Ecosyste.ms: Timeline
Browse the timeline of events for every public repo on GitHub. Data updated hourly from GH Archive.
wagoodman opened a draft pull request on anchore/grype-db
Remove v3 and v4 schema usage
Removes all usage of v3 and v4 schemas, per: - https://anchorecommunity.discourse.group/t/grype-versions-before-v0-51-0-oct-2022-will-stop-getting-new-vulnerability-data-on-25-january-2025/254/2 ...
wagoodman pushed 1 commit to feat/bitnami-cataloger juan131/syft
- [wip] add bitnami owned files and fix binary package ownership filtering Signed-off-by: Alex Goodman <wagoodman@user... 3c2b313
wagoodman pushed 1 commit to main anchore/grype-db
- skip release gate for unexpected acceptance tests (#481) Signed-off-by: Alex Goodman <[email protected]... dce5717
wagoodman closed a pull request on anchore/grype-db
Skip release gate for unexpected acceptance tests
While working on a new schema version it is possible to configure a new version that is published but quality gates are skipped -- including acceptance tests. This removes looking for acceptance te...
wagoodman opened a pull request on anchore/grype-db
Skip release gate for unexpected acceptance tests
While working on a new schema version it is possible to configure a new version that is published but quality gates are skipped -- including acceptance tests. This removes looking for acceptance te...
wagoodman pushed 1 commit to main anchore/syft
- chore(deps): bump github/codeql-action from 3.28.3 to 3.28.4 (#3618) Bumps [github/codeql-action](https://github.com... 5ea952e
wagoodman closed a pull request on anchore/syft
chore(deps): bump github/codeql-action from 3.28.3 to 3.28.4
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.3 to 3.28.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql...
wagoodman pushed 1 commit to main anchore/syft
- chore(deps): bump anchore/sbom-action from 0.17.9 to 0.18.0 (#3619) Bumps [anchore/sbom-action](https://github.com/a... a5a2b83
wagoodman closed a pull request on anchore/syft
chore(deps): bump anchore/sbom-action from 0.17.9 to 0.18.0
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.17.9 to 0.18.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anchore/sbom-ac...
wagoodman pushed 1 commit to main anchore/grype-db
- fix gate threshold (#480) Signed-off-by: Alex Goodman <[email protected]> 5df5241
wagoodman closed a pull request on anchore/grype-db
Fix vulnerability gate threshold
I missed updating the other stat with #478
wagoodman opened a pull request on anchore/grype-db
Fix vulnerability gate threshold
I missed updating the other stat with #478
wagoodman pushed 1 commit to main anchore/grype-db
- fix gate threshold (#478) Signed-off-by: Alex Goodman <[email protected]> ee4ca35
wagoodman closed a pull request on anchore/grype-db
Fix listing.json validations threshold
When switching to alpine it was missed that there would be fewer than 10 packages (there should be 7). This drops the threshold to be a little lower than that to tolerate changes to vulnerability d...
wagoodman pushed 105 commits to filter-dotnet-pe anchore/syft
- chore(deps): update stereoscope to aa3a3ef4efe8d8759c9aa87261b405cc003bfc9a (#3472) Signed-off-by: github-actions[bo... a8d4202
- chore(deps): bump github/codeql-action from 3.27.4 to 3.27.5 (#3473) Bumps [github/codeql-action](https://github.com... 05c09fd
- chore(deps): bump anchore/sbom-action from 0.17.7 to 0.17.8 (#3476) Bumps [anchore/sbom-action](https://github.com/a... 8abd97a
- Use file indexer directly when scanning with file source (#3333) * Use file indexer when scanning with file source ... 21df387
- fix: dart classifier for 2.x and ARM (#3475) Signed-off-by: witchcraze <[email protected]> 2118295
- chore(deps): update stereoscope to be5deed44b7c03fcbfa6f1f42fb67202d31636a9 (#3483) Signed-off-by: github-actions[bo... 9f1e91e
- chore(deps): bump github.com/charmbracelet/bubbletea from 1.2.3 to 1.2.4 (#3482) Bumps [github.com/charmbracelet/bub... b8d3dd3
- chore(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#3480) Bumps [github.com/stretchr/testify](https... bbc292e
- chore(deps): update CPE dictionary index (#3479) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@us... ec5f316
- chore(deps): update tools to latest versions (#3478) Signed-off-by: github-actions[bot] <41898282+github-actions[bot... a320cf7
- chore(deps): bump github.com/saferwall/pe from 1.5.5 to 1.5.6 (#3493) Bumps [github.com/saferwall/pe](https://github... a0a6293
- chore(deps): bump modernc.org/sqlite from 1.34.1 to 1.34.2 (#3492) Bumps [modernc.org/sqlite](https://gitlab.com/czn... 74d5802
- chore(deps): update CPE dictionary index (#3491) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@us... 0e880e8
- feat: set max layer size (#3464) Signed-off-by: tomersein <[email protected]> 59e9433
- chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.2 to 6.6.3 (#3489) c361942
- chore(deps): bump github/codeql-action from 3.27.5 to 3.27.6 (#3494) Bumps [github/codeql-action](https://github.com... 0c3fa82
- chore(deps): update tools to latest versions (#3487) Signed-off-by: github-actions[bot] <41898282+github-actions[bot... 1af70d7
- chore(deps): update tools to latest versions (#3496) Signed-off-by: github-actions[bot] <41898282+github-actions[bot... 3508e64
- fix: emit NOASSERTION for copyright text to fix SPDX 2.2 validation failure (#3495) * fixes issue #3346 Signed-of... 4819023
- chore: add and document target for updating unit snapshots (#3498) * chore: add and document target for updating uni... 25e5d55
- and 85 more ...
