Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: grype | Distribution: openSUSE Tumbleweed |
Version: 0.83.0 | Vendor: openSUSE |
Release: 1.1 | Build date: Tue Oct 29 15:02:25 2024 |
Group: Unspecified | Build host: reproducible |
Size: 57503116 | Source RPM: grype-0.83.0-1.1.src.rpm |
Packager: http://bugs.opensuse.org | |
Url: https://github.com/anchore/grype | |
Summary: A vulnerability scanner for container images and filesystems |
A vulnerability scanner for container images and filesystems. Easily install the binary to try it out. Works with Syft, the powerful SBOM (software bill of materials) tool for container images and filesystems.
Apache-2.0
* Tue Oct 29 2024 opensuse_buildservice@ojkastl.de - Update to version 0.83.0: * bump syft to v1.15.0, sterescope to v0.0.5 (#2219) * Add `grype db providers` command (#2174) * chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.1 to 1.1.2 (#2214) * chore(deps): update tools to latest versions (#2213) * docs: update config section to be valid, reference config subcommand (#2218) * chore(deps): bump github.com/charmbracelet/lipgloss (#2207) * chore(deps): bump github/codeql-action from 3.26.13 to 3.27.0 (#2208) * chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#2209) * chore(deps): bump actions/setup-go from 5.0.2 to 5.1.0 (#2211) * feat: multi-level configuration and profiles (#2194) * chore(deps): bump actions/cache from 4.1.1 to 4.1.2 (#2204) * chore(deps): bump anchore/sbom-action from 0.17.4 to 0.17.5 (#2205) * Tue Oct 22 2024 opensuse_buildservice@ojkastl.de - Update to version 0.82.2: * Update to Syft v1.14.2 (#2203) * Updated README.md with correct spellings & phrase. (#2201) * chore(deps): bump github.com/adrg/xdg from 0.5.0 to 0.5.1 (#2198) * chore(deps): update tools to latest versions (#2196) * fix: azurelinux considered as comprehensive distro (#2197) * chore(deps): bump anchore/sbom-action from 0.17.3 to 0.17.4 (#2193) * Tue Oct 15 2024 opensuse_buildservice@ojkastl.de - Update to version 0.82.1: * chore(deps): update Syft to v1.14.1 (#2191) * dependency: bump syft to main pre-release (#2189) * chore(deps): bump github/codeql-action from 3.26.12 to 3.26.13 (#2183) * Skip matching on packages with missing version info (#2182) * chore(deps): bump anchore/sbom-action from 0.17.2 to 0.17.3 (#2184) * chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.5 to 1.4.6 (#2185) * Account for implicit 0s in rpm release versions (#2188) * chore: bump syft in quality gate to v1.14.0 (#2187) * use epoch from metadata when missing from version string (#2186) * fix: exclude binary packages from CPE target software component filter logic (#2179) * add release docs (#2177) * chore(deps): bump actions/upload-artifact from 4.4.2 to 4.4.3 (#2176) * chore(deps): bump actions/upload-artifact from 4.4.1 to 4.4.2 (#2173) * chore(deps): bump actions/cache from 4.0.2 to 4.1.1 (#2172) * [chore] Add mastodon link to README.md (#2166) * chore(deps): bump actions/upload-artifact from 4.4.0 to 4.4.1 (#2167) * chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#2168) * chore(deps): bump github/codeql-action from 3.26.11 to 3.26.12 (#2169) * Wed Oct 09 2024 opensuse_buildservice@ojkastl.de - Update to version 0.82.0: * chore(deps): update Syft to v1.14.0 (#2164) * fix: use fix info from secDB in APK matcher even if NVD fix info present (#2162) * chore(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0 (#2159) * chore(deps): bump github/codeql-action from 3.26.10 to 3.26.11 (#2160) * chore(deps): update tools to latest versions (#2157) * Add v6 DB metadata store (#2146) * feat: remove `wordpress` from `known` targets due to wordpress cataloger support syft/#1553 * Add a space following the "Name:" label (#2155) * chore(deps): update tools to latest versions (#2154) * test: update quality gate db to latest version (#2153) * explicitly skip update ts on check failure (#2152) * port over tar/xz decompressors (#2139) * chore(deps): bump github/codeql-action from 3.26.9 to 3.26.10 (#2149) * chore(deps): bump github.com/docker/docker (#2147) * implement a low pass filter for update checks (#2148) * migrate legacy distribution concerns (#2144) * chore(deps): bump github/codeql-action from 3.26.8 to 3.26.9 (#2142) * chore(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#2145) * Thu Sep 26 2024 opensuse_buildservice@ojkastl.de - Update to version 0.81.0: * add awaiting response management (#2141) * feat: add distro mapping for azure linux 3 (#1848) * Tue Sep 24 2024 opensuse_buildservice@ojkastl.de - Update to version 0.80.2: * chore(deps): update Syft to v1.13.0 (#2140) * Correctly match JVM version ranges (#2114) * chore: switch to yardstick validate from custom gate.py (#2090) * chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.0 to 0.9.1 (#2118) * chore(deps): update tools to latest versions (#2123) * chore(deps): bump github/codeql-action from 3.26.7 to 3.26.8 (#2135) * chore(deps): bump peter-evans/create-pull-request from 7.0.2 to 7.0.5 (#2136) * test: fix slice init length (#2133) * fix: hash vuln db only once on load (#2054) * chore: include file specifier in help (#2121) * docs: add mention of file scheme (#2120) * fix(apk): find secdb entries for origin packages (#1602) * chore(deps): update tools to latest versions (#2115) * chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7 (#2113) * chore(deps): update tools to latest versions (#2102) * chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.0 to 1.1.1 (#2109) * chore(deps): bump peter-evans/create-pull-request from 7.0.1 to 7.0.2 (#2111) * Thu Sep 12 2024 opensuse_buildservice@ojkastl.de - Update to version 0.80.1: * chore(deps): bump github.com/anchore/syft from 1.11.1 to 1.12.2 (#2108) * fix: Update gitmodule url (#2106) * chore(deps): bump gorm.io/gorm from 1.25.11 to 1.25.12 (#2103) * chore(deps): bump github.com/dave/jennifer from 1.7.0 to 1.7.1 (#2105) * chore(deps): bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 (#2098) * chore(deps): bump peter-evans/create-pull-request from 7.0.0 to 7.0.1 (#2099) * chore(deps): bump github.com/anchore/stereoscope (#2074) * chore(deps): bump github.com/docker/docker (#2086) * chore(deps): bump github/codeql-action from 3.26.4 to 3.26.6 (#2089) * chore(sec): update Golang and runc to latest releases (#2091) CVE-2024-3154 * chore(deps): bump github.com/charmbracelet/bubbletea (#2092) * chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.3 to 3.3.0 (#2093) * test: update quality gate db to latest version (#2094) * chore(deps): bump actions/upload-artifact from 4.3.6 to 4.4.0 (#2096) * chore(deps): bump peter-evans/create-pull-request from 6.1.0 to 7.0.0 (#2097) * chore(deps): update tools to latest versions (#2082) * docs(templates): escape description in junit.tmpl (#2088) * chore(deps): update tools to latest versions (#2080) * chore(deps): bump github/codeql-action from 3.26.3 to 3.26.4 (#2078) * chore(deps): bump anchore/sbom-action from 0.17.1 to 0.17.2 (#2079) * chore(deps): update tools to latest versions (#2072) * chore(deps): bump github.com/charmbracelet/lipgloss (#2073) * chore: bump quality gate vuln match labels data (#2069) * Wed Aug 21 2024 opensuse_buildservice@ojkastl.de - Update to version 0.80.0: * chore(deps): bump github/codeql-action from 3.26.2 to 3.26.3 (#2070) * chore(deps): update Syft to v1.11.1 (#2071) * chore: add grype version to db network operations (#2062) * fix: do not panic when given empty string arg (#2064) * chore(deps): bump github.com/charmbracelet/bubbletea (#2067) * fix: correctly close the db file in v4/v5 stores (#2066) * Add "Alpine Linux" to IDMapping; handle no CPEs error in findApkPackage. (#2040) * chore(deps): update tools to latest versions (#2055) * chore(deps): bump github.com/docker/docker (#2052) * fix: fail when grype cant check for db update (#1247) * chore(deps): bump anchore/sbom-action from 0.17.0 to 0.17.1 (#2053) * chore(deps): bump github.com/hashicorp/go-getter from 1.7.5 to 1.7.6 (#2056) * chore(deps): bump github/codeql-action from 3.26.0 to 3.26.2 (#2060) * feat: add db search subcommand (#2031) * Mon Aug 12 2024 opensuse_buildservice@ojkastl.de - Update to version 0.79.6: * do not fail when inflating DB records (#2049) * chore: remove quality gate Makefile db age check (#2036) * doc: Updates for the Slack to Discourse migration (#2046) * Mon Aug 12 2024 opensuse_buildservice@ojkastl.de - Update to version 0.79.5: * feat: update to Syft 1.11.0 (#2047) * fix: higher default timeout for database download (#2033) * chore(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0 (#2045) * chore(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 (#2035) * chore(deps): update tools to latest versions (#2038) * chore(deps): bump github.com/google/go-containerregistry (#2043) * chore(deps): bump github/codeql-action from 3.25.15 to 3.26.0 (#2044) * test: update quality gate db to latest version (#2034) * chore(deps): update tools to latest versions (#2027) * chore(deps): bump actions/upload-artifact from 4.3.4 to 4.3.5 (#2028) * chore: add grype version to application update check headers (#2021) * test: update quality gate db to latest version (#2026) * chore: use the .tool/gh for release script (#2022) * Thu Aug 01 2024 opensuse_buildservice@ojkastl.de - Update to version 0.79.4: * chore(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 (#2016) * chore(deps): update Syft to v1.10.0 (#2019) * chore(deps): bump github/codeql-action from 3.25.14 to 3.25.15 (#2011) * chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.4 to 1.4.5 (#2012) * chore(deps): update tools to latest versions (#2015) * chore(deps): bump github/codeql-action from 3.25.13 to 3.25.14 (#2010) * disable ui before run function on db status (#2008) * chore(deps): bump github.com/docker/docker (#2007) * chore(deps): update tools to latest versions (#2003) * chore(deps): bump github.com/docker/docker (#2000) * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.4 to 0.5.5 (#2001) * chore(deps): bump docker/login-action from 3.2.0 to 3.3.0 (#2002) * chore(deps): bump github/codeql-action from 3.25.12 to 3.25.13 (#1999) * chore: request artifact in issue template (#1996) * chore(deps): update tools to latest versions (#1998) * docs: CODE_OF_CONDUCT.md (#1994) * chore(deps): bump github.com/google/go-containerregistry (#1997) * chore(deps): bump anchore/sbom-action from 0.16.1 to 0.17.0 (#1992) * chore(deps): update tools to latest versions (#1989) * chore(deps): bump github/codeql-action from 3.25.11 to 3.25.12 (#1990) * chore(deps): bump github.com/charmbracelet/lipgloss (#1991) * Tue Jul 16 2024 opensuse_buildservice@ojkastl.de - Update to version 0.79.3: * chore(deps): bump gorm.io/gorm from 1.25.10 to 1.25.11 (#1985) * chore(deps): bump anchore/sbom-action from 0.16.0 to 0.16.1 (#1981) * chore(deps): bump actions/setup-go from 5.0.1 to 5.0.2 (#1982) * chore(deps): update Syft to v1.9.0 (#1986) * fix: correct cpe target software comparison to syft language (#1658) * chore(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4 (#1977) * docs: update readme with new default format (#1974) * Wed Jul 03 2024 opensuse_buildservice@ojkastl.de - Update to version 0.79.2: * chore(deps): bump github/codeql-action from 3.25.10 to 3.25.11 (#1968) * chore(deps): update tools to latest versions (#1969) * test: update quality gate db to latest version (#1972) * chore: pin new sign installer to commit sha (#1966) * chore(deps): bump github.com/charmbracelet/bubbletea (#1963) * chore(deps): update tools to latest versions (#1962) * chore: add workflow to update quality test db (#1961) * chore(deps): bump github.com/anchore/syft from 1.7.0 to 1.8.0 (#1957) * chore(deps): bump github.com/go-test/deep from 1.1.0 to 1.1.1 (#1958) * chore(deps): bump github.com/hashicorp/go-getter from 1.7.4 to 1.7.5 (#1959) * chore: update test_db_url; remove white space (#1960) * chore(deps): bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#1954) * chore(deps): bump github.com/charmbracelet/bubbletea (#1955) * chore: enable dependabot to keep boostrap action updated (#1953) * fix: use location RealPath not String() (#1950) * Tue Jun 18 2024 opensuse_buildservice@ojkastl.de - Update to version 0.79.1: * chore: update CI to install golang at latest version (#1949) * chore(deps): bump github.com/google/go-containerregistry (#1948) * chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#1947) * Sat Jun 15 2024 opensuse_buildservice@ojkastl.de - Update to version 0.79.0: * chore: Update syft v1.7.0 (#1945) * chore(deps): bump github/codeql-action from 3.25.8 to 3.25.10 (#1940) * chore(deps): update tools to latest versions (#1943) * fix match sort ordering for different locations (#1944) * chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 (#1941) * Updating maven URLs in README.md (#1934) * sort order for matches should consider fix info (#1933) * chore(deps): update tools to latest versions (#1925) * chore(deps): update tools to latest versions (#1921) * chore(deps): update tools to latest versions (#1919) * chore(deps): bump actions/checkout from 4.1.1 to 4.1.6 (#1920) * feat(signature): Checksum signature verification (#1670) * add skopeo to managed utilities (#1915) * chore(deps): bump github/codeql-action from 3.25.7 to 3.25.8 (#1909) * chore(deps): bump github.com/docker/docker (#1916) * remove dco workflow (#1914) * use dco tool during gh app outage (#1910) * chore(deps): bump github/codeql-action from 3.25.6 to 3.25.7 (#1901) * chore(deps): bump github.com/charmbracelet/bubbletea (#1902) * fix: add note about TMPDIR env var (#1880) * fix: uppercased package in json (#1900) * fix: main mod pseudo version default off (#1894) * chore(deps): update tools to latest versions (#1898) * Thu May 30 2024 opensuse_buildservice@ojkastl.de - Update to version 0.78.0: * update syft to v1.5.0 (#1897) * chore(deps): bump docker/login-action from 3.1.0 to 3.2.0 (#1896) * Update syft to 1.4.2-0.20240528141306-ac34808b9c55 (#1895) * chore(deps): bump github.com/charmbracelet/lipgloss (#1888) * chore(deps): bump github.com/hashicorp/go-version from 1.6.0 to 1.7.0 (#1887) * chore(deps): update tools to