2023-07-01 07:48:46 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jun 30 18:26:00 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.63.1:
|
|
|
|
|
* Add a simple CSV format template to the templates/ directory
|
|
|
|
|
and tweak docs (#1366)
|
|
|
|
|
* chore(deps): update Syft to v0.84.1 (#1372)
|
|
|
|
|
* fix: Add more log4j-adjacent package ignore rules (#1358)
|
|
|
|
|
* chore: bump the quality gate labels (#1369)
|
|
|
|
|
* add oss community board auto-add workflow (#1364)
|
|
|
|
|
* fix: totals for vulnerability matches (#1359)
|
|
|
|
|
* chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0
|
|
|
|
|
(#1363)
|
|
|
|
|
* chore(deps): bump anchore/sbom-action from 0.14.2 to 0.14.3
|
|
|
|
|
(#1357)
|
|
|
|
|
|
2023-06-22 08:43:08 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jun 22 05:08:42 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.63.0:
|
|
|
|
|
* Configure chronicle to pre-1.0 mode (#1356)
|
|
|
|
|
* chore(deps): update Syft to v0.84.0 (#1354)
|
|
|
|
|
* chore(deps): update bootstrap tools to latest versions (#1353)
|
|
|
|
|
* chore(deps): update Syft to v0.83.1 (#1352)
|
|
|
|
|
* chore(deps): bump golang.org/x/term from 0.8.0 to 0.9.0 (#1350)
|
|
|
|
|
* chore(deps): bump peter-evans/create-pull-request from 5.0.1 to
|
|
|
|
|
5.0.2 (#1351)
|
|
|
|
|
* chore(deps): bump github/codeql-action from 2.3.6 to 2.13.4
|
|
|
|
|
(#1344)
|
|
|
|
|
* chore: Update the contributing guide (#1347)
|
|
|
|
|
* feat: add community template folder and new table template
|
|
|
|
|
(#1343)
|
|
|
|
|
* chore: log unsupported package qualifier as debug (#1340)
|
|
|
|
|
* feat: add package info to search by for all match details
|
|
|
|
|
(#1339)
|
|
|
|
|
|
2023-06-13 06:04:19 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jun 12 19:46:06 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.62.3:
|
|
|
|
|
* chore(deps): update bootstrap tools to latest versions (#1334)
|
|
|
|
|
* chore(deps): bump github.com/sirupsen/logrus from 1.9.2 to
|
|
|
|
|
1.9.3 (#1336)
|
|
|
|
|
* chore(deps): bump github/codeql-action from 2.3.5 to 2.3.6
|
|
|
|
|
(#1331)
|
|
|
|
|
* Hide suppressed vulnerabilities when --show-suppressed is not
|
|
|
|
|
given (#1322)
|
|
|
|
|
* chore(deps): bump github.com/stretchr/testify from 1.8.3 to
|
|
|
|
|
1.8.4 (#1324)
|
|
|
|
|
* chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0
|
|
|
|
|
(#1323)
|
|
|
|
|
|
2023-05-27 19:28:40 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat May 27 10:48:41 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.62.2:
|
|
|
|
|
* feat: add source and type to CVSS information (#1317)
|
|
|
|
|
* chore(deps): bump github.com/docker/docker (#1320)
|
|
|
|
|
* chore(deps): bump github/codeql-action from 2.3.3 to 2.3.5
|
|
|
|
|
(#1321)
|
|
|
|
|
|
2023-05-24 14:29:10 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed May 24 14:04:41 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.62.1:
|
|
|
|
|
* chore: update gomod with latest syft (#1313)
|
|
|
|
|
* chore(deps): bump github.com/docker/docker (#1311)
|
|
|
|
|
|
2023-05-23 07:50:01 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue May 23 07:32:20 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.62.0:
|
|
|
|
|
* bump syft to pre-release of v0.81.0 (#1310)
|
|
|
|
|
* add main bin ignore (#1305)
|
|
|
|
|
* chore(deps): bump github.com/stretchr/testify from 1.8.2 to
|
|
|
|
|
1.8.3 (#1309)
|
|
|
|
|