wagoodman pushed 1 commit to performant-pe-reader anchore/syft
- [wip] add tests Signed-off-by: Alex Goodman <[email protected]> e3109c3
wagoodman opened a pull request on anchore/grype-db
Fix gate threshold
When switching to alpine it was missed that there would be fewer than 10 packages (there should be 7). This drops the threshold to be a little lower than that to tolerate changes to vulnerability d...
wagoodman created a comment on an issue on anchore/grype
My latest thoughts is that combining these projects is the way to go. Specifically: - Migrate all golang code to the grype repo -- adding either a new binary or new subcommand in grype - Keep all p...
wagoodman pushed 20 commits to feat/v6-query-api anchore/grype
- remove db debug statements for v6 (#2387) Signed-off-by: Alex Goodman <[email protected]> 0ee2b72
- chore(deps): bump actions/setup-go from 5.2.0 to 5.3.0 (#2386) Bumps [actions/setup-go](https://github.com/actions/s... ac67034
- chore(deps): update tools to latest versions (#2381) Signed-off-by: github-actions[bot] <41898282+github-actions[bot... 6dfc530
- chore(deps): bump github.com/invopop/jsonschema from 0.7.0 to 0.13.0 (#2378) Bumps [github.com/invopop/jsonschema](h... 2d6b60c
- chore(deps): update tools to latest versions (#2389) Signed-off-by: github-actions[bot] <41898282+github-actions[bot... 0757add
- chore(deps): bump github.com/anchore/stereoscope from 0.0.12 to 0.0.13 (#2392) Bumps [github.com/anchore/stereoscope... 788a9dc
- chore(deps): bump github/codeql-action from 3.28.1 to 3.28.2 (#2390) Bumps [github/codeql-action](https://github.com... bd9694b
- chore(deps): bump github.com/aquasecurity/go-pep440-version (#2391) Bumps [github.com/aquasecurity/go-pep440-version... a09c704
- external-sources: throttle requests to maven central to avoid being rate limited for large sets of java dependencies ... 1685196
- chore(deps): update anchore dependencies (#2388) * chore(deps): update anchore dependencies --------- Signed-off-b... 247f5d7
- chore(ci): fix composite GitHub action path in dependabot config (#2396) Signed-off-by: Weston Steimel <commits@west... 8ce2db9
- chore(deps): bump golang.org/x/time from 0.8.0 to 0.9.0 (#2403) Bumps [golang.org/x/time](https://github.com/golang/... 27fa72f
- chore(deps): bump github.com/docker/docker (#2402) Bumps [github.com/docker/docker](https://github.com/docker/docker... 28da668
- chore(deps): bump github/codeql-action from 3.28.2 to 3.28.3 (#2401) Bumps [github/codeql-action](https://github.com... e1853e4
- chore(deps): bump actions/setup-go in /.github/actions/bootstrap (#2399) Bumps [actions/setup-go](https://github.com... e219e2b
- chore(deps): bump actions/cache in /.github/actions/bootstrap (#2400) Bumps [actions/cache](https://github.com/actio... fd9c3d8
- chore(deps): bump actions/setup-python in /.github/actions/bootstrap (#2398) Bumps [actions/setup-python](https://gi... 81b74da
- chore(deps): update tools to latest versions (#2395) Signed-off-by: github-actions[bot] <41898282+github-actions[bot... de80302
- Performance enhancements for DB v6 writes (#2394) * cache entry IDs when writing to the DB Signed-off-by: Alex Good... 78db49c
- Merge remote-tracking branch 'origin/main' into feat/v6-query-api Signed-off-by: Alex Goodman <[email protected]... a74120f
wagoodman created a comment on an issue on anchore/syft
We should probably stop searching within binaries with a simple semver-like pattern within binaries from within the golang cataloger -- this is the source of many FPs. In the meantime we could at l...