latest versions (#1891) * chore(deps): bump github.com/charmbracelet/bubbletea (#1890) * chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.3 to 1.4.4 (#1889) * chore(deps): update tools to latest versions (#1883) * feat: add config command (#1876) * disable TUI for simpler commands (#1872) * chore(deps): bump github.com/docker/docker (#1867) * chore(deps): bump actions/checkout from 4.1.5 to 4.1.6 (#1868) * chore(deps): update tools to latest versions (#1864) * chore(deps): bump github/codeql-action from 2.13.4 to 3.25.6 (#1870) * chore(deps): bump anchore/sbom-action from 0.15.11 to 0.16.0 (#1871) * chore(deps): update tools to latest versions (#1862) * chore: add top level permissions to new workflow (#1860) * chore(deps): update tools to latest versions (#1856) * chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 (#1858) * chore(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 (#1859) * fix: ask catalog for package rather than type asserting (#1857) * Sun May 12 2024 Johannes Kastl <opensuse_buildservice@ojkastl.de> - add completion subpackages - fix version output * Fri May 10 2024 opensuse_buildservice@ojkastl.de - Update to version 0.77.4: * Upgrade tool management (#1842) * chore(deps): update Syft to v1.4.0 (#1855) * chore(deps): update bootstrap tools to latest versions (#1852) * chore(deps): bump github.com/charmbracelet/bubbletea (#1853) * chore(deps): bump github.com/docker/docker (#1854) * chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 (#1847) * Wed May 08 2024 opensuse_buildservice@ojkastl.de - Update to version 0.77.3: * Revert "feat: modify metadata structure for providers' pull date (#1795)" (#1846) * chore(deps): bump github.com/charmbracelet/bubbletea (#1844) * chore(deps): update bootstrap tools to latest versions (#1845) * chore(deps): bump actions/setup-go from 5.0.0 to 5.0.1 (#1840) * chore(deps): bump github.com/charmbracelet/bubbletea (#1841) * chore(deps): bump github.com/docker/docker (#1839) * Thu May 02 2024 opensuse_buildservice@ojkastl.de - Update to version 0.77.2: * fix: update ignored vulnerability count in tui (#1837) * fix: update sarif to pass microsoft validator (#1838) * chore(deps): bump anchore/sbom-action from 0.15.10 to 0.15.11 (#1835) * Fri Apr 26 2024 opensuse_buildservice@ojkastl.de - Update to version 0.77.1: * chore(deps): bump gorm.io/gorm from 1.25.9 to 1.25.10 (#1831) * chore(deps): update Syft to v1.3.0 (#1832) * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.3 to 0.5.4 (#1824) * chore(deps): bump actions/checkout from 4.1.3 to 4.1.4 (#1823) * chore(deps): bump github.com/anchore/stereoscope (#1825) * chore(deps): bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#1828) * fix: update grype version to support darwin arm64 (#1830) * chore(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 (#1820) * docs: update README with newer data sources (#1819) * chore(deps): bump github.com/docker/docker (#1821) * Add some more examples for the `config.yaml` file in the README. (#1811) * chore(deps): bump github.com/docker/docker (#1817) * chore(deps): bump actions/checkout from 4.1.2 to 4.1.3 (#1818) * Fri Apr 19 2024 opensuse_buildservice@ojkastl.de - Update to version 0.77.0: * config: add config opt in golang pseudo version main module comparison (#1816) * chore(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 (#1814) * feat: modify metadata structure for providers' pull date (#1795) * fix: add linux and libc-dev headers ignore rules for debian packages (#1809) * chore(deps): bump peter-evans/create-pull-request from 6.0.3 to 6.0.4 (#1808) * feat: add html template (#1806) * fix: use Go main module version (#1797) * Tue Apr 16 2024 opensuse_buildservice@ojkastl.de - Update to version 0.76.0: * fix: adds ignore rules for kernel-headers indirect matches (#1787) * chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 (#1805) * chore: fix function name in comment (#1798) * chore(deps): bump peter-evans/create-pull-request from 6.0.2 to 6.0.3 (#1802) * chore(deps): update Syft to v1.2.0 (#1803) * chore(deps): bump github.com/docker/docker (#1800) * chore(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 (#1801) * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.2 to 0.5.3 (#1791) * test: fuzzy version comparison for java versions (#1788) * chore: readme formats updated with sarif option (#1786) * Thu Apr 04 2024 opensuse_buildservice@ojkastl.de - Update to version 0.75.0: * chore: update syft to latest v1.1.1 (#1784) * fix: enable http timeout (#1777) * chore(deps): update bootstrap tools to latest versions (#1781) * chore(deps): update bootstrap tools to latest versions (#1776) * chore(deps): bump gorm.io/gorm from 1.25.8 to 1.25.9 (#1775) * fix: make bootstrap-tools failed (#1739) * fix: use "path/filepath" to build file path (#1767) * update release token from readonly to write token (#1768) * chore(deps): bump anchore/sbom-action from 0.15.9 to 0.15.10 (#1771) * chore(deps): update Syft to v1.1.0 (#1769) * chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.33.0 (#1750) * chore(deps): bump github.com/glebarez/sqlite from 1.10.0 to 1.11.0 (#1751) * chore(deps): bump fountainhead/action-wait-for-check from 1.1.0 to 1.2.0 (#1753) * chore(deps): bump gorm.io/gorm from 1.25.7 to 1.25.8 (#1756) * chore(deps): bump github.com/google/go-containerregistry (#1754) * chore(deps): update bootstrap tools to latest versions (#1758) * chore(deps): bump actions/cache from 4.0.1 to 4.0.2 (#1761) * updating credentials to scoped permissions (#1755) * dont warn on golang devel version (#1752) * chore(deps): bump docker/login-action from 3.0.0 to 3.1.0 (#1748) * chore(deps): bump peter-evans/create-pull-request from 6.0.1 to 6.0.2 (#1746) * chore(deps): bump actions/checkout from 4.1.1 to 4.1.2 (#1747) * chore(code-comments): typo (#1745) * chore: slice loop replace (#1738) * chore(deps): update Syft to v1.0.1 (#1742) * chore(deps): bump github.com/anchore/syft from 1.0.0 to 1.0.1 (#1743) * chore(deps): bump github.com/docker/docker (#1744) * chore(deps): bump anchore/sbom-action from 0.15.8 to 0.15.9 (#1740) * chore(deps): bump github.com/charmbracelet/lipgloss from 0.9.1 to 0.10.0 (#1741) * chore(deps): bump actions/cache from 4.0.0 to 4.0.1 (#1735) * chore(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#1736) * chore(deps): bump github.com/anchore/syft (#1734) * chore(deps): bump peter-evans/create-pull-request from 6.0.0 to 6.0.1 (#1733) * chore: update syft source providers (#1727) * Sat Mar 16 2024 opensuse_buildservice@ojkastl.de - Update to version 0.74.7: * chore(deps): update Syft to v0.105.1 (#1728) * fix(install): return appropriate exit codes (#1725) * chore(test): update quality test grype db (#1726) * fix: improve sarif descriptive text and fingerprint (#1720) * chore: remove unused file internal/file/tar.go and its test (#1724) * Added instruction to install with choco (#1716) * chore(deps): update bootstrap tools to latest versions (#1719) * chore: remove unused file internal/logger/logrus.go (#1721) * Thu Feb 15 2024 opensuse_buildservice@ojkastl.de - Update to version 0.74.6: * chore(deps): update Syft to v0.105.0 (#1714) * chore(deps): update bootstrap tools to latest versions (#1707) * test(quality): bump label dataset and images (#1712) * fix: only warn missing CPEs if CPEs wanted (#1710) * fix: ensure version output to stdout (#1709) * chore(deps): update bootstrap tools to latest versions (#1706) * Thu Feb 08 2024 opensuse_buildservice@ojkastl.de - Update to version 0.74.5: * chore(deps): update Syft to v0.104.0 (#1704) * Bump Syft in Grype to pull in unmarshaling fix (#1703) * chore(deps): bump github.com/docker/docker (#1702) * chore(deps): bump gorm.io/gorm from 1.25.6 to 1.25.7 (#1700) * chore(deps): update bootstrap tools to latest versions (#1698) * chore(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 (#1699) * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.0 to 0.5.2 (#1697) * chore(deps): bump peter-evans/create-pull-request from 5.0.2 to 6.0.0 (#1687) * chore(deps): bump anchore/sbom-action from 0.15.6 to 0.15.8 (#1690) * chore(deps): bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (#1691) * chore(deps): bump github.com/docker/docker (#1692) * chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.12 (#1689) * Thu Feb 01 2024 opensuse_buildservice@ojkastl.de - Update to version 0.74.4: * Security fixes: - Upgrade syft to v0.103.1 (#1688) * chore(deps): bump github.com/google/go-containerregistry (#1685) * chore(deps): bump anchore/sbom-action from 0.15.5 to 0.15.6 (#1684) * ensure releases only use released versions of syft (#1680) * chore(deps): bump gorm.io/gorm from 1.25.5 to 1.25.6 (#1683) * chore(deps): bump 8398a7/action-slack from 3.15.1 to 3.16.2 (#1682) * Fri Jan 26 2024 opensuse_buildservice@ojkastl.de - Update to version 0.74.3: * chore(deps): update Syft to v0.102.0 (#1681) * Fix matching when RPM modularity is a factor (#1679) * chore: break assumption that syft cpe.CPE is wfn.Attributes (#1675) * chore(deps): bump github.com/docker/docker (#1677) * chore(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0 (#1678) * chore(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0 (#1676) * chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.12 to 0.5.0 (#1674) * fix: take VEX docs into account when --fail-on is set (#1657) * chore(deps): bump anchore/sbom-action from 0.15.4 to 0.15.5 (#1671) * Sat Jan 20 2024 opensuse_buildservice@ojkastl.de - Update to version 0.74.2: * chore(deps): update Syft to v0.101.1 (#1669) * chore(deps): bump github.com/docker/docker (#1667) * chore(deps): bump anchore/sbom-action from 0.15.3 to 0.15.4 (#1666) * chore(deps): bump actions/upload-artifact from 4.1.0 to 4.2.0 (#1668) * chore(deps): bump github.com/google/go-containerregistry (#1665) * chore: enable automatic approval of dependabot PRs (#1664) * Thu Jan 18 2024 opensuse_buildservice@ojkastl.de - Update to version 0.74.1: * chore(deps): update Syft to v0.101.0 (#1663) * upgrade syft with latest SBOM creation API (#1662) * chore(deps): bump actions/cache from 3.3.3 to 4.0.0 (#1661) * chore(tests): fix logging configuration in tests (#1655) * chore(deps): bump actions/cache from 3.3.2 to 3.3.3 (#1656) * chore(deps): bump actions/upload-artifact from 4.0.0 to 4.1.0 (#1659) * chore(deps): bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 (#1651) * chore(deps): bump anchore/sbom-action from 0.15.2 to 0.15.3 (#1650) * Sun Jan 07 2024 opensuse_buildservice@ojkastl.de - Update to version 0.74.0: * chore(deps): update Syft to v0.100.0 (#1649) * fix: distro FP data not applied correctly (#1603) * chore(deps): bump anchore/sbom-action from 0.15.1 to 0.15.2 (#1647) * chore(deps): update bootstrap tools to latest versions (#1644) * docs: fix logging configuration in README (#1646) * Thu Dec 21 2023 opensuse_buildservice@ojkastl.de - Update to version 0.73.5: * chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.2 to 0.8.0 (#1633) * chore(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#1641) * chore(deps): bump github.com/containerd/containerd from 1.7.8 to 1.7.11 (#1642) * chore(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0 (#1638) * chore(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (#1632) * chore(deps): bump github.com/charmbracelet/bubbletea (#1635) * chore(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 (#1636) * chore(deps): bump actions/setup-go from 4.1.0 to 5.0.0 (#1630) * chore(deps): bump anchore/sbom-action from 0.15.0 to 0.15.1 (#1626) * chore: pin action to correct sha (#1598) * chore(deps): bump github.com/google/go-containerregistry (#1625) * Thu Nov 30 2023 kastl@b1-systems.de - Update to version 0.73.4: * chore: bump to syft v0.98.0 in quality gate tests (#1623) * chore: update syft; go mod tidy (#1621) * chore(deps): bump github.com/spf13/afero from 1.10.0 to 1.11.0 (#1618) * chore: explicitly test maven suffixes (#1617) * chore(deps): bump anchore/sbom-action from 0.14.3 to 0.15.0 (#1611) * Mon Nov 20 2023 kastl@b1-systems.de - Update to version 0.73.3: * chore(deps): update Syft to v0.97.1 (#1610) * Fri Nov 17 2023 kastl@b1-systems.de - Update to version 0.73.2: * chore(deps): update Syft to v0.97.0 (#1608) * chore: bump vulnerability match label dataset (#1606) * fix: golang version parsing (#1599) * chore(deps): update bootstrap tools to latest versions (#1595) * chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.11 to 0.4.12 (#1597) * Thu Nov 09 2023 kastl@b1-systems.de - Update to version 0.73.1: * chore(deps): update Syft to v0.96.0 (#1596) * fix: match against debian unstable (#1593) * perf: avoid allocations with `(*regexp.Regexp).MatchString` (#1592) * chore(deps): bump sigstore/cosign-installer from 3.1.2 to 3.2.0 (#1590) * Wed Nov 08 2023 kastl@b1-systems.de - Update to version 0.73.0: * chore(deps): update Syft to v0.95.0 (#1591) * chore: account for syft package metadata changes (#1423) * fix: bump fangs to enable setting golang CPE config using env var (#1585) * chore(deps): update bootstrap tools to latest versions (#1588) * chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (#1586) * chore: bootstrap action cleanup (#1587) * chore(deps): update bootstrap tools to latest versions (#1584) * Incorporate format API changes from syft (#1582) * chore(deps): bump github.com/docker/docker (#1579) * feat(config): added reason field (#1532) * chore(deps): bump github.com/glebarez/sqlite from 1.9.0 to 1.10.0 (#1583) * Colorize severity in table output (#1284) * feat: add custom maven comparator (#1571) * chore: fix path to quality tests (#1578) * capture quality gate state on failures (#1576) * chore(deps): bump github.com/google/uuid from 1.3.1 to 1.4.0 (#1575) * chore(deps): update bootstrap tools to latest versions (#1574) * chore(deps): bump google.golang.org/grpc from 1.56.0 to 1.56.3 (#1573) * docs: add cbl-mariner to supported distro (#1569) * chore(deps): bump ossf/scorecard-action from 2.3.0 to 2.3.1 (#1570) * chore(deps): update bootstrap tools to latest versions (#1567) * Fri Nov 03 2023 Johannes Kastl <kastl@b1-systems.de> - BuildRequire go1.21 * Sat Oct 21 2023 