pool/grype
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: pool:devel
Branches Tags
pool:devel
pool:factory
rpm:factory
rpm:devel
...
pull from: rpm:devel
Branches Tags
rpm:factory
rpm:devel
pool:devel
pool:factory

No commits in common. "devel" and "devel" have entirely different histories.
devel ... devel

13 changed files with 22 additions and 260 deletions
Show Stats Expand all files Collapse all files

8
_service
View File

@ -3,12 +3,12 @@
<param name="url">https://github.com/anchore/grype</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
<param name="revision">v0.86.0</param>
<param name="match-tag">v*</param>
<param name="revision">v0.80.1</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
</service>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="match-tag">v*</param>
</service>
<service name="set_version" mode="manual">
</service>
<service name="tar" mode="buildtime"/>

2
_servicedata
View File

@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/anchore/grype</param>
<param name="changesrevision">486b5b3d25f00006c84a13e3dacdc468aeef2ddb</param></service></servicedata>
<param name="changesrevision">9fb219495a634d7ff9904154355b927223a66602</param></service></servicedata>

3
grype-0.82.0.obscpio
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3e6f595a110d82da3f1ff7b4ef127c4c93383c812ab7fdbda6c771dcaec76589
size 18167309

3
grype-0.82.1.obscpio
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c2c4dcffdcfc946e0a604e8ccf6e91c9729e897771c42cfc50a4583422ac760e
size 18177549

3
grype-0.82.2.obscpio
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:91175cb90efbda9d81a465a7a70262c7017975b53fc008841aabeae4269ade2e
size 18178061

3
grype-0.83.0.obscpio
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f8572aae15d2c16f835af9c146a7bd4b55820fc45bdf4906c0b49c6477cfc075
size 18193421

3
grype-0.84.0.obscpio
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7e3c8c22067eae5d902ec5ca0690886a8051bd6097dfeb7c3245176485b96a55
size 18202125

3
grype-0.85.0.obscpio
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a44eded435978aaf982b3845d1b65f1c557d86f0c0c203a7c031bc7c224e17b6
size 18351629

3
grype-0.86.0.obscpio
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:fcfaa060fa8b27239b0ec78e22aaa2cb6b2714b6eebbe0036b7cb55d2c882294
size 18364941

