Skip to content

Latest commit

 

History

History
2339 lines (2264 loc) · 202 KB

CHANGELOG.md

File metadata and controls

2339 lines (2264 loc) · 202 KB

v4.7.0-rc.1 - 2023-06-23

Airgap

  • 94757c7d: Remove libindex Airgap option

All

Build(Deps)

  • 00a4279d: bump github.com/prometheus/client_golang
  • f4f22e33: bump golang.org/x/net from 0.10.0 to 0.11.0
  • 36a7c88c: bump github.com/klauspost/compress from 1.16.5 to 1.16.6
  • 17cdc922: bump peter-evans/create-pull-request from 5.0.1 to 5.0.2
  • b95be229: bump github.com/streadway/amqp from 1.0.0 to 1.1.0
  • 45f808da: bump github.com/urfave/cli/v2 from 2.25.5 to 2.25.7
  • b75a00c3: bump github.com/urfave/cli/v2 from 2.25.3 to 2.25.5
  • 22a75603: bump github.com/google/go-containerregistry
  • 300b1374: bump go.opentelemetry.io/otel/exporters/jaeger
  • b2d7a091: bump github.com/urfave/cli/v2 from 2.3.0 to 2.25.3
  • a21fb21d: bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace
  • b188cba7: bump github.com/quay/claircore from 1.5.2 to 1.5.3
  • eb9d1225: bump golang.org/x/sync from 0.1.0 to 0.2.0
  • f35c832f: bump golang.org/x/net from 0.9.0 to 0.10.0
  • 3dbbaf7b: bump github.com/rs/zerolog from 1.29.0 to 1.29.1
  • 1ee7cb8a: bump go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace
  • dcb7a05a: bump go.opentelemetry.io/otel/exporters/jaeger
  • fca257d7: bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace
  • 933cc5c7: bump github.com/ugorji/go/codec from 1.2.9 to 1.2.11
  • 4f39b319: bump github.com/klauspost/compress from 1.16.4 to 1.16.5
  • 3643f9d2: bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
  • c13eaecc: bump go.opentelemetry.io/otel/trace from 1.11.0 to 1.15.1
  • 43e3daea: bump github.com/jackc/pgx/v4 from 4.18.0 to 4.18.1
  • 2180bc40: bump gopkg.in/square/go-jose.v2 from 2.5.1 to 2.6.0
  • f669244a: bump peter-evans/create-pull-request from 5.0.0 to 5.0.1
  • 74bc404f: bump peter-evans/create-pull-request from 4.2.4 to 5.0.0
  • 912c6e47: bump actions/stale from 7 to 8
  • ddec3b43: bump peter-evans/create-pull-request from 4.2.3 to 4.2.4
  • f35a3611: bump actions/setup-go from 3 to 4
  • d3655eef: bump golang.org/x/net from 0.5.0 to 0.7.0
  • 854a2fbf: bump docker/build-push-action from 3 to 4

Chore

  • 31823df2: bump Claircore to v1.5.8
  • 836c0579: bump Claircore to v1.5.7
  • e688e88b: bump Claircore to v1.5.6
  • 3d61485d: bump Claircore to v1.5.5
  • ddc4cc24: bump Claircore to v1.5.4
  • 76686650: Add the osv updater to the local-dev config
  • 56e63e8b: Update opentelemetry to v1.16.0
  • 5df81b19: bump Claircore to v1.5.2
  • cc0d9df4: bump Claircore to v1.5.1
  • 35971dc9: produce nightly for ppc64le
  • 471da4ee: Only ask dependabot to care about direct dependencies
  • 62119209: updated nightly for s390x support
  • 57774bd9: added s390x support
  • 248a4733: move emulator tests to a nightly run
  • bd0488ee: add gomod ecosystems to dependabot
  • 8174e950: Remove 1.19
  • efe27892: Bump Claircore to v1.4.22
  • 1b857d13: Update go version in go.mod
  • 5faf0fc9: Bump Claircore to v1.4.21
  • a433c93c: Bump Claircore to v1.4.20
  • d565775c: Add back GIT_HASH as needed for image name
  • 12f38e45: Update go-image version in docker-compose manifest
  • 02f311d5: Use our dedicated metric for the go version
  • 896b2dfb: Update go version in Dockerfile
  • d10c06e0: Bump claircore to v1.4.18

Cicd

  • 2eb10895: use common workflow in main module CI
  • 83d9b2f5: use common workflow in config module CI
  • e2f264f4: fix nightly connection strings
  • 1ea95d83: rename yamllint config
  • 7e2ae8fc: fix nightly-ci error
  • 1267335e: use rabbitmq as STOMP broker in nightly CI
  • 2edb4915: use rabbitmq as STOMP broker in tests
  • 74c34c0c: update nightly job to work
  • 30a98697: update go versions

Clair

Clairctl

Cmd

Config

  • cee776b3: add newtype for Durations
  • 1ebbbf24: add some omitempty tags
  • 3b6047ca: update module to remove x/sys dependency

Contrib

  • bb3a4be5: Better versioning when building the service image
  • 8566c525: Add a dashboard panel to surface running versions

Docker-Compose

  • bb777399: use rabbitmq instead of activemq

Dockerfile

Docs

Httptransport

Httputil

Stomp

  • 5b876935: override default behavior for "host" header
  • 643bd1c9: rework tests
  • f84e3491: plumb Context into Dialer
  • 7d476ebd: remove apparent ActiveMQ-ism
  • aa441b3c: switch to module release for stomp client
  • #1739### Updater
  • 95970e28: Extend default updater time to 6 hours

v4.6.1 - 2023-04-13

Airgap

  • e02aba27: Remove libindex Airgap option

Chore

Go.Mod

Httptransport

Httputil

v4.6.0 - 2023-01-20

All

  • 577a55d4: use httputil to construct requests

Auto

  • 1f1010fe: add automatic memory limit discovery

Build(Deps)

  • ef896eb6: bump actions/stale from 6 to 7
  • 5a212ffe: bump peter-evans/create-pull-request from 4.1.4 to 4.2.3
  • b883bc2b: bump gsactions/commit-message-checker from 1 to 2

Chore

Cicd

Client

Cmd

  • 8b899803: use git-archive for version information

Documentation

Httptransport

  • 25ac033f: use new signer scheme in test
  • a9228d40: add a request_id to logs
  • #1547### Httputil
  • e746ff05: rework request signing and request restriction

Service

Webhook

  • d99f7005: add explicit signer argument

v4.5.1 - 2022-11-22

Chore

v4.5.0 - 2022-11-04

Build(Deps)

  • df77d75a: bump peter-evans/create-pull-request from 4.1.3 to 4.1.4

Chore

Clairctl

Cmd

v4.5.0-rc.0 - 2022-10-10

All

  • 1a1d5662: remove Quay keyserver support

Build(Deps)

  • 224d0698: bump actions/stale from 5 to 6
  • 180b887c: bump peter-evans/create-pull-request from 4.1.2 to 4.1.3
  • 0537bbc0: bump peter-evans/create-pull-request from 4.1.1 to 4.1.2
  • 47a9c1cb: bump peter-evans/create-pull-request from 4.0.4 to 4.1.1
  • 3cad3319: bump peter-evans/create-pull-request from 4.0.3 to 4.0.4
  • c5975257: bump peter-evans/create-pull-request from 4.0.2 to 4.0.3
  • 57dc2378: bump docker/setup-qemu-action from 1 to 2
  • c4e2031b: bump docker/login-action from 1 to 2
  • a9823a91: bump docker/setup-buildx-action from 1 to 2
  • 7c8bafbe: bump docker/build-push-action from 2 to 3
  • 4408b1bb: bump actions/download-artifact from 2 to 3
  • 4c91a714: bump actions/setup-go from 2 to 3
  • 64389db0: bump actions/upload-artifact from 2 to 3
  • 1db22a62: bump peter-evans/create-pull-request from 4.0.1 to 4.0.2
  • c0953e6f: bump actions/stale from 4 to 5
  • 53e944f9: bump peter-evans/create-pull-request from 3.14.0 to 4.0.1
  • c76efaee: bump actions/cache from 2 to 3

CRDA

  • 4bb2d332: replace API key request form URL

Chore

Chore

  • aae2d839: v4.5.0-rc.0 changelog bump
  • 95073d0b: Bump claircore to v1.4.7
  • 415b2a17: Add back Publish Binaries to upload clairctl versions
  • c9041efa: bump Claircore to v1.4.6
  • 039d2073: bump Claircore to v1.4.5
  • 4e44f7ef: bump claircore v1.4.2 -> v1.4.3
  • e2b8e101: Bump claircore v1.4.1 -> 1.4.2
  • 3273a969: bump claircore to v1.3.2