* chore(deps): bump github.com/docker/docker (#1304)
|
|
|
|
|
* chore(deps): bump github.com/sirupsen/logrus from 1.9.0 to
|
|
|
|
|
1.9.2 (#1307)
|
|
|
|
|
* chore(deps): bump github.com/cloudflare/circl from 1.1.0 to
|
|
|
|
|
1.3.3 (#1289)
|
|
|
|
|
* chore(deps): bump github.com/docker/distribution (#1290)
|
|
|
|
|
* chore(deps): bump actions/setup-go from 4.0.0 to 4.0.1 (#1298)
|
|
|
|
|
* chore: update deprecated io/ioutil calls (#1296)
|
|
|
|
|
* feat: package qualifier for platform CPE (#1291)
|
|
|
|
|
* Fix reading syft json from stdin by redirect (#1299)
|
|
|
|
|
* should only use hermetic functions in templates (#1288)
|
|
|
|
|
* chore(deps): update bootstrap tools to latest versions (#1285)
|
|
|
|
|
* feat: add non-hermetic sprig functions (#1243) (#1273)
|
|
|
|
|
* fix: typo in logger prefix (#1283)
|
|
|
|
|
* chore(deps): bump github.com/docker/docker (#1280)
|
|
|
|
|
* chore(deps): bump anchore/sbom-action from 0.14.1 to 0.14.2
|
|
|
|
|
(#1281)
|
|
|
|
|
* chore(deps): update Syft to v0.80.0 (#1276)
|
|
|
|
|
* chore(deps): update bootstrap tools to latest versions (#1277)
|
|
|
|
|
* docs: add config flag to configuration section (#1271) (#1274)
|
|
|
|
|
* chore(deps): bump github/codeql-action from 2.3.2 to 2.3.3
|
|
|
|
|
(#1272)
|
|
|
|
|
* chore(deps): bump golang.org/x/term from 0.7.0 to 0.8.0 (#1268)
|
|
|
|
|
* chore(deps): update bootstrap tools to latest versions (#1270)
|
|
|
|
|
* Add support for Syft IDs in JSON output (#1266)
|
|
|
|
|
* docs: add "cyclonedx-json" to output formats (#1252)
|
|
|
|
|
* chore(deps): bump github.com/docker/docker (#1257)
|
|
|
|
|
* chore(deps): bump github/codeql-action from 2.3.1 to 2.3.2
|
|
|
|
|
(#1261)
|
|
|
|
|
* chore(deps): bump peter-evans/create-pull-request from 5.0.0 to
|
|
|
|
|
5.0.1 (#1263)
|
|
|
|
|
* Install skopeo during bootstrap (#1260)
|
|
|
|
|
* chore(deps): bump github/codeql-action from 2.3.0 to 2.3.1
|
|
|
|
|
(#1258)
|
|
|
|
|
* chore(deps): bump github/codeql-action from 2.2.12 to 2.3.0
|
|
|
|
|
(#1256)
|
|
|
|
|
* chore: update quality gate labels and add keycloak (#1255)
|
|
|
|
|
* fix: false positive for purl provider for RPM without epoch
|
|
|
|
|
(#1237)
|
|
|
|
|
|
2023-04-05 05:31:38 +00:00
|
|
|
-------------------------------------------------------------------
|
2023-04-22 14:57:05 +00:00
|
|
|
Sat Apr 22 14:34:27 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.61.1:
|
|
|
|
|
* chore: bump syft to latest version v0.79.0 (#1250)
|
|
|
|
|
* feat: add timestamp to json output (#1170) (#1249)
|
|
|
|
|
* chore(deps): update Syft to v0.78.0 (#1242)
|
|
|
|
|
* chore(deps): bump github.com/docker/docker (#1241)
|
|
|
|
|
* chore(deps): update bootstrap tools to latest versions (#1239)
|
|
|
|
|
* chore(deps): bump github/codeql-action from 2.2.11 to 2.2.12
|
|
|
|
|
(#1233)
|
|
|
|
|
* chore(deps): update bootstrap tools to latest versions (#1238)
|
|
|
|
|
* add format make target (#1231)
|
|
|
|
|
* chore(deps): bump 8398a7/action-slack from 3.15.0 to 3.15.1
|
|
|
|
|
(#1223)
|
|
|
|
|
* chore(deps): bump github.com/docker/docker (#1218)
|
|
|
|
|
* chore(deps): bump github/codeql-action from 2.2.9 to 2.2.11
|
|
|
|
|
(#1225)
|
|
|
|
|
* chore(deps): update bootstrap tools to latest versions (#1227)
|
|
|
|
|
* chore(deps): bump peter-evans/create-pull-request from 4.2.4 to
|
|
|
|
|
5.0.0 (#1219)
|
|
|
|
|
* chore(deps): bump golang.org/x/term from 0.6.0 to 0.7.0 (#1217)
|
|
|
|
|