219
grype.changes
View File

@ -1,222 +1,3 @@
-------------------------------------------------------------------
Tue Dec 10 08:54:29 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.86.0:
* chore(deps): update anchore dependencies (#2308)
* chore(deps): update tools to latest versions (#2307)
* chore(deps): update tools to latest versions (#2305)
* chore(deps): bump actions/cache from 4.1.2 to 4.2.0 (#2306)
* add initial os aliases to the DB after migration (#2301)
* latest doc from reader should allow for empty (#2294)
* Migrate searchable vulnerability data out of v6 blob (#2300)
* fix: add PURLs in SARIF report (#2254)
* ignore linux-aws-headers-.* as well like linux-headers-.*
(#2295)
* chore(deps): bump github/codeql-action from 3.27.5 to 3.27.6
(#2296)
* chore(deps): update tools to latest versions (#2298)
* chore: refactor v5-specific code out of core packages (#2299)
* modify store to be one getter-per-noun (#2297)
* Add ability to map CPEs directly to packages (v6 schema)
(#2285)
* Fix DB v6 curator directory creation (#2293)
* test: update quality gate db to latest version (#2291)
* chore(deps): update tools to latest versions (#2290)
* add db v6 feature flag and wire to db commands (#2288)
* Simplify v6 distribution material (#2277)
* chore(deps): bump anchore/sbom-action from 0.17.7 to 0.17.8
(#2279)
* chore(deps): bump github.com/stretchr/testify from 1.9.0 to
1.10.0 (#2284)
* chore(deps): update tools to latest versions (#2280)
* chore(deps): bump github.com/charmbracelet/bubbletea from 1.2.3
to 1.2.4 (#2283)
* note supported grype versions (#2287)
* remove support for v1 & v2 schemas (#2278)
* allow distro search to be entirely data driven (#2265)
-------------------------------------------------------------------
Fri Nov 22 09:34:28 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.85.0:
* dependencies: latest syft and stereoscope (#2275)
* chore(deps): bump github/codeql-action from 3.27.4 to 3.27.5
(#2272)
* chore(deps): bump github.com/charmbracelet/bubbletea from 1.2.2
to 1.2.3 (#2273)
* chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.6
to 1.4.7 (#2274)
* chore(deps): update tools to latest versions (#2269)
* fix: bump clio to fix logging when no tty present (#2268)
* chore(deps): bump github/codeql-action from 3.27.3 to 3.27.4
(#2260)
* fix failing tests (#2261)
* Add v6 DB curator (#2151)
* Add affected CPE store (#2258)
* chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.2
to 1.2.2 (#2256)
* Add AffectedPackage store (#2245)
* Add v6 vulnerability & blob stores (#2243)
* chore(deps): bump anchore/sbom-action from 0.17.6 to 0.17.7
(#2238)
* chore(deps): bump github.com/anchore/stereoscope (#2246)
* chore(deps): bump github/codeql-action from 3.27.0 to 3.27.3
(#2257)
* Add v6 distribution client (#2150)
* restore log on ui teardown (#2248)
* Merge indirect matches with direct matches (#2241)
* doc: Add official Grype logo license information (#2244)
* add v6 provider store (#2232)
-------------------------------------------------------------------
Tue Nov 12 08:13:47 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.84.0:
* chore(deps): update Syft to v1.16.0 (#2237)
* test: update quality gate db to latest version (#2231)
* chore(deps): bump github.com/adrg/xdg from 0.5.2 to 0.5.3
(#2230)
* chore(deps): bump github.com/charmbracelet/lipgloss from 0.13.1
to 1.0.0 (#2228)
* fix and cleanup namespace search to account for missing info
(#2226)
* Remove gentoo integration test (#2227)
* Improve purl input (#2223)
* chore(deps): bump github.com/adrg/xdg from 0.5.1 to 0.5.2
(#2220)
* chore(deps): bump anchore/sbom-action from 0.17.5 to 0.17.6
(#2221)
-------------------------------------------------------------------
Tue Oct 29 14:02:25 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.83.0:
* bump syft to v1.15.0, sterescope to v0.0.5 (#2219)
* Add `grype db providers` command (#2174)
* chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.1
to 1.1.2 (#2214)
* chore(deps): update tools to latest versions (#2213)
* docs: update config section to be valid, reference config
subcommand (#2218)
* chore(deps): bump github.com/charmbracelet/lipgloss (#2207)
* chore(deps): bump github/codeql-action from 3.26.13 to 3.27.0
(#2208)
* chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#2209)
* chore(deps): bump actions/setup-go from 5.0.2 to 5.1.0 (#2211)
* feat: multi-level configuration and profiles (#2194)
* chore(deps): bump actions/cache from 4.1.1 to 4.1.2 (#2204)
* chore(deps): bump anchore/sbom-action from 0.17.4 to 0.17.5
(#2205)
-------------------------------------------------------------------
Tue Oct 22 07:09:22 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.82.2:
* Update to Syft v1.14.2 (#2203)
* Updated README.md with correct spellings & phrase. (#2201)
* chore(deps): bump github.com/adrg/xdg from 0.5.0 to 0.5.1
(#2198)
* chore(deps): update tools to latest versions (#2196)
* fix: azurelinux considered as comprehensive distro (#2197)
* chore(deps): bump anchore/sbom-action from 0.17.3 to 0.17.4
(#2193)
-------------------------------------------------------------------
Tue Oct 15 15:36:39 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.82.1:
* chore(deps): update Syft to v1.14.1 (#2191)
* dependency: bump syft to main pre-release (#2189)
* chore(deps): bump github/codeql-action from 3.26.12 to 3.26.13
(#2183)
* Skip matching on packages with missing version info (#2182)
* chore(deps): bump anchore/sbom-action from 0.17.2 to 0.17.3
(#2184)
* chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.5
to 1.4.6 (#2185)
* Account for implicit 0s in rpm release versions (#2188)
* chore: bump syft in quality gate to v1.14.0 (#2187)
* use epoch from metadata when missing from version string
(#2186)
* fix: exclude binary packages from CPE target software component
filter logic (#2179)
* add release docs (#2177)
* chore(deps): bump actions/upload-artifact from 4.4.2 to 4.4.3
(#2176)
* chore(deps): bump actions/upload-artifact from 4.4.1 to 4.4.2
(#2173)
* chore(deps): bump actions/cache from 4.0.2 to 4.1.1 (#2172)
* [chore] Add mastodon link to README.md (#2166)
* chore(deps): bump actions/upload-artifact from 4.4.0 to 4.4.1
(#2167)
* chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#2168)
* chore(deps): bump github/codeql-action from 3.26.11 to 3.26.12
(#2169)
-------------------------------------------------------------------
Wed Oct 09 04:39:05 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.82.0:
* chore(deps): update Syft to v1.14.0 (#2164)
* fix: use fix info from secDB in APK matcher even if NVD fix
info present (#2162)
* chore(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0
(#2159)
* chore(deps): bump github/codeql-action from 3.26.10 to 3.26.11
(#2160)
* chore(deps): update tools to latest versions (#2157)
* Add v6 DB metadata store (#2146)
* feat: remove `wordpress` from `known` targets due to wordpress
cataloger support syft/#1553
* Add a space following the "Name:" label (#2155)
* chore(deps): update tools to latest versions (#2154)
* test: update quality gate db to latest version (#2153)
* explicitly skip update ts on check failure (#2152)
* port over tar/xz decompressors (#2139)
* chore(deps): bump github/codeql-action from 3.26.9 to 3.26.10
(#2149)
* chore(deps): bump github.com/docker/docker (#2147)
* implement a low pass filter for update checks (#2148)
* migrate legacy distribution concerns (#2144)
* chore(deps): bump github/codeql-action from 3.26.8 to 3.26.9
(#2142)
* chore(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#2145)
-------------------------------------------------------------------
Thu Sep 26 05:02:11 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.81.0:
* add awaiting response management (#2141)
* feat: add distro mapping for azure linux 3 (#1848)
-------------------------------------------------------------------
Tue Sep 24 17:22:08 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.80.2:
* chore(deps): update Syft to v1.13.0 (#2140)
* Correctly match JVM version ranges (#2114)
* chore: switch to yardstick validate from custom gate.py (#2090)
* chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.0
to 0.9.1 (#2118)
* chore(deps): update tools to latest versions (#2123)
* chore(deps): bump github/codeql-action from 3.26.7 to 3.26.8
(#2135)
* chore(deps): bump peter-evans/create-pull-request from 7.0.2 to
7.0.5 (#2136)
* test: fix slice init length (#2133)
* fix: hash vuln db only once on load (#2054)
* chore: include file specifier in help (#2121)
* docs: add mention of file scheme (#2120)
* fix(apk): find secdb entries for origin packages (#1602)
* chore(deps): update tools to latest versions (#2115)
* chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7
(#2113)
* chore(deps): update tools to latest versions (#2102)
* chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.0
to 1.1.1 (#2109)
* chore(deps): bump peter-evans/create-pull-request from 7.0.1 to
7.0.2 (#2111)
-------------------------------------------------------------------
Thu Sep 12 05:00:44 UTC 2024 - opensuse_buildservice@ojkastl.de

