Slack to Discourse migration (#2046)
-------------------------------------------------------------------
Mon Aug 12 06:25:09 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.79.5:
* feat: update to Syft 1.11.0 (#2047)
* fix: higher default timeout for database download (#2033)
* chore(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0
(#2045)
* chore(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6
(#2035)
* chore(deps): update tools to latest versions (#2038)
* chore(deps): bump github.com/google/go-containerregistry
(#2043)
* chore(deps): bump github/codeql-action from 3.25.15 to 3.26.0
(#2044)
* test: update quality gate db to latest version (#2034)
* chore(deps): update tools to latest versions (#2027)
* chore(deps): bump actions/upload-artifact from 4.3.4 to 4.3.5
(#2028)
* chore: add grype version to application update check headers
(#2021)
* test: update quality gate db to latest version (#2026)
* chore: use the .tool/gh for release script (#2022)
-------------------------------------------------------------------
Thu Aug 01 07:21:37 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.79.4:
* chore(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0
(#2016)
* chore(deps): update Syft to v1.10.0 (#2019)
* chore(deps): bump github/codeql-action from 3.25.14 to 3.25.15
(#2011)
* chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.4
to 1.4.5 (#2012)
* chore(deps): update tools to latest versions (#2015)
* chore(deps): bump github/codeql-action from 3.25.13 to 3.25.14
(#2010)
* disable ui before run function on db status (#2008)
* chore(deps): bump github.com/docker/docker (#2007)
* chore(deps): update tools to latest versions (#2003)
* chore(deps): bump github.com/docker/docker (#2000)
* chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.4 to
0.5.5 (#2001)
* chore(deps): bump docker/login-action from 3.2.0 to 3.3.0
(#2002)
* chore(deps): bump github/codeql-action from 3.25.12 to 3.25.13
(#1999)
* chore: request artifact in issue template (#1996)
* chore(deps): update tools to latest versions (#1998)
* docs: CODE_OF_CONDUCT.md (#1994)
* chore(deps): bump github.com/google/go-containerregistry
(#1997)
* chore(deps): bump anchore/sbom-action from 0.16.1 to 0.17.0
(#1992)
* chore(deps): update tools to latest versions (#1989)
* chore(deps): bump github/codeql-action from 3.25.11 to 3.25.12
(#1990)
* chore(deps): bump github.com/charmbracelet/lipgloss (#1991)
-------------------------------------------------------------------
Tue Jul 16 05:52:51 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.79.3:
* chore(deps): bump gorm.io/gorm from 1.25.10 to 1.25.11 (#1985)
* chore(deps): bump anchore/sbom-action from 0.16.0 to 0.16.1
(#1981)
* chore(deps): bump actions/setup-go from 5.0.1 to 5.0.2 (#1982)
* chore(deps): update Syft to v1.9.0 (#1986)
* fix: correct cpe target software comparison to syft language
(#1658)
* chore(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4
(#1977)
* docs: update readme with new default format (#1974)
-------------------------------------------------------------------
Wed Jul 03 15:45:38 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.79.2:
* chore(deps): bump github/codeql-action from 3.25.10 to 3.25.11
(#1968)
* chore(deps): update tools to latest versions (#1969)
* test: update quality gate db to latest version (#1972)
* chore: pin new sign installer to commit sha (#1966)
* chore(deps): bump github.com/charmbracelet/bubbletea (#1963)
* chore(deps): update tools to latest versions (#1962)
* chore: add workflow to update quality test db (#1961)
* chore(deps): bump github.com/anchore/syft from 1.7.0 to 1.8.0
(#1957)
* chore(deps): bump github.com/go-test/deep from 1.1.0 to 1.1.1
(#1958)
* chore(deps): bump github.com/hashicorp/go-getter from 1.7.4 to
1.7.5 (#1959)
* chore: update test_db_url; remove white space (#1960)
* chore(deps): bump peter-evans/create-pull-request from 6.0.5 to
6.1.0 (#1954)
* chore(deps): bump github.com/charmbracelet/bubbletea (#1955)
* chore: enable dependabot to keep boostrap action updated
(#1953)
* fix: use location RealPath not String() (#1950)
-------------------------------------------------------------------
Tue Jun 18 10:49:00 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.79.1:
* chore: update CI to install golang at latest version (#1949)
* chore(deps): bump github.com/google/go-containerregistry
(#1948)
* chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1
(#1947)
-------------------------------------------------------------------
Sat Jun 15 16:15:49 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.79.0:
* chore: Update syft v1.7.0 (#1945)
* chore(deps): bump github/codeql-action from 3.25.8 to 3.25.10
(#1940)
* chore(deps): update tools to latest versions (#1943)
* fix match sort ordering for different locations (#1944)
* chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 (#1941)
* Updating maven URLs in README.md (#1934)
* sort order for matches should consider fix info (#1933)
* chore(deps): update tools to latest versions (#1925)
* chore(deps): update tools to latest versions (#1921)
* chore(deps): update tools to latest versions (#1919)
* chore(deps): bump actions/checkout from 4.1.1 to 4.1.6 (#1920)
* feat(signature): Checksum signature verification (#1670)
* add skopeo to managed utilities (#1915)
* chore(deps): bump github/codeql-action from 3.25.7 to 3.25.8
(#1909)
* chore(deps): bump github.com/docker/docker (#1916)
* remove dco workflow (#1914)
* use dco tool during gh app outage (#1910)
* chore(deps): bump github/codeql-action from 3.25.6 to 3.25.7
(#1901)
* chore(deps): bump github.com/charmbracelet/bubbletea (#1902)
* fix: add note about TMPDIR env var (#1880)
* fix: uppercased package in json (#1900)
* fix: main mod pseudo version default off (#1894)
* chore(deps): update tools to latest versions (#1898)
-------------------------------------------------------------------
Thu May 30 09:30:59 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.78.0:
* update syft to v1.5.0 (#1897)
* chore(deps): bump docker/login-action from 3.1.0 to 3.2.0
(#1896)
* Update syft to 1.4.2-0.20240528141306-ac34808b9c55 (#1895)
* chore(deps): bump github.com/charmbracelet/lipgloss (#1888)
* chore(deps): bump github.com/hashicorp/go-version from 1.6.0 to
1.7.0 (#1887)
* chore(deps): update tools to latest versions (#1891)
* chore(deps): bump github.com/charmbracelet/bubbletea (#1890)
* chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.3
to 1.4.4 (#1889)
* chore(deps): update tools to latest versions (#1883)
* feat: add config command (#1876)
* disable TUI for simpler commands (#1872)
* chore(deps): bump github.com/docker/docker (#1867)
* chore(deps): bump actions/checkout from 4.1.5 to 4.1.6 (#1868)
* chore(deps): update tools to latest versions (#1864)