* chore(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0
|
|
|
|
|
(#1216)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2023-04-05 05:31:38 +00:00
|
|
|
Wed Apr 05 04:10:57 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.61.0:
|
|
|
|
|
* chore(deps): bump github.com/CycloneDX/cyclonedx-go from
|
|
|
|
|
0.7.1-0.20221222100750-41a1ac565cce to 0.7.1 (#1213)
|
|
|
|
|
* feat: add default-image-source-config option (#1215)
|
|
|
|
|
* chore(deps): bump google.golang.org/protobuf from 1.29.0 to
|
|
|
|
|
1.29.1 (#1212)
|
|
|
|
|
* chore(deps): bump anchore/sbom-action from 0.13.4 to 0.14.1
|
|
|
|
|
(#1214)
|
|
|
|
|
* chore(deps): bump github.com/anchore/syft from 0.75.0 to 0.76.0
|
|
|
|
|
(#1207)
|
|
|
|
|
* chore: update syft update (#1211)
|
|
|
|
|
* chore: update deprecated set-output calls (#1210)
|
|
|
|
|
* chore(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3
|
|
|
|
|
(#1205)
|
|
|
|
|
* chore: update quality gate dataset (#1206)
|
|
|
|
|
* chore(deps): bump github.com/docker/docker (#1201)
|
|
|
|
|
|
2023-03-29 05:47:51 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Mar 29 05:15:20 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.60.0:
|
|
|
|
|
* Implement support for Chainguard Linux (#1198)
|
|
|
|
|
* chore(deps): update bootstrap tools to latest versions (#1194)
|
|
|
|
|
* chore(deps): bump github/codeql-action from 2.2.8 to 2.2.9
|
|
|
|
|
(#1197)
|
|
|
|
|
* chore(deps): bump github.com/gookit/color from 1.5.2 to 1.5.3
|
|
|
|
|
(#1192)
|
|
|
|
|
* chore(deps): bump github/codeql-action from 2.2.7 to 2.2.8
|
|
|
|
|
(#1193)
|
|
|
|
|
* chore(deps): update bootstrap tools to latest versions (#1191)
|
|
|
|
|
* chore: tweak some workflow text (#1190)
|
|
|
|
|
* chore(deps): bump github.com/hashicorp/go-getter from 1.7.0 to
|
|
|
|
|
1.7.1 (#1181)
|
|
|
|
|
* chore(deps): bump peter-evans/create-pull-request from 4.2.3 to
|
|
|
|
|
4.2.4 (#1184)
|
|
|
|
|
* chore(deps): bump anchore/sbom-action from 0.13.3 to 0.13.4
|
|
|
|
|
(#1189)
|
|
|
|
|
* chore: Update grype bootstrap tools to latest versions. (#1187)
|
|
|
|
|
* fix: by-cpe pivot by vuln metadata rather than vulnerability
|
|
|
|
|
record (#1188)
|
|
|
|
|
* Update grype bootstrap tools to latest versions. (#1173)
|
|
|
|
|
* chore(deps): bump actions/setup-go from 3.5.0 to 4.0.0 (#1182)
|
|
|
|
|
* chore(deps): bump github/codeql-action from 2.2.5 to 2.2.7
|
|
|
|
|
(#1183)
|
|
|
|
|
* feat: disable CPE-based matching by default for javascript
|
|
|
|
|
(#1180)
|
|
|
|
|
* Update Syft to v0.75.0 (#1177)
|
|
|
|
|
* chore: bump vuln match quality dataset (#1174)
|
|
|
|
|
* chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.1
|
|
|
|
|
to 1.4.2 (#1166)
|
|
|
|
|
|
2023-03-09 20:07:25 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Mar 09 15:31:48 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.59.1:
|
|
|
|
|
* Update grype bootstrap tools to latest versions. (#1163)
|
|
|
|
|
* Update Syft to v0.74.1 (#1168)
|
|
|
|
|
* fix: correct APK CPE version comparison logic (#1165)
|
|
|
|
|
|
2023-03-04 10:21:56 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Mar 04 08:34:49 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.59.0:
|
|
|
|
|
* Grype Release Pipeline Update (#1147)
|
|
|
|
|
* Add the total types of vulnerabilities in Grype output (#946)
|
|
|
|
|
* chore(deps): bump gorm.io/gorm from 1.23.5 to 1.23.10 (#1157)
|
|
|
|
|
* chore: bump quality gate labels and syft version (#1156)
|
|
|
|
|