6
grype.obsinfo
View File

@ -1,4 +1,4 @@
name: grype
version: 0.86.0
mtime: 1733780430
commit: 486b5b3d25f00006c84a13e3dacdc468aeef2ddb
version: 0.80.1
mtime: 1726073840
commit: 9fb219495a634d7ff9904154355b927223a66602

22
grype.spec
View File

@ -16,23 +16,20 @@
#
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
Name: grype
Version: 0.86.0
Version: 0.80.1
Release: 0
Summary: A vulnerability scanner for container images and filesystems
License: Apache-2.0
URL: https://github.com/anchore/grype
Source: grype-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: bash-completion
BuildRequires: fish
BuildRequires: go >= 1.23
BuildRequires: zsh
%description
A vulnerability scanner for container images and filesystems. Easily install
the binary to try it out. Works with Syft, the powerful SBOM (software bill of
materials) tool for container images and filesystems.
A vulnerability scanner for container images and filesystems. Easily install the binary to try it out. Works with Syft, the powerful SBOM (software bill of materials) tool for container images and filesystems.
%package -n %{name}-bash-completion
Summary: Bash Completion for %{name}
@ -97,8 +94,8 @@ mkdir -p %{buildroot}%{_datarootdir}/fish/vendor_completions.d/
%{buildroot}/%{_bindir}/%{name} completion fish > %{buildroot}%{_datarootdir}/fish/vendor_completions.d/%{name}.fish
# create the zsh completion file
mkdir -p %{buildroot}%{_datarootdir}/zsh/site-functions/
%{buildroot}/%{_bindir}/%{name} completion zsh > %{buildroot}%{_datarootdir}/zsh/site-functions/_%{name}
mkdir -p %{buildroot}%{_datarootdir}/zsh_completion.d/
%{buildroot}/%{_bindir}/%{name} completion zsh > %{buildroot}%{_datarootdir}/zsh_completion.d/_%{name}
%files
%doc README.md
@ -106,12 +103,17 @@ mkdir -p %{buildroot}%{_datarootdir}/zsh/site-functions/
%{_bindir}/%{name}
%files -n %{name}-bash-completion
%dir %{_datarootdir}/bash-completion/completions/
%{_datarootdir}/bash-completion/completions/%{name}
%files -n %{name}-fish-completion
%dir %{_datarootdir}/fish
%dir %{_datarootdir}/fish/vendor_completions.d
%{_datarootdir}/fish/vendor_completions.d/%{name}.fish
%files -n %{name}-zsh-completion
%{_datarootdir}/zsh/site-functions/_%{name}
%defattr(-,root,root)
%dir %{_datarootdir}/zsh_completion.d/
%{_datarootdir}/zsh_completion.d/_%{name}
%changelog

4
vendor.tar.gz
View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0fa3215023d7f3c95aa19fec922e448b34097c42c36fc0e1c9ec558c599ecca5
size 53956408
oid sha256:98534845c0d426b8cd60d9149185532e2fe94d06e7d7f815873a6aacb10d5a8d
size 53973309