Ci

  • 45443c8e: fix prerelease conditional
  • eea6fea1: fix config tidy check
  • 4180d787: update workflows and machinery for go1.18

Clair

  • b8882f9d: better argument error messages
  • #1605### Clairctl
  • f0d6a357: fix error reporting for streaming responses

Config

Contrib

  • 9612ee67: remove rpmscanner files on startup
  • a6609638: First wipe anything that might be left before starting clair indexers
  • 6a6fd901: fix DB connection charts
  • 6b60eef6: Only count index report creation latency for successful requests
  • 17862ae3: Add DB connections to Grafana dashboard
  • 37ca1ab0: Add dedicated serviceAccount
  • 1d89c032: Wipe all the temporary files in the process of being fetched
  • 187764a3: Wipe all the contents of /tmp on container start
  • ae7675af: Use the readyz endpoint in startup probes
  • Fixes #1488### Docker-Compose
  • dfd68db8: remove -mod=vendor flag

Dockerfile

  • e689241b: strip binaries to reduce size
  • 2af2a7f6: fix build with newer ubi8/ubi-minimal image
  • f2e209c6: update for 1.18, add trimpath

Docs

  • 369319cd: note tested docker-compose version

Documentation

Go.Mod

Httptransport

Indexer

  • 8e5d76d3: Return 4XX status code when Index() returns tarfs.ErrBadFormat

Introspection

  • f4db2610: allow custom health function

Logging

  • 5c5a1ab4: log when request is rate-limited

Matcher

  • e5cb6a91: Update matcher client to match server definition

Metrics

  • e1664659: Spread clair_http_indexerv1_request_duration buckets

Prometheus

Services

Webhook

v4.4.4 - 2022-06-09

Chore

v4.4.3 - 2022-06-06

Chore

Go.Mod

v4.4.2 - 2022-05-26

Chore

Go.Mod

v4.4.1 - 2022-04-04

Chore

v4.4.0 - 2022-03-16

Chore

v4.4.0-rc.7 - 2022-03-14

Chore

Ci

v4.4.0-rc.6 - 2022-03-14

Build(Deps)

  • 323e83ce: bump actions/checkout from 2 to 3

Chore

Ci

Httptransport

  • 5caad7fc: remove unused AffectedManifest handler

v4.4.0-rc.5 - 2022-03-03

Chore

Ci

v4.4.0-rc.4 - 2022-03-03

Chore

Cicd

v4.4.0-rc.3 - 2022-03-03

Build(Deps)

  • 593b868e: bump peter-evans/create-pull-request from 3.12.1 to 3.14.0

Chore

Contrib

Metrics

  • cdb67fb6: matcher add status code label to matcher latency metric

v4.4.0-rc.2 - 2022-02-23

Chore

Workflows

v4.4.0-rc.1 - 2022-02-23

Chore

Workflows

v4.4.0-rc.0 - 2022-02-23

All

  • 128b27b7: update zlog and corresponding otel packages
  • 35c9c9f2: move config package to new module

Auto

  • 3b2f4958: fall back to root cgroup
  • 00163750: add automatic runtime configuration

Build(Deps)

  • 496f24c9: bump peter-evans/create-pull-request from 3.12.0 to 3.12.1
  • 422d6b4a: bump peter-evans/create-pull-request from 3.11.0 to 3.12.0
  • 55dbdd99: bump peter-evans/create-pull-request from 3.10.1 to 3.11.0
  • 0d2a60b3: bump peter-evans/create-pull-request from 3.5.1 to 3.10.1

Chore

Cicd

  • 3399a752: update actions to use native conditional
  • c473c92c: add CI job for config module
  • 752988a9: fix output/outputs typo
  • a930239b: fix nightly setup
  • 6a6df52d: factor out go module and build caching
  • dc30ee31: add conditional step hack
  • 83f6bcf5: prevent push on unchanged code
  • 8b173887: use common documentation action
  • f185a9b4: use common expiration action
  • bfc1abd3: add caches to release workflow
  • 29d9153b: move config into a discrete step
  • 9bb8cc7b: add some composite actions
  • b9a9d069: use local go for mod check
  • f7188e3d: add dependabot for GitHub Actions

Clair

  • 11cb491f: allow TLS for API server
  • c1d51a66: update for config package changes

Clairctl

  • a8c7ebe9: uniform import/export compression
  • 872ba0b1: add additional report flags
  • ac80e5d8: add retries to manifest fetching
  • dc3d1148: internal client improvements

Client

Config

  • e0f865ad: add deprecation notice to max_conn_pool
  • d2152205: MarshalText on value receiver
  • 2cc4af7e: auto-size concurrent request capacity
  • 1b4a736d: add tls for http API
  • 9d2575d1: update sample config for crda-matcher
  • 69e53bae: add documentation to all exported types
  • cc7d8a37: consolidate and document default values
  • 7bcfc206: move to use Mode and LogLevel types
  • 9033bc9f: implement and use validator interface
  • 63c26ab8: add linter
  • 6759ce5c: add test for struct tags
  • c6b2d3c5: swap notifier config structs
  • 1f4ed842: use json for unmarshal test
  • 11509eef: move notifier structs into this package
  • 0439169a: remove yaml.Node in API
  • eb64aa50: struct ordering and simplifications
  • 579719a3: remove unused FilterSets method
  • ae7e5a3b: do base64 encoding smarter

Contrib

  • 45fae9fa: Better visualization of API latency.
  • 56c1fe90: Update grafana dashboard to relect new metrics names
  • c88c406f: revert headless service
  • 136f8e6b: grafana dashboard updates
  • e2ff9a6b: make indexer service headless
  • 3af15937: adding missing template variables
  • b49b8f75: need to have single braces for strings
  • e9a0ded5: add initContainer to wipe VPC on startup
  • ded05191: add set podManagementPolicy to Parallel
  • eddad2e6: use a real target for generating configMap
  • f0e9108e: different directories for template and configmap
  • 6c78d1fd: add indentation
  • 7c258d39: add grafana configMap
  • 7bfc9f94: update config secret

Deps

Docker-Compose

Docs

  • 8cc4bf29: update max_conn_pool
  • 722c0deb: link to upstream go package documentation
  • 7d93d376: add crda remote matcher details

Go.Mod

Grafana

  • c65579fc: Adding GC DB charts to dashboard
  • 9c82a96d: Update dashboard with Notifier metrics

Httptransport

Httputil

Indexer

Initialize

Local-Dev

  • b2d68b39: config changes to restore grafana functionality
  • d0ec89d1: quay: update for other config changes
  • 2a0943b1: prometheus: update endpoints
  • a8348361: pgadmin: update for multiple databases
  • c92b02c2: grafana: update endpoint
  • 3ee44c14: traefik: use file configuration
  • 0fd11207: clair: update default dev config

Makefile

Migrations

Notifier

  • d1e7791a: update to new interfaces
  • fb1c0231: move Service interface here
  • 0733900a: change DeleteNotification to CollectNotifications
  • 4ba6aca0: use external concurrency in Delivery, Poller, Processor
  • df0b2b4a: documentation and simplification pass

Openapi

  • 93a835ec: update OpenAPI spec with delete operations

Postgres

Service

  • e86c1fbf: unify connection string handling
  • 02c0dc21: update for changes in the config package

Webhook

v4.3.6 - 2022-01-14

Chore

Go.Mod

Webhook

  • ca28de41: clone headers out of Config struct

v4.3.5 - 2021-11-19

Chore

v4.3.4 - 2021-11-05

Chore

v4.3.3 - 2021-11-05

Chore

v4.3.2 - 2021-10-29

Chore

Go.Mod

v4.3.1 - 2021-10-28

Chore

v4.3.0 - 2021-10-01

Chore

Contrib

Dockerfile

v4.3.0-rc.0 - 2021-09-28

Chore

Cicd

Clairctl

Config

Contrib

Documentation

Httptransport

  • 22a25484: add Cache-Control header to VulnerabilityReport response
  • 1d6ce962: documentation updates
  • f7fdc906: fix auth test logging

Matcher

  • b3c3e385: default garbage collection on

Notifier

Shutdown

  • 6b7029df: introduce the new NotifyContext

v4.2.3 - 2021-09-28

Chore

v4.2.2 - 2021-08-17

Chore

v4.2.1 - 2021-08-16

Chore

v4.2.0 - 2021-08-10

Chore

Http

  • 4cd09528: rate limit index report requests

Introspection

  • 5b129ad9: capture rate-limited requests

v4.2.0-rc.2 - 2021-07-29

Chore

Deployment

  • c888a3f2: Fix microdnf install inconsistencies

v4.2.0-rc.1 - 2021-07-20

All

  • 9ce2af3f: remove jzelinskie from codeowners

Chore

Clairctl

  • 45538e0c: add support for s3 registries using V4
  • Fixes #1264### Config
  • af6a1f49: omit Authorization header for empty claims
  • Fixes #1283### Docker
  • 22ee21df: reflect quay Dockerfile updates

