Ecosyste.ms: Timeline
Browse the timeline of events for every public repo on GitHub. Data updated hourly from GH Archive.
wagoodman pushed 1 commit to add-v6-to-manager anchore/grype-db
- switch v6 to supported Signed-off-by: Alex Goodman <[email protected]> d913994
wagoodman created a review comment on a pull request on anchore/grype-db
the current plan is to merge this with the dev branch + supported = true
wagoodman pushed 1 commit to add-v6-to-manager anchore/grype-db
- fix tests Signed-off-by: Alex Goodman <[email protected]> eea6e13
wagoodman pushed 5 commits to add-v6-to-manager anchore/grype-db
- chore(deps): Bump github.com/go-git/go-git/v5 from 5.12.0 to 5.13.0 (#465) Bumps [github.com/go-git/go-git/v5](https... ec6bf4d
- chore(deps-dev): Bump jinja2 from 3.1.4 to 3.1.5 (#467) Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.4 ... 681692e
- chore(ci): bootstrap oras for use in ci (#469) * chore(ci): bootstrap oras for use in ci Signed-off-by: Weston Stei... 6fd8427
- rename type to ecosystem Signed-off-by: Alex Goodman <[email protected]> 72f02aa
- Merge remote-tracking branch 'origin/main' into add-v6-to-manager Signed-off-by: Alex Goodman <[email protected]... c66afb1
wagoodman pushed 1 commit to main anchore/grype-db
- chore(ci): bootstrap oras for use in ci (#469) * chore(ci): bootstrap oras for use in ci Signed-off-by: Weston Stei... 6fd8427
wagoodman closed a pull request on anchore/grype-db
chore(ci): bootstrap oras for use in ci
Ensure oras is installed for use in CI jobs. Additionally ports the repo over to using binny for tool management to make this kind of work easier in the future.
wagoodman pushed 1 commit to main anchore/grype
- Add package spec alias + case insensitivity for v6 DBs (#2376) * add package spec alias + case insensitivity Signed... 6619733
wagoodman closed a pull request on anchore/grype
Add package spec alias + case insensitivity for v6 DBs
This adds the capability to search for package specifier ecosystem aliases, such as translating purl types to known syft package types, to ensure we're searching for the best ecosystem values relat...
wagoodman created a review comment on a pull request on anchore/grype
I'll get this in for now -- but before v6 is finalized let's confer and see if we want to refactor.
wagoodman pushed 1 commit to bootstrap-oras anchore/grype-db
- port tool management to binny Signed-off-by: Alex Goodman <[email protected]> a38c691
wagoodman pushed 1 commit to bootstrap-oras anchore/grype-db
- port tool management to binny Signed-off-by: Alex Goodman <[email protected]> fe62519
wagoodman pushed 1 commit to bootstrap-oras anchore/grype-db
- port tool management to binny Signed-off-by: Alex Goodman <[email protected]> 1e055f4
wagoodman pushed 1 commit to bootstrap-oras anchore/grype-db
- port tool management to binny Signed-off-by: Alex Goodman <[email protected]> 98fbd3b
wagoodman pushed 1 commit to file-cataloger-selection anchore/syft
- allow for explicit removal of all package and file tasks Signed-off-by: Alex Goodman <[email protected]... 671f85d
wagoodman pushed 66 commits to file-cataloger-selection anchore/syft
- chore(deps): update tools to latest versions (#3501) Signed-off-by: github-actions[bot] <41898282+github-actions[bot... d3c9ce5
- fix order of rust dependencies and support git sources in Cargo.lock dependencies (#3502) * fix: un-reverse Cargo.lo... 4adb56d
- Add relationships for rust audit binary packages (#3500) * add rust audit binary pkg relationships Signed-off-by: A... 340b5e1
- chore(deps): bump actions/cache from 4.1.2 to 4.2.0 (#3503) Bumps [actions/cache](https://github.com/actions/cache) ... 4015f40
- chore(deps): bump github.com/magiconair/properties from 1.8.7 to 1.8.9 (#3508) Bumps [github.com/magiconair/properti... c43c9df
- chore(deps): update tools to latest versions (#3506) Signed-off-by: github-actions[bot] <41898282+github-actions[bot... 064a971
- chore(deps): update CPE dictionary index (#3507) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@us... cd0900e
- fix: convert file paths for spdx formats from absolute to relative (#3509) * feat: convert file paths for spdx forma... f9e320c
- chore(deps): update anchore dependencies (#3510) * integrate anchore deps Signed-off-by: Alex Goodman <wagoodman@us... d38efb0
- chore(deps): bump github/codeql-action from 3.27.6 to 3.27.7 (#3514) Bumps [github/codeql-action](https://github.com... 37957b8
- chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.3 to 6.6.4 (#3513) Bumps [github.com/jedib0t/go-pretty/v6... 0dc74a3
- chore(deps): bump github.com/docker/docker (#3512) Bumps [github.com/docker/docker](https://github.com/docker/docker... 0f9d2e5
- Make pre-release integration PRs (#3370) * use reusable dep update action Signed-off-by: Alex Goodman <wagoodman@us... d77e78e
- chore: migrate syft to use the anchore fork of archiver without replace (#3516) --------- Signed-off-by: Christophe... 561ed50
- fix: stop omitting redundantly parenthesized licenses in CDX formatter (#3517) Previously, a bug in the formatter wo... 4451428
- chore: make fixes field in PR template match auto-close regex (#3520) Previously, if filling out this template, some... 6deb41c
- chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#3518) Bumps [actions/checkout](https://github.com/actions/c... 20fb9cc
- chore(deps): bump actions/setup-go from 5.1.0 to 5.2.0 (#3519) Bumps [actions/setup-go](https://github.com/actions/s... 02f9350
- chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#3523) Bumps [golang.org/x/crypto](https://github.com/g... 8dcb495
- chore(deps): bump github/codeql-action from 3.27.7 to 3.27.9 (#3524) Bumps [github/codeql-action](https://github.com... 36016a0
- and 46 more ...
wagoodman opened an issue on anchore/syft
Merging package does not consider UNKNOWN version stubs
Today the pkg.Collection can merge packages that have the same package ID, which is based on the values within all fields on pkg.Package recursively. The downside with this approach is that it does...
wagoodman created a comment on an issue on anchore/syft
We should probably add a facility for the go binary cataloger to take a set of binary classifiers (reusing the binary catalogers code) in cases when a regex for finding the version within a binary ...
wagoodman closed an issue on anchore/syft
Support cataloging NuGet packages
It would be useful to catalog NuGet packages. We should consider deriving this information from one or more sources: - `packages.lock.json` which has pinned dependencies listed - `.nuspec` which...
wagoodman closed a pull request on anchore/syft
feat: add cataloger for NuGet packages
# Description This PR adds a cataloger for NuGet lockfiles in the form of packages.lock.json files. - Fixes #373 ## Type of change - [x] New feature (non-breaking change which adds fun...
wagoodman pushed 1 commit to feat/add-dotnet-packages-lock-cataloger Kemosabert/syft
- move section Signed-off-by: Alex Goodman <[email protected]> 473664f
wagoodman created a review comment on a pull request on anchore/syft
the python cataloger does similar behavior for requirements.txt parsing (when a range is found). In that case we have a configuration item for the cataloger. Just mentioning from a consistency pers...