Update anchore/scan-action action to v4 #464

chore: address test flakes (#249) [willmurphyscode]
chore(deps): update Grype to v0.73.3 (#248) [anchore-actions-token-generator]
chore: add manual trigger to test workflow (#247) [willmurphyscode]
fix: updated semver version (#241) [gicappa]
chore(docs): update docker related actions to avoid warnings in workflow (#240) [kuzm1ch]
chore: add new exception for audit (#235) [spiffcs]
chore(deps): update Grype to v0.63.1 (#233) [anchore-actions-token-generator]
Add by-cve option (#229) [too-gee]
add oss community board auto-add workflow (#231) [wagoodman]

🐛 Bug Fixes

chore(deps): update Grype to v0.73.2; remove snapshot tests (#236) [anchore-actions-token-generator]

`v3.3.6`

Compare Source

New in scan-action v3.3.6

chore(deps): update Grype to v0.63.0 (#225) [anchore-actions-token-generator]
chore: update grype update (#224) [kzantow]
chore: update deprecated set-output call (#223) [kzantow]

`v3.3.5`

Compare Source

New in scan-action v3.3.5

Set json output (#222) [kklopfenstein]
Update Grype to v0.60.0 (#221) [anchore-actions-token-generator]
Add input for --add-cpes-if-none flag (#219) [sebhoss]

`v3.3.4`

Compare Source

New in scan-action v3.3.4

Update Grype to v0.56.0 (#205)

`v3.3.3`

Compare Source

New in scan-action v3.3.3

Add only-fixed option (#208) [lucacome]
Update Grype to v0.54.0 (#204) [anchore-actions-token-generator]

`v3.3.2`

Compare Source

New in scan-action v3.3.2

Include process environment into grype execution (#202) [erhan- + kzantow]

`v3.3.1`

Compare Source

New in scan-action v3.3.1

Update Grype to v0.52.0 (#201) [anchore-actions-token-generator]

`v3.3.0`

Compare Source

New in scan-action v3.3.0

Add output-format and allow json to be used (#184,#187) [GiliFaroEnv0 + maartenh]
Add table option for output-format to show vulnerabilities in console (#135) [ken-chou-finn + kzantow]
Update Grype to v0.50.1 (#191) [anchore-actions-token-generator]

`v3.2.5`

Compare Source

New in scan-action v3.2.5

Update node versions to v16 from v12 (#176) [spiffcs]
Update Grype to v0.38.0 (#173)

`v3.2.4`

Compare Source

New in scan-action v3.2.4

Update Grype to v0.34.7 (#163)
More closely align parameters with sbom-action (#158)

`v3.2.3`

Compare Source

New in scan-action v3.2.3

Support SBOM input for scanning (#154) [@harmw]

`v3.2.2`

Compare Source

New in scan-action v3.2.2

Add sub-action to download Grype (#152)
Update Grype to 0.34.4 to fix a nil pointer in SARIF generation (#151)

`v3.2.1`

Compare Source

New in scan-action v3.2.1

Remove SARIF processing (#148)

`v3.2.0`

Compare Source

New in scan-action v3.2.0

Update Grype to 0.27.3 (#136)
Output Grype stderr to action logs (#137)
Readme should point to CONTRIBUTING.md (#126)
Improve documentation (#125)

`v3.1.0`

Compare Source

New in scan-action v3.1.0

Update Grype to 0.22.0 - this includes the ability to ignore vulnerability matches (#121)

`v3.0.0`

Compare Source

New in scan-action v3.0.0

Upgrade to Grype to 0.17.0 and add tests #102 (#112) (#118)
Improve SARIF output #114 (#115)
Change default behavior so action fails on medium (and higher) severities (#86)
Respect verbosity from action to call Grype (#82)

`v2.0.4`

Compare Source

New in scan-action v2.0.4

bump grype to 0.7.0 (#81)

`v2.0.3`

Compare Source

New in scan-action 2.0.3

bump grype to 0.6.1 (#79)
Halt execution when invalid options are provided (#76)
bump grype to 0.5.0 (#75)

`v2.0.2`

Compare Source

Minor bug-fix release:

Update actions/core to use version 1.2.6 (Issue #71)

`v2.0.1`

Compare Source

Minor bug-fix release.

Fixes:

Removes unnecessary constraint in deduplication for SARIF reporting
Allows defining and referencing the location of the SARIF report file
Fixes multiple instances where undefined items in the reporting would break scanning

Configuration

📅 Schedule: Branch creation - "after 10pm every weekday,before 5am every weekday,every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

sonarcloud · 2024-07-11T01:22:16Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

Update anchore/scan-action action to v4

5957706

renovate bot added the java dependencies label Jul 11, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update anchore/scan-action action to v4 #464

Update anchore/scan-action action to v4 #464

renovate bot commented Jul 11, 2024

sonarcloud bot commented Jul 11, 2024

Update anchore/scan-action action to v4 #464

Are you sure you want to change the base?

Update anchore/scan-action action to v4 #464

Conversation

renovate bot commented Jul 11, 2024

Release Notes

New in scan-action v4.0.0

New in scan-action v3.6.4

New in scan-action v3.6.3

New in scan-action v3.6.2

New in scan-action v3.6.1

New in scan-action v3.6.0

New in scan-action v3.5.0

New in scan-action v3.4.0

New in scan-action v3.3.8

New in scan-action v3.3.7

🐛 Bug Fixes

New in scan-action v3.3.6

New in scan-action v3.3.5

New in scan-action v3.3.4

New in scan-action v3.3.3

New in scan-action v3.3.2

New in scan-action v3.3.1

New in scan-action v3.3.0

New in scan-action v3.2.5

New in scan-action v3.2.4

New in scan-action v3.2.3

New in scan-action v3.2.2

New in scan-action v3.2.1

New in scan-action v3.2.0

New in scan-action v3.1.0

New in scan-action v3.0.0

New in scan-action v2.0.4

New in scan-action 2.0.3

Configuration

sonarcloud bot commented Jul 11, 2024

Quality Gate passed