|
2023-03-03 08:12:09 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Mar 03 05:41:35 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.58.0:
|
|
|
|
|
* chore: Update Syft to v0.74.0 (#1151)
|
|
|
|
|
* fix(distro): Disable support for Arch Linux (#1152)
|
|
|
|
|
* chore: update progress monitor handling (#1149)
|
|
|
|
|
* Update Syft to v0.73.0 (#1140)
|
|
|
|
|
* chore(deps): bump github.com/stretchr/testify from 1.8.1 to
|
|
|
|
|
1.8.2 (#1144)
|
|
|
|
|
* chore(deps): bump github/codeql-action from 2.2.4 to 2.2.5
|
|
|
|
|
(#1145)
|
|
|
|
|
* Update grype bootstrap tools to latest versions. (#1137)
|
|
|
|
|
* chore(deps): bump github.com/spf13/afero from 1.9.3 to 1.9.4
|
|
|
|
|
(#1141)
|
|
|
|
|
* chore(deps): bump actions/cache from 3.2.5 to 3.2.6 (#1143)
|
|
|
|
|
* chore(deps): bump github.com/hashicorp/go-getter from 1.6.2
|
|
|
|
|
to 1.7.0 (#1134)
|
|
|
|
|
|
2023-02-17 10:27:45 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Feb 17 10:07:13 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.57.1:
|
|
|
|
|
* Update Syft to v0.72.0 (#1136)
|
|
|
|
|
|
2023-01-27 06:52:50 +00:00
|
|
|
-------------------------------------------------------------------
|
2023-02-16 18:23:18 +00:00
|
|
|
Thu Feb 16 17:32:05 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.57.0:
|
|
|
|
|
* chore: bump quality gate (#1133)
|
|
|
|
|
* fix: ignore some false-positives for ruby gems (#1132)
|
|
|
|
|
* chore(deps): bump github/codeql-action from 2.2.3 to 2.2.4 (#1131)
|
|
|
|
|
* fix: exclude OS packages from CPE target filtering (#1130)
|
|
|
|
|
* chore(deps): bump actions/cache from 3.2.4 to 3.2.5 (#1129)
|
|
|
|
|
* chore(deps): bump github.com/docker/docker (#1128)
|
|
|
|
|
* Update Syft to v0.71.0 (#1126)
|
|
|
|
|
* chore(deps): bump github/codeql-action from 2.2.1 to 2.2.3 (#1125)
|
|
|
|
|
* Update grype bootstrap tools to latest versions. (#1124)
|
|
|
|
|
* chore(deps): bump golang.org/x/term from 0.4.0 to 0.5.0 (#1123)
|
|
|
|
|
* Update grype bootstrap tools to latest versions. (#1122)
|
|
|
|
|
* Update grype bootstrap tools to latest versions. (#1116)
|
|
|
|
|
* Update Syft to v0.70.0 (#1117)
|
|
|
|
|
* chore(deps): bump github.com/docker/docker (#1114)
|
|
|
|
|
* Update grype bootstrap tools to latest versions. (#1112)
|
|
|
|
|
* Update Syft to v0.69.1 (#1111)
|
|
|
|
|
* chore: prune cosign dependency for grype builds (#1100)
|
|
|
|
|
* Update grype bootstrap tools to latest versions. (#1108)
|
|
|
|
|
* Update Syft to v0.69.0 (#1109)
|
|
|
|
|
* chore(deps): bump actions/cache from 3.2.3 to 3.2.4 (#1107)
|
|
|
|
|
* chore: add new images to quality gate (#1106)
|
|
|
|
|
* chore: bump yardstick for better quality gate filtering (#1101)
|
|
|
|
|
* chore(deps): bump actions/cache from 3.0.11 to 3.2.3 (#1096)
|
|
|
|
|
* chore(deps): bump github/codeql-action from 2.1.39 to 2.2.1 (#1097)
|
|
|
|
|
* chore(deps): bump anchore/sbom-action from 0.13.2 to 0.13.3 (#1098)
|
|
|
|
|
* chore(deps): bump tibdex/github-app-token from 1.7.0 to 1.8.0 (#1099)
|
|
|
|
|
* bump yardstick to 2d30ea7429d0a59020e0176bba1b3b6b8b01b08a (#1095)
|
|
|
|
|
* chore(deps): bump actions/checkout from 3.1.0 to 3.3.0 (#1090)
|
|
|
|
|
* chore(deps): bump github.com/hashicorp/go-getter from 1.6.1 to 1.6.2 (#1087)
|
|
|
|
|
* chore(deps): bump 8398a7/action-slack from 3.14.0 to 3.15.0 (#1088)
|
|
|
|
|
* chore(deps): bump peter-evans/create-pull-request from 4.2.0 to 4.2.3 (#1089)
|
|
|
|
|
