Dependency Dashboard

[renovate[bot]]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Awaiting Schedule

These updates are awaiting their schedule. Click on a checkbox to get an update now.

• [ ] chore(deps): update golang:1.22.4-bullseye docker digest to a6a5708
• [ ] chore(deps): update nginx:1.27.0 docker digest to 67682bd
• [ ] fix(deps): update github.com/anchore/clio digest to ac88e09
• [ ] fix(deps): update github.com/anchore/stereoscope digest to e46739e
• [ ] chore(deps): update golang docker tag to v1.22.5
• [ ] ci(deps): update actions/download-artifact action to v4.1.8
• [ ] ci(deps): update actions/upload-artifact action to v4.3.4
• [ ] fix(deps): update module github.com/containerd/containerd to v1.7.19
• [ ] build(deps): update dependency crate-ci/typos to v1.23.1
• [ ] chore(deps): update nginxinc/nginx-unprivileged docker tag to v1.27.0
• [ ] ci(deps): update docker/bake-action action to v4.6.0
• [ ] ci(deps): update docker/setup-buildx-action action to v3.4.0
• [ ] fix(deps): update module github.com/anchore/grype to v0.79.2
• [ ] fix(deps): update module github.com/anchore/syft to v1.8.0
• [ ] fix(deps): update module github.com/aquasecurity/trivy to v0.53.0
• [ ] fix(deps): update module github.com/cyclonedx/cyclonedx-go to v0.9.0
• [ ] fix(deps): update module github.com/deepmap/oapi-codegen/v2 to v2.3.0
• [ ] fix(deps): update module github.com/getkin/kin-openapi to v0.126.0
• [ ] fix(deps): update module github.com/go-playground/validator/v10 to v10.22.0
• [ ] fix(deps): update module github.com/samber/slog-logrus/v2 to v2.4.0
• [ ] fix(deps): update module github.com/spf13/viper to v1.19.0
• [ ] fix(deps): update module google.golang.org/grpc to v1.65.0
• [ ] test(deps): update aws-sdk-go-v2 monorepo (github.com/aws/aws-sdk-go-v2, github.com/aws/aws-sdk-go-v2/config, github.com/aws/aws-sdk-go-v2/service/cloudformation, github.com/aws/aws-sdk-go-v2/service/ec2, github.com/aws/aws-sdk-go-v2/service/pricing, github.com/aws/aws-sdk-go-v2/service/s3)
• [ ] test(deps): update azure sdk (github.com/Azure/azure-sdk-for-go/sdk/azcore, github.com/Azure/azure-sdk-for-go/sdk/azidentity, github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5)
• [ ] test(deps): update module golang.org/x/crypto to v0.25.0
• [ ] test(deps): update module google.golang.org/api to v0.187.0
• [ ] chore(deps): update azure bicep to 2024-01-01 (major) (Microsoft.Network/networkInterfaces, Microsoft.Network/networkSecurityGroups, Microsoft.Network/publicIPAddresses, Microsoft.Network/virtualNetworks)
• [ ] ci(deps): update docker/bake-action action to v5
• [ ] ci(deps): update snok/container-retention-policy action to v3
• [ ] fix(deps): update module github.com/checkmarx/kics to v2
• [ ] test(deps): update docker to v27 (major) (github.com/docker/cli, github.com/docker/docker)

Edited/Blocked

These updates have been manually edited so Renovate will no longer make changes. To discard all commits and start over, click on a checkbox.

• [ ] test(deps): update docker (github.com/compose-spec/compose-go/v2, github.com/docker/compose/v2)

---

[!WARNING] Renovate failed to look up the following dependencies: Could not determine new digest for update (go package github.com/Portshift/dockle).

Files affected: scanner/go.mod

---

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• [ ] fix(deps): update github.com/aquasecurity/trivy-db digest to e94dc82
• [ ] chore(deps): update docker.io/bitnami/postgresql docker tag to v16.3.0-debian-12-r19
• [ ] chore(deps): update helm release postgresql to v15.5.14
• [ ] fix(deps): update gorm.io (gorm.io/driver/postgres, gorm.io/driver/sqlite)
• [ ] fix(deps): update module github.com/aws/smithy-go to v1.20.3
• [ ] test(deps): update module cloud.google.com/go/compute to v1.27.2
• [ ] test(deps): update module helm.sh/helm/v3 to v3.15.2
• [ ] build(deps): update dependency orhun/git-cliff to v2.4.0
• [ ] chore(deps): update docker.io/aquasec/trivy docker tag to v0.53.0
• [ ] chore(deps): update docker.io/nginxinc/nginx-unprivileged docker tag to v1.27.0
• [ ] Click on this checkbox to rebase all open PRs at once

