Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: update alpine matchers to use SecDB entries as fixed information rather than vuln source #1318

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

fix: update alpine matchers to use SecDB entries as fixed information rather than vuln source #1318

wants to merge 6 commits into from

Commits on May 25, 2023

  1. fix: update alpine matchers to no longer search by package distro 

    we only want to match on cpe without sec db fixes

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
    @spiffcs
    spiffcs committed May 25, 2023
    Configuration menu
    Copy the full SHA
    bf58a14 View commit details
    Browse the repository at this point in the history

Commits on Oct 19, 2023

  1. Merge branch 'main' into 970-alpine-match-simplification 

    * main: (137 commits)
  chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#1564)
  Add --ignore-states flag for ignoring findings with specific fix states (#1473)
  feat: update go-sarif library to use latest release (#1563)
  bump clio to get stderr reporting fix (#1561)
  chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.2 to 1.4.3 (#1558)
  chore(deps): bump github.com/charmbracelet/lipgloss from 0.9.0 to 0.9.1 (#1557)
  Add checksum signing (#1535)
  chore(deps): bump golang.org/x/net from 0.16.0 to 0.17.0 (#1554)
  feat: disable CPE-based matching for GHSA ecosystems by default (#1412)
  chore(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#1552)
  chore(deps): update Syft to v0.93.0 (#1550)
  chore(deps): bump gorm.io/gorm from 1.25.4 to 1.25.5 (#1547)
  chore(deps): bump github.com/charmbracelet/lipgloss from 0.8.0 to 0.9.0 (#1548)
  chore(deps): bump github.com/hashicorp/go-getter from 1.7.2 to 1.7.3 (#1549)
  chore(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.0 (#1544)
  fix: empty descriptor name and version (#1542)
  chore: removes unnecessary conditional (#1539)
  chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.10 to 0.4.11 (#1533)
  chore(deps): update Syft to v0.92.0 (#1527)
  chore(deps): update bootstrap tools to latest versions (#1524)
  ...
    @spiffcs
    spiffcs committed Oct 19, 2023
    Configuration menu
    Copy the full SHA
    757a60f View commit details
    Browse the repository at this point in the history

Commits on Oct 23, 2023

  1. test: update unit tests with matcher changes 

    Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
    @spiffcs
    spiffcs committed Oct 23, 2023
    Configuration menu
    Copy the full SHA
    b92dcab View commit details
    Browse the repository at this point in the history

  2. chore: SA tooling 

    Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
    @spiffcs
    spiffcs committed Oct 23, 2023
    Configuration menu
    Copy the full SHA
    6b475e4 View commit details
    Browse the repository at this point in the history

  3. test: update integration tests with new match strategy 

    Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
    @spiffcs
    spiffcs committed Oct 23, 2023
    Configuration menu
    Copy the full SHA
    2ba653d View commit details
    Browse the repository at this point in the history

  4. test: update matcher test to reflect latest CPE match directive 

    Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
    @spiffcs
    spiffcs committed Oct 23, 2023
    Configuration menu
    Copy the full SHA
    bec1b97 View commit details
    Browse the repository at this point in the history