kastl@b1-systems.de - Update to version 0.72.0: * chore(deps): update Syft to v0.94.0 (#1566) * Incorporate Syft java detection improvements (#1555) * add exception for go stdlib search by CPE (#1565) * chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#1564) * Add --ignore-states flag for ignoring findings with specific fix states (#1473) * feat: update go-sarif library to use latest release (#1563) * bump clio to get stderr reporting fix (#1561) * chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.2 to 1.4.3 (#1558) * chore(deps): bump github.com/charmbracelet/lipgloss from 0.9.0 to 0.9.1 (#1557) * Add checksum signing (#1535) * Fri Oct 13 2023 kastl@b1-systems.de - Update to version 0.71.0: * chore(deps): bump golang.org/x/net from 0.16.0 to 0.17.0 (#1554) * feat: disable CPE-based matching for GHSA ecosystems by default (#1412) * chore(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#1552) * Wed Oct 11 2023 kastl@b1-systems.de - Update to version 0.70.0: * chore(deps): update Syft to v0.93.0 (#1550) * chore(deps): bump gorm.io/gorm from 1.25.4 to 1.25.5 (#1547) * chore(deps): bump github.com/charmbracelet/lipgloss from 0.8.0 to 0.9.0 (#1548) * chore(deps): bump github.com/hashicorp/go-getter from 1.7.2 to 1.7.3 (#1549) * chore(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.0 (#1544) * fix: empty descriptor name and version (#1542) * chore: removes unnecessary conditional (#1539) * chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.10 to 0.4.11 (#1533) * Sat Oct 07 2023 kastl@b1-systems.de - Update to version 0.69.1: * chore(deps): update Syft to v0.92.0 (#1527) * chore(deps): update bootstrap tools to latest versions (#1524) * chore: add OpenSSF Best Practices badge (#1523) * bump labels to latest (#1525) * chore(deps): bump actions/checkout from 4.0.0 to 4.1.0 (#1519) * chore(deps): update bootstrap tools to latest versions (#1520) * chore: explicitly test go pseudoversion (#1522) * chore: remove outdated comment about fuzzy matching python versions (#1521) * chore: bump stereoscope to fix data race in UI (#1517) * fix: correctly guess tool comparison (#1516) * chore(deps): update bootstrap tools to latest versions (#1515) * chore(deps): bump github.com/spf13/afero from 1.9.5 to 1.10.0 (#1514) * fix: use PEP440 for Python package version comparison (#1510) * Sat Oct 07 2023 kastl@b1-systems.de - Update to version 0.69.0: * chore(deps): bump tibdex/github-app-token from 2.0.0 to 2.1.0 (#1506) * Upgrade syft to v0.91.0 (#1508) * Update chronicle to v0.8.0 (#1507) * fix: terminal clobbering when commands return errors (#1505) * Fix typo in flag (#1501) * chore(deps): bump actions/cache from 3.2.6 to 3.3.2 (#1499) * chore(deps): remove dependency on sqlite fork; bump gorm.io/gorm from 1.23.10 to 1.25.4 (#1448) * chore: pin cache versions (#1495) * chore(deps): bump actions/checkout from 3 to 4 (#1475) * Sat Oct 07 2023 kastl@b1-systems.de - Update to version 0.68.1: * fix: version output including supported db schema (#1494) * chore: pin actions; pin images; add top level action permissions (#1493) * Sat Oct 07 2023 kastl@b1-systems.de - Update to version 0.68.0: * feat: introduce exit code failure option for db update check (#1463) * Ignore/add match results based on OpenVEX documents (#1397) * chore(deps): bump docker/login-action from 2 to 3 (#1488) * chore: Fix race conditions around stager, enable detector (#1489) * chore(deps): update Syft to v0.90.0 (#1486) * chore(deps): bump tibdex/github-app-token from 1.8.2 to 2.0.0 (#1485) * chore: update CLI to CLIO (#1437) * Sat Oct 07 2023 kastl@b1-systems.de - Update to version 0.67.0: * feat: grype explain prototype (#1367) * chore: Update go declaration to have point version (#1484) * chore: update grype to use Go v1.21 (#1480) * chore(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 (#1481) * chore(deps): bump tibdex/github-app-token from 1.8.0 to 1.8.2 (#1474) * chore(deps): bump golang.org/x/term from 0.11.0 to 0.12.0 (#1476) * chore(deps): bump github.com/docker/docker (#1478) * chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.8 to 0.4.10 (#1477) * chore: bump quality gate to use syft v0.89.0 (#1479) * Tue Sep 05 2023 kastl@b1-systems.de - Update to version 0.66.0: * chore(deps): update Syft to v0.89.0 (#1472) * Add registry certificate verification support (#1232) * fix: set correct default to exclude overlapping binaries (#1452) * fix: portage version comparison (#1468) * chore: pin the vulnerability DB used in quality gate testing (#1470) * chore(deps): update Syft to v0.88.0 (#1466) * chore: update quill version (#1465) * docs: fix some typos on main README (#1455) * note supported versions of grype (#1458) * bump vml labels (#1462) * chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 (#1453) * chore(deps): update bootstrap tools to latest versions (#1450) * fill out new version notice (#1445) * feat: filter out packages owned by OS packages (#1387) * fix: Only remove packages by binary overlap (#1444) * chore: bump to syft v0.87.1 in quality gate (#1442) * Tue Sep 05 2023 kastl@b1-systems.de - Update to version 0.65.2: * chore(deps): update Syft to v0.87.1 (#1432) * chore: Init submodule if missing (#1439) * chore: exclude yardstick store from filename rules (#1440) * chore: use latest yardstick (#1438) * fix: update semver regular expression constraint to allow for 1.20rc1 cases no '-' (#1434) * chore(deps): update bootstrap tools to latest versions (#1424) * chore(deps): bump actions/setup-go from 4.0.1 to 4.1.0 (#1421) * docs(example-templates): add a simple JUnit XML template (#1422) * chore(deps): bump golang.org/x/term from 0.10.0 to 0.11.0 (#1420) * chore: use syft v0.86.1 in the quality gate tests (#1418) * Sun Aug 06 2023 kastl@b1-systems.de - Update to version 0.65.1: * fix: some hang conditions (#1414) * chore(deps): update bootstrap tools to latest versions (#1413) * Tue Aug 01 2023 kastl@b1-systems.de - Update to version 0.65.0: * chore(deps): update Syft to v0.86.1 (#1410) * chore(deps): bump github.com/docker/docker (#1402) * chore(deps): bump github.com/hashicorp/go-getter from 1.7.1 to 1.7.2 (#1406) * chore: bump quality gate label dataset (#1404) * feat: implement secondary sorting for default json output (#1403) * feat: update table sort to be name, version, type, severity, vulnerability (#1400) * chore: in quality tests, only colorize quality output if in a tty (#1398) * chore(deps): bump github.com/gookit/color from 1.5.3 to 1.5.4 (#1396) * Thu Jul 20 2023 kastl@b1-systems.de - Update to version 0.64.2: * fix: vulnerabilities should be printed when `--fail-on` fails (#1395) * chore: bump yardstick to address PyYAML cython compatibility issues (#1394) * Refactor integ test to table test (#1390) * Tue Jul 18 2023 kastl@b1-systems.de - Update to version 0.64.1: * Pass correct output file (#1391) * chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.7 to 0.4.8 (#1389) * Port UI to bubbletea (#1385) * Fri Jul 14 2023 kastl@b1-systems.de - Update to version 0.64.0: * chore(deps): update Syft to v0.85.0 (#1383) * feat(outputs): allow