Httptransport

Initialize

Introspection

Keymanager

Local-Dev

  • 0285c300: add grafana to docker-compose
  • 5df0b7b4: remove whitelist env var for quay conf

Matcher

  • 49bfd4d7: disable updaters creates empty updater sets
  • Fixes #1273### Migrations
  • cef8142a: add future key table removal

Notifier

Openapi

Service

  • d1ca564c: remove KeyManager and KeyStore

Services

  • b3e490db: disable transport compression in matcher

Webhook

v4.1.6 - 2021-09-28

Chore

v4.1.5 - 2021-08-17

Chore

v4.1.4 - 2021-08-16

Chore

v4.1.3 - 2021-08-11

Chore

v4.1.2 - 2021-08-06

Chore

Introspection

  • 804cbedb: use the response recorder
  • #1318### Services
  • bc60dcc2: disable transport compression in matcher

v4.1.1 - 2021-06-15

Chore

Clairctl

  • 343e7da0: add support for s3 registries using V4
  • Fixes #1264### Config
  • ad9eccf9: omit Authorization header for empty claims
  • #1284

v4.1.0 - 2021-05-13

All

  • 66387930: use RateLimiter where it seems appropriate

Chore

Cicd

  • 8b0cdb38: use golang major version tag for dev env
  • c1895c43: use quay.io/projectquay/golang image

Claircore

  • bc2b0591: update to use new libvuln API

Clairctl

Httputil

  • ed8ffc50: create package and RateLimiter

Initialize

  • 5df82e19: update call to Libindex contstructor

Introspection

v4.1.0-alpha.3 - 2021-05-04

Chore

Cicd

Config

  • 1f9b5657: validate based on combo mode or not

Httptransport

  • 9e67501d: fix LatestUpdateOperations method

Notifier

  • 6d331530: check msg contents in integration tests
  • cc4a10ff: remove direct zerolog use

Tests

v4.1.0-alpha.2 - 2021-04-09

Chore

  • e0eea383: v4.1.0-alpha.2 changelog bump

Codec

v4.1.0-alpha.1 - 2021-04-05

All

  • a5bfaeb3: switch to using codec package

Chore

Cicd

  • b1145e3a: sort changelog by semver
  • 7dc55fa9: bump in go.16, bump out go1.14
  • d5e57afb: enable CI on stable branches
  • f7737e58: fix openshift ci/cd script
  • 30c0311a: update golang container for go-mod in app-sre
  • cb656dfb: add notifier to app interface
  • 9254ab66: use quay.io image in CI and Dockerfile

Clair

Claircore

Clairctl

Client

Config

Docs

  • 0f230f99: add support matrix
  • 102ae88d: update cli reference
  • 9d0a2b20: fix psk related config references
  • 44303dcc: install clairctl correctly
  • a3bb1b6d: use correct clairctl subcommands
  • Closes #1122### Documentation
  • 2e659250: modified testing.md for clarity
  • #1180### Httptransport
  • 21dc720a: add mime type to indexer and matcher handler
  • 8616cc68: return Accepted when not ready
  • 1ac26daf: fix panic in metrics registration
  • 7305b3d7: use correct handler for state endpoint
  • df5e7f96: check for err before deferring resp.Body.Close()

Initialize

  • 8a2df099: remove New function
  • 2d27ae5c: add standalone initialization functions

Instrospection

  • b78f954d: bump to opentelemetry 0.16.0

Introspection

Local-Dev

  • 1c85589a: remove unintented change in config.yaml

Logging

Matcher

Notifier

  • e7bf3b17: construct notification objects directly
  • 99622021: do AffectedManifests calls in chunks

Severity_mapping

Updaters

v4.0.6 - 2021-06-15

Chore

Cicd

Clairctl

v4.0.5 - 2021-04-16

Chore

v4.0.4 - 2021-03-25

Chore

Cicd

Initialize

  • 7c4787bf: wire up DisableUpdaters option

v4.0.3 - 2021-03-12

Chore

v4.0.2 - 2021-02-18

Chore

Client

v4.0.1 - 2021-02-15

Chore

v4.0.0 - 2020-12-15

Chore

Reverts

  • Dockerfile: Get build image from Quay instead of DockerHub
  • cicd: use golang image from quay.io

v4.0.0-rc.24 - 2020-12-11

Chore

v4.0.0-rc.23 - 2020-12-07

Chore

Cicd

  • 30444f3b: use golang image from quay.io

v4.0.0-rc.22 - 2020-12-02

Chore

Documentation

v4.0.0-rc.21 - 2020-12-01

Chore

Cidi

  • a576bf29: bump create pull request action

Clairctl

  • 835af272: fix and codify import arguments
  • b9ef1073: update import and export online help
  • 9883e80f: unifiy config, client handling

Config

  • dc8ba891: expose notification summary toggle
  • bb3cd669: add 'omitempty' to 'updaters' config struct for correct marshalling

Direct-Delivery

  • ea564d48: Fix slices in direct notifier

Dockerfile

  • c18563d9: Get build image from Quay instead of DockerHub

Docs

  • 425fc38a: add clairctl's new powers to the reference
  • f4169c43: Add information about AMQP delivery compatibility

Local-Dev

Notifier

v4.0.0-rc.20 - 2020-11-02

Chore

v4.0.0-rc.19 - 2020-10-26

Chore

Config

  • 157628df: add custom config marshaling

Go.Mod

v4.0.0-rc.18 - 2020-10-21

Chore

Notifier

v4.0.0-rc.17 - 2020-10-19

Chore

Cicd

Clairctl

  • 2363778b: add environment variables for clairctl

Docs

  • dc4bda49: add Makefile target to build docs website

Local-Dev

Notifier

v4.0.0-rc.16 - 2020-10-09

Chore

Cicd

v4.0.0-rc.15 - 2020-10-09

Chore

Cicd

  • d7582487: maybe there's some newline issues

v4.0.0-rc.14 - 2020-10-09

Chore

Cicd

v4.0.0-rc.13 - 2020-10-09

Chore

Cicd

v4.0.0-rc.12 - 2020-10-08

Chore

Cicd

  • 28dcd944: parallelize release process, keep test failures

Clairctl

  • b1fee08e: update some interactive help

Go.Mod

Local-Dev

  • 3b602925: make quay container ignore validations

Notifier

  • 0c1554e9: ensure Content-Type header present in webhook notification
  • a2d5f9b9: copy url struct

Pull Requests

  • Merge pull request #1086 from alecmerdler/webhook-notifier-headers

v4.0.0-rc.11 - 2020-10-02

Chore

Config

  • a4e04105: allow HTTP client to specify claims
  • 5aba7278: ensure yaml/json struct tag for auth 'Issuer' field are the same

Notifier

  • 57e1ed0a: pass configured client into notifier

Pull Requests

  • Merge pull request #1078 from alecmerdler/fix-issuer-struct-tag

v4.0.0-rc.10 - 2020-10-01

Chore

Cicd

Docs

Go.Mod

Httptransport

  • 2c9762b0: remove redundant method check

Openapi

  • 015d862d: yamllint and spellcheck
  • d06dabfe: change OperationIDs for notification endpoints

v4.0.0-rc.9 - 2020-09-29

Cicd

  • 04fab4a7: build container with local checkout

v4.0.0-rc.8 - 2020-09-29

Chore

Cicd

v4.0.0-rc.7 - 2020-09-29

Chore

Cicd

  • 195ce7a5: move container building out of container

v4.0.0-rc.6 - 2020-09-29

Chore

Cicd

  • f6aa6e6e: use multiline string for clairctl build command

v4.0.0-rc.5 - 2020-09-29

Chore

Cicd

v4.0.0-rc.4 - 2020-09-29

Chore

Cicd

Docs

Httptransport

  • e1144aaf: made discovery endpoint more Accepting

Misc

Notifier

  • 7d95067f: remove first update constraint

v4.0.0-rc.3 - 2020-09-23

Auth

Chore

Client

Deployment

  • bc4c3243: use service prefix for simplified path routing

Docs

Logging

v4.0.0-rc.2 - 2020-09-11

Chore

  • f41fba50: bump cc and golang container

v4.0.0-rc.1 - 2020-09-10

Auth

  • 29ed5f60: use better guesses for "aud" claim
  • 6932ad32: add keyserver algorithm allowlist
  • dc91ec9e: test multiple PSK signing algorithms

Clairctl

Config

  • 03cf7555: update matcher configurables
  • daf2e296: reorganize updater configuration

Deployment

Httptransport

Initialize

  • 98c8ffd6: wire through new configuration options

Local-Dev

  • d1b60120: implement quay local development

Notifier

v4.0.0-alpha.7 - 2020-06-01

Config

  • 3ccc6e03: add support for per-scanner configuration

Dockerfile

Go.Mod

Httptransport

v4.0.0-alpha.6 - 2020-05-01

Go.Mod

  • ef5fbc4d: bump claircore version for severity fix

v4.0.0-alpha.5 - 2020-04-30

Config

v4.0.0-alpha.4 - 2020-04-20

Config

Httptransport

v4.0.0-alpha.3 - 2020-04-14

Clair

Clairctl

Client

  • 1ba68911: add differ and refactor client

Config

  • b2666e57: set a canonical default port

Dockerfile

  • 33da12a3: run as unprivledged user by default

Documentation

  • fe324a58: start writing v4-specific docs

Httptransport

Workflows

Pull Requests

  • Merge pull request #955 from alecmerdler/openapi-fixes

v4.0.0-alpha.2 - 2020-03-26

*

.Github

  • 9b1f2058: add stale and issue template enforcement

API

  • 0151dbae: change api port to api addr, rename RunV2 to Run.
  • Fixes #446- a378cb07: drop v1 api, changed v2 api for Clair v3.