Vulnerabilities

5/34 CVEs have Renovate fixes.

gomod

cli/go.mod

github.com/aws/aws-sdk-go

- [GO-2022-0646](https://osv.dev/vulnerability/GO-2022-0646)

github.com/docker/docker

- [GHSA-6hwg-w5jg-9c6x](https://osv.dev/vulnerability/GHSA-6hwg-w5jg-9c6x) - [GHSA-j249-ghv5-7mxv](https://osv.dev/vulnerability/GHSA-j249-ghv5-7mxv)

github.com/mholt/archiver/v3

- [GHSA-rhh4-rh7c-7r5v](https://osv.dev/vulnerability/GHSA-rhh4-rh7c-7r5v) (fixed in > 3.5.1) - [GO-2024-2698](https://osv.dev/vulnerability/GO-2024-2698)

containerruntimediscovery/server/go.mod

github.com/docker/docker

- [GHSA-6hwg-w5jg-9c6x](https://osv.dev/vulnerability/GHSA-6hwg-w5jg-9c6x) - [GHSA-j249-ghv5-7mxv](https://osv.dev/vulnerability/GHSA-j249-ghv5-7mxv)

e2e/go.mod

github.com/aws/aws-sdk-go

- [GO-2022-0646](https://osv.dev/vulnerability/GO-2022-0646)

github.com/docker/docker

- [GHSA-6hwg-w5jg-9c6x](https://osv.dev/vulnerability/GHSA-6hwg-w5jg-9c6x) - [GHSA-j249-ghv5-7mxv](https://osv.dev/vulnerability/GHSA-j249-ghv5-7mxv)

github.com/mholt/archiver/v3

- [GHSA-rhh4-rh7c-7r5v](https://osv.dev/vulnerability/GHSA-rhh4-rh7c-7r5v) (fixed in > 3.5.1) - [GO-2024-2698](https://osv.dev/vulnerability/GO-2024-2698)

orchestrator/go.mod

github.com/aws/aws-sdk-go

- [GO-2022-0646](https://osv.dev/vulnerability/GO-2022-0646)

github.com/docker/docker

- [GHSA-6hwg-w5jg-9c6x](https://osv.dev/vulnerability/GHSA-6hwg-w5jg-9c6x) - [GHSA-j249-ghv5-7mxv](https://osv.dev/vulnerability/GHSA-j249-ghv5-7mxv)

github.com/mholt/archiver/v3

- [GHSA-rhh4-rh7c-7r5v](https://osv.dev/vulnerability/GHSA-rhh4-rh7c-7r5v) (fixed in > 3.5.1) - [GO-2024-2698](https://osv.dev/vulnerability/GO-2024-2698)

plugins/runner/go.mod

github.com/docker/docker

- [GHSA-6hwg-w5jg-9c6x](https://osv.dev/vulnerability/GHSA-6hwg-w5jg-9c6x) - [GHSA-j249-ghv5-7mxv](https://osv.dev/vulnerability/GHSA-j249-ghv5-7mxv)

plugins/store/kics/go.mod

github.com/aws/aws-sdk-go

- [GO-2022-0646](https://osv.dev/vulnerability/GO-2022-0646)

github.com/docker/docker

- [GHSA-6hwg-w5jg-9c6x](https://osv.dev/vulnerability/GHSA-6hwg-w5jg-9c6x) - [GHSA-j249-ghv5-7mxv](https://osv.dev/vulnerability/GHSA-j249-ghv5-7mxv)

provider/go.mod

github.com/docker/docker

- [GHSA-6hwg-w5jg-9c6x](https://osv.dev/vulnerability/GHSA-6hwg-w5jg-9c6x) - [GHSA-j249-ghv5-7mxv](https://osv.dev/vulnerability/GHSA-j249-ghv5-7mxv)

github.com/aws/aws-sdk-go

- [GO-2022-0646](https://osv.dev/vulnerability/GO-2022-0646)

github.com/mholt/archiver/v3

- [GHSA-rhh4-rh7c-7r5v](https://osv.dev/vulnerability/GHSA-rhh4-rh7c-7r5v) (fixed in > 3.5.1) - [GO-2024-2698](https://osv.dev/vulnerability/GO-2024-2698)