to set multiple outputs (#648) (#1346) * Remove Docker section from DEVELOPING.md (#1384) * chore(deps): update bootstrap tools to latest versions (#1381) * chore(deps): bump github.com/docker/docker (#1382) * Port to new syft source API (#1376) * chore(deps): bump golang.org/x/term from 0.9.0 to 0.10.0 (#1375) * chore: bump quality gate labels and images (#1374) * chore(deps): update bootstrap tools to latest versions (#1368) * Fri Jun 30 2023 kastl@b1-systems.de - Update to version 0.63.1: * Add a simple CSV format template to the templates/ directory and tweak docs (#1366) * chore(deps): update Syft to v0.84.1 (#1372) * fix: Add more log4j-adjacent package ignore rules (#1358) * chore: bump the quality gate labels (#1369) * add oss community board auto-add workflow (#1364) * fix: totals for vulnerability matches (#1359) * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#1363) * chore(deps): bump anchore/sbom-action from 0.14.2 to 0.14.3 (#1357) * Thu Jun 22 2023 kastl@b1-systems.de - Update to version 0.63.0: * Configure chronicle to pre-1.0 mode (#1356) * chore(deps): update Syft to v0.84.0 (#1354) * chore(deps): update bootstrap tools to latest versions (#1353) * chore(deps): update Syft to v0.83.1 (#1352) * chore(deps): bump golang.org/x/term from 0.8.0 to 0.9.0 (#1350) * chore(deps): bump peter-evans/create-pull-request from 5.0.1 to 5.0.2 (#1351) * chore(deps): bump github/codeql-action from 2.3.6 to 2.13.4 (#1344) * chore: Update the contributing guide (#1347) * feat: add community template folder and new table template (#1343) * chore: log unsupported package qualifier as debug (#1340) * feat: add package info to search by for all match details (#1339) * Mon Jun 12 2023 kastl@b1-systems.de - Update to version 0.62.3: * chore(deps): update bootstrap tools to latest versions (#1334) * chore(deps): bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 (#1336) * chore(deps): bump github/codeql-action from 2.3.5 to 2.3.6 (#1331) * Hide suppressed vulnerabilities when --show-suppressed is not given (#1322) * chore(deps): bump github.com/stretchr/testify from 1.8.3 to 1.8.4 (#1324) * chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 (#1323) * Sat May 27 2023 kastl@b1-systems.de - Update to version 0.62.2: * feat: add source and type to CVSS information (#1317) * chore(deps): bump github.com/docker/docker (#1320) * chore(deps): bump github/codeql-action from 2.3.3 to 2.3.5 (#1321) * Wed May 24 2023 kastl@b1-systems.de - Update to version 0.62.1: * chore: update gomod with latest syft (#1313) * chore(deps): bump github.com/docker/docker (#1311) * Tue May 23 2023 kastl@b1-systems.de - Update to version 0.62.0: * bump syft to pre-release of v0.81.0 (#1310) * add main bin ignore (#1305) * chore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#1309) * chore(deps): bump github.com/docker/docker (#1304) * chore(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.2 (#1307) * chore(deps): bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 (#1289) * chore(deps): bump github.com/docker/distribution (#1290) * chore(deps): bump actions/setup-go from 4.0.0 to 4.0.1 (#1298) * chore: update deprecated io/ioutil calls (#1296) * feat: package qualifier for platform CPE (#1291) * Fix reading syft json from stdin by redirect (#1299) * should only use hermetic functions in templates (#1288) * chore(deps): update bootstrap tools to latest versions (#1285) * feat: add non-hermetic sprig functions (#1243) (#1273) * fix: typo in logger prefix (#1283) * chore(deps): bump github.com/docker/docker (#1280) * chore(deps): bump anchore/sbom-action from 0.14.1 to 0.14.2 (#1281) * chore(deps): update Syft to v0.80.0 (#1276) * chore(deps): update bootstrap tools to latest versions (#1277) * docs: add config flag to configuration section (#1271) (#1274) * chore(deps): bump github/codeql-action from 2.3.2 to 2.3.3 (#1272) * chore(deps): bump golang.org/x/term from 0.7.0 to 0.8.0 (#1268) * chore(deps): update bootstrap tools to latest versions (#1270) * Add support for Syft IDs in JSON output (#1266) * docs: add "cyclonedx-json" to output formats (#1252) * chore(deps): bump github.com/docker/docker (#1257) * chore(deps): bump github/codeql-action from 2.3.1 to 2.3.2 (#1261) * chore(deps): bump peter-evans/create-pull-request from 5.0.0 to 5.0.1 (#1263) * Install skopeo during bootstrap (#1260) * chore(deps): bump github/codeql-action from 2.3.0 to 2.3.1 (#1258) * chore(deps): bump github/codeql-action from 2.2.12 to 2.3.0 (#1256) * chore: update quality gate labels and add keycloak (#1255) * fix: false positive for purl provider for RPM without epoch (#1237) * Sat Apr 22 2023 kastl@b1-systems.de - Update to version 0.61.1: * chore: bump syft to latest version v0.79.0 (#1250) * feat: add timestamp to json output (#1170) (#1249) * chore(deps): update Syft to v0.78.0 (#1242) * chore(deps): bump github.com/docker/docker (#1241) * chore(deps): update bootstrap tools to latest versions (#1239) * chore(deps): bump github/codeql-action from 2.2.11 to 2.2.12 (#1233) * chore(deps): update bootstrap tools to latest versions (#1238) * add format make target (#1231) * chore(deps): bump 8398a7/action-slack from 3.15.0 to 3.15.1 (#1223) * chore(deps): bump github.com/docker/docker (#1218) * chore(deps): bump github/codeql-action from 2.2.9 to 2.2.11 (#1225) * chore(deps): update bootstrap tools to latest versions (#1227) * chore(deps): bump peter-evans/create-pull-request from 4.2.4 to 5.0.0 (#1219) * chore(deps): bump golang.org/x/term from 0.6.0 to 0.7.0 (#1217) * chore(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0 (#1216) * Wed Apr 05 2023 kastl@b1-systems.de - Update to version 0.61.0: * chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.1-0.20221222100750-41a1ac565cce to 0.7.1 (#1213) * feat: add default-image-source-config option (#1215) * chore(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1 (#1212) * chore(deps): bump anchore/sbom-action from 0.13.4 to 0.14.1 (#1214) * chore(deps): bump github.com/anchore/syft from 0.75.0 to 0.76.0 (#1207) * chore: update syft update (#1211) * chore: update deprecated set-output calls (#1210) * chore(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3 (#1205) * chore: update quality gate dataset (#1206) * chore(deps): bump github.com/docker/docker (#1201) * Wed Mar 29 2023 kastl@b1-systems.de - Update to version 0.60.0: * Implement support for Chainguard Linux (#1198) * chore(deps): update bootstrap tools to latest versions (#1194) * chore(deps): bump github/codeql-action from 2.2.8 to 2.2.9 (#1197) * chore(deps): bump github.com/gookit/color from 1.5.2 to 1.5.3 (#1192) * chore(deps): bump github/codeql-action from 2.2.7 to 2.2.8 (#1193) * chore(deps): update bootstrap tools to latest versions (#1191) * chore: tweak some workflow text (#1190) * chore(deps): bump github.com/hashicorp/go-getter from 1.7.0 to 1.7.1 (#1181) * chore(deps): bump peter-evans/create-pull-request from 4.2.3 to 4.2.4 (#1184) * chore(deps): bump anchore/sbom-action from 0.13.3 to 0.13.4 (#1189) * chore: Update grype bootstrap tools to latest versions. (#1187) * fix: by-cpe pivot by vuln metadata rather than vulnerability record (#1188) * Update grype bootstrap tools to latest versions. (#1173) * chore(deps): bump actions/setup-go from 3.5.0 to 4.0.0 (#1182) * chore(deps): bump github/codeql-action from 2.2.5 to 2.2.7 (#1183) * feat: disable CPE-based matching by default for javascript (#1180) * Update Syft to v0.75.0 (#1177) * chore: bump vuln match quality dataset (#1174) * chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.1 to 1.4.2 (#1166) * Thu Mar 09 2023 kastl@b1-systems.de - Update to version 0.59.1: * Update grype bootstrap tools to latest versions. (#1163) * Update Syft to v0.74.1 (#1168) * fix: correct APK CPE version comparison logic (#1165) * Sat Mar 04 2023 kastl@b1-systems.de - Update to version 0.59.0: * Grype Release Pipeline Update (#1147) * Add the total types of vulnerabilities in Grype output (#946) * chore(deps): bump gorm.io/gorm from 1.23.5 to 1.23.10 (#1157) * chore: bump quality gate labels and syft version (#1156) * Fri Mar 03 2023 kastl@b1-systems.de - Update to version 0.58.0: * chore: Update Syft to v0.74.0 (#1151) * fix(distro): Disable support for Arch Linux (#1152) * chore: update progress monitor handling (#1149) * Update Syft to v0.73.0 (#1140) * chore(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.2 (#1144) * chore(deps): bump github/codeql-action from 2.2.4 to 2.2.5 (#1145) * Update grype bootstrap tools to latest versions. (#1137) * chore(deps): bump github.com/spf13/afero from 1.9.3 to 1.9.4 (#1141) * chore(deps): bump actions/cache from 3.2.5 to 3.2.6 (#1143) * chore(deps): bump github.com/hashicorp/go-getter from 1.6.2 to 1.7.0 (#1134) * Fri Feb 17 2023 kastl@b1-systems.de - Update to version 0.57.1: * Update Syft to v0.72.0 (#1136) * Thu Feb 16 2023 kastl@b1-systems.de - Update to version 0.57.0: * chore: bump quality gate (#1133) * fix: ignore some false-positives for ruby gems (#1132) * chore(deps): bump github/codeql-action from 2.2.3 to 2.2.4 (#1131) * fix: exclude OS packages from CPE target filtering (#1130) * chore(deps): bump actions/cache from 3.2.4 to 3.2.5 (#1129) * chore(deps): bump github.com/docker/docker (#1128) * Update Syft to v0.71.0 (#1126) * chore(deps): bump github/codeql-action from 2.2.1 to 2.2.3 (#1125) * Update grype bootstrap tools to latest versions. (#1124) * chore(deps): bump golang.org/x/term from 0.4.0 to 0.5.0 (#1123) * Update grype bootstrap tools to latest versions. (#1122) * Update grype bootstrap tools to latest versions. (#1116) * Update Syft to v0.70.0 (#1117) * chore(deps): bump github.com/docker/docker (#1114) * Update grype bootstrap tools to latest versions. (#1112) * Update Syft to v0.69.1 (#1111) * chore: prune cosign dependency for grype builds (#1100) * Update grype bootstrap tools to latest versions. (#1108) * Update Syft to v0.69.0 (#1109) * chore(deps): bump actions/cache from 3.2.3 to 3.2.4 (#1107) * chore: add new images to quality gate (#1106) * chore: bump yardstick for better quality gate filtering (#1101) * chore(deps): bump actions/cache from 3.0.11 to 3.2.3 (#1096) * chore(deps): bump github/codeql-action from 2.1.39 to 2.2.1 (#1097) * chore(deps): bump anchore/sbom-action from 0.13.2 to 0.13.3 (#1098) * chore(deps): bump tibdex/github-app-token from 1.7.0 to 1.8.0 (#1099) * bump yardstick to 2d30ea7429d0a59020e0176bba1b3b6b8b01b08a (#1095) * chore(deps): bump actions/checkout from 3.1.0 to 3.3.0 (#1090) * chore(deps): bump github.com/hashicorp/go-getter from 1.6.1 to 1.6.2 (#1087) * chore(deps): bump 8398a7/action-slack from 3.14.0 to 3.15.0 (#1088) * chore(deps): bump peter-evans/create-pull-request from 4.2.0 to 4.2.3 (#1089) * chore(deps): bump actions/setup-go from 3.3.1 to 3.5.0 (#1091) * chore(deps): bump github/codeql-action from 2.1.31 to 2.1.39 (#1092) * Fri Jan 27 2023 kastl@b1-systems.de - Update to version 0.56.0: * Update Syft to v0.68.1 (#1086) * chore: update grype quality gate (#1085) * chore(deps): bump github.com/sigstore/sigstore from 1.4.4 to 1.5.1 (#1081) * chore(deps): bump actions/setup-python from 4.3.0 to 4.5.0 (#1075) * chore(deps): bump anchore/sbom-action from 0.13.1 to 0.13.2 (#1076) * chore(deps): bump actions/upload-artifact from 3.1.1 to 3.1.2 (#1077) * chore(deps): bump actions/download-artifact from 3.0.1 to 3.0.2 (#1074) * chore(deps): bump ossf/scorecard-action from 2.0.6 to 2.1.2 (#1078) * chore(deps): bump github.com/pkg/profile from 1.6.0 to 1.7.0 (#1079) * chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.0 to 1.4.1 (#1080) * chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 (#1083) * chore: align makefile and bootstrap tools scripts more with syft (#1073) * chore: enable dependabot on gomod and GitHub actions (#1072) * Update grype bootstrap tools to latest versions. (#1070) * fix: always include severity in cyclonedx output (#1067) * Update Syft to v0.68.0 (#1064) * Add protobuf FPs to default ignore list (#1062) * chore: update Syft to v0.66.2 (#1060) * Update grype bootstrap tools to latest versions. (#1055) * feat: allow grype db diff to specify local db directories (#1058) * chore: claim artifacthub package ownership from developer-guy (#661) * chore: add github token to quality tests (#1056) * chore: update yardstick to diagnose intermittent failures (#1054) * Update grype bootstrap tools to latest versions. (#1048) * Thu Jan 05 2023 kastl@b1-systems.de - Update to version 0.55.0: * fix: sort vulnerability results (#1052) * Adding internal/file/hasher test cases (#1049) * fix: orient by cve merging (#1046) * Update Syft to v0.64.0 (#1047) * fix: update removing results based on ownership-by-file-overlap (#1045) * feat: swap custom cyclone-dx model for cyclone-dx library (#1038) * chore: add GitLab Community Edition image to quality gate (#1035) * Fri Dec 16 2022 kastl@b1-systems.de - Update to version 0.54.0: * Update Syft to v0.63.0 (#1037) * fix: Exclude binary packages that have overlap by file ownership relationship (#1024) * docs: update quality gate docs (#1032) * Optionally orient results by CVE (#1020) * chore: bump yardstick to latest commit (#1027) * Update Syft to v0.62.3 (#1026) * chore: change CVE example to official sample (#1028) * fix: Table format sorting (#1023) * fix: update architecture release for to ppc64le (#1021) * Update grype bootstrap tools to latest versions. (#1017) * Update Syft to v0.62.2 (#1018) * chore: update quality gate with latest label data (#1016) * chore: update digest for test fixture dockerfile (#1015) * test: remove presenter tests reliance on docker from unit suite (#1013) * fix: swapped base container images (#1011) * chore: update default packages to read (#1007) * Tue Nov 22 2022 kastl@b1-systems.de - Update to version 0.53.1: * Update Syft to v0.62.1 (#1006) * Update grype bootstrap tools to latest versions. (#1004) * scoped: token release for content write on image assets (#1002) * Sat Nov 19 2022 kastl@b1-systems.de - Update to version 0.53.0: * chore: bump syft version v0.62.0 (#1000) * feat: vulnerability namespacing support for