* chore(deps): bump github/codeql-action from 2.13.4 to 3.25.6
(#1870)
* chore(deps): bump anchore/sbom-action from 0.15.11 to 0.16.0
(#1871)
* chore(deps): update tools to latest versions (#1862)
* chore: add top level permissions to new workflow (#1860)
* chore(deps): update tools to latest versions (#1856)
* chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 (#1858)
* chore(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3
(#1859)
* fix: ask catalog for package rather than type asserting (#1857)
-------------------------------------------------------------------
Sun May 12 07:52:24 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- add completion subpackages
- fix version output
-------------------------------------------------------------------
Fri May 10 05:07:49 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.77.4:
* Upgrade tool management (#1842)
* chore(deps): update Syft to v1.4.0 (#1855)
* chore(deps): update bootstrap tools to latest versions (#1852)
* chore(deps): bump github.com/charmbracelet/bubbletea (#1853)
* chore(deps): bump github.com/docker/docker (#1854)
* chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 (#1847)
-------------------------------------------------------------------
Wed May 08 11:40:40 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.77.3:
* Revert "feat: modify metadata structure for providers' pull
date (#1795)" (#1846)
* chore(deps): bump github.com/charmbracelet/bubbletea (#1844)
* chore(deps): update bootstrap tools to latest versions (#1845)
* chore(deps): bump actions/setup-go from 5.0.0 to 5.0.1 (#1840)
* chore(deps): bump github.com/charmbracelet/bubbletea (#1841)
* chore(deps): bump github.com/docker/docker (#1839)
-------------------------------------------------------------------
Thu May 02 07:23:26 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.77.2:
* fix: update ignored vulnerability count in tui (#1837)
* fix: update sarif to pass microsoft validator (#1838)
* chore(deps): bump anchore/sbom-action from 0.15.10 to 0.15.11
(#1835)
-------------------------------------------------------------------
Fri Apr 26 18:51:37 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.77.1:
* chore(deps): bump gorm.io/gorm from 1.25.9 to 1.25.10 (#1831)
* chore(deps): update Syft to v1.3.0 (#1832)
* chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.3 to
0.5.4 (#1824)
* chore(deps): bump actions/checkout from 4.1.3 to 4.1.4 (#1823)
* chore(deps): bump github.com/anchore/stereoscope (#1825)
* chore(deps): bump peter-evans/create-pull-request from 6.0.4 to
6.0.5 (#1828)
* fix: update grype version to support darwin arm64 (#1830)
* chore(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3
(#1820)
* docs: update README with newer data sources (#1819)
* chore(deps): bump github.com/docker/docker (#1821)
* Add some more examples for the `config.yaml` file in the
README. (#1811)
* chore(deps): bump github.com/docker/docker (#1817)
* chore(deps): bump actions/checkout from 4.1.2 to 4.1.3 (#1818)
-------------------------------------------------------------------
Fri Apr 19 05:44:51 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.77.0:
* config: add config opt in golang pseudo version main module
comparison (#1816)
* chore(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2
(#1814)
* feat: modify metadata structure for providers' pull date
(#1795)
* fix: add linux and libc-dev headers ignore rules for debian
packages (#1809)
* chore(deps): bump peter-evans/create-pull-request from 6.0.3 to
6.0.4 (#1808)
* feat: add html template (#1806)
* fix: use Go main module version (#1797)
-------------------------------------------------------------------
Tue Apr 16 06:07:59 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.76.0:
* fix: adds ignore rules for kernel-headers indirect matches
(#1787)
* chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to
1.7.4 (#1805)
* chore: fix function name in comment (#1798)
* chore(deps): bump peter-evans/create-pull-request from 6.0.2 to
6.0.3 (#1802)
* chore(deps): update Syft to v1.2.0 (#1803)
* chore(deps): bump github.com/docker/docker (#1800)
* chore(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0
(#1801)
* chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.2 to
0.5.3 (#1791)
* test: fuzzy version comparison for java versions (#1788)
* chore: readme formats updated with sarif option (#1786)
-------------------------------------------------------------------
Thu Apr 04 16:56:26 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.75.0:
* chore: update syft to latest v1.1.1 (#1784)
* fix: enable http timeout (#1777)
* chore(deps): update bootstrap tools to latest versions (#1781)
* chore(deps): update bootstrap tools to latest versions (#1776)
* chore(deps): bump gorm.io/gorm from 1.25.8 to 1.25.9 (#1775)
* fix: make bootstrap-tools failed (#1739)
* fix: use "path/filepath" to build file path (#1767)
* update release token from readonly to write token (#1768)
* chore(deps): bump anchore/sbom-action from 0.15.9 to 0.15.10
(#1771)
* chore(deps): update Syft to v1.1.0 (#1769)
* chore(deps): bump google.golang.org/protobuf from 1.31.0 to
1.33.0 (#1750)
* chore(deps): bump github.com/glebarez/sqlite from 1.10.0 to
1.11.0 (#1751)
* chore(deps): bump fountainhead/action-wait-for-check from 1.1.0
to 1.2.0 (#1753)
* chore(deps): bump gorm.io/gorm from 1.25.7 to 1.25.8 (#1756)
* chore(deps): bump github.com/google/go-containerregistry
(#1754)
* chore(deps): update bootstrap tools to latest versions (#1758)
* chore(deps): bump actions/cache from 4.0.1 to 4.0.2 (#1761)
* updating credentials to scoped permissions (#1755)
* dont warn on golang devel version (#1752)
* chore(deps): bump docker/login-action from 3.0.0 to 3.1.0
(#1748)
* chore(deps): bump peter-evans/create-pull-request from 6.0.1 to
6.0.2 (#1746)
* chore(deps): bump actions/checkout from 4.1.1 to 4.1.2 (#1747)
* chore(code-comments): typo (#1745)
* chore: slice loop replace (#1738)
* chore(deps): update Syft to v1.0.1 (#1742)
* chore(deps): bump github.com/anchore/syft from 1.0.0 to 1.0.1
(#1743)
* chore(deps): bump github.com/docker/docker (#1744)
* chore(deps): bump anchore/sbom-action from 0.15.8 to 0.15.9
(#1740)
* chore(deps): bump github.com/charmbracelet/lipgloss from 0.9.1
to 0.10.0 (#1741)
* chore(deps): bump actions/cache from 4.0.0 to 4.0.1 (#1735)
* chore(deps): bump github.com/stretchr/testify from 1.8.4 to
1.9.0 (#1736)
* chore(deps): bump github.com/anchore/syft (#1734)
* chore(deps): bump peter-evans/create-pull-request from 6.0.0 to
6.0.1 (#1733)
* chore: update syft source providers (#1727)
-------------------------------------------------------------------
Sat Mar 16 14:01:10 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.74.7:
* chore(deps): update Syft to v0.105.1 (#1728)