* chore(deps): bump actions/setup-go from 3.3.1 to 3.5.0 (#1091)
|
|
|
|
|
* chore(deps): bump github/codeql-action from 2.1.31 to 2.1.39 (#1092)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2023-01-27 06:52:50 +00:00
|
|
|
Fri Jan 27 06:09:00 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.56.0:
|
|
|
|
|
* Update Syft to v0.68.1 (#1086)
|
|
|
|
|
* chore: update grype quality gate (#1085)
|
|
|
|
|
* chore(deps): bump github.com/sigstore/sigstore from 1.4.4 to 1.5.1 (#1081)
|
|
|
|
|
* chore(deps): bump actions/setup-python from 4.3.0 to 4.5.0 (#1075)
|
|
|
|
|
* chore(deps): bump anchore/sbom-action from 0.13.1 to 0.13.2 (#1076)
|
|
|
|
|
* chore(deps): bump actions/upload-artifact from 3.1.1 to 3.1.2 (#1077)
|
|
|
|
|
* chore(deps): bump actions/download-artifact from 3.0.1 to 3.0.2 (#1074)
|
|
|
|
|
* chore(deps): bump ossf/scorecard-action from 2.0.6 to 2.1.2 (#1078)
|
|
|
|
|
* chore(deps): bump github.com/pkg/profile from 1.6.0 to 1.7.0 (#1079)
|
|
|
|
|
* chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.0 to 1.4.1 (#1080)
|
|
|
|
|
* chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 (#1083)
|
|
|
|
|
* chore: align makefile and bootstrap tools scripts more with syft (#1073)
|
|
|
|
|
* chore: enable dependabot on gomod and GitHub actions (#1072)
|
|
|
|
|
* Update grype bootstrap tools to latest versions. (#1070)
|
|
|
|
|
* fix: always include severity in cyclonedx output (#1067)
|
|
|
|
|
* Update Syft to v0.68.0 (#1064)
|
|
|
|
|
* Add protobuf FPs to default ignore list (#1062)
|
|
|
|
|
* chore: update Syft to v0.66.2 (#1060)
|
|
|
|
|
* Update grype bootstrap tools to latest versions. (#1055)
|
|
|
|
|
* feat: allow grype db diff to specify local db directories (#1058)
|
|
|
|
|
* chore: claim artifacthub package ownership from developer-guy (#661)
|
|
|
|
|
* chore: add github token to quality tests (#1056)
|
|
|
|
|
* chore: update yardstick to diagnose intermittent failures (#1054)
|
|
|
|
|
* Update grype bootstrap tools to latest versions. (#1048)
|
|
|
|
|
|
2023-01-05 14:26:42 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jan 05 14:00:43 UTC 2023 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.55.0:
|
|
|
|
|
* fix: sort vulnerability results (#1052)
|
|
|
|
|
* Adding internal/file/hasher test cases (#1049)
|
|
|
|
|
* fix: orient by cve merging (#1046)
|
|
|
|
|
* Update Syft to v0.64.0 (#1047)
|
|
|
|
|
* fix: update removing results based on ownership-by-file-overlap (#1045)
|
|
|
|
|
* feat: swap custom cyclone-dx model for cyclone-dx library (#1038)
|
|
|
|
|
* chore: add GitLab Community Edition image to quality gate (#1035)
|
|
|
|
|
|
2022-12-17 10:48:19 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Dec 16 12:39:08 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.54.0:
|
|
|
|
|
* Update Syft to v0.63.0 (#1037)
|
|
|
|
|
* fix: Exclude binary packages that have overlap by file ownership relationship (#1024)
|
|
|
|
|
* docs: update quality gate docs (#1032)
|
|
|
|
|
* Optionally orient results by CVE (#1020)
|
|
|
|
|
* chore: bump yardstick to latest commit (#1027)
|
|
|
|
|
* Update Syft to v0.62.3 (#1026)
|
|
|
|
|
* chore: change CVE example to official sample (#1028)
|
|
|
|
|
* fix: Table format sorting (#1023)
|
|
|
|
|
* fix: update architecture release for to ppc64le (#1021)
|
|
|
|
|
* Update grype bootstrap tools to latest versions. (#1017)
|
|
|
|
|
* Update Syft to v0.62.2 (#1018)
|
|
|
|
|