rolling distros (#997) * chore: bump quality gate images and label data (#995) * feat: add strong distro type for wolfi (#996) * chore: pin dependencies (#994) * chore: code-ql top level read check (#993) * Add SECURITY.md (#989) * chore: update codeql to pinned v2 with correct write permissions * Update token permissions to be read-only (#988) * Enable the Scorecard Github Action and badge (#929) * Tue Nov 15 2022 kastl@b1-systems.de - Update to version 0.52.0: * chore: update syft to v0.60.3 (#978) * feat: consider well-known false-positive generating CPE target SW components in match filtering logic (#961) * chore: grype quality pipeline latest label updates and images (#976) * Implemented new CLI flag: --show-suppressed (#966) * fix: update case for alpine:edge correct vuln feed (#965) * PURL input results in incorrect artifact in JSON output (#968) * Update grype bootstrap tools to latest versions. (#956) * Tue Oct 18 2022 kastl@b1-systems.de - Update to version 0.51.0: * implement v5 db schema to support improved matching between rpm appstream modules (#944) * Update Syft to v0.59.0 (#957) * expand quality gate image set to include rpm appstreams-related images (#952) * Update grype bootstrap tools to latest versions. (#947) * chore: add more quality gate images (#950) * Add in-depth quality gate checks (#949) * Update Syft to v0.58.0 (#941) * Update grype bootstrap tools to latest versions. (#945) * Update grype bootstrap tools to latest versions. (#935) * Update Syft to v0.57.0 (#930) * Wed Sep 21 2022 kastl@b1-systems.de - Update to version 0.50.2: * Update Syft to v0.57.0 (#930) * Correct falsely copied app-name 'syft' in example (#922) * Bump github.com/sigstore/cosign from 1.11.1 to 1.12.0 (#927) * Update grype bootstrap tools to latest versions. (#925) * Wed Sep 14 2022 kastl@b1-systems.de - Update to version 0.50.1: * Update Syft to v0.56.0 (#919) * Tue Sep 13 2022 kastl@b1-systems.de - Update to version 0.50.0: * Add support for scanning RPM files (#917) * remove arch typo - add debug/reg s390x (#915) * grype release message update (#914) * feat: extract use cpes in matching logic to be configurable (#911) * docs: add Singularity to "features" in README (#912) * Wed Sep 07 2022 kastl@b1-systems.de - Update to version 0.49.0: * docs: improve Singularity image source docs (#910) * Add Singularity image source (#908) * Update grype bootstrap tools to latest versions. (#907) * Update Syft to v0.55.0 (#906) * Update grype bootstrap tools to latest versions. (#905) * Update grype bootstrap tools to latest versions. (#903) * Update grype bootstrap tools to latest versions. (#896) * Add blurbs about building and running from source (#893) * Fix docker build typo (#891) * Wed Sep 07 2022 kastl@b1-systems.de - Update to version 0.48.0: * disable CPE match filtering based on target software component for java packages (#889) * Update grype bootstrap tools to latest versions. (#886) * fix getting latest gosimports version (#885) * workflow to create automated PRs to update bootstrap tools (#883) * Add s390x build support (#720) * fix: only show distro warning if distro packages exist (#875) * Wed Sep 07 2022 kastl@b1-systems.de - Update to version 0.47.0: * Update Syft to v0.54.0 (#881) * Update README.md (#871) * Update README.md (#868) * Wed Sep 07 2022 kastl@b1-systems.de - Update to version 0.46.0: * test: rm mustConst since unused (#860) * Update Syft to v0.53.4 (#856) * feat: enrich db check cmd feedback (#853) * update syft version location for Makefile (#865) * Wed Sep 07 2022 kastl@b1-systems.de - Update to version 0.45.0: * remove env variable dependencies and keychain from signing script (#864) * macos-latest for signing (#863) * move docker release into separate release workflow (#862) * revert to old docker action (#861) * additional readOptions added per 855 (#857) * Ensure database access is readonly (#854) * push older version for mac runner stability (#852) * bump bouncer to v0.4.0 (#851) * feat: simple input case to request vulnerability data via purl (#795) * update golanci-lint, goreleaser, cosign (#850) * fix: db diff default has flipped base/target url (#845) * Tue Jul 26 2022 kastl@b1-systems.de - Update to version 0.44.0: * add env variables and keychain for GHCR publish (#843) * update grype to use syft v0.52.0 (#838) * add debug distroless image to published images (#835) * add new line for help block (#834) * add Gentoo matching support (#813) * feat: add filtering support using target software field in cpe (#810) * Tue Jul 19 2022 kastl@b1-systems.de - Update to version 0.43.0: * Add new matcher files for golang => remove main module FP matches (#829) * Fix a cyclonedxvex typo and fix the schema document from (#830) * feat: add --only-notfixed flag (#828) * add DBCloser. Clients can aviod db connection leak if vulnerability db is loaded many times (#825) * Sat Jul 16 2022 kastl@b1-systems.de - Update to version 0.42.0: * bump syft version to v0.51.0 (#822) * feat: implement `grype db diff` command (#812) * fix typo in log message (#819) * Wed Jul 06 2022 kastl@b1-systems.de - Update to version 0.41.0: * update syft to v0.50.0 (#818) * Finalize v4 Grype schema (#803) * docs: update to include rust (#814) * feat: add diffing 2 databases to v3 store functionality (#789) * fix: add support for partybus ui on `grype db update` cmd (#806) * Added Docker example to Readme (#769) * fix: add vex json & xml to listed formats (#802) * docs: update php listing to be more clear that the `.json` file isn't indexed (#808) * Mon Jun 27 2022 kastl@b1-systems.de - Update to version 0.40.1: * update syft => v0.49.0 (#804) * remove oss meetup message (#799) * fix: add fixed versions to cyclonedxjson output (#763) * docs: update to include php (#793) * Wed Jun 22 2022 kastl@b1-systems.de - Update to version 0.40.0: * update grype to latest syft patch v0.48.1 (#790) * fix: add golang to documentation (#788) * fix: accept templates with custom functions (#786) * add db staleness check (#785) * feat: add compose workflow for local dev (#783) * ignore gemfile rich version for semVer comparison (#776) * Support namespace and language as additional criteria for ignoring vulnerability matches (#780) * Wed Jun 22 2022 kastl@b1-systems.de - Update to version 0.39.0: * update syft version to v0.47.0 (#781) * use anchore fork of glebarez/sqlite (#778) * template: Check sanity for template file (#674) * Add announcement for Anchore OSS Meetup (#775) * Bump github.com/hashicorp/go-getter from 1.5.11 to 1.6.1 (#770) * publish release to reduce user friction (#766) * Update Syft to v0.46.3 (#761) * Add reference to logrus logging levels (#758) * README: add MacPorts install info (#759) * Mon Jun 06 2022 Johannes Kastl <kastl@b1-systems.de> - new package grype at version 0.38.0: A vulnerability scanner for container images and filesystems
/usr/bin/grype /usr/share/doc/packages/grype /usr/share/doc/packages/grype/README.md /usr/share/licenses/grype /usr/share/licenses/grype/LICENSE
Generated by rpm2html 1.8.1
Fabrice Bellet, Wed Nov 13 00:50:56 2024