Releases: hxtk/rules_anchore
Releases · hxtk/rules_anchore
Release 2.2.1
Change log
- Minor improvements to the update-grype tool
- Incorporate @sammy's PR for fixing the build on MacOS
WORKSPACE Setup
http_archive(
name = "com_github_hxtk_rules_anchore",
sha256 = "3c349f6a797b82ba3d35fcf7a6cabd6dc6b2b13a7d5fa83c00dd4ea63e8030b0",
strip_prefix = "rules_anchore-2.2.1",
urls = ["https://github.com/hxtk/rules_anchore/archive/refs/tags/v2.2.1.zip"],
)
load("@com_github_hxtk_rules_anchore//:deps.bzl", "anchore_deps")
anchore_deps()
load("@com_github_hxtk_rules_anchore//:extra_deps.bzl", "anchore_extra_deps")
# By default, this method configures a Go toolchain. If you have already
# configured a Go toolchain in your WORKSPACE, pass `configure_go=False`.
anchore_extra_deps(configure_go = False)Contributors
sammy
Assets 2
Allow ignoring specific CVEs
Change log
- Documentation changes to clarify that the explicit
[name].tartarget for images is preferred. - Add
ignore_cvesattribute so users can specify CVEs they intend to ignore. - Use a Grype cache in each test's respective
$RUNFILES_DIRto improve test isolation.
WORKSPACE Setup
http_archive(
name = "com_github_hxtk_rules_anchore",
sha256 = "0ebe243333ff8108e9aa4a58450c561ceeb22b0a233d6e8bc9310fa8a3efc51b",
strip_prefix = "rules_anchore-2.2.0",
urls = ["https://github.com/hxtk/rules_anchore/archive/refs/tags/v2.2.0.zip"],
)
load("@com_github_hxtk_rules_anchore//:deps.bzl", "anchore_deps")
anchore_deps()
load("@com_github_hxtk_rules_anchore//:extra_deps.bzl", "anchore_extra_deps")
# By default, this method configures a Go toolchain. If you have already
# configured a Go toolchain in your WORKSPACE, pass `configure_go=False`.
anchore_extra_deps()Improve Grype Updater, check builds with CI
Change log
- Grype Updater is now capable of recognizing many more forms of the
http_fileload statement when generating macros. - A CI system now validates compatibility with previous minor and patch releases, as well as ensuring markdown documentation
is always up-to-date as generated from source. - A periodic job now updates the Grype Database to serve as an example of the practice.
- The README now points to the above example and describes its purpose.
- The README now explicates the semantics of release version numbers.
WORKSPACE Configuration
http_archive(
name = "com_github_hxtk_rules_anchore",
sha256 = "81b613f9ac75e85c71c4e07d2787f3bda62ca34039b0b9d4c1373adb898532fb",
strip_prefix = "rules_anchore-2.1.3",
urls = ["https://github.com/hxtk/rules_anchore/archive/refs/tags/v2.1.3.zip"],
)
load("@com_github_hxtk_rules_anchore//:deps.bzl", "anchore_deps")
anchore_deps()
load("@com_github_hxtk_rules_anchore//:extra_deps.bzl", "anchore_extra_deps")
# By default, this method configures a Go toolchain. If you have already
# configured a Go toolchain in your WORKSPACE, pass `configure_go=False`.
anchore_extra_deps()Bug fix in Grype Updater
Change log
- Fix #3; grype-updater now works in macro files which contain other macros.
WORKSPACE Configuration
http_archive(
name = "com_github_hxtk_rules_anchore",
sha256 = "1323fe4fc9624794b280fc04167500160bda023282c470d9eb03bdae15273149",
strip_prefix = "rules_anchore-2.1.2",
urls = ["https://github.com/hxtk/rules_anchore/archive/refs/tags/v2.1.2.zip"],
)
load("@com_github_hxtk_rules_anchore//:deps.bzl", "anchore_deps")
anchore_deps()
load("@com_github_hxtk_rules_anchore//:extra_deps.bzl", "anchore_extra_deps")