* chore: update quality gate with latest label data (#1016)
|
|
|
|
|
* chore: update digest for test fixture dockerfile (#1015)
|
|
|
|
|
* test: remove presenter tests reliance on docker from unit suite (#1013)
|
|
|
|
|
* fix: swapped base container images (#1011)
|
|
|
|
|
* chore: update default packages to read (#1007)
|
|
|
|
|
|
2022-11-22 09:04:22 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Nov 22 07:29:31 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.53.1:
|
|
|
|
|
* Update Syft to v0.62.1 (#1006)
|
|
|
|
|
* Update grype bootstrap tools to latest versions. (#1004)
|
|
|
|
|
* scoped: token release for content write on image assets (#1002)
|
|
|
|
|
|
2022-11-19 13:10:01 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Nov 19 12:05:00 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.53.0:
|
|
|
|
|
* chore: bump syft version v0.62.0 (#1000)
|
|
|
|
|
* feat: vulnerability namespacing support for rolling distros (#997)
|
|
|
|
|
* chore: bump quality gate images and label data (#995)
|
|
|
|
|
* feat: add strong distro type for wolfi (#996)
|
|
|
|
|
* chore: pin dependencies (#994)
|
|
|
|
|
* chore: code-ql top level read check (#993)
|
|
|
|
|
* Add SECURITY.md (#989)
|
|
|
|
|
* chore: update codeql to pinned v2 with correct write permissions
|
|
|
|
|
* Update token permissions to be read-only (#988)
|
|
|
|
|
* Enable the Scorecard Github Action and badge (#929)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Nov 15 15:42:37 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.52.0:
|
|
|
|
|
* chore: update syft to v0.60.3 (#978)
|
|
|
|
|
* feat: consider well-known false-positive generating CPE target SW components in match filtering logic (#961)
|
|
|
|
|
* chore: grype quality pipeline latest label updates and images (#976)
|
|
|
|
|
* Implemented new CLI flag: --show-suppressed (#966)
|
|
|
|
|
* fix: update case for alpine:edge correct vuln feed (#965)
|
|
|
|
|
* PURL input results in incorrect artifact in JSON output (#968)
|
|
|
|
|
* Update grype bootstrap tools to latest versions. (#956)
|
|
|
|
|
|
2022-10-18 05:43:09 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Oct 18 05:12:14 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.51.0:
|
|
|
|
|
* implement v5 db schema to support improved matching between rpm appstream modules (#944)
|
|
|
|
|
* Update Syft to v0.59.0 (#957)
|
|
|
|
|
* expand quality gate image set to include rpm appstreams-related images (#952)
|
|
|
|
|
* Update grype bootstrap tools to latest versions. (#947)
|
|
|
|
|
* chore: add more quality gate images (#950)
|
|
|
|
|
* Add in-depth quality gate checks (#949)
|
|
|
|
|
* Update Syft to v0.58.0 (#941)
|
|
|
|
|
* Update grype bootstrap tools to latest versions. (#945)
|
|
|
|
|
* Update grype bootstrap tools to latest versions. (#935)
|
|
|
|
|
* Update Syft to v0.57.0 (#930)
|
|
|
|
|
|
2022-09-21 09:00:41 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Sep 21 08:31:07 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.50.2:
|
|
|
|
|
* Update Syft to v0.57.0 (#930)
|
|
|
|
|
* Correct falsely copied app-name 'syft' in example (#922)
|
|
|
|
|
* Bump github.com/sigstore/cosign from 1.11.1 to 1.12.0 (#927)
|
|
|
|
|
* Update grype bootstrap tools to latest versions. (#925)
|
|
|
|
|
|
2022-09-14 05:50:17 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Sep 14 05:40:23 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.50.1:
|
|
|
|
|