All

Alpine

  • 59e6c628: refactor fetcher & git pull on update
  • 9be305d1: truncate namespace to "vMAJOR.MINOR"
  • f8457b98: compile alpine into clair binary
  • 3d90cac4: add support for v3.4 YAML schema

Api

  • 69c0c843: Rename detector type to DType
  • 48427e9b: Add detectors for RPC
  • dc6be5d1: remove handleShutdown func
  • 30644fcc: remove dependency on graceful
  • 58022d97: renamed V2 API to V3 API for consistency.
  • c6f0eaa3: fix remote addr shows reverse proxy addr problem
  • a4edf385: v2 api with gRPC and gRPC-gateway
  • Fixes #98- 6a50bbb8: fix 404 error logging
  • 7aa88690: WriteHeader on health endpoint
  • Fixes #141- f14e4de4: fix anchor link in docs
  • 3563cf90: fix pagination token that's returned to match what has been passed
  • 274a1620: log instead of panic when a response could not be marshaled
  • 8d767005: add call duration in logs
  • 418ab08c: adjust postLayer error codes
  • f40f6a5a: add missing link field in vulnerability in getLayer
  • 0e9a7e17: close gzip writer to flush it
  • db974ae7: fix postLayer response headers
  • 6f02119c: add bad requests to insert layer
  • ca2b0ccf: support gzip responses
  • c7aa7c4d: reorder constants and add comments
  • 4516d6fd: make postLayer returns a Layer
  • d19a4348: implement fernet encryption of pagination tokens
  • b8c534cd: fix putVulnerability (fill missing Namespace.Name and Name fields)
  • c2061dc6: fix negative timestamps in notifications
  • f68012de: fix 404->500 and NPE issues
  • c504d2ed: add FeatureFromDatabaseModel
  • f351d630: add "Content-Type" and "Server" headers
  • 2d8d9ca4: finish initial work on v1 API
  • b9a6da4a: implement delete notification
  • 96e96d94: handle last page for notifications
  • 3eaae478: implement get notification
  • 116ce1a8: fix log message when stopping the API server
  • c05848e3: implement put vulnerability
  • 8209922c: implement delete vulnerability
  • dc99d45f: refactor endpoints and implement get vulnerability
  • 6ac9b5e6: fix graceful stop
  • 9a8d4aa5: implement post vulnerability
  • 38aeed4f: implement get namespaces route
  • b916fba4: implement delete layer route
  • 04c73519: use pointers in models to get proper omitempty semantics
  • 1a5aa88b: use only one layer envelope
  • fa45d516: add JSON tags to API models
  • d130d2fa: implement getLayer
  • 6b3f95dc: fix /v1 router and some status codes
  • be9423b4: add request / response types and rename some fields
  • 822ac7ab: add initial work on the new API
  • 6e20993b: simplify getLayer route and JSON output
  • e8b16175: return 400 if we can't extract a layer
  • 99463822: Extracted client cert & HTTP JSON Render to utils.
  • 9db0e634: Specify what packages cause the layer to have vulnerabilities.

Api,Database

  • a75b8ac7: updated version_format documentation.
  • Fixes #514### Api/Database
  • 6d2eedf1: add the layer name that add each feature in getLayer
  • e444e93c: Add the ability to delete layers

Api/Prometheus

  • 83b19b61: add prometheus metrics to API routes

Api/V1

  • ebd0170f: fix JSON struct tag misnomer
  • d4522e9c: indexed layers for notifications
  • 68250f39: create namespace type
  • Fixes #99### Api/V3
  • 32b11e54: Add feature type to API feature
  • f550dd16: remove dependency on google empty message
  • d7a751e0: prototool format

Api/V3/Clairpb

Api/Worker

CODEOWNERS

Clair

  • 42b1ba9f: use Etag header to communicate indexer state change
  • fd5993f9: add "mode" argument
  • 40913295: change version information
  • 8cbddd18: better introspection server defaults
  • c097454c: logging and introspection setup
  • a003aa41: add configuration for introspection
  • d9db7c15: use "Updaters" config option
  • 48daeaea: fix header casing
  • fb28e569: remove os.Exit call on clean shutdown
  • 8039e1c9: add authorization checking
  • 1b413362: update claircore to 0.0.14
  • 791610f1: remove goautoneg
  • 7b6ef7da: reset writers when pulled from pool
  • ad73d747: remove vendor directory
  • 00eff59a: rewrite imports
  • 1f2ceeb8: create module
  • c6497dda: Fix namespace update logic
  • 465687fa: Add more logging on ancestry cache hit
  • 5b237649: Use builder pattern for constructing ancestry
  • 02832401: Implement worker detector support
  • 88961527: move worker to top level package
  • e5c567f3: mv notifier to top level
  • 9c63a639: mv updater clair and mv severity to db
  • 343e24eb: remove types package
  • 19e9d123: catch both SIGINT and SIGTERM for graceful shutdown

Clair Logic, Extensions

  • fb32dcfa: updated mock tests, extensions, basic logic

Clairctl

Cmd

  • 0342a2a3: make pagination key error clearer

Cmd/Clair

Config

Contrib

  • 76b9f8ea: replace old k8s manifests with helm
  • ac1cdd03: move grafana and compose here
  • 5540d02b: delete unsupported tools
  • f3840f30: Revert "Merge pull request #367 from jzelinskie/analyze-layers-v2"
  • #367- d76c549d: add missing :=
  • #367 - Fixes #368- e772be5f: only extract layers from history
  • ff3c6ecc: Catch signals to delete tmp folder in local-analyze-images
  • 55e9c0d8: Fix dead link from analyze-local-images' README
  • 1040dbbf: Use return instead of os.Exit(1) in analyze-local-images
  • Fixes #117- 251df954: Add a ability to force colored output in analyze-local-images
  • f0245762: Add vendors to analyze-local-images
  • 80ddc7f9: Pretty up analyze-local-images
  • e3417102: Add colors / Modify spacing in the analyze-local-images's output
  • 93ffc5a1: Show feature line only if there's a vuln in analyze-local-images
  • 910288fc: Add minimum severity support to analyze-local-images
  • 001c0a73: adapt analyze-local-images for new API
  • fee0bb5e: load image history from 'manifest.json' first due to docker 1.10 changes.
  • Fixes #69- 75aff038: check-openvz-mirror-with-clair fix license
  • 8b137e8a: add copyright in check-openvz-mirror-with-clair
  • 7df8e7fb: add copyright in analyze-local-images
  • 867279a5: Improve analyze-local-images docs and launch command.
  • Fixes #32- 9391417b: Wait for extraction to finish before continuing.
  • 8d071e28: Don't pass -z to tar in analyze-local-images
  • 46f7645a: Add a tool to analyze local Docker images