# By default, this method configures a Go toolchain. If you have already
# configured a Go toolchain in your WORKSPACE, pass `configure_go=False`.
anchore_extra_deps()Minor README fix
Change log
- Ensure README displays correct instructions for setting up WORKSPACE
WORKSPACE Configuration
http_archive(
name = "com_github_hxtk_rules_anchore",
sha256 = "929d7dbe0b3081677240714ea11f6f3fa9d7ee96af67f5d11a50ae500b145d87",
strip_prefix = "rules_anchore-2.1.1",
urls = ["https://github.com/hxtk/rules_anchore/archive/refs/tags/v2.1.1.zip"],
)
load("@com_github_hxtk_rules_anchore//:deps.bzl", "anchore_deps")
anchore_deps()
load("@com_github_hxtk_rules_anchore//:extra_deps.bzl", "anchore_extra_deps")
# By default, this method configures a Go toolchain. If you have already
# configured a Go toolchain in your WORKSPACE, pass `configure_go=False`.
anchore_extra_deps()Grype database updater
Change log
- Compatibility tests to ensure it is not necessary to bump major
version: we have folders that utilize the WORKSPACE and BUILD
configurations specified in previous versions of the
documentation which are tested against the most recent version
in order to ensure all of it still works. - Add lots of documentation.
- Add grype_database rule in separate file to maintain
compatibility. - Consolidate rules under
//anchore:defs.go - Fail in
grype_testmacro if both sbom and image are provided
to prevent users from inadvertently creating ambiguous
configurations. - Ensure that rules are not marked as external (and are therefore
capable of being cache-friendly) iff a CVE database is specified.
Workspace Configuration
http_archive(
name = "com_github_hxtk_rules_anchore",
sha256 = "ec3097b465b15e5fd818b21379e2d4064104352f480bbcf3ab8aaecb20a9eb4f",
strip_prefix = "rules_anchore-2.1.0",
urls = ["https://github.com/hxtk/rules_anchore/archive/refs/tags/v2.1.0.zip"],
)
load("@com_github_hxtk_rules_anchore//:deps.bzl", "anchore_deps")
anchore_deps()
load("@com_github_hxtk_rules_anchore//:extra_deps.bzl", "anchore_extra_deps")
# By default, this method configures a Go toolchain. If you have already
# configured a Go toolchain in your WORKSPACE, pass `configure_go=False`.
anchore_extra_deps()Pre-compiled binaries
Breaking Changes
The WORKSPACE setup has been altered. Users should migrate by replacing their previous workspace setup with the one from the README (or see below).
New Features
It is possible to pass in a particular CVE database (either stored in one's workspace or as fetched by an http_file repository rule; see WORKSPACE for example. When this is done, the test will not be tagged as external, as it has no undeclared external dependencies.
Note that because tests share a common cache directory, running tests with and without pinned databases (or with disparate pinned databases) in parallel on a single host may cause undefined behavior.
WORKSPACE Setup
http_archive(
name = "com_github_hxtk_rules_anchore",
sha256 = "8d397c7c8683ae4c7d32ef7729efa39c18d8c47f8bbd7014b371432eecd9cd70",
strip_prefix = "rules_anchore-2.0.0",
urls = ["https://github.com/hxtk/rules_anchore/archive/refs/tags/v2.0.0.zip"],
)
load("@com_github_hxtk_rules_anchore//:deps.bzl", "anchore_deps")
anchore_deps()Fix some initial bugs
WORKSPACE Setup
http_archive(
name = "com_github_hxtk_rules_anchore",
sha256 = "7b1fc585853e6ecf9a7b591d1b51f06e35ab635a5688612436fbd5098dd6b95a",
strip_prefix = "rules_anchore-1.0.1",
urls = ["https://github.com/hxtk/rules_anchore/archive/refs/tags/v1.0.1.zip"],
)
load("@com_github_hxtk_rules_anchore//:deps.bzl", "anchore_deps")
anchore_deps()Initial Release
WORKSPACE Setup
If you already have a Go/Gazelle toolchain configured, place the following in your WORKSPACE file:
http_archive(
name = "com_github_hxtk_rules_anchore",
sha256 = "baeb7fde4f6a813700667ef0effa733a0f5679dbee8f6ad1667be720560f3189",
strip_prefix = "rules_anchore-1.0.0",
urls = ["https://github.com/hxtk/rules_anchore/archive/refs/tags/v1.0.0.zip"],
)
load("@com_github_hxtk_rules_anchore//:deps.bzl", "anchore_deps")
anchore_deps()If you do not have a Go toolchain configured, see the README for more information.