scanner/go.mod

github.com/aws/aws-sdk-go

- [GO-2022-0646](https://osv.dev/vulnerability/GO-2022-0646)

github.com/docker/docker

- [GHSA-6hwg-w5jg-9c6x](https://osv.dev/vulnerability/GHSA-6hwg-w5jg-9c6x) - [GHSA-j249-ghv5-7mxv](https://osv.dev/vulnerability/GHSA-j249-ghv5-7mxv)

github.com/mholt/archiver/v3

- [GHSA-rhh4-rh7c-7r5v](https://osv.dev/vulnerability/GHSA-rhh4-rh7c-7r5v) (fixed in > 3.5.1) - [GO-2024-2698](https://osv.dev/vulnerability/GO-2024-2698)

testenv/go.mod

github.com/docker/docker

- [GHSA-6hwg-w5jg-9c6x](https://osv.dev/vulnerability/GHSA-6hwg-w5jg-9c6x) - [GHSA-j249-ghv5-7mxv](https://osv.dev/vulnerability/GHSA-j249-ghv5-7mxv)

Detected dependencies

bicep

installation/azure/vmclarity.bicep

- `Microsoft.Resources/resourceGroups 2024-03-01`

installation/azure/vmclarityDeployModule.bicep

- `Microsoft.Network/networkInterfaces 2023-11-01` - `Microsoft.Network/networkSecurityGroups 2023-11-01` - `Microsoft.Network/virtualNetworks 2023-11-01` - `Microsoft.Network/publicIPAddresses 2023-11-01` - `Microsoft.Compute/virtualMachines 2024-03-01` - `Microsoft.Compute/virtualMachines/extensions 2024-03-01` - `Microsoft.Compute/virtualMachines/extensions 2024-03-01` - `Microsoft.Network/networkSecurityGroups 2023-11-01` - `Microsoft.Storage/storageAccounts 2023-05-01` - `Microsoft.Storage/storageAccounts/blobServices 2023-05-01` - `Microsoft.Storage/storageAccounts/blobServices/containers 2023-05-01` - `Microsoft.Authorization/roleDefinitions 2022-04-01` - `Microsoft.Authorization/roleAssignments 2022-04-01`

installation/azure/vmclarityDiscoverRole.bicep

- `Microsoft.Authorization/roleDefinitions 2022-04-01` - `Microsoft.Authorization/roleAssignments 2022-04-01`

installation/azure/vmclarityManagedIdentity.bicep

- `Microsoft.ManagedIdentity/userAssignedIdentities 2023-01-31`

installation/azure/vmclarityScanRole.bicep

- `Microsoft.Authorization/roleDefinitions 2022-04-01` - `Microsoft.Authorization/roleAssignments 2022-04-01`

docker-compose

installation/docker/docker-compose.postgresql-override.yaml

- `docker.io/bitnami/postgresql 16.3.0-debian-12-r14`

installation/docker/docker-compose.yml

- `nginxinc/nginx-unprivileged 1.26.0` - `ghcr.io/openclarity/exploit-db-server v0.3.0` - `docker.io/aquasec/trivy 0.52.2` - `ghcr.io/openclarity/grype-server v0.7.3` - `ghcr.io/openclarity/freshclam-mirror v0.3.1` - `ghcr.io/openclarity/yara-rule-server v0.3.0` - `swaggerapi/swagger-ui v5.17.14`

testenv/docker/asset/docker-compose.override.yml

- `alpine 3.18.2@sha256:82d1e9d7ed48a7523bdebc18cf6290bdb97b82302a8a9c27d4fe885949ea94d1`

dockerfile

Dockerfile.apiserver

- `docker/dockerfile 1@sha256:e87caa74dcb7d46cd820352bfea12591f3dba3ddc4285e19c7dcd13359f7cefd` - `tonistiigi/xx 1.4.0@sha256:0cd3f05c72d6c9b038eb135f91376ee1169ef3a330d34e418e65e2a5c2e9c0d4` - `golang 1.22.4-bullseye@sha256:067c5c7fe6d79f900c5ebe8351166356d6e3bbfcc6f807030e89b9a929252273` - `alpine 3.20@sha256:b89d9c93e9ed3597455c90a0b88a8bbb5cb7188438f70953fede212a0c4394e0`

Dockerfile.cli

- `docker/dockerfile 1@sha256:e87caa74dcb7d46cd820352bfea12591f3dba3ddc4285e19c7dcd13359f7cefd` - `tonistiigi/xx 1.4.0@sha256:0cd3f05c72d6c9b038eb135f91376ee1169ef3a330d34e418e65e2a5c2e9c0d4` - `golang 1.22.4-bullseye@sha256:067c5c7fe6d79f900c5ebe8351166356d6e3bbfcc6f807030e89b9a929252273` - `ghcr.io/openclarity/vmclarity-tools-base v0.6.0@sha256:dc9779be25bdbd3a8725e768764a223b8ba5fd906fc5afc67b417886086806d8`

Dockerfile.cr-discovery-server

- `docker/dockerfile 1@sha256:e87caa74dcb7d46cd820352bfea12591f3dba3ddc4285e19c7dcd13359f7cefd` - `tonistiigi/xx 1.4.0@sha256:0cd3f05c72d6c9b038eb135f91376ee1169ef3a330d34e418e65e2a5c2e9c0d4` - `golang 1.22.4-bullseye@sha256:067c5c7fe6d79f900c5ebe8351166356d6e3bbfcc6f807030e89b9a929252273` - `alpine 3.20@sha256:b89d9c93e9ed3597455c90a0b88a8bbb5cb7188438f70953fede212a0c4394e0`

Dockerfile.orchestrator

- `docker/dockerfile 1@sha256:e87caa74dcb7d46cd820352bfea12591f3dba3ddc4285e19c7dcd13359f7cefd` - `tonistiigi/xx 1.4.0@sha256:0cd3f05c72d6c9b038eb135f91376ee1169ef3a330d34e418e65e2a5c2e9c0d4` - `golang 1.22.4-bullseye@sha256:067c5c7fe6d79f900c5ebe8351166356d6e3bbfcc6f807030e89b9a929252273` - `alpine 3.20@sha256:b89d9c93e9ed3597455c90a0b88a8bbb5cb7188438f70953fede212a0c4394e0`

Dockerfile.ui

- `docker/dockerfile 1@sha256:e87caa74dcb7d46cd820352bfea12591f3dba3ddc4285e19c7dcd13359f7cefd` - `node 20-slim` - `nginx 1.27.0@sha256:9c367186df9a6b18c6735357b8eb7f407347e84aea09beb184961cb83543d46e`

Dockerfile.uibackend

- `docker/dockerfile 1@sha256:e87caa74dcb7d46cd820352bfea12591f3dba3ddc4285e19c7dcd13359f7cefd` - `tonistiigi/xx 1.4.0@sha256:0cd3f05c72d6c9b038eb135f91376ee1169ef3a330d34e418e65e2a5c2e9c0d4` - `golang 1.22.4-bullseye@sha256:067c5c7fe6d79f900c5ebe8351166356d6e3bbfcc6f807030e89b9a929252273` - `alpine 3.20@sha256:b89d9c93e9ed3597455c90a0b88a8bbb5cb7188438f70953fede212a0c4394e0`

plugins/sdk-go/example/Dockerfile

- `golang 1.22.4-alpine3.19@sha256:c46c4609d3cc74a149347161fc277e11516f523fd8aa6347c9631527da0b7a56` - `alpine 3.20@sha256:b89d9c93e9ed3597455c90a0b88a8bbb5cb7188438f70953fede212a0c4394e0`

plugins/sdk-python/example/Dockerfile

- `python 3.12-slim`

plugins/sdk-python/example/Dockerfile.test

- `ubuntu 24.04` - `ubuntu 24.04`

plugins/store/kics/Dockerfile

- `golang 1.22.4-alpine3.19@sha256:c46c4609d3cc74a149347161fc277e11516f523fd8aa6347c9631527da0b7a56` - `alpine 3.20@sha256:b89d9c93e9ed3597455c90a0b88a8bbb5cb7188438f70953fede212a0c4394e0`

github-actions

.github/workflows/build-and-push-component.yaml

- `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `docker/setup-buildx-action v3.3.0@d70bba72b1f3fd22344832f00baa16ece964efeb` - `actions/cache v4.0.2@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9` - `docker/login-action v3.2.0@0d4c9c5ea7693da7b068278f7b52bda2a190a446` - `docker/bake-action v4.5.0@7a5dfed3550ca014665af2a27af8fc9d7284b9b3` - `actions/upload-artifact v4.3.3@65462800fd760344b1a7b4382951275a0abb4808` - `actions/download-artifact v4.1.7@65a9edc5881444af0b9093a5e628f2fe47ea3b2e` - `docker/setup-buildx-action v3.3.0@d70bba72b1f3fd22344832f00baa16ece964efeb` - `docker/login-action v3.2.0@0d4c9c5ea7693da7b068278f7b52bda2a190a446` - `actions/upload-artifact v4.3.3@65462800fd760344b1a7b4382951275a0abb4808`

.github/workflows/cache-cleanup.yml

- `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332`

.github/workflows/ci.yml

.github/workflows/image-cleanup.yml

- `snok/container-retention-policy v2.2.1@b56f4ff7539c1f94f01e5dc726671cd619aa8072` - `snok/container-retention-policy v2.2.1@b56f4ff7539c1f94f01e5dc726671cd619aa8072` - `snok/container-retention-policy v2.2.1@b56f4ff7539c1f94f01e5dc726671cd619aa8072`

.github/workflows/manual-build-and-push.yaml

- `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `docker/bake-action v4.5.0@7a5dfed3550ca014665af2a27af8fc9d7284b9b3`

.github/workflows/post-release.yaml

- `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/github-script v7.0.1@60a0d83039c74a4aee543508d2ffcb1c3799cdea`

.github/workflows/release.yaml

- `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `docker/login-action v3.2.0@0d4c9c5ea7693da7b068278f7b52bda2a190a446` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/setup-go v5.0.1@cdcb36043654635271a94b9a6d1392de5bb323a7` - `actions/cache v4.0.2@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9` - `actions/upload-artifact v4.3.3@65462800fd760344b1a7b4382951275a0abb4808` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/download-artifact v4.1.7@65a9edc5881444af0b9093a5e628f2fe47ea3b2e` - `ncipollo/release-action v1.14.0@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5`

.github/workflows/reusable-build-and-push.yml

- `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `docker/bake-action v4.5.0@7a5dfed3550ca014665af2a27af8fc9d7284b9b3` - `actions/download-artifact v4.1.7@65a9edc5881444af0b9093a5e628f2fe47ea3b2e` - `marocchino/sticky-pull-request-comment v2.9.0@331f8f5b4215f0445d3c07b4967662a32a2d3e31`

.github/workflows/reusable-end-to-end-testing.yml

- `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/setup-go v5.0.1@cdcb36043654635271a94b9a6d1392de5bb323a7` - `actions/cache v4.0.2@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9` - `engineerd/setup-kind v0.5.0@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0` - `azure/setup-helm v4.2.0@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814`

.github/workflows/reusable-verification.yml

- `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/setup-go v5.0.1@cdcb36043654635271a94b9a6d1392de5bb323a7` - `actions/cache v4.0.2@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `scottbrenner/cfn-lint-action v2.4.2@62f1746de817410fa0058034b4c108ac2692ec81` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/setup-go v5.0.1@cdcb36043654635271a94b9a6d1392de5bb323a7` - `actions/cache v4.0.2@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9` - `actions/cache v4.0.2@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9`

.github/workflows/semantic-pr.yml

- `amannn/action-semantic-pull-request v5.5.3@0723387faaf9b38adef4775cd42cfd5155ed6017` - `marocchino/sticky-pull-request-comment v2.9.0@331f8f5b4215f0445d3c07b4967662a32a2d3e31` - `marocchino/sticky-pull-request-comment v2.9.0@331f8f5b4215f0445d3c07b4967662a32a2d3e31`

.github/workflows/stale.yml

- `openclarity/.github main`

gomod

api/client/go.mod

- `go 1.22.4` - `github.com/deepmap/oapi-codegen/v2 v2.2.0` - `github.com/oapi-codegen/runtime v1.1.1`

api/server/go.mod

- `go 1.22.4` - `github.com/CiscoM31/godata v1.0.10` - `github.com/Portshift/go-utils v0.0.0-20220421083203-89265d8a6487@89265d8a6487` - `github.com/aptible/supercronic v0.2.30` - `github.com/deepmap/oapi-codegen/v2 v2.2.0` - `github.com/evanphx/json-patch v5.9.0+incompatible` - `github.com/getkin/kin-openapi v0.124.0` - `github.com/go-viper/mapstructure/v2 v2.0.0` - `github.com/google/go-cmp v0.6.0` - `github.com/google/uuid v1.6.0` - `github.com/labstack/echo/v4 v4.12.0` - `github.com/oapi-codegen/echo-middleware v1.0.2` - `github.com/oapi-codegen/runtime v1.1.1` - `github.com/onsi/gomega v1.33.1` - `github.com/sirupsen/logrus v1.9.3` - `github.com/spf13/cobra v1.8.1` - `github.com/spf13/viper v1.18.2` - `gorm.io/datatypes v1.2.1` - `gorm.io/driver/postgres v1.5.7` - `gorm.io/driver/sqlite v1.5.5` - `gorm.io/gorm v1.25.10`

api/types/go.mod

- `go 1.22.4` - `github.com/deepmap/oapi-codegen/v2 v2.2.0` - `github.com/oapi-codegen/runtime v1.1.1`

cli/go.mod

- `go 1.22.4` - `github.com/CycloneDX/cyclonedx-go v0.8.0` - `github.com/ghodss/yaml v1.0.0` - `github.com/google/go-cmp v0.6.0` - `github.com/google/uuid v1.6.0` - `github.com/onsi/gomega v1.33.1` - `github.com/sirupsen/logrus v1.9.3` - `github.com/spf13/cobra v1.8.1` - `github.com/spf13/viper v1.18.2` - `github.com/mholt/archiver/v3 v3.5.1` - `github.com/zregvart/helm/v3 v3.0.0-20240610092413-9adc7dbafe42@9adc7dbafe42`

containerruntimediscovery/client/go.mod

- `go 1.22.4`

containerruntimediscovery/server/go.mod

- `go 1.22.4` - `github.com/containerd/containerd v1.7.18` - `github.com/containerd/nerdctl v1.7.6` - `github.com/containers/image/v5 v5.31.1` - `github.com/docker/docker v26.1.4+incompatible` - `github.com/labstack/echo/v4 v4.12.0` - `github.com/sirupsen/logrus v1.9.3` - `github.com/spf13/cobra v1.8.1` - `github.com/spf13/viper v1.18.2`

containerruntimediscovery/types/go.mod

- `go 1.22.4`

core/go.mod

- `go 1.22.4` - `github.com/google/go-cmp v0.6.0` - `github.com/sirupsen/logrus v1.9.3`

e2e/go.mod

- `go 1.22.4` - `github.com/go-viper/mapstructure/v2 v2.0.0` - `github.com/google/uuid v1.6.0` - `github.com/onsi/ginkgo/v2 v2.19.0` - `github.com/onsi/gomega v1.33.1` - `github.com/sirupsen/logrus v1.9.3` - `github.com/spf13/viper v1.18.2` - `github.com/mholt/archiver/v3 v3.5.1` - `github.com/zregvart/helm/v3 v3.0.0-20240610092413-9adc7dbafe42@9adc7dbafe42`

e2e/testdata/go.mod

- `go 1.22.4` - `github.com/google/uuid v1.6.0`

installation/go.mod

- `go 1.22.4`

orchestrator/go.mod

- `go 1.22.4` - `github.com/Portshift/go-utils v0.0.0-20220421083203-89265d8a6487@89265d8a6487` - `github.com/anchore/syft v1.5.0` - `github.com/aptible/supercronic v0.2.30` - `github.com/go-viper/mapstructure/v2 v2.0.0` - `github.com/google/go-cmp v0.6.0` - `github.com/onsi/gomega v1.33.1` - `github.com/sirupsen/logrus v1.9.3` - `github.com/spf13/cobra v1.8.1` - `github.com/spf13/viper v1.18.2` - `gopkg.in/yaml.v3 v3.0.1` - `gotest.tools/v3 v3.5.1` - `k8s.io/apimachinery v0.30.2` - `github.com/mholt/archiver/v3 v3.5.1` - `github.com/zregvart/helm/v3 v3.0.0-20240610092413-9adc7dbafe42@9adc7dbafe42`

plugins/runner/go.mod

- `go 1.22.4` - `github.com/deepmap/oapi-codegen/v2 v2.2.0` - `github.com/docker/docker v26.1.4+incompatible` - `github.com/docker/go-connections v0.5.0`

plugins/sdk-go/example/go.mod

- `go 1.22.4`

plugins/sdk-go/go.mod

- `go 1.22.4` - `github.com/deepmap/oapi-codegen/v2 v2.2.0` - `github.com/getkin/kin-openapi v0.124.0` - `github.com/go-playground/validator/v10 v10.20.0` - `github.com/labstack/echo/v4 v4.12.0`

plugins/store/kics/go.mod

- `go 1.22.4` - `github.com/Checkmarx/kics v1.7.13`

provider/go.mod

- `go 1.22.4` - `cloud.google.com/go/compute v1.27.0` - `github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1` - `github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0` - `github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.7.0` - `github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5 v5.1.1` - `github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.3.2` - `github.com/Masterminds/sprig/v3 v3.2.3` - `github.com/aws/aws-sdk-go-v2 v1.27.2` - `github.com/aws/aws-sdk-go-v2/config v1.27.18` - `github.com/aws/aws-sdk-go-v2/service/ec2 v1.163.1` - `github.com/aws/aws-sdk-go-v2/service/pricing v1.28.7` - `github.com/aws/smithy-go v1.20.2` - `github.com/docker/docker v26.1.4+incompatible` - `github.com/go-viper/mapstructure/v2 v2.0.0` - `github.com/google/go-cmp v0.6.0` - `github.com/onsi/gomega v1.33.1` - `github.com/sirupsen/logrus v1.9.3` - `github.com/spf13/viper v1.18.2` - `golang.org/x/sync v0.7.0` - `google.golang.org/api v0.182.0` - `google.golang.org/grpc v1.64.0` - `google.golang.org/protobuf v1.34.2` - `gopkg.in/yaml.v3 v3.0.1` - `gotest.tools/v3 v3.5.1` - `k8s.io/api v0.30.2` - `k8s.io/apimachinery v0.30.2` - `k8s.io/client-go v0.30.2` - `github.com/mholt/archiver/v3 v3.5.1` - `github.com/zregvart/helm/v3 v3.0.0-20240610092413-9adc7dbafe42@9adc7dbafe42`

scanner/go.mod

- `go 1.22.4` - `github.com/CycloneDX/cyclonedx-go v0.8.0` - `github.com/Portshift/dockle v0.3.2-0.20240611055957-53ff8586f9c7@53ff8586f9c7` - `github.com/anchore/clio v0.0.0-20240606161808-779b8d1ce2db@779b8d1ce2db` - `github.com/anchore/grype v0.78.0` - `github.com/anchore/stereoscope v0.0.3-0.20240624202600-753b5576fe42@753b5576fe42` - `github.com/anchore/syft v1.5.0` - `github.com/aquasecurity/trivy v0.51.4` - `github.com/aquasecurity/trivy-db v0.0.0-20240602051612-79d0fbd1e246@79d0fbd1e246` - `github.com/cenkalti/backoff v2.2.1+incompatible` - `github.com/containers/image/v5 v5.31.1` - `github.com/go-openapi/runtime v0.28.0` - `github.com/go-openapi/strfmt v0.23.0` - `github.com/google/go-cmp v0.6.0` - `github.com/google/go-containerregistry v0.19.2` - `github.com/google/uuid v1.6.0` - `github.com/hashicorp/go-multierror v1.1.1` - `github.com/jinzhu/copier v0.4.0` - `github.com/onsi/gomega v1.33.1` - `github.com/openclarity/grype-server/api v0.0.0-20240619144520-b9ba72524a9c@b9ba72524a9c` - `github.com/openclarity/yara-rule-server v0.3.0` - `github.com/package-url/packageurl-go v0.1.3` - `github.com/samber/slog-logrus/v2 v2.3.0` - `github.com/sirupsen/logrus v1.9.3` - `github.com/tdewolff/parse/v2 v2.7.15` - `github.com/vulsio/go-exploitdb v0.4.6` - `github.com/yudai/gojsondiff v1.0.0` - `golang.org/x/sync v0.7.0` - `gotest.tools/v3 v3.5.1` - `k8s.io/client-go v0.30.2` - `www.velocidex.com/golang/regparser v0.0.0-20240404115756-2169ac0e3c09@2169ac0e3c09` - `github.com/mholt/archiver/v3 v3.5.1` - `github.com/zregvart/helm/v3 v3.0.0-20240610092413-9adc7dbafe42@9adc7dbafe42`

testenv/go.mod

- `go 1.22.4` - `cloud.google.com/go/compute v1.27.0` - `github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1` - `github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0` - `github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.2.0` - `github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.7.0` - `github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5 v5.1.1` - `github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0` - `github.com/aws/aws-sdk-go-v2 v1.27.2` - `github.com/aws/aws-sdk-go-v2/config v1.27.18` - `github.com/aws/aws-sdk-go-v2/service/cloudformation v1.51.3` - `github.com/aws/aws-sdk-go-v2/service/ec2 v1.163.1` - `github.com/aws/aws-sdk-go-v2/service/s3 v1.55.1` - `github.com/compose-spec/compose-go/v2 v2.1.2` - `github.com/distribution/reference v0.6.0` - `github.com/docker/cli v26.1.4+incompatible` - `github.com/docker/compose/v2 v2.27.1` - `github.com/docker/docker v26.1.4+incompatible` - `github.com/ghodss/yaml v1.0.0` - `github.com/go-viper/mapstructure/v2 v2.0.0` - `github.com/onsi/gomega v1.33.1` - `github.com/opencontainers/go-digest v1.0.0` - `github.com/pkg/errors v0.9.1` - `github.com/sirupsen/logrus v1.9.3` - `golang.org/x/crypto v0.24.0` - `google.golang.org/api v0.182.0` - `helm.sh/helm/v3 v3.15.1` - `k8s.io/api v0.30.2` - `k8s.io/apimachinery v0.30.2` - `k8s.io/cli-runtime v0.30.2` - `k8s.io/client-go v0.30.2` - `sigs.k8s.io/kind v0.23.0` - `github.com/zregvart/helm/v3 v3.0.0-20240610092413-9adc7dbafe42@9adc7dbafe42`

uibackend/client/go.mod

- `go 1.22.4` - `github.com/deepmap/oapi-codegen/v2 v2.2.0` - `github.com/oapi-codegen/runtime v1.1.1`

uibackend/server/go.mod

- `go 1.22.4` - `github.com/Portshift/go-utils v0.0.0-20220421083203-89265d8a6487@89265d8a6487` - `github.com/deepmap/oapi-codegen/v2 v2.2.0` - `github.com/getkin/kin-openapi v0.124.0` - `github.com/go-viper/mapstructure/v2 v2.0.0` - `github.com/google/go-cmp v0.6.0` - `github.com/labstack/echo/v4 v4.12.0` - `github.com/oapi-codegen/echo-middleware v1.0.2` - `github.com/oapi-codegen/runtime v1.1.1` - `github.com/onsi/gomega v1.33.1` - `github.com/sirupsen/logrus v1.9.3` - `github.com/spf13/cobra v1.8.1` - `github.com/spf13/viper v1.18.2` - `gotest.tools/v3 v3.5.1`

uibackend/types/go.mod

- `go 1.22.4` - `github.com/deepmap/oapi-codegen/v2 v2.2.0`

utils/go.mod

- `go 1.22.4` - `github.com/go-viper/mapstructure/v2 v2.0.0` - `github.com/moby/sys/mountinfo v0.7.1` - `github.com/onsi/gomega v1.33.1`

workflow/go.mod

- `go 1.22.4` - `github.com/heimdalr/dag v1.4.0` - `github.com/onsi/gomega v1.33.1`

helm-values

installation/kubernetes/helm/vmclarity/values.yaml

- `docker.io/nginxinc/nginx-unprivileged 1.26.0` - `docker.io/bitnami/postgresql 16.3.0-debian-12-r14` - `ghcr.io/openclarity/exploit-db-server v0.3.0` - `docker.io/aquasec/trivy 0.52.2` - `ghcr.io/openclarity/grype-server v0.7.3` - `ghcr.io/openclarity/freshclam-mirror v0.3.1` - `docker.io/swaggerapi/swagger-ui v5.17.14` - `ghcr.io/openclarity/yara-rule-server v0.3.0`

helmv3

installation/kubernetes/helm/vmclarity/Chart.yaml

- `postgresql 15.5.10`

regex

makefile.d/20-tools.mk

- `github.com/goph/licensei 0.9.0` - `github.com/rhysd/actionlint 1.7.1` - `azure-cli 2.55.0` - `Azure/bicep 0.28.1` - `cfn-lint 0.83.4` - `github.com/golangci/golangci-lint 1.59.1` - `mikefarah/yq 4.44.2` - `helm/helm 3.15.2` - `norwoodj/helm-docs 1.13.1` - `orhun/git-cliff 2.3.0` - `crate-ci/typos 1.22.9`

---

• [ ] Check this box to trigger a request for Renovate to run again on this repository

[ramizpolic]

Seems to be a collection of all the open dep PRs. Keeping this open.