Skip to content

Releases: jetstack/tally

v0.0.1

30 May 10:00
1c12291
Compare
Choose a tag to compare

Changelog

  • 1c12291 Merge pull request #75 from jetstack/dependabot/go_modules/github.com/anchore/syft-0.82.0
  • 9098f29 Bump github.com/anchore/syft from 0.81.0 to 0.82.0

v0.0.1-rc.4

25 May 09:50
eb4adae
Compare
Choose a tag to compare

Changelog

  • eb4adae Merge pull request #73 from jetstack/dependabot/go_modules/github.com/anchore/syft-0.81.0
  • 97acb93 Bump github.com/anchore/syft from 0.76.0 to 0.81.0
  • a6a4907 Merge pull request #72 from jetstack/dependabot/github_actions/sigstore/cosign-installer-3.0.5
  • 7295b56 Merge pull request #74 from jetstack/dependabot/go_modules/github.com/sirupsen/logrus-1.9.2
  • ea482be Merge pull request #71 from jetstack/dependabot/go_modules/golang.org/x/sync-0.2.0
  • cc1b4f0 Bump github.com/sirupsen/logrus from 1.9.0 to 1.9.2
  • 880b8d0 Bump golang.org/x/sync from 0.1.0 to 0.2.0
  • 63e6727 Merge pull request #69 from jetstack/dependabot/go_modules/modernc.org/sqlite-1.22.1
  • e14a4bb Bump sigstore/cosign-installer from 3.0.3 to 3.0.5
  • d946eca Bump modernc.org/sqlite from 1.21.1 to 1.22.1
  • a49850f Merge pull request #68 from jetstack/dependabot/github_actions/sigstore/cosign-installer-3.0.3
  • 811f92b Merge pull request #63 from jetstack/dependabot/go_modules/github.com/spf13/cobra-1.7.0
  • de2a328 Bump sigstore/cosign-installer from 3.0.1 to 3.0.3
  • ac2bfb6 Bump github.com/spf13/cobra from 1.6.1 to 1.7.0
  • ac9dc26 Merge pull request #52 from jetstack/dependabot/go_modules/google.golang.org/api-0.114.0
  • dda6280 Merge pull request #59 from jetstack/dependabot/go_modules/github.com/CycloneDX/cyclonedx-go-0.7.1
  • b5def31 Bump google.golang.org/api from 0.112.0 to 0.114.0
  • a7cbc12 Bump github.com/CycloneDX/cyclonedx-go
  • 523aa6c Merge pull request #60 from jetstack/dependabot/go_modules/github.com/ossf/scorecard-webapp-1.0.4
  • 0eafcb4 Merge pull request #61 from jetstack/dependabot/go_modules/github.com/anchore/syft-0.76.0
  • fb3c372 Bump github.com/anchore/syft from 0.75.0 to 0.76.0
  • 7617410 Bump github.com/ossf/scorecard-webapp from 1.0.3 to 1.0.4

v0.0.1-rc.3

31 Mar 15:05
Compare
Choose a tag to compare
v0.0.1-rc.3 Pre-release
Pre-release

Changelog

  • 121ed33 release: add --yes to goreleaser cosign sign
  • 3719fa4 release: add --yes flag to cosign sign
  • b3843e0 Bump actions/setup-go from 3 to 4 (#55)
  • c42e0a4 Use Go 1.20 in test workflow
  • 0754a15 Print all results in JSON regardless of -a setting
  • eb2c506 Wrap results in a 'report' document
  • 5d9e21b Create dedicated repository type
  • 89dc888 Extract repository from the vcs_url qualifier in the purl
  • 6bb23a9 Create aggregate type for package to repositories mappings
  • a156d78 Extract repositories from syft-json format
  • f993318 Restructure how packages are fetched from the BOM
  • b9b5c74 Remove database
  • c4ded6d Fix concurrency for scorecard generate client
  • cbf7b8d Add flag to disable fetching scores from the API
  • 46af7ca Update README
  • 5991640 Make usage of the database optional and rename check flag
  • 88298be Support any package type
  • 700bc27 Remove scores from database
  • fce9679 Return the full scorecard result format
  • af5c2e2 Add a local cache for retrieved scores
  • fd903fa Improve progress logging
  • 9fbe57e Fetch scores from the scorecard API
  • f508c49 Improve progress logging
  • 5426827 Bump github.com/klauspost/compress from 1.16.0 to 1.16.3 (#49)
  • b59a104 Bump github.com/cheggaaa/pb/v3 from 3.1.0 to 3.1.2 (#48)
  • b08d309 Bump google.golang.org/api from 0.111.0 to 0.112.0 (#50)
  • 9a9f0f7 Bump sigstore/cosign-installer from 2.8.1 to 3.0.1 (#47)
  • 6104142 Bump google.golang.org/api from 0.109.0 to 0.111.0 (#46)
  • 45bc91b Bump cloud.google.com/go/bigquery from 1.46.0 to 1.48.0 (#45)
  • f5950b8 Bump github.com/klauspost/compress from 1.15.15 to 1.16.0 (#43)
  • d6d278d Bump modernc.org/sqlite from 1.20.4 to 1.21.0 (#44)
  • 9053b73 Bump modernc.org/sqlite from 1.20.3 to 1.20.4 (#39)
  • 7a0fa93 Bump cloud.google.com/go/bigquery from 1.45.0 to 1.46.0 (#40)
  • ffa3e67 Extract repository information from BOM (#34)
  • 39a884e Bump google.golang.org/api from 0.108.0 to 0.109.0 (#33)
  • 8b56e7d Bump github.com/ossf/scorecard/v4 from 4.8.0 to 4.10.2 (#21)
  • 3da04a7 Bump github.com/google/go-containerregistry from 0.12.1 to 0.13.0 (#32)
  • d9abe1f Bump google.golang.org/api from 0.103.0 to 0.108.0 (#31)
  • ca3682b Bump modernc.org/sqlite from 1.19.5 to 1.20.3 (#30)
  • b51bf8d Bump github.com/klauspost/compress from 1.15.12 to 1.15.15 (#29)
  • 093c8f1 Bump cloud.google.com/go/bigquery from 1.43.0 to 1.45.0 (#27)
  • 31b8ddb Bump goreleaser/goreleaser-action from 3 to 4 (#20)
  • 183baf5 Bump docker/login-action from 1.9.0 to 2.1.0 (#15)

v0.0.1-rc.2

02 Dec 09:26
Compare
Choose a tag to compare
v0.0.1-rc.2 Pre-release
Pre-release

Changelog

  • bf2f916 Tag database with v1
  • 065cc18 Compress the database with zstd
  • 2cf370d release: sign all images and create latest tag

v0.0.1-rc.1

26 Nov 09:19
Compare
Choose a tag to compare
v0.0.1-rc.1 Pre-release
Pre-release

Changelog

  • 579c94d Fix release
  • 4dfb978 Add id-token write permissions for goreleaser
  • 81ae2d4 Add signing with cosign to goreleaser
  • 384464a Add container build with ko
  • 3b7f9d7 Remove bigquery dataset feature
  • d6ce868 Bump google-github-actions/auth from 0.8.3 to 1.0.0 (#9)
  • 401a34a Add release process with goreleaser
  • 59c46d3 Add dependabot
  • 8d88e40 Add test workflow
  • 2e11daa Add workflow to create database
  • 2162df9 Remove unused manager.Dir()
  • 3672d0a Update deps and bump to Go 1.19
  • 56ea820 Update README.md
  • d2fed3c Remove check output
  • 0e70ab3 Refactor to simplify the manager and the database interfaces
  • 1d00477 Add tests for bom package
  • 280ebed Move scorecard generation to a scorecard package
  • 5348ba1 Refactor archive implementation. Move packages around.
  • 1326fdc Add individual check scores output
  • 81b8a56 Validate database metadata on import
  • 9444bf4 Print the image digest to stdout after push
  • 57328f9 Pull database in root command
  • c28c6c6 Add db pull command
  • f02b181 Add db push command
  • 25d716c Use DB interface for BQ dataset
  • 72205c1 Get scores from the sqlite database.
  • 9fea53b Add db create command
  • 79ba6aa Add a little emoji to the declaration about the development status
  • 3805ded s/ribbybibby/jetstack
  • d03cd99 Fix nil pointer error
  • fcfb73b Exit out on low scores
  • 704612e Only print info to os.Stderr
  • 5aa06c3 cyclonedx: include the metadata component
  • 2bdcb09 Add dataset create command
  • eef9ac9 Add terraform module to set up BigQuery dataset
  • 41c34d6 Move packages functions
  • dc4105b Don't require -t when -g is set
  • b152936 Add dedicated packages for tables, create separate result type
  • 721b841 Add LICENSE
  • e1f55d8 Add a little disclaimer to the README
  • 6236dcf Save generated scores to a separate table
  • ac23606 Add dedicated package type
  • c098914 Update README.md
  • 5455557 Create Packages interface
  • e92cdf6 Infer github repository from go module name
  • 0e9f768 Generate missing scores
  • 8275174 Make more changes to output.
  • ae88a8a Walk through hierarchical CycloneDX SBOMs
  • 8122822 Shorten default output, add extra output options
  • 1142569 Retrieve scores from the latest scorecard table
  • a06c3c0 Add support for syft-json format
  • 8191645 Bring columns closer together in example
  • 645bebe First implementation
  • 1249e67 Initial commit