Merge branch 'main' into users/oakeredolu/throttlehttpclient

.github/workflows/codeql-analysis.yml

@@ -26,12 +26,12 @@ jobs:
           fetch-depth: 0
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@ddccb873888234080b77e9bc2d4764d5ccaaccf9 # v2.21.9
+      uses: github/codeql-action/init@fdcae64e1484d349b3366718cdfef3d404390e85 # v2.22.1
       with:
         languages: 'csharp'
 
     - name: Autobuild
-      uses: github/codeql-action/autobuild@ddccb873888234080b77e9bc2d4764d5ccaaccf9 # v2.21.9
+      uses: github/codeql-action/autobuild@fdcae64e1484d349b3366718cdfef3d404390e85 # v2.22.1
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@ddccb873888234080b77e9bc2d4764d5ccaaccf9 # v2.21.9
+      uses: github/codeql-action/analyze@fdcae64e1484d349b3366718cdfef3d404390e85 # v2.22.1

.github/workflows/gen-docs.yml

@@ -43,7 +43,7 @@ jobs:
           EOF
 
       - name: Commit
-        uses: stefanzweifel/git-auto-commit-action@3ea6ae190baf489ba007f7c92608f33ce20ef04a # v4
+        uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5
         with:
           commit_message: 'Update docs'
           file_pattern: '*.md'

.github/workflows/ossf-scorecard.yml

@@ -37,7 +37,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0
+        uses: ossf/scorecard-action@483ef80eb98fb506c348f7d62e28055e49fe2398 # v2.3.0
         with:
           results_file: results.sarif
           results_format: sarif
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@ddccb873888234080b77e9bc2d4764d5ccaaccf9 # v2.21.9
+        uses: github/codeql-action/upload-sarif@fdcae64e1484d349b3366718cdfef3d404390e85 # v2.22.1
         with:
           sarif_file: results.sarif

.github/workflows/release-drafter.yml

@@ -16,7 +16,7 @@ jobs:
       pull-requests: read
     runs-on: ubuntu-latest
     steps:
-      - uses: release-drafter/release-drafter@65c5fb495d1e69aa8c08a3317bc44ff8aabe9772 # v5
+      - uses: release-drafter/release-drafter@09c613e259eb8d4e7c81c2cb00618eb5fc4575a7 # v5
         with:
           disable-autolabeler: true
         env:

.github/workflows/release.yml

@@ -36,7 +36,7 @@ jobs:
         run: dotnet publish --configuration Release --output ./bin --self-contained --runtime ${{ matrix.rid }} -p:PublishSingleFile=true -p:IncludeAllContentForSelfExtract=true -p:DebugType=None -p:PublishTrimmed=false ./src/Microsoft.ComponentDetection
 
       - name: Publish CLI tool
-        uses: shogo82148/actions-upload-release-asset@953d19cc84d8e8ecf80beec5afef40ca68b7e633 # v1.6.6
+        uses: shogo82148/actions-upload-release-asset@dbfb35b0d9069ff70bc1f9e47faba33ee30b2681 # v1.7.0
         continue-on-error: true
         with:
           upload_url: ${{ github.event.release.upload_url }}

Directory.Packages.props

@@ -51,7 +51,7 @@
     <PackageVersion Include="System.Text.Json" Version="6.0.8" />
     <PackageVersion Include="System.Threading.Tasks.Dataflow" Version="7.0.0" />
     <PackageVersion Include="Tomlyn.Signed" Version="0.16.2" />
-    <PackageVersion Include="yamldotnet" Version="13.5.1" />
+    <PackageVersion Include="yamldotnet" Version="13.5.2" />
     <PackageVersion Include="Faker.net" Version="2.0.154" />
     <PackageVersion Include="Valleysoft.DockerfileModel" Version="1.1.0" />
   </ItemGroup>

Dockerfile

@@ -10,7 +10,7 @@ RUN dotnet publish -c Release -o out \
     -p:PublishSingleFile=true \
     ./src/Microsoft.ComponentDetection
 
-FROM mcr.microsoft.com/dotnet/runtime-deps:6.0-cbl-mariner2.0@sha256:b98ce459b124ed1f46f6f061716d8ac209a754b04090eeebb33e68fd11a7bca5 AS runtime
+FROM mcr.microsoft.com/dotnet/runtime-deps:6.0-cbl-mariner2.0@sha256:98e5a9a0d1f8b55564e7412702258996e420e6bc8dbc973a9d0caad0469e8824 AS runtime
 WORKDIR /app
 COPY --from=build /app/out ./
 

src/Microsoft.ComponentDetection.Contracts/TypedComponent/VcpkgComponent.cs

@@ -1,5 +1,6 @@
-namespace Microsoft.ComponentDetection.Contracts.TypedComponent;
+namespace Microsoft.ComponentDetection.Contracts.TypedComponent;
 
+using System.Linq;
 using PackageUrl;
 
 public class VcpkgComponent : TypedComponent
@@ -20,6 +21,11 @@ public class VcpkgComponent : TypedComponent
         this.Triplet = triplet;
         this.Description = description;
         this.DownloadLocation = downloadLocation;
+
+        if (!string.IsNullOrEmpty(downloadLocation) && downloadLocation.ToLower().Contains("https://github.com/"))
+        {
+            this.SetGitRepoProperties();
+        }
     }
 
     public string SPDXID { get; set; }
@@ -36,6 +42,10 @@ public class VcpkgComponent : TypedComponent
 
     public int PortVersion { get; set; }
 
+    public string GitRepositoryOwner { get; set; }
+
+    public string GitRepositoryName { get; set; }
+
     public override ComponentType Type => ComponentType.Vcpkg;
 
     public override string Id
@@ -71,4 +81,22 @@ public class VcpkgComponent : TypedComponent
             }
         }
     }
+
+    private void SetGitRepoProperties()
+    {
+        /* example download locations
+         * "git+https://github.com/leethomason/tinyxml2@9.0.0"
+         * "git+https://github.com/Microsoft/vcpkg#ports/nlohmann-json"
+        */
+        var locationArr = this.DownloadLocation.Split('/');
+        if (!string.IsNullOrEmpty(locationArr[2]))
+        {
+            this.GitRepositoryOwner = locationArr[2];
+        }
+
+        if (!string.IsNullOrEmpty(locationArr[3]))
+        {
+            this.GitRepositoryName = locationArr[3].TakeWhile(ch => char.IsLetterOrDigit(ch)).ToString();
+        }
+    }
 }

src/Microsoft.ComponentDetection.Detectors/pip/SimplePipComponentDetector.cs

@@ -10,7 +10,7 @@ using Microsoft.ComponentDetection.Contracts.Internal;
 using Microsoft.ComponentDetection.Contracts.TypedComponent;
 using Microsoft.Extensