Releases: Kong/public-shared-actions
Releases · Kong/public-shared-actions
v2.5.1
What's Changed
- Defaulting to use grype cdn and skip cache by default by @saisatishkarra in #152
Full Changelog: v2.5.0...v2.5.1
v2.5.0
What's Changed
- fix: omitted severity flags in docker image scan action by @pankajmouriyakong in #142
- SEC-1176 - Option to skip Grype DB caching and tradeoff to use Grype CDN by @pankajmouriyakong in #148
New Contributors
- @pankajmouriyakong made their first contribution in #142
Full Changelog: v2...v2.5.0
v2.4.1
What's Changed
- save grype db cache on updates to avoid using stale cache db by @saisatishkarra in #147
- fix grype cache save and avoid marking cache as readonly by @saisatishkarra in 7ef70a7
- use temporary cache key and restore keys for grype cache by @saisatishkarra in 9570979
- Avoid same cache key overwrite issues when saving cache on multiple invocations by @saisatishkarra in 20348b7
- fix grype db logging condition by @saisatishkarra in 5c685ec
Full Changelog: v2...v2.4.1
v2.4.0
What's Changed
- github-actions(deps): bump anchore/scan-action from 3.6.4 to 4.1.1 in /security-actions/sca by @dependabot in #138
- github-actions(deps): bump anchore/scan-action from 3.6.4 to 4.1.1 in /security-actions/scan-docker-image by @dependabot in #136
- github-actions(deps): bump anchore/sbom-action from 0.16.0 to 0.17.1 in /security-actions/sca by @dependabot in #139
- github-actions(deps): bump anchore/sbom-action from 0.16.0 to 0.17.1 in /security-actions/scan-docker-image by @dependabot in #137
- github-actions(deps): bump docker/login-action from 3.1.0 to 3.2.0 in /security-actions/sign-docker-image by @dependabot in #124
- github-actions(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0 in /security-actions/sign-docker-image by @dependabot in #135
- Run CVE analysis when DB cache or upstream cdn is live by @saisatishkarra in #141
Full Changelog: v2.3.0...v2.4.0
v2.3.0
What's Changed
- Bump sbom-action from v.0.15.11 to v0.16.0 by @saisatishkarra in #123
Full Changelog: v2.2.3...v2.3.0
v2.2.3
What's Changed
- github-actions(deps): bump anchore/sbom-action from 0.15.10 to 0.15.11 in /security-actions/sca by @dependabot in #118
- github-actions(deps): bump anchore/sbom-action from 0.15.10 to 0.15.11 in /security-actions/scan-docker-image by @dependabot in #119
- feat(lua-lint): add an option to make the action fail if the linting fails by @ADD-SP in #121
New Contributors
Full Changelog: v2.2.2...v2.2.3
v2.2.2
What's Changed
- Avoid Grype DB downloads during subsequent invocations of grype scan-action by @saisatishkarra in #115
- chore(deps): bump slsa-framework/slsa-github-generator from 1.10.0 to 2.0.0 by @dependabot in #113
- add separate signature registry opts for image signing by @saisatishkarra in #116
Full Changelog: v2.2.1...v2.2.2
v2.2.1
What's Changed
- fix unnecessary extra inputs in sca action by @saisatishkarra in #112
Full Changelog: v2.2.0...v2.2.1
v2.2.0
What's Changed
- ci(.github): Add SLSA docker image provenance test workflow by @saisatishkarra in #102
- ci(.github): fix permissions for provenance test workflow by @saisatishkarra in #103
- chore(readme): Add usage examples to security actions by @saisatishkarra in #106
- chore(readme): Add vulnerability migration and breakglass strategy fo… by @saisatishkarra in #107
- github-actions(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 in /security-actions/sign-docker-image by @dependabot in #108
- github-actions(deps): bump anchore/sbom-action from 0.15.8 to 0.15.10 in /security-actions/sca by @dependabot in #105
- github-actions(deps): bump docker/login-action from 3.0.0 to 3.1.0 in /security-actions/sign-docker-image by @dependabot in #101
- feat(sbom): option to publish sbom to tags / GH release assets by @saisatishkarra in #109
- github-actions(deps): bump anchore/sbom-action from 0.15.8 to 0.15.10 in /security-actions/scan-docker-image by @dependabot in #104
- add permissions and GH token needed for sbom releases by @saisatishkarra in #110
Full Changelog: v2.1.0...v2.2.0
v2.1.0
What's Changed
- update docker/login-action to v3.0.0 by @lahabana in #98
- ci(deps): bump cosign to v2.2.3 to avoid sigstore TUF invalid key issue by @saisatishkarra in #100
New Contributors
Full Changelog: v2.0.3...v2.1.0