* Update Syft to v0.56.0 (#919)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Sep 13 12:42:49 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.50.0:
|
|
|
|
|
* Add support for scanning RPM files (#917)
|
|
|
|
|
* remove arch typo - add debug/reg s390x (#915)
|
|
|
|
|
* grype release message update (#914)
|
|
|
|
|
* feat: extract use cpes in matching logic to be configurable (#911)
|
|
|
|
|
* docs: add Singularity to "features" in README (#912)
|
|
|
|
|
|
2022-09-07 06:11:06 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Sep 07 05:39:15 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.49.0:
|
|
|
|
|
* docs: improve Singularity image source docs (#910)
|
|
|
|
|
* Add Singularity image source (#908)
|
|
|
|
|
* Update grype bootstrap tools to latest versions. (#907)
|
|
|
|
|
* Update Syft to v0.55.0 (#906)
|
|
|
|
|
* Update grype bootstrap tools to latest versions. (#905)
|
|
|
|
|
* Update grype bootstrap tools to latest versions. (#903)
|
|
|
|
|
* Update grype bootstrap tools to latest versions. (#896)
|
|
|
|
|
* Add blurbs about building and running from source (#893)
|
|
|
|
|
* Fix docker build typo (#891)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Sep 07 05:36:24 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.48.0:
|
|
|
|
|
* disable CPE match filtering based on target software component for java packages (#889)
|
|
|
|
|
* Update grype bootstrap tools to latest versions. (#886)
|
|
|
|
|
* fix getting latest gosimports version (#885)
|
|
|
|
|
* workflow to create automated PRs to update bootstrap tools (#883)
|
|
|
|
|
* Add s390x build support (#720)
|
|
|
|
|
* fix: only show distro warning if distro packages exist (#875)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Sep 07 05:33:41 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.47.0:
|
|
|
|
|
* Update Syft to v0.54.0 (#881)
|
|
|
|
|
* Update README.md (#871)
|
|
|
|
|
* Update README.md (#868)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Sep 07 05:30:47 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.46.0:
|
|
|
|
|
* test: rm mustConst since unused (#860)
|
|
|
|
|
* Update Syft to v0.53.4 (#856)
|
|
|
|
|
* feat: enrich db check cmd feedback (#853)
|
|
|
|
|
* update syft version location for Makefile (#865)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Sep 07 05:28:51 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.45.0:
|
|
|
|
|
* remove env variable dependencies and keychain from signing script (#864)
|
|
|
|
|
* macos-latest for signing (#863)
|
|
|
|
|
* move docker release into separate release workflow (#862)
|
|
|
|
|
* revert to old docker action (#861)
|
|
|
|
|
* additional readOptions added per 855 (#857)
|
|
|
|
|
* Ensure database access is readonly (#854)
|
|
|
|
|
* push older version for mac runner stability (#852)
|
|
|
|
|
* bump bouncer to v0.4.0 (#851)
|
|
|
|
|
* feat: simple input case to request vulnerability data via purl (#795)
|
|
|
|
|
* update golanci-lint, goreleaser, cosign (#850)
|
|
|
|
|
* fix: db diff default has flipped base/target url (#845)
|
|
|
|
|
|
2022-07-26 14:43:55 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jul 26 11:28:54 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.44.0:
|
|
|
|
|
* add env variables and keychain for GHCR publish (#843)
|
|
|
|
|
* update grype to use syft v0.52.0 (#838)
|
|
|
|
|
* add debug distroless image to published images (#835)
|
|
|
|
|
* add new line for help block (#834)
|
|
|
|
|