Contrib/Analyze-Local-Images

  • e1035286: use exit(1) when there are vulnerabilities

Contrib/Helm/Clair

Convert

  • f2ce8325: return nil when detector is empty

Database

  • 506698a4: add mapping for Ubuntu Eoan (19.10)
  • 1ddc0532: Handle FindAncestryAndRollback datastore.Begin() error
  • Fixes #828- 6617f560: Rename affected type to feature type (for Amazon Linux updater)
  • 3fafb73c: Split models.go into different files each contains one model
  • 1b9ed996: Move db logic to dbutil
  • 961c7d46: add test for lock expiration
  • a4e7873d: make locks SOI & add Extend method
  • 5fa1ac89: Add StorageError type
  • f6167535: Update feature model Remove source name/version fields Add Type field to indicate if it's binary package or source package
  • 7dd989c0: Rename affected Type to feature type
  • 00eed77b: Add feature_type database model
  • dd91597f: remove FindLock from mock
  • 399deab1: remove FindLock()
  • 300bb526: add FindLock dbutil
  • 4fbeb9ce: add (Acquire|Release)Lock dbutils
  • 6c682da3: add mapping for Ubuntu Cosmic (18.10)
  • a3f7387f: Add FindKeyValue function wrapper
  • 00fadfc3: Add affected feature type
  • f759dd54: Replace Parent Feature with source metadata
  • 3fe894c5: Add parent feature pointer to Feature struct
  • a3e9b5b5: rename utility functions with commit/rollback
  • e657d263: move dbutil and testutil to database from pkg
  • db2db8bb: Update database model and interface for detectors
  • e1606167: Use LayerWithContent as Layer
  • ff930390: changed Notification interface name
  • a5c64000: postgres implementation with tests.
  • b99e2b50: Add some missing copyright headers
  • 629d2ce6: Mock Datastore interface
  • e7b960c0: Allow specifying datastore driver by config
  • Fixes #145- 79ba99bb: Fix invalid error message
  • 9b191fb5: Find the FeatureVersion we try to insert before doing any lock
  • 84319507: use constants to store queries
  • 06531e01: disable hash/merge joins in FindLayer
  • 18f2d7e6: modify join table in FindLayer to reduce cost by 3.5x
  • b5d8f995: fix notification test (wrong signature)
  • f0816d2c: add docs about the interface
  • d3b14106: ignore insertLayer collisions to make it truly idempotent
  • e3a25e53: ignore min versions during new vulnerability insertions
  • 883be876: fix Ping() method in PostgreSQL's implementation
  • f8b4a52f: make notification tests more robust (old/new, update/delete vulnerabilities)
  • ccaaff00: add created_at field for layers and vulnerabilities
  • 94ece7bf: fix notification design and add vulnerability history
  • 99f35524: add Insert/DeleteVulnerabilityFix
  • 03d904c6: improve PostgreSQL test inits and cleanups
  • 8f9779e2: cache feature version upon lookup
  • 1e4ded6f: add ability to list namespaces
  • 35df7ca0: fix feature version cache
  • 8be18a0a: write more of the notification system
  • d3d689a2: don't prune locks when we renew one
  • 26908003: create notification during vulnerability insertion
  • 63ebddfd: add vulnerability deletion support
  • 21f152c0: fix keyvalue/notification tests
  • 563b3825: let handleErrors deal with the not found case
  • 5759af5b: test and fix layer updates
  • 248fc7df: fix cache collision (feature & feature versions)
  • 92b734d0: remove an useless query in FindLayer
  • bd17dfb5: ensure that concurrent vulnerability/feature versions insertions work fine
  • 74fc5b3e: add missing transaction commits and close opened statement before inserting feature versions.
  • c5d1a8e5: update vulnerabilities only when necessary
  • 1b53142e: allow removing fixed packages in vulnerabilities
  • 7c70fc1c: add initial vulnerability support
  • 3a786ae0: add lock support
  • 6a9cf21f: log and mask SQL errors
  • 970756cd: do insert/find layers (with their features and vulnerabilities)
  • 32747a5f: Don't ignore empty results in toValue(s)()
  • 3fe3f3a4: Update cayley and use Triple instead of Quad
  • 9fc29e29: put missing predicates in consts and un-expose some of them
  • Fixes #16- 8285c567: Improve InsertVulnerabilities.
  • cfa960d6: Update Cayley to fix slow deletions
  • 915903c1: Fix to a locking issue with PostgreSQL
  • 8aacc8bf: Ensure that quads in a tx are applied in the desired order.
  • 3a1d0602: Use an estimator in Cayley's Size() w/ PostgreSQL
  • b0142e19: reduce pruneLocks/Unlock transaction.
  • 7f1ff8f9: reduce InsertPackages transaction

Database/Api

Database/Models

  • 0305dde9: MetadataMap decodes from string

Database/Pgsql

Database/Worker

Datastore

  • 57b146d0: updated for Clair V3, decoupled interfaces and models

Db/Pgsql/Feature

Db/Pgsql/Migration

Dckerfile

Detectors/Feature

Detectors/Namespace

Dockerfile

Dockerfile

Docs

  • 49b5621d: fix typo in running-clair
  • 9ee2ff48: add troubleshooting about kernel packages
  • 3f91bd2a: turn README into full articles
  • 821a608b: add links to contrib tools
  • 6e8e6ad2: fix broken link
  • 107582c9: Correct docker-compose command
  • 12c47e40: split http and json code blocks
  • 37a58260: improve GET/POST /v1/layers documentation
  • 859b1942: fix the docker cli of running clair in README.md
  • fd6fdbd3: update config example
  • 93291726: provide information to run Clair in README
  • 7b608ced: Add missing field in API Example
  • ec0decfc: fix a typo in the model
  • Fixes #43### Documentation
  • 3e6896c6: fix links to presentations
  • Closes #661 - Closes #665 - Closes #560### Documentation
  • c1a58bf9: add new 3rd party tool

Driver

Drone

Example Config

Ext

  • 25078ac8: add CleanAll() utility functions
  • 081ae34a: remove duplicate vectorValuesToLetters definition
  • 4f0da12b: pass through CVSSv3 impact and exploitability score
  • 8efc3e40: remove unneeded use of init()
  • 699d1143: fixup incorrect copyright year
  • b81e4454: Parse CVSSv3 data from JSON NVD feed
  • 14277a8f: Add JSON NVD parsing tests
  • aab46f56: Parse NVD JSON feed instead of XML
  • 8d5a0131: Use SHA256 instead of SHA1 for fingerprinting
  • 53bf19ae: Lister and Detector returns detector info with detected content
  • cda3d481: feature detector -> featurefmt
  • 71a8b542: misc doc comment fixes
  • fb193e1f: namespace detector -> featurens
  • d9be34c3: data detector -> imagefmt
  • f9b31908: lock all drivers

Ext/Featurefmt

  • 1c40e7d0: Refactor featurefmt testing code

Ext/Featurefmt/Apk

  • 2cc61f9f: Extract origin package information from database
  • b2f2b2c8: handle malformed packages

Ext/Featurefmt/Dpkg

Ext/Featurefmt/Rpm

  • a057e4a9: Extract source package from rpm database

Ext/Featurens

Ext/Vulnsrc/Alpine

Ext/Vulnsrc/Oracle

Ext/Vulnsrc/Rhel

Ext/Vulnsrc/Ubuntu

Feature

Featurefmt

  • 34c2d96b: Extract PotentialNamespace
  • 0e0d8b38: Extract source packages and binary packages The featurefmt now extracts both binary packages and source packages from the package manager infos.
  • 9561d623: use namespace's versionfmt to specify listers

Featurens

  • 947a8aa0: Ensure RHEL is correctly identified
  • Fixes #436- 50437f32: fix detecting duplicated namespaces problem
  • 75d5d40d: added multiple namespace testing for namespace detector

Fetchers/Alpine

Fix

  • 4e49aaf3: lock updater - return correct bool value

Github

Gitutil

  • 11b67e61: Fix git pull on non-git repository directory
  • Fixes #641### Glide
  • 165c397f: add errgroup and regenerate vendor
  • d846c508: refresh dependencies

Go.Mod

Godeps

  • 213468a6: Remove implicit git submodules

HELM

  • 81430ffb: also add option for nodeSelector
  • 6a94d8cc: add option for tolerations

Helm

  • 690d26ed: change postgresql connection string format in configmap template
  • Fixes #561- 7a06a7a2: Fixed a typo in maintainers field.

Helm

  • 710c6553: allow for ingress path configuration in values.yml

Helm Chart

  • bc6f37f1: Use Secret for config file. Fix some minor issues
  • Fixes #581### Imagefmt
  • 891ce169: Move layer blob download logic to blob.go

Indexer

Integrations

Layer

Main

  • 7ca9127b: default config to /etc/clair/config.yml
  • eb7e5d5c: Use configuration file instead of flags and simplify app extension.

Mapping

Namespace

New API

  • a541e964: list vulnerabilities by namespace

Notifier

  • 927af43b: Verify that the given webhook endpoint is an absolute URL
  • 2fb815dc: Add proxy parameter to webhook notifier
  • 136b9070: add README
  • 904ce600: add a timeout on the http client
  • 4478f40e: fix notifier error handling and improve web hook error message
  • f4a4d417: Rename HTTP to Webhook Notifier
  • 2ea86c53: fix a bug that prevented graceful shutdown in certain cases
  • 480589a8: retry upon failure
  • 3ff8bfaa: Allow custom notifiers to be registered.
  • b3828c9c: add ServerName configuration for TLS
  • 20a126c8: Refactor and add client certificate authentification support.
  • Fixes #23### Notifier/Database
  • ad0531ac: refactor notification system and add initial Prometheus support
  • c60d0054: draft new notification system

Nvd

Openapi

Osrelease-Detector

  • d88f7978: avoid colliding with other detectors

PgSQL

  • 57a4f977: fixed invalidating vulnerability cache query.