* fix(install): return appropriate exit codes (#1725)
* chore(test): update quality test grype db (#1726)
* fix: improve sarif descriptive text and fingerprint (#1720)
* chore: remove unused file internal/file/tar.go and its test
(#1724)
* Added instruction to install with choco (#1716)
* chore(deps): update bootstrap tools to latest versions (#1719)
* chore: remove unused file internal/logger/logrus.go (#1721)
-------------------------------------------------------------------
Thu Feb 15 05:57:08 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.74.6:
* chore(deps): update Syft to v0.105.0 (#1714)
* chore(deps): update bootstrap tools to latest versions (#1707)
* test(quality): bump label dataset and images (#1712)
* fix: only warn missing CPEs if CPEs wanted (#1710)
* fix: ensure version output to stdout (#1709)
* chore(deps): update bootstrap tools to latest versions (#1706)
-------------------------------------------------------------------
Thu Feb 08 11:54:49 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.74.5:
* chore(deps): update Syft to v0.104.0 (#1704)
* Bump Syft in Grype to pull in unmarshaling fix (#1703)
* chore(deps): bump github.com/docker/docker (#1702)
* chore(deps): bump gorm.io/gorm from 1.25.6 to 1.25.7 (#1700)
* chore(deps): update bootstrap tools to latest versions (#1698)
* chore(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1
(#1699)
* chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.0 to
0.5.2 (#1697)
* chore(deps): bump peter-evans/create-pull-request from 5.0.2 to
6.0.0 (#1687)
* chore(deps): bump anchore/sbom-action from 0.15.6 to 0.15.8
(#1690)
* chore(deps): bump sigstore/cosign-installer from 3.3.0 to 3.4.0
(#1691)
* chore(deps): bump github.com/docker/docker (#1692)
* chore(deps): bump github.com/opencontainers/runc from 1.1.5 to
1.1.12 (#1689)
-------------------------------------------------------------------
Thu Feb 01 06:30:10 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.74.4:
* Security fixes:
- Upgrade syft to v0.103.1 (#1688)
* chore(deps): bump github.com/google/go-containerregistry
(#1685)
* chore(deps): bump anchore/sbom-action from 0.15.5 to 0.15.6
(#1684)
* ensure releases only use released versions of syft (#1680)
* chore(deps): bump gorm.io/gorm from 1.25.5 to 1.25.6 (#1683)
* chore(deps): bump 8398a7/action-slack from 3.15.1 to 3.16.2
(#1682)
-------------------------------------------------------------------
Fri Jan 26 19:27:04 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.74.3:
* chore(deps): update Syft to v0.102.0 (#1681)
* Fix matching when RPM modularity is a factor (#1679)
* chore: break assumption that syft cpe.CPE is wfn.Attributes
(#1675)
* chore(deps): bump github.com/docker/docker (#1677)
* chore(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0
(#1678)
* chore(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0
(#1676)
* chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.12
to 0.5.0 (#1674)
* fix: take VEX docs into account when --fail-on is set (#1657)
* chore(deps): bump anchore/sbom-action from 0.15.4 to 0.15.5
(#1671)
-------------------------------------------------------------------
Sat Jan 20 17:00:18 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.74.2:
* chore(deps): update Syft to v0.101.1 (#1669)
* chore(deps): bump github.com/docker/docker (#1667)
* chore(deps): bump anchore/sbom-action from 0.15.3 to 0.15.4
(#1666)
* chore(deps): bump actions/upload-artifact from 4.1.0 to 4.2.0
(#1668)
* chore(deps): bump github.com/google/go-containerregistry
(#1665)
* chore: enable automatic approval of dependabot PRs (#1664)
-------------------------------------------------------------------
Thu Jan 18 08:10:56 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.74.1:
* chore(deps): update Syft to v0.101.0 (#1663)
* upgrade syft with latest SBOM creation API (#1662)
* chore(deps): bump actions/cache from 3.3.3 to 4.0.0 (#1661)
* chore(tests): fix logging configuration in tests (#1655)
* chore(deps): bump actions/cache from 3.3.2 to 3.3.3 (#1656)
* chore(deps): bump actions/upload-artifact from 4.0.0 to 4.1.0
(#1659)
* chore(deps): bump github.com/cloudflare/circl from 1.3.3 to
1.3.7 (#1651)
* chore(deps): bump anchore/sbom-action from 0.15.2 to 0.15.3
(#1650)
-------------------------------------------------------------------
Sun Jan 07 13:36:53 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.74.0:
* chore(deps): update Syft to v0.100.0 (#1649)
* fix: distro FP data not applied correctly (#1603)
* chore(deps): bump anchore/sbom-action from 0.15.1 to 0.15.2
(#1647)
* chore(deps): update bootstrap tools to latest versions (#1644)
* docs: fix logging configuration in README (#1646)
-------------------------------------------------------------------
Thu Dec 21 19:04:26 UTC 2023 - opensuse_buildservice@ojkastl.de
- Update to version 0.73.5:
* chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.2
to 0.8.0 (#1633)
* chore(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0
(#1641)
* chore(deps): bump github.com/containerd/containerd from 1.7.8
to 1.7.11 (#1642)
* chore(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0
(#1638)
* chore(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0
(#1632)
* chore(deps): bump github.com/charmbracelet/bubbletea (#1635)
* chore(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0
(#1636)
* chore(deps): bump actions/setup-go from 4.1.0 to 5.0.0 (#1630)
* chore(deps): bump anchore/sbom-action from 0.15.0 to 0.15.1
(#1626)
* chore: pin action to correct sha (#1598)
* chore(deps): bump github.com/google/go-containerregistry
(#1625)
-------------------------------------------------------------------
Thu Nov 30 16:24:35 UTC 2023 - kastl@b1-systems.de
- Update to version 0.73.4:
* chore: bump to syft v0.98.0 in quality gate tests (#1623)
* chore: update syft; go mod tidy (#1621)
* chore(deps): bump github.com/spf13/afero from 1.10.0 to 1.11.0
(#1618)
* chore: explicitly test maven suffixes (#1617)
* chore(deps): bump anchore/sbom-action from 0.14.3 to 0.15.0
(#1611)
-------------------------------------------------------------------
Mon Nov 20 05:38:32 UTC 2023 - kastl@b1-systems.de
- Update to version 0.73.3:
* chore(deps): update Syft to v0.97.1 (#1610)
-------------------------------------------------------------------
Fri Nov 17 05:48:01 UTC 2023 - kastl@b1-systems.de
- Update to version 0.73.2:
* chore(deps): update Syft to v0.97.0 (#1608)
* chore: bump vulnerability match label dataset (#1606)
* fix: golang version parsing (#1599)
* chore(deps): update bootstrap tools to latest versions (#1595)
* chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.11
to 0.4.12 (#1597)
-------------------------------------------------------------------
Thu Nov 09 15:04:58 UTC 2023 - kastl@b1-systems.de
- Update to version 0.73.1:
* chore(deps): update Syft to v0.96.0 (#1596)
* fix: match against debian unstable (#1593)
* perf: avoid allocations with `(*regexp.Regexp).MatchString`
(#1592)
* chore(deps): bump sigstore/cosign-installer from 3.1.2 to 3.2.0
(#1590)
-------------------------------------------------------------------
Wed Nov 08 05:53:19 UTC 2023 - kastl@b1-systems.de
- Update to version 0.73.0:
* chore(deps): update Syft to v0.95.0 (#1591)
* chore: account for syft package metadata changes (#1423)
* fix: bump fangs to enable setting golang CPE config using env
var (#1585)
* chore(deps): update bootstrap tools to latest versions (#1588)
* chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0
(#1586)
* chore: bootstrap action cleanup (#1587)
* chore(deps): update bootstrap tools to latest versions (#1584)
* Incorporate format API changes from syft (#1582)
* chore(deps): bump github.com/docker/docker (#1579)
* feat(config): added reason field (#1532)
* chore(deps): bump github.com/glebarez/sqlite from 1.9.0 to
1.10.0 (#1583)
* Colorize severity in table output (#1284)
* feat: add custom maven comparator (#1571)
* chore: fix path to quality tests (#1578)
* capture quality gate state on failures (#1576)
* chore(deps): bump github.com/google/uuid from 1.3.1 to 1.4.0
(#1575)
* chore(deps): update bootstrap tools to latest versions (#1574)
* chore(deps): bump google.golang.org/grpc from 1.56.0 to 1.56.3
(#1573)
* docs: add cbl-mariner to supported distro (#1569)
* chore(deps): bump ossf/scorecard-action from 2.3.0 to 2.3.1
(#1570)
* chore(deps): update bootstrap tools to latest versions (#1567)
-------------------------------------------------------------------
Fri Nov 3 09:14:08 UTC 2023 - Johannes Kastl <kastl@b1-systems.de>
- BuildRequire go1.21
-------------------------------------------------------------------
Sat Oct 21 18:17:32 UTC 2023 - kastl@b1-systems.de
- Update to version 0.72.0:
* chore(deps): update Syft to v0.94.0 (#1566)
* Incorporate Syft java detection improvements (#1555)
* add exception for go stdlib search by CPE (#1565)
* chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#1564)
* Add --ignore-states flag for ignoring findings with specific
fix states (#1473)
* feat: update go-sarif library to use latest release (#1563)
* bump clio to get stderr reporting fix (#1561)
* chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.2
to 1.4.3 (#1558)
* chore(deps): bump github.com/charmbracelet/lipgloss from 0.9.0
to 0.9.1 (#1557)
* Add checksum signing (#1535)
-------------------------------------------------------------------
Fri Oct 13 05:01:03 UTC 2023 - kastl@b1-systems.de
- Update to version 0.71.0:
* chore(deps): bump golang.org/x/net from 0.16.0 to 0.17.0
(#1554)
* feat: disable CPE-based matching for GHSA ecosystems by default
(#1412)
* chore(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0
(#1552)
-------------------------------------------------------------------
Wed Oct 11 04:28:01 UTC 2023 - kastl@b1-systems.de
- Update to version 0.70.0:
* chore(deps): update Syft to v0.93.0 (#1550)
* chore(deps): bump gorm.io/gorm from 1.25.4 to 1.25.5 (#1547)
* chore(deps): bump github.com/charmbracelet/lipgloss from 0.8.0
to 0.9.0 (#1548)
* chore(deps): bump github.com/hashicorp/go-getter from 1.7.2 to
1.7.3 (#1549)
* chore(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.0
(#1544)
* fix: empty descriptor name and version (#1542)
* chore: removes unnecessary conditional (#1539)
* chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.10
to 0.4.11 (#1533)
-------------------------------------------------------------------
Sat Oct 07 05:34:32 UTC 2023 - kastl@b1-systems.de
- Update to version 0.69.1:
* chore(deps): update Syft to v0.92.0 (#1527)
* chore(deps): update bootstrap tools to latest versions (#1524)
* chore: add OpenSSF Best Practices badge (#1523)
* bump labels to latest (#1525)
* chore(deps): bump actions/checkout from 4.0.0 to 4.1.0 (#1519)
* chore(deps): update bootstrap tools to latest versions (#1520)
* chore: explicitly test go pseudoversion (#1522)
* chore: remove outdated comment about fuzzy matching python
versions (#1521)
* chore: bump stereoscope to fix data race in UI (#1517)
* fix: correctly guess tool comparison (#1516)
* chore(deps): update bootstrap tools to latest versions (#1515)
* chore(deps): bump github.com/spf13/afero from 1.9.5 to 1.10.0
(#1514)
* fix: use PEP440 for Python package version comparison (#1510)
-------------------------------------------------------------------
Sat Oct 07 05:30:38 UTC 2023 - kastl@b1-systems.de
- Update to version 0.69.0:
* chore(deps): bump tibdex/github-app-token from 2.0.0 to 2.1.0
(#1506)
* Upgrade syft to v0.91.0 (#1508)
* Update chronicle to v0.8.0 (#1507)
* fix: terminal clobbering when commands return errors (#1505)
* Fix typo in flag (#1501)
* chore(deps): bump actions/cache from 3.2.6 to 3.3.2 (#1499)
* chore(deps): remove dependency on sqlite fork; bump
gorm.io/gorm from 1.23.10 to 1.25.4 (#1448)
* chore: pin cache versions (#1495)
* chore(deps): bump actions/checkout from 3 to 4 (#1475)
-------------------------------------------------------------------
Sat Oct 07 05:27:54 UTC 2023 - kastl@b1-systems.de
- Update to version 0.68.1:
* fix: version output including supported db schema (#1494)
* chore: pin actions; pin images; add top level action
permissions (#1493)
-------------------------------------------------------------------
Sat Oct 07 05:23:52 UTC 2023 - kastl@b1-systems.de
- Update to version 0.68.0:
* feat: introduce exit code failure option for db update check
(#1463)
* Ignore/add match results based on OpenVEX documents (#1397)
* chore(deps): bump docker/login-action from 2 to 3 (#1488)
* chore: Fix race conditions around stager, enable detector
(#1489)
* chore(deps): update Syft to v0.90.0 (#1486)
* chore(deps): bump tibdex/github-app-token from 1.8.2 to 2.0.0
(#1485)
* chore: update CLI to CLIO (#1437)
-------------------------------------------------------------------
Sat Oct 07 05:16:26 UTC 2023 - kastl@b1-systems.de
- Update to version 0.67.0:
* feat: grype explain prototype (#1367)
* chore: Update go declaration to have point version (#1484)
* chore: update grype to use Go v1.21 (#1480)
* chore(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3
(#1481)
* chore(deps): bump tibdex/github-app-token from 1.8.0 to 1.8.2
(#1474)
* chore(deps): bump golang.org/x/term from 0.11.0 to 0.12.0
(#1476)
* chore(deps): bump github.com/docker/docker (#1478)
* chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.8 to
0.4.10 (#1477)
* chore: bump quality gate to use syft v0.89.0 (#1479)
-------------------------------------------------------------------
Tue Sep 05 14:42:07 UTC 2023 - kastl@b1-systems.de
- Update to version 0.66.0:
* chore(deps): update Syft to v0.89.0 (#1472)
* Add registry certificate verification support (#1232)
* fix: set correct default to exclude overlapping binaries
(#1452)
* fix: portage version comparison (#1468)
* chore: pin the vulnerability DB used in quality gate testing
(#1470)
* chore(deps): update Syft to v0.88.0 (#1466)
* chore: update quill version (#1465)
* docs: fix some typos on main README (#1455)
* note supported versions of grype (#1458)
* bump vml labels (#1462)
* chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1
(#1453)
* chore(deps): update bootstrap tools to latest versions (#1450)
* fill out new version notice (#1445)
* feat: filter out packages owned by OS packages (#1387)
* fix: Only remove packages by binary overlap (#1444)
* chore: bump to syft v0.87.1 in quality gate (#1442)
-------------------------------------------------------------------
Tue Sep 05 14:28:34 UTC 2023 - kastl@b1-systems.de
- Update to version 0.65.2:
* chore(deps): update Syft to v0.87.1 (#1432)
* chore: Init submodule if missing (#1439)
* chore: exclude yardstick store from filename rules (#1440)
* chore: use latest yardstick (#1438)
* fix: update semver regular expression constraint to allow for
1.20rc1 cases no '-' (#1434)
* chore(deps): update bootstrap tools to latest versions (#1424)
* chore(deps): bump actions/setup-go from 4.0.1 to 4.1.0 (#1421)
* docs(example-templates): add a simple JUnit XML template
(#1422)
* chore(deps): bump golang.org/x/term from 0.10.0 to 0.11.0
(#1420)
* chore: use syft v0.86.1 in the quality gate tests (#1418)
-------------------------------------------------------------------
Sun Aug 06 07:56:46 UTC 2023 - kastl@b1-systems.de
- Update to version 0.65.1:
* fix: some hang conditions (#1414)
* chore(deps): update bootstrap tools to latest versions (#1413)
-------------------------------------------------------------------
Tue Aug 01 10:17:23 UTC 2023 - kastl@b1-systems.de
- Update to version 0.65.0:
* chore(deps): update Syft to v0.86.1 (#1410)
* chore(deps): bump github.com/docker/docker (#1402)
* chore(deps): bump github.com/hashicorp/go-getter from 1.7.1 to
1.7.2 (#1406)
* chore: bump quality gate label dataset (#1404)
* feat: implement secondary sorting for default json output
(#1403)
* feat: update table sort to be name, version, type, severity,
vulnerability (#1400)
* chore: in quality tests, only colorize quality output if in a
tty (#1398)
* chore(deps): bump github.com/gookit/color from 1.5.3 to 1.5.4
(#1396)
-------------------------------------------------------------------
Thu Jul 20 13:54:06 UTC 2023 - kastl@b1-systems.de
- Update to version 0.64.2:
* fix: vulnerabilities should be printed when `--fail-on` fails
(#1395)
* chore: bump yardstick to address PyYAML cython compatibility
issues (#1394)
* Refactor integ test to table test (#1390)
-------------------------------------------------------------------
Tue Jul 18 04:49:52 UTC 2023 - kastl@b1-systems.de
- Update to version 0.64.1:
* Pass correct output file (#1391)
* chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.7 to
0.4.8 (#1389)
* Port UI to bubbletea (#1385)
-------------------------------------------------------------------
Fri Jul 14 05:26:47 UTC 2023 - kastl@b1-systems.de
- Update to version 0.64.0:
* chore(deps): update Syft to v0.85.0 (#1383)
* feat(outputs): allow to set multiple outputs (#648) (#1346)
* Remove Docker section from DEVELOPING.md (#1384)
* chore(deps): update bootstrap tools to latest versions (#1381)
* chore(deps): bump github.com/docker/docker (#1382)
* Port to new syft source API (#1376)
* chore(deps): bump golang.org/x/term from 0.9.0 to 0.10.0
(#1375)
* chore: bump quality gate labels and images (#1374)
* chore(deps): update bootstrap tools to latest versions (#1368)
-------------------------------------------------------------------
Fri Jun 30 18:26:00 UTC 2023 - kastl@b1-systems.de
- Update to version 0.63.1:
* Add a simple CSV format template to the templates/ directory
and tweak docs (#1366)
* chore(deps): update Syft to v0.84.1 (#1372)
* fix: Add more log4j-adjacent package ignore rules (#1358)
* chore: bump the quality gate labels (#1369)
* add oss community board auto-add workflow (#1364)
* fix: totals for vulnerability matches (#1359)
* chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0
(#1363)
* chore(deps): bump anchore/sbom-action from 0.14.2 to 0.14.3
(#1357)
-------------------------------------------------------------------
Thu Jun 22 05:08:42 UTC 2023 - kastl@b1-systems.de
- Update to version 0.63.0:
* Configure chronicle to pre-1.0 mode (#1356)
* chore(deps): update Syft to v0.84.0 (#1354)
* chore(deps): update bootstrap tools to latest versions (#1353)
* chore(deps): update Syft to v0.83.1 (#1352)
* chore(deps): bump golang.org/x/term from 0.8.0 to 0.9.0 (#1350)
* chore(deps): bump peter-evans/create-pull-request from 5.0.1 to
5.0.2 (#1351)
* chore(deps): bump github/codeql-action from 2.3.6 to 2.13.4
(#1344)
* chore: Update the contributing guide (#1347)
* feat: add community template folder and new table template
(#1343)
* chore: log unsupported package qualifier as debug (#1340)
* feat: add package info to search by for all match details
(#1339)
-------------------------------------------------------------------
Mon Jun 12 19:46:06 UTC 2023 - kastl@b1-systems.de
- Update to version 0.62.3:
* chore(deps): update bootstrap tools to latest versions (#1334)
* chore(deps): bump github.com/sirupsen/logrus from 1.9.2 to
1.9.3 (#1336)
* chore(deps): bump github/codeql-action from 2.3.5 to 2.3.6
(#1331)
* Hide suppressed vulnerabilities when --show-suppressed is not
given (#1322)
* chore(deps): bump github.com/stretchr/testify from 1.8.3 to
1.8.4 (#1324)
* chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0
(#1323)
-------------------------------------------------------------------
Sat May 27 10:48:41 UTC 2023 - kastl@b1-systems.de
- Update to version 0.62.2:
* feat: add source and type to CVSS information (#1317)
* chore(deps): bump github.com/docker/docker (#1320)
* chore(deps): bump github/codeql-action from 2.3.3 to 2.3.5
(#1321)
-------------------------------------------------------------------
Wed May 24 14:04:41 UTC 2023 - kastl@b1-systems.de
- Update to version 0.62.1:
* chore: update gomod with latest syft (#1313)
* chore(deps): bump github.com/docker/docker (#1311)
-------------------------------------------------------------------
Tue May 23 07:32:20 UTC 2023 - kastl@b1-systems.de
- Update to version 0.62.0:
* bump syft to pre-release of v0.81.0 (#1310)
* add main bin ignore (#1305)
* chore(deps): bump github.com/stretchr/testify from 1.8.2 to
1.8.3 (#1309)
* chore(deps): bump github.com/docker/docker (#1304)
* chore(deps): bump github.com/sirupsen/logrus from 1.9.0 to
1.9.2 (#1307)
* chore(deps): bump github.com/cloudflare/circl from 1.1.0 to
1.3.3 (#1289)
* chore(deps): bump github.com/docker/distribution (#1290)
* chore(deps): bump actions/setup-go from 4.0.0 to 4.0.1 (#1298)
* chore: update deprecated io/ioutil calls (#1296)
* feat: package qualifier for platform CPE (#1291)
* Fix reading syft json from stdin by redirect (#1299)
* should only use hermetic functions in templates (#1288)
* chore(deps): update bootstrap tools to latest versions (#1285)
* feat: add non-hermetic sprig functions (#1243) (#1273)
* fix: typo in logger prefix (#1283)
* chore(deps): bump github.com/docker/docker (#1280)
* chore(deps): bump anchore/sbom-action from 0.14.1 to 0.14.2
(#1281)
* chore(deps): update Syft to v0.80.0 (#1276)
* chore(deps): update bootstrap tools to latest versions (#1277)
* docs: add config flag to configuration section (#1271) (#1274)
* chore(deps): bump github/codeql-action from 2.3.2 to 2.3.3
(#1272)
* chore(deps): bump golang.org/x/term from 0.7.0 to 0.8.0 (#1268)
* chore(deps): update bootstrap tools to latest versions (#1270)
* Add support for Syft IDs in JSON output (#1266)
* docs: add "cyclonedx-json" to output formats (#1252)
* chore(deps): bump github.com/docker/docker (#1257)
* chore(deps): bump github/codeql-action from 2.3.1 to 2.3.2
(#1261)
* chore(deps): bump peter-evans/create-pull-request from 5.0.0 to
5.0.1 (#1263)
* Install skopeo during bootstrap (#1260)
* chore(deps): bump github/codeql-action from 2.3.0 to 2.3.1
(#1258)
* chore(deps): bump github/codeql-action from 2.2.12 to 2.3.0
(#1256)
* chore: update quality gate labels and add keycloak (#1255)
* fix: false positive for purl provider for RPM without epoch
(#1237)
-------------------------------------------------------------------
Sat Apr 22 14:34:27 UTC 2023 - kastl@b1-systems.de
- Update to version 0.61.1:
* chore: bump syft to latest version v0.79.0 (#1250)
* feat: add timestamp to json output (#1170) (#1249)
* chore(deps): update Syft to v0.78.0 (#1242)
* chore(deps): bump github.com/docker/docker (#1241)
* chore(deps): update bootstrap tools to latest versions (#1239)
* chore(deps): bump github/codeql-action from 2.2.11 to 2.2.12
(#1233)
* chore(deps): update bootstrap tools to latest versions (#1238)
* add format make target (#1231)
* chore(deps): bump 8398a7/action-slack from 3.15.0 to 3.15.1
(#1223)
* chore(deps): bump github.com/docker/docker (#1218)
* chore(deps): bump github/codeql-action from 2.2.9 to 2.2.11
(#1225)
* chore(deps): update bootstrap tools to latest versions (#1227)
* chore(deps): bump peter-evans/create-pull-request from 4.2.4 to
5.0.0 (#1219)
* chore(deps): bump golang.org/x/term from 0.6.0 to 0.7.0 (#1217)
* chore(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0
(#1216)
-------------------------------------------------------------------
Wed Apr 05 04:10:57 UTC 2023 - kastl@b1-systems.de
- Update to version 0.61.0:
* chore(deps): bump github.com/CycloneDX/cyclonedx-go from
0.7.1-0.20221222100750-41a1ac565cce to 0.7.1 (#1213)
* feat: add default-image-source-config option (#1215)
* chore(deps): bump google.golang.org/protobuf from 1.29.0 to
1.29.1 (#1212)
* chore(deps): bump anchore/sbom-action from 0.13.4 to 0.14.1
(#1214)
* chore(deps): bump github.com/anchore/syft from 0.75.0 to 0.76.0
(#1207)
* chore: update syft update (#1211)
* chore: update deprecated set-output calls (#1210)
* chore(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3
(#1205)
* chore: update quality gate dataset (#1206)
* chore(deps): bump github.com/docker/docker (#1201)
-------------------------------------------------------------------
Wed Mar 29 05:15:20 UTC 2023 - kastl@b1-systems.de
- Update to version 0.60.0:
* Implement support for Chainguard Linux (#1198)
* chore(deps): update bootstrap tools to latest versions (#1194)
* chore(deps): bump github/codeql-action from 2.2.8 to 2.2.9
(#1197)
* chore(deps): bump github.com/gookit/color from 1.5.2 to 1.5.3
(#1192)
* chore(deps): bump github/codeql-action from 2.2.7 to 2.2.8
(#1193)
* chore(deps): update bootstrap tools to latest versions (#1191)
* chore: tweak some workflow text (#1190)
* chore(deps): bump github.com/hashicorp/go-getter from 1.7.0 to
1.7.1 (#1181)
* chore(deps): bump peter-evans/create-pull-request from 4.2.3 to
4.2.4 (#1184)
* chore(deps): bump anchore/sbom-action from 0.13.3 to 0.13.4
(#1189)
* chore: Update grype bootstrap tools to latest versions. (#1187)
* fix: by-cpe pivot by vuln metadata rather than vulnerability
record (#1188)
* Update grype bootstrap tools to latest versions. (#1173)
* chore(deps): bump actions/setup-go from 3.5.0 to 4.0.0 (#1182)
* chore(deps): bump github/codeql-action from 2.2.5 to 2.2.7
(#1183)
* feat: disable CPE-based matching by default for javascript
(#1180)
* Update Syft to v0.75.0 (#1177)
* chore: bump vuln match quality dataset (#1174)
* chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.1
to 1.4.2 (#1166)
-------------------------------------------------------------------
Thu Mar 09 15:31:48 UTC 2023 - kastl@b1-systems.de
- Update to version 0.59.1:
* Update grype bootstrap tools to latest versions. (#1163)
* Update Syft to v0.74.1 (#1168)
* fix: correct APK CPE version comparison logic (#1165)
-------------------------------------------------------------------
Sat Mar 04 08:34:49 UTC 2023 - kastl@b1-systems.de
- Update to version 0.59.0:
* Grype Release Pipeline Update (#1147)
* Add the total types of vulnerabilities in Grype output (#946)
* chore(deps): bump gorm.io/gorm from 1.23.5 to 1.23.10 (#1157)
* chore: bump quality gate labels and syft version (#1156)
-------------------------------------------------------------------
Fri Mar 03 05:41:35 UTC 2023 - kastl@b1-systems.de
- Update to version 0.58.0:
* chore: Update Syft to v0.74.0 (#1151)
* fix(distro): Disable support for Arch Linux (#1152)
* chore: update progress monitor handling (#1149)
* Update Syft to v0.73.0 (#1140)
* chore(deps): bump github.com/stretchr/testify from 1.8.1 to
1.8.2 (#1144)
* chore(deps): bump github/codeql-action from 2.2.4 to 2.2.5
(#1145)
* Update grype bootstrap tools to latest versions. (#1137)
* chore(deps): bump github.com/spf13/afero from 1.9.3 to 1.9.4
(#1141)
* chore(deps): bump actions/cache from 3.2.5 to 3.2.6 (#1143)
* chore(deps): bump github.com/hashicorp/go-getter from 1.6.2
to 1.7.0 (#1134)
-------------------------------------------------------------------
Fri Feb 17 10:07:13 UTC 2023 - kastl@b1-systems.de
- Update to version 0.57.1:
* Update Syft to v0.72.0 (#1136)
-------------------------------------------------------------------
Thu Feb 16 17:32:05 UTC 2023 - kastl@b1-systems.de
- Update to version 0.57.0:
* chore: bump quality gate (#1133)
* fix: ignore some false-positives for ruby gems (#1132)
* chore(deps): bump github/codeql-action from 2.2.3 to 2.2.4 (#1131)
* fix: exclude OS packages from CPE target filtering (#1130)
* chore(deps): bump actions/cache from 3.2.4 to 3.2.5 (#1129)
* chore(deps): bump github.com/docker/docker (#1128)
* Update Syft to v0.71.0 (#1126)
* chore(deps): bump github/codeql-action from 2.2.1 to 2.2.3 (#1125)
* Update grype bootstrap tools to latest versions. (#1124)
* chore(deps): bump golang.org/x/term from 0.4.0 to 0.5.0 (#1123)
* Update grype bootstrap tools to latest versions. (#1122)
* Update grype bootstrap tools to latest versions. (#1116)
* Update Syft to v0.70.0 (#1117)
* chore(deps): bump github.com/docker/docker (#1114)
* Update grype bootstrap tools to latest versions. (#1112)
* Update Syft to v0.69.1 (#1111)
* chore: prune cosign dependency for grype builds (#1100)
* Update grype bootstrap tools to latest versions. (#1108)
* Update Syft to v0.69.0 (#1109)
* chore(deps): bump actions/cache from 3.2.3 to 3.2.4 (#1107)
* chore: add new images to quality gate (#1106)
* chore: bump yardstick for better quality gate filtering (#1101)
* chore(deps): bump actions/cache from 3.0.11 to 3.2.3 (#1096)
* chore(deps): bump github/codeql-action from 2.1.39 to 2.2.1 (#1097)
* chore(deps): bump anchore/sbom-action from 0.13.2 to 0.13.3 (#1098)
* chore(deps): bump tibdex/github-app-token from 1.7.0 to 1.8.0 (#1099)
* bump yardstick to 2d30ea7429d0a59020e0176bba1b3b6b8b01b08a (#1095)
* chore(deps): bump actions/checkout from 3.1.0 to 3.3.0 (#1090)
* chore(deps): bump github.com/hashicorp/go-getter from 1.6.1 to 1.6.2 (#1087)
* chore(deps): bump 8398a7/action-slack from 3.14.0 to 3.15.0 (#1088)
* chore(deps): bump peter-evans/create-pull-request from 4.2.0 to 4.2.3 (#1089)
* chore(deps): bump actions/setup-go from 3.3.1 to 3.5.0 (#1091)
* chore(deps): bump github/codeql-action from 2.1.31 to 2.1.39 (#1092)
-------------------------------------------------------------------
Fri Jan 27 06:09:00 UTC 2023 - kastl@b1-systems.de
- Update to version 0.56.0:
* Update Syft to v0.68.1 (#1086)
* chore: update grype quality gate (#1085)
* chore(deps): bump github.com/sigstore/sigstore from 1.4.4 to 1.5.1 (#1081)
* chore(deps): bump actions/setup-python from 4.3.0 to 4.5.0 (#1075)
* chore(deps): bump anchore/sbom-action from 0.13.1 to 0.13.2 (#1076)
* chore(deps): bump actions/upload-artifact from 3.1.1 to 3.1.2 (#1077)
* chore(deps): bump actions/download-artifact from 3.0.1 to 3.0.2 (#1074)
* chore(deps): bump ossf/scorecard-action from 2.0.6 to 2.1.2 (#1078)
* chore(deps): bump github.com/pkg/profile from 1.6.0 to 1.7.0 (#1079)
* chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.0 to 1.4.1 (#1080)
* chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 (#1083)
* chore: align makefile and bootstrap tools scripts more with syft (#1073)
* chore: enable dependabot on gomod and GitHub actions (#1072)
* Update grype bootstrap tools to latest versions. (#1070)
* fix: always include severity in cyclonedx output (#1067)
* Update Syft to v0.68.0 (#1064)
* Add protobuf FPs to default ignore list (#1062)
* chore: update Syft to v0.66.2 (#1060)
* Update grype bootstrap tools to latest versions. (#1055)
* feat: allow grype db diff to specify local db directories (#1058)
* chore: claim artifacthub package ownership from developer-guy (#661)
* chore: add github token to quality tests (#1056)
* chore: update yardstick to diagnose intermittent failures (#1054)
* Update grype bootstrap tools to latest versions. (#1048)
-------------------------------------------------------------------
Thu Jan 05 14:00:43 UTC 2023 - kastl@b1-systems.de
- Update to version 0.55.0:
* fix: sort vulnerability results (#1052)
* Adding internal/file/hasher test cases (#1049)
* fix: orient by cve merging (#1046)
* Update Syft to v0.64.0 (#1047)
* fix: update removing results based on ownership-by-file-overlap (#1045)
* feat: swap custom cyclone-dx model for cyclone-dx library (#1038)
* chore: add GitLab Community Edition image to quality gate (#1035)
-------------------------------------------------------------------
Fri Dec 16 12:39:08 UTC 2022 - kastl@b1-systems.de
- Update to version 0.54.0:
* Update Syft to v0.63.0 (#1037)
* fix: Exclude binary packages that have overlap by file ownership relationship (#1024)
* docs: update quality gate docs (#1032)
* Optionally orient results by CVE (#1020)
* chore: bump yardstick to latest commit (#1027)
* Update Syft to v0.62.3 (#1026)
* chore: change CVE example to official sample (#1028)
* fix: Table format sorting (#1023)
* fix: update architecture release for to ppc64le (#1021)
* Update grype bootstrap tools to latest versions. (#1017)
* Update Syft to v0.62.2 (#1018)
* chore: update quality gate with latest label data (#1016)
* chore: update digest for test fixture dockerfile (#1015)
* test: remove presenter tests reliance on docker from unit suite (#1013)
* fix: swapped base container images (#1011)
* chore: update default packages to read (#1007)
-------------------------------------------------------------------
Tue Nov 22 07:29:31 UTC 2022 - kastl@b1-systems.de
- Update to version 0.53.1:
* Update Syft to v0.62.1 (#1006)
* Update grype bootstrap tools to latest versions. (#1004)
* scoped: token release for content write on image assets (#1002)
-------------------------------------------------------------------
Sat Nov 19 12:05:00 UTC 2022 - kastl@b1-systems.de
- Update to version 0.53.0:
* chore: bump syft version v0.62.0 (#1000)
* feat: vulnerability namespacing support for rolling distros (#997)
* chore: bump quality gate images and label data (#995)
* feat: add strong distro type for wolfi (#996)
* chore: pin dependencies (#994)
* chore: code-ql top level read check (#993)
* Add SECURITY.md (#989)
* chore: update codeql to pinned v2 with correct write permissions
* Update token permissions to be read-only (#988)
* Enable the Scorecard Github Action and badge (#929)
-------------------------------------------------------------------
Tue Nov 15 15:42:37 UTC 2022 - kastl@b1-systems.de
- Update to version 0.52.0:
* chore: update syft to v0.60.3 (#978)
* feat: consider well-known false-positive generating CPE target SW components in match filtering logic (#961)
* chore: grype quality pipeline latest label updates and images (#976)
* Implemented new CLI flag: --show-suppressed (#966)
* fix: update case for alpine:edge correct vuln feed (#965)
* PURL input results in incorrect artifact in JSON output (#968)
* Update grype bootstrap tools to latest versions. (#956)
-------------------------------------------------------------------
Tue Oct 18 05:12:14 UTC 2022 - kastl@b1-systems.de
- Update to version 0.51.0:
* implement v5 db schema to support improved matching between rpm appstream modules (#944)
* Update Syft to v0.59.0 (#957)
* expand quality gate image set to include rpm appstreams-related images (#952)
* Update grype bootstrap tools to latest versions. (#947)
* chore: add more quality gate images (#950)
* Add in-depth quality gate checks (#949)
* Update Syft to v0.58.0 (#941)
* Update grype bootstrap tools to latest versions. (#945)
* Update grype bootstrap tools to latest versions. (#935)
* Update Syft to v0.57.0 (#930)
-------------------------------------------------------------------
Wed Sep 21 08:31:07 UTC 2022 - kastl@b1-systems.de
- Update to version 0.50.2:
* Update Syft to v0.57.0 (#930)
* Correct falsely copied app-name 'syft' in example (#922)
* Bump github.com/sigstore/cosign from 1.11.1 to 1.12.0 (#927)
* Update grype bootstrap tools to latest versions. (#925)
-------------------------------------------------------------------
Wed Sep 14 05:40:23 UTC 2022 - kastl@b1-systems.de
- Update to version 0.50.1:
* Update Syft to v0.56.0 (#919)
-------------------------------------------------------------------
Tue Sep 13 12:42:49 UTC 2022 - kastl@b1-systems.de
- Update to version 0.50.0:
* Add support for scanning RPM files (#917)
* remove arch typo - add debug/reg s390x (#915)
* grype release message update (#914)
* feat: extract use cpes in matching logic to be configurable (#911)
* docs: add Singularity to "features" in README (#912)
-------------------------------------------------------------------
Wed Sep 07 05:39:15 UTC 2022 - kastl@b1-systems.de
- Update to version 0.49.0:
* docs: improve Singularity image source docs (#910)
* Add Singularity image source (#908)
* Update grype bootstrap tools to latest versions. (#907)
* Update Syft to v0.55.0 (#906)
* Update grype bootstrap tools to latest versions. (#905)
* Update grype bootstrap tools to latest versions. (#903)
* Update grype bootstrap tools to latest versions. (#896)
* Add blurbs about building and running from source (#893)
* Fix docker build typo (#891)
-------------------------------------------------------------------
Wed Sep 07 05:36:24 UTC 2022 - kastl@b1-systems.de
- Update to version 0.48.0:
* disable CPE match filtering based on target software component for java packages (#889)
* Update grype bootstrap tools to latest versions. (#886)
* fix getting latest gosimports version (#885)
* workflow to create automated PRs to update bootstrap tools (#883)
* Add s390x build support (#720)
* fix: only show distro warning if distro packages exist (#875)
-------------------------------------------------------------------
Wed Sep 07 05:33:41 UTC 2022 - kastl@b1-systems.de
- Update to version 0.47.0:
* Update Syft to v0.54.0 (#881)
* Update README.md (#871)
* Update README.md (#868)
-------------------------------------------------------------------
Wed Sep 07 05:30:47 UTC 2022 - kastl@b1-systems.de
- Update to version 0.46.0:
* test: rm mustConst since unused (#860)
* Update Syft to v0.53.4 (#856)
* feat: enrich db check cmd feedback (#853)
* update syft version location for Makefile (#865)
-------------------------------------------------------------------
Wed Sep 07 05:28:51 UTC 2022 - kastl@b1-systems.de
- Update to version 0.45.0:
* remove env variable dependencies and keychain from signing script (#864)
* macos-latest for signing (#863)
* move docker release into separate release workflow (#862)
* revert to old docker action (#861)
* additional readOptions added per 855 (#857)
* Ensure database access is readonly (#854)
* push older version for mac runner stability (#852)
* bump bouncer to v0.4.0 (#851)
* feat: simple input case to request vulnerability data via purl (#795)
* update golanci-lint, goreleaser, cosign (#850)
* fix: db diff default has flipped base/target url (#845)
-------------------------------------------------------------------
Tue Jul 26 11:28:54 UTC 2022 - kastl@b1-systems.de
- Update to version 0.44.0:
* add env variables and keychain for GHCR publish (#843)
* update grype to use syft v0.52.0 (#838)
* add debug distroless image to published images (#835)
* add new line for help block (#834)
* add Gentoo matching support (#813)
* feat: add filtering support using target software field in cpe (#810)
-------------------------------------------------------------------
Tue Jul 19 08:19:48 UTC 2022 - kastl@b1-systems.de
- Update to version 0.43.0:
* Add new matcher files for golang => remove main module FP matches (#829)
* Fix a cyclonedxvex typo and fix the schema document from (#830)
* feat: add --only-notfixed flag (#828)
* add DBCloser. Clients can aviod db connection leak if vulnerability db is loaded many times (#825)
-------------------------------------------------------------------
Sat Jul 16 19:00:16 UTC 2022 - kastl@b1-systems.de
- Update to version 0.42.0:
* bump syft version to v0.51.0 (#822)
* feat: implement `grype db diff` command (#812)
* fix typo in log message (#819)
-------------------------------------------------------------------
Wed Jul 06 18:11:46 UTC 2022 - kastl@b1-systems.de
- Update to version 0.41.0:
* update syft to v0.50.0 (#818)
* Finalize v4 Grype schema (#803)
* docs: update to include rust (#814)
* feat: add diffing 2 databases to v3 store functionality (#789)
* fix: add support for partybus ui on `grype db update` cmd (#806)
* Added Docker example to Readme (#769)
* fix: add vex json & xml to listed formats (#802)
* docs: update php listing to be more clear that the `.json` file isn't indexed (#808)
-------------------------------------------------------------------
Mon Jun 27 13:20:36 UTC 2022 - kastl@b1-systems.de
- Update to version 0.40.1:
* update syft => v0.49.0 (#804)
* remove oss meetup message (#799)
* fix: add fixed versions to cyclonedxjson output (#763)
* docs: update to include php (#793)
-------------------------------------------------------------------
Wed Jun 22 08:33:50 UTC 2022 - kastl@b1-systems.de
- Update to version 0.40.0:
* update grype to latest syft patch v0.48.1 (#790)
* fix: add golang to documentation (#788)
* fix: accept templates with custom functions (#786)
* add db staleness check (#785)
* feat: add compose workflow for local dev (#783)
* ignore gemfile rich version for semVer comparison (#776)
* Support namespace and language as additional criteria for ignoring vulnerability matches (#780)
-------------------------------------------------------------------
Wed Jun 22 08:19:33 UTC 2022 - kastl@b1-systems.de
- Update to version 0.39.0:
* update syft version to v0.47.0 (#781)
* use anchore fork of glebarez/sqlite (#778)
* template: Check sanity for template file (#674)
* Add announcement for Anchore OSS Meetup (#775)
* Bump github.com/hashicorp/go-getter from 1.5.11 to 1.6.1 (#770)
* publish release to reduce user friction (#766)
* Update Syft to v0.46.3 (#761)
* Add reference to logrus logging levels (#758)
* README: add MacPorts install info (#759)
-------------------------------------------------------------------
Mon Jun 6 19:46:12 UTC 2022 - Johannes Kastl <kastl@b1-systems.de>
- new package grype at version 0.38.0: A vulnerability scanner for container images and filesystems