* add Gentoo matching support (#813)
|
|
|
|
|
* feat: add filtering support using target software field in cpe (#810)
|
|
|
|
|
|
2022-07-19 08:46:24 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jul 19 08:19:48 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.43.0:
|
|
|
|
|
* Add new matcher files for golang => remove main module FP matches (#829)
|
|
|
|
|
* Fix a cyclonedxvex typo and fix the schema document from (#830)
|
|
|
|
|
* feat: add --only-notfixed flag (#828)
|
|
|
|
|
* add DBCloser. Clients can aviod db connection leak if vulnerability db is loaded many times (#825)
|
|
|
|
|
|
2022-07-16 19:23:33 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Jul 16 19:00:16 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.42.0:
|
|
|
|
|
* bump syft version to v0.51.0 (#822)
|
|
|
|
|
* feat: implement `grype db diff` command (#812)
|
|
|
|
|
* fix typo in log message (#819)
|
|
|
|
|
|
2022-07-07 11:13:14 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jul 06 18:11:46 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.41.0:
|
|
|
|
|
* update syft to v0.50.0 (#818)
|
|
|
|
|
* Finalize v4 Grype schema (#803)
|
|
|
|
|
* docs: update to include rust (#814)
|
|
|
|
|
* feat: add diffing 2 databases to v3 store functionality (#789)
|
|
|
|
|
* fix: add support for partybus ui on `grype db update` cmd (#806)
|
|
|
|
|
* Added Docker example to Readme (#769)
|
|
|
|
|
* fix: add vex json & xml to listed formats (#802)
|
|
|
|
|
* docs: update php listing to be more clear that the `.json` file isn't indexed (#808)
|
|
|
|
|
|
2022-06-27 13:38:13 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jun 27 13:20:36 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.40.1:
|
|
|
|
|
* update syft => v0.49.0 (#804)
|
|
|
|
|
* remove oss meetup message (#799)
|
|
|
|
|
* fix: add fixed versions to cyclonedxjson output (#763)
|
|
|
|
|
* docs: update to include php (#793)
|
|
|
|
|
|
2022-06-22 13:00:04 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jun 22 08:33:50 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.40.0:
|
|
|
|
|
* update grype to latest syft patch v0.48.1 (#790)
|
|
|
|
|
* fix: add golang to documentation (#788)
|
|
|
|
|
* fix: accept templates with custom functions (#786)
|
|
|
|
|
* add db staleness check (#785)
|
|
|
|
|
* feat: add compose workflow for local dev (#783)
|
|
|
|
|
* ignore gemfile rich version for semVer comparison (#776)
|
|
|
|
|
* Support namespace and language as additional criteria for ignoring vulnerability matches (#780)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jun 22 08:19:33 UTC 2022 - kastl@b1-systems.de
|
|
|
|
|
|
|
|
|
|
- Update to version 0.39.0:
|
|
|
|
|
* update syft version to v0.47.0 (#781)
|
|
|
|
|
* use anchore fork of glebarez/sqlite (#778)
|
|
|
|
|
* template: Check sanity for template file (#674)
|
|
|
|
|
* Add announcement for Anchore OSS Meetup (#775)
|
|
|
|
|
* Bump github.com/hashicorp/go-getter from 1.5.11 to 1.6.1 (#770)
|
|
|
|
|
* publish release to reduce user friction (#766)
|
|
|
|
|
* Update Syft to v0.46.3 (#761)
|
|
|
|
|
* Add reference to logrus logging levels (#758)
|
|
|
|
|
* README: add MacPorts install info (#759)
|
|
|
|
|
|
2022-06-15 11:20:21 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jun 6 19:46:12 UTC 2022 - Johannes Kastl <kastl@b1-systems.de>
|
|
|
|
|
|
|
|
|
|
- new package grype at version 0.38.0: A vulnerability scanner for container images and filesystems
|