Pgsql

  • 0731df97: Remove unused test code
  • dfa07f6d: Move notification to its module
  • 921acb26: Split vulnerability.go to files in vulnerability module
  • 7cc83ccb: Split ancestry.go to files in ancestry module
  • 497b79a2: Add test for migrations
  • ea418cff: Split layer.go to files in layer module
  • 176c69e5: Move namespace to its module
  • 98e81ff5: Move keyvalue to keyvalue module
  • ba50d7c6: Move lock to lock module
  • 0b32b36c: Move detector to pgsql/detector module
  • c50a2339: Split feature.go to table based files in feature module
  • 43f3ea87: Move batch queries to corresponding modules
  • a3305063: Move extra logic in pgsql.go to util folder
  • 8bebea36: Split testutil.go into multiple files
  • b03f1bc3: Fix failed tests
  • ed9c6baf: Fix pgsql test
  • 5bf8365f: Prevent inserting invalid entry to database
  • 8aae73f1: Remove unnecessary logs
  • 79af05e6: Fix postgres queries for feature_type
  • 073c685c: Add proper tests for database migration
  • c6c8fce3: Add feature_type to initial schema
  • a57d8067: fix unchecked error
  • 0c1b80b2: Implement database queries for detector relationship
  • 9c49d9dc: Move queries to corresponding files
  • dca2d4e5: Add detector to database schema
  • 53433090: update the query format
  • aea74550: Expand layer, namespace column widths
  • ca9f340a: only select distinct layers
  • ea73aa15: searchNotificationLayerIntroducingVulnerability order by layer ID
  • 7a3dd5c8: Disable hashjoins to get introducing layers for notifications
  • dc8f7102: Reduce cost of GetNotification by 2.5
  • ec0aad9b: Use booleans instead of varchar to return creation status
  • cd23262e: Do not insert entry in Vulnerability_FixedIn_Feature if existing
  • Fixes #238- b8865b21: Replace liamstask/goose by remind101/migrate
  • Fixes #93- 5d8336ac: use subquery to plan GetNotification query (#182)
  • #182- 51f9c5dc: remove unnecessary join used in GetNotification (#179)
  • #179### Pgsql/Migrations
  • 224ff825: fix dpkg default versionfmt
  • eeb13a02: add index on Vulnerability_Notification.deleted_at
  • 7cff31a0: add ldfv compound index

Pkg

  • c3904c96: Add fsutil to contian file system utility functions
  • 78cef02f: cerrors -> commonerr
  • 03bac0f1: utils/tar.go -> pkg/tarutil

Pkg/Gitutil

Pkg/Grpcutil

Pkg/Pagination

Pkg/Stopper

Pkg/Timeutil

Prometheus

Psql

Psql/Migrations

README

ROADMAP

  • e9eb761d: refresh with current priorities

Readme

  • a8c58d4e: add various talks & slides
  • 93f7f10b: replace latest by v1.2.2 and add reference to container repositories
  • 49fa75a6: split "Related Links" into projects/slides (#177)
  • #177 - Fixes #173- b3837673: add dependencies to getting started
  • 0979b01a: add terminology and generic customization
  • d47616a3: make API description consistence
  • af0ddcea: s/notification/notifications
  • 2140995a: clarify "marked as read" notifications
  • f48f94cb: continue to nitpick
  • cadc182c: add travis-ci badge

Redhatrelease

  • ce8d31bb: override match for RHEL hosts

Refactor

  • 4a990372: move updaters and notifier into ext

Style

Tarutil

Travis

  • 870e8123: Drop support for postgres 9.4 postgres 9.4 doesn't support ON CONFLICT, which is required in our implementation.

Update Documentation

Update The Ingress To Use ApiVersion

Updater

  • 7084a226: extract deduplicate function
  • e16d17dd: remove original RunUpdate()
  • 0d41968a: reimplement fetch() with errgroup
  • 6c5be7e1: refactor to use errgroup
  • 2236b0a5: Add vulnsrc affected feature type
  • 0d18a629: sleep before continuing the lock loop
  • Fixes #415- edfadc2f: Log fetch completion
  • b792eb61: copy whole namespace when deduping vulns
  • 96398465: Set vulns' Severity from NVD metadata fetcher if unknown
  • 1c3daa23: minimize vulns' lock duration in the NVD metadata fetcher
  • be97db52: enable fetching of RHEL 5 vulnerabilities (#217)
  • #217 - Fixes #215- 34f62ef1: delete Ubuntu's repository upon bzr errors
  • Fixes #169- 45ed80df: remove useless error
  • 2126259c: use a better link for Ubuntu vulnerabilities and rename some constants
  • 431c0ccb: add a clean function to fetchers
  • 3ecb8b69: ignore "ubuntu-core" in the Ubuntu fetcher
  • 8e852348: ensure that ubuntu's notes are unique
  • 99de7592: namespace and split Ubuntu/RHEL vulnerabilities
  • 847c6492: update RHEL fetcher and add not-affected capability
  • ea59b0e4: update Ubuntu fetcher and add not-affected capability
  • 7e72eb10: ignore Debian's "temp" vulnerabilities
  • 77387af2: port updater and its fetchers
  • 452f7018: move each fetcher to its own package
  • e91365f4: fix typos
  • 712aa11b: Add support for Ubuntu Vivid Core and ignore Vivid PhoneOverlay
  • c055c33c: Fix Ubuntu's partial update bug.
  • a7b683d4: Refactor and merge fetcher responses
  • Fixes #17 - #19- 2452a8fc: Always use bzr revno to get Ubuntu db's revision number.
  • Fixes #7### Updater
  • a14b3728: fix stuck updater process

Updater,Pkg/Timeutil

Updater/Database

  • 7c11e4eb: do not create notifications during the initial update

Updater/Fetchers

Updater/Worker

Upgrade To Golang

Utils

Utils/Http

V1

V3

  • 88f50691: Analyze layer content in parallel
  • dd239762: Move services to top of the file
  • 9f5d1ea4: associate feature and namespace with detector

Various

Vendor

  • 41063221: Update gopkg.in/yaml.v2 package
  • 34d0e516: Add golang-set dependency
  • 55ecf1e5: regenerate after removing graceful
  • 1533dd1d: updated vendor dir for grpc v2 api
  • 35df9d58: regenerate vendor directory with glide
  • 50d07ccf: rm everything to prep for regeneration

Versionfmt

  • 8d29bf86: convert to using constant over literal
  • 6864a8ef: init rpm versionfmt

Versionfmt/Dpkg

  • 1e9f14ae: remove leading digit requirement

Versionfmt/Rpm

Vulnmdsrc

  • ce6b0088: update NVD URLs
  • Fixes #575### Vulnsrc
  • 72674ca8: Refactor vulnerability sources to use utility functions

Vulnsrc Rhel

Vulnsrc/Alpine

Vulnsrc/Ubuntu

  • 456af5f4: use new git-based ubuntu tracker

Vulnsrc_oracle

Worker

  • 23ccd9b5: Fix tests for feature_type
  • f0e21df7: fixed duplicated ns and ns not inherited bug
  • ce6eba9f: Rewrite unknown namespace warning
  • 8bedd0a3: ns detectors now support VersionFormat
  • de1f09e8: clarify maxFileSize purpose
  • Fixes #237- 2cb23ced: bump engine version
  • 8551a0a3: Mock datastore in worker's tests
  • bae5a5e3: remove duplicated tests
  • c2605e0b: verify download status code
  • 41736e46: DetectData should return an error if the supported detector failed
  • 98ed0419: remove double error
  • 9b51f7f4: raise worker version number
  • 2f57f0d4: change worker errors to bad request errors
  • b3ddfbc3: remove namespace whitelist
  • 90fe137d: move each data detector to their own packages and remove image format whitelist
  • 34842fd8: fix dpkg detector and adapt tests
  • 343ce398: detect the status code when downloading a layer and expect 2XX.
  • ac0e68ef: Add a missing CleanURL

Worker/Database

  • a38fbf6c: Move upgrade detection logic out of database to worker

Workflows

Reverts

  • Merge pull request #199 from openSUSE/feature/opensuse
  • v1: pagination now deterministic

Pull Requests

  • Merge pull request #949 from alecmerdler/PROJQUAY-494
  • Merge pull request #936 from ldelossa/louis/interface-refactor
  • Merge pull request #933 from ldelossa/louis/config-and-make
  • Merge pull request #930 from ldelossa/louis/middleware-packaging
  • Merge pull request #929 from ldelossa/louis/cc-bump-v0.0.17
  • Merge pull request #924 from ldelossa/louis/severity-mapping
  • Merge pull request #903 from ldelossa/louis/environment-api
  • Merge pull request #897 from ldelossa/louis/state-json
  • Merge pull request #890 from ldelossa/louis/remove-healthhandler
  • Merge pull request #877 from mtougeron/update-ingress-apiversion
  • Merge pull request #873 from coreos/code-owners-update
  • Merge pull request #867 from andrewsharon/ubuntu19.10
  • Merge pull request #861 from thekbb/fix-broken-link-i-missed
  • Merge pull request #856 from thekbb/fix-links
  • Merge pull request #860 from jzelinskie/bump-v2-master
  • Merge pull request #851 from Allda/log-fix
  • Merge pull request #774 from Allda/updater_fix
  • Merge pull request #839 from noahklein/nvd-status-error
  • Merge pull request #829 from peacocb/peacocb-828-dos-on-ancestry-post
  • Merge pull request #831 from MVrachev/patch-1
  • Merge pull request #818 from vsamidurai/master
  • Merge pull request #822 from imlonghao/bullseye
  • Merge pull request #817 from ldelossa/remove-detectors
  • Merge pull request #755 from Allda/openshift_cert
  • Merge pull request #808 from coreos/add-louis
  • Merge pull request #797 from jzelinskie/drone
  • Merge pull request #805 from ldelossa/remove-ancestry-copy
  • Merge pull request #794 from ldelossa/local-dev-readme-update
  • Merge pull request #793 from ldelossa/local-dev-clair-db
  • Merge pull request #788 from ldelossa/helm-local-dev
  • Merge pull request #780 from jzelinskie/CODEOWNERS
  • Merge pull request #779 from jzelinskie/mailing-list
  • Merge pull request #773 from flumm/disco
  • Merge pull request #671 from ericysim/amazon
  • Merge pull request #766 from Allda/lock_timeout
  • Merge pull request #742 from bluelabsio/path-templating
  • Merge pull request #739 from joelee2012/master
  • Merge pull request #749 from cnorthwood/tarutil-glob
  • Merge pull request #741 from KeyboardNerd/parallel_download
  • Merge pull request #738 from Allda/potentialNamespaceAncestry
  • Merge pull request #721 from KeyboardNerd/cache
  • Merge pull request #735 from jzelinskie/fix-sweet32
  • Merge pull request #722 from Allda/feature_ns
  • Merge pull request #724 from KeyboardNerd/ref
  • Merge pull request #728 from KeyboardNerd/fix
  • Merge pull request #727 from KeyboardNerd/master
  • Merge pull request #725 from KeyboardNerd/license_test
  • Merge pull request #723 from jzelinskie/lock-tx
  • Merge pull request #720 from KeyboardNerd/update_ns
  • Merge pull request #695 from saromanov/fix-unchecked-error
  • Merge pull request #712 from KeyboardNerd/builder
  • Merge pull request #672 from KeyboardNerd/source_package/feature_type
  • Merge pull request #685 from jzelinskie/updater-cleanup
  • Merge pull request #701 from dustinspecker/patch-1
  • Merge pull request #700 from traum-ferienwohnungen/master
  • Merge pull request #680 from Allda/slices
  • Merge pull request #687 from jzelinskie/suse-config
  • Merge pull request #686 from jzelinskie/fix-presentations
  • Merge pull request #679 from kubeshield/master
  • Merge pull request #506 from openSUSE/reintroduce-suse-opensuse
  • Merge pull request #681 from Allda/rhel_severity
  • Merge pull request #667 from travelaudience/helm-tolerations
  • Merge pull request #656 from glb/elsa_CVEID
  • Merge pull request #650 from Katee/add-ubuntu-cosmic
  • Merge pull request #653 from brosander/helm-dep
  • Merge pull request #648 from HaraldNordgren/go_versions
  • Merge pull request #647 from KeyboardNerd/spkg/cvrf
  • Merge pull request #644 from KeyboardNerd/bug/git
  • Merge pull request #645 from Katee/include-cvssv3
  • Merge pull request #646 from KeyboardNerd/spkg/model
  • Merge pull request #640 from KeyboardNerd/sourcePackage
  • Merge pull request #639 from Katee/update-sha1-to-sha256
  • Merge pull request #638 from KeyboardNerd/featureTree
  • Merge pull request #633 from coreos/roadmap-1
  • Merge pull request #620 from KeyboardNerd/feature/detector
  • Merge pull request #627 from haydenhughes/master
  • Merge pull request #624 from jzelinskie/probot
  • Merge pull request #621 from jzelinskie/gitutil
  • Merge pull request #610 from MackJM/wip/master_nvd_httputil
  • Merge pull request #499 from yebinama/rhel_CVEID
  • Merge pull request #619 from KeyboardNerd/sidac/rm_layer
  • Merge pull request #617 from jzelinskie/grpc-refactor
  • Merge pull request #614 from KeyboardNerd/sidac/simplify
  • Merge pull request #613 from jzelinskie/pkg-pagination
  • Merge pull request #611 from jzelinskie/drop-graceful
  • Merge pull request #605 from KeyboardNerd/sidchen/feature
  • Merge pull request #606 from MackJM/wip/master_httputil
  • Merge pull request #607 from jzelinskie/gofmt
  • Merge pull request #604 from jzelinskie/nvd-urls
  • Merge pull request #601 from KeyboardNerd/sidchen/status
  • Merge pull request #594 from reasonerjt/fix-alpine-url
  • Merge pull request #578 from naibaf0/fix/helmtemplate/configmap/postgresql
  • Merge pull request #586 from robertomlsoares/update-helm-chart
  • Merge pull request #582 from brosander/helm-alpine-postgres
  • Merge pull request #571 from ErikThoreson/nvdupdates
  • Merge pull request #574 from hongli-my/fix-nvd-path
  • Merge pull request #572 from arno01/multi-stage
  • Merge pull request #540 from jzelinskie/document-proto
  • Merge pull request #569 from jzelinskie/ubuntu-git
  • Merge pull request #553 from qeqar/master
  • Merge pull request #551 from usr42/upgrade_to_1.10-alpine
  • Merge pull request #538 from jzelinskie/dockerize-protogen
  • Merge pull request #537 from tomer-1/patch-1
  • Merge pull request #532 from KeyboardNerd/readme_typo
  • Merge pull request #508 from joerayme/bug/436
  • Merge pull request #528 from KeyboardNerd/helm_typo
  • Merge pull request #522 from vdboor/master
  • Merge pull request #521 from yebinama/paclair
  • Merge pull request #518 from traum-ferienwohnungen/master
  • Merge pull request #513 from leandrocr/patch-1
  • Merge pull request #517 from KeyboardNerd/master
  • Merge pull request #505 from ericchiang/coc
  • Merge pull request #484 from odg0318/master
  • Merge pull request #498 from bkochendorfer/contributing-link
  • Merge pull request #482 from yfoelling/patch-1
  • Merge pull request #487 from ajgreenb/db-connection-backoff
  • Merge pull request #488 from caulagi/patch-1
  • Merge pull request #485 from yebinama/proxy
  • Merge pull request #481 from coreos/stable-release-issue-template
  • Merge pull request #479 from yebinama/nvd_vectors
  • Merge pull request #477 from bseb/master
  • Merge pull request #469 from zamarrowski/master
  • Merge pull request #475 from dctrud/clair-singularity
  • Merge pull request #467 from grebois/master
  • Merge pull request #465 from jzelinskie/github
  • Merge pull request #463 from brunomcustodio/fix-ingress
  • Merge pull request #459 from arthurlm44/patch-1
  • Merge pull request #458 from jzelinskie/linux-vulns
  • Merge pull request #450 from jzelinskie/move-token
  • Merge pull request #454 from InTheCloudDan/helm-tls-option
  • Merge pull request #455 from zmarouf/master
  • Merge pull request #449 from jzelinskie/helm
  • Merge pull request #447 from KeyboardNerd/ancestry_
  • Merge pull request #448 from jzelinskie/woops
  • Merge pull request #444 from jzelinskie/docs-refresh
  • Merge pull request #432 from KeyboardNerd/ancestry_
  • Merge pull request #442 from arminc/add-integration-clari-scanner
  • Merge pull request #433 from mssola/portus-integration
  • Merge pull request #408 from KeyboardNerd/grpc
  • Merge pull request #423 from jzelinskie/sleep-updater
  • Merge pull request #418 from KeyboardNerd/multiplens
  • Merge pull request #410 from KeyboardNerd/xforward
  • Merge pull request #416 from tianon/debian-buster
  • Merge pull request #413 from transcedentalia/master
  • Merge pull request #403 from KeyboardNerd/multiplens
  • Merge pull request #407 from swestcott/kubernetes-config-fix
  • Merge pull request #394 from KeyboardNerd/multiplens
  • Merge pull request #382 from caipre/patch-1
  • Merge pull request #395 from knqyf263/handle_tilde
  • Merge pull request #392 from jzelinskie/https-sec-db
  • Merge pull request #390 from KeyboardNerd/fernet
  • Merge pull request #389 from jzelinskie/revendor
  • Merge pull request #387 from jzelinskie/rm-analyze-local-images
  • Merge pull request #385 from KeyboardNerd/logrus
  • Merge pull request #381 from KeyboardNerd/bill-of-materials
  • Merge pull request #373 from josuesdiaz/fix_analyze_local
  • Merge pull request #378 from jzelinskie/oracle-update-fix
  • Merge pull request #374 from tianon/new-ubuntu-releases
  • Merge pull request #371 from caipre/add-logging
  • Merge pull request #370 from jzelinskie/featurens
  • Merge pull request #369 from jzelinskie/fix-ali
  • Merge pull request #367 from jzelinskie/analyze-layers-v2
  • Merge pull request #366 from jzelinskie/fixoracle
  • Merge pull request #361 from jzelinskie/ROADMAP.md
  • Merge pull request #363 from davidxia/patch-1
  • Merge pull request #362 from jzelinskie/malformedpkg
  • Merge pull request #360 from jzelinskie/cleanup
  • Merge pull request #359 from matslina/patch-1
  • Merge pull request #357 from jzelinskie/readme-reboot
  • Merge pull request #352 from kevinburke/fix-404
  • Merge pull request #354 from kevinburke/change-readme-text
  • Merge pull request #347 from jzelinskie/composeup
  • Merge pull request #348 from supereagle/update-image-spec-url
  • Merge pull request #341 from pizzarabe/Readme_Alpine35
  • Merge pull request #340 from coreos/philips-patch-1
  • Merge pull request #338 from pgburt/paulb-prod-users-integrations
  • Merge pull request #335 from jzelinskie/fixns
  • Merge pull request #334 from supereagle/update-dockerfile
  • Merge pull request #331 from supereagle/insecure-tls
  • Merge pull request #328 from jgsqware/master
  • Merge pull request #327 from jzelinskie/bad-ns-copy
  • Merge pull request #326 from Quentin-M/alpine_dfile
  • Merge pull request #324 from Quentin-M/log_ns
  • Merge pull request #325 from Quentin-M/alpine_dfile
  • Merge pull request #316 from jzelinskie/fix-alpine
  • Merge pull request #305 from jzelinskie/ext
  • Merge pull request #309 from jzelinskie/fixmigration6
  • Merge pull request #308 from jzelinskie/fixpagination
  • Merge pull request #307 from jzelinskie/layeridorder
  • Merge pull request #302 from jzelinskie/rmimage
  • Merge pull request #301 from jzelinskie/readme-git
  • Merge pull request #298 from jzelinskie/versions
  • Merge pull request #300 from miketheman/patch-1
  • Merge pull request #299 from alexei-led/master
  • Merge pull request #295 from jzelinskie/fixmigrationorder
  • Merge pull request #290 from Djelibeybi/oraclelinux-support
  • Merge pull request #288 from jzelinskie/200mb
  • Merge pull request #289 from jzelinskie/revert-suse
  • Merge pull request #287 from jzelinskie/enginebump
  • Merge pull request #272 from jzelinskie/alpine
  • Merge pull request #282 from jzelinskie/layer-sort-id
  • Merge pull request #280 from coreos/add_idx_deleted_at
  • Merge pull request #281 from coreos/dis_hashjoins_introducing
  • Merge pull request #277 from jzelinskie/travispg
  • Merge pull request #279 from coreos/searchintro_optimize
  • Merge pull request #278 from jzelinskie/layerdiffindex
  • Merge pull request #276 from jzelinskie/index
  • Merge pull request #274 from JensPiegsa/patch-1
  • Merge pull request #271 from Quentin-M/nvd_severity
  • Merge pull request #270 from Quentin-M/imp_docs
  • Merge pull request #263 from Quentin-M/rhel_unique_fixedin
  • Merge pull request #261 from Quentin-M/replace_goose
  • Merge pull request #262 from jzelinskie/travis
  • Merge pull request #257 from mattmoor/yakkety
  • Merge pull request #199 from openSUSE/feature/opensuse
  • Merge pull request #236 from robszumski/doc-link
  • Merge pull request #235 from jzelinskie/doc-move
  • Merge pull request #229 from vbatts/redhatrelease_detector
  • Merge pull request #216 from optiopay/doc-klar-ref
  • Merge pull request #205 from Quentin-M/readme_v122
  • Merge pull request #206 from Quentin-M/godeps_implsubmod
  • Merge pull request #186 from Quentin-M/delete_ubuntu_repository
  • Merge pull request #196 from jgsqware/integrate-glide
  • Merge pull request #188 from databus23/patch-1
  • Merge pull request #165 from Quentin-M/db_registration
  • Merge pull request #166 from jzelinskie/authlayer
  • Merge pull request #158 from Quentin-M/contrib_cleanup_signals
  • Merge pull request #143 from jzelinskie/travis
  • Merge pull request #142 from jzelinskie/healthfix
  • Merge pull request #139 from coreos/webhook_proxy
  • Merge pull request #137 from coreos/fix_k8s
  • Merge pull request #126 from harsha-y/master
  • Merge pull request #118 from coreos/cleanup_contrib
  • Merge pull request #123 from coreos/contrib_fix_deadlink
  • Merge pull request #116 from BWITS/master
  • Merge pull request #110 from jzelinskie/config-fixes
  • Merge pull request #111 from jzelinskie/dockerfile-update
  • Merge pull request #108 from philips/add-k8s-contrib
  • Merge pull request #107 from Quentin-M/reduce_logo
  • Merge pull request #106 from Quentin-M/logo
  • Merge pull request #105 from coreos/crtrb_forcecolor
  • Merge pull request #104 from coreos/ctrb_minseverity
  • Merge pull request #103 from jzelinskie/fix-config
  • Merge pull request #101 from Quentin-M/ctrb_minseverity
  • Merge pull request #100 from jzelinskie/namespaces
  • Merge pull request #96 from jzelinskie/rootyamlkey
  • Merge pull request #85 from keloyang/allowHost
  • Merge pull request #94 from unageanu/support-docker-compose
  • Merge pull request #82 from liangchenye/getvulns
  • Merge pull request #91 from Quentin-M/fix_pprof
  • Merge pull request #90 from jzelinskie/README-deps
  • Merge pull request #89 from Quentin-M/fv_find_before_lock
  • Merge pull request #83 from coreos/readme-feature-namespace
  • Merge pull request #81 from coolljt0725/fix_readme
  • Merge pull request #79 from liangchenye/v1doc
  • Merge pull request #77 from coreos/simplify
  • Merge pull request #76 from coreos/sp
  • Merge pull request #71 from Quentin-M/sql
  • Merge pull request #75 from sjourdan/fix_vuln_typo
  • Merge pull request #73 from maxking/doc
  • Merge pull request #74 from mnuessler/causedByPackage
  • Merge pull request #70 from liangchenye/read-manifest
  • Merge pull request #67 from Quentin-M/master
  • Merge pull request #65 from jzelinskie/fixdockerfile
  • Merge pull request #49 from liangchenye/master
  • Merge pull request #59 from davidxia/patch1
  • Merge pull request #52 from Quentin-M/custom_notifiers
  • Merge pull request #53 from coreos/ubdater
  • Merge pull request #46 from coreos/fix_sql_tovalue
  • Merge pull request #47 from coreos/sn
  • Merge pull request #51 from coolljt0725/update_analyze_local_image_doc
  • Merge pull request #50 from coolljt0725/fix_stop
  • Merge pull request #44 from Quentin-M/configfile
  • Merge pull request #42 from Quentin-M/triple
  • Merge pull request #35 from mrqwer88/check_openvz_mirror_with_clair
  • Merge pull request #29 from Quentin-M/notifier_tls
  • Merge pull request #22 from Quentin-M/predcst
  • Merge pull request #41 from coreos/travisfix
  • Merge pull request #33 from Quentin-M/insertvulns
  • Merge pull request #36 from coreos/gc
  • Merge pull request #39 from coreos/travis
  • Merge pull request #37 from Quentin-M/updater_refactor
  • Merge pull request #38 from Quentin-M/causedby
  • Merge pull request #26 from stapelberg/patch-1
  • Merge pull request #25 from fatalbanana/patch-1
  • Merge pull request #21 from coreos/updatefix
  • Merge pull request #24 from coreos/jonboulle-patch-1
  • Merge pull request #18 from Quentin-M/local-analysis
  • Merge pull request #11 from Quentin-M/bzr_parsing
  • Merge pull request #6 from Quentin-M/reduce_tx
  • Merge pull request #4 from Quentin-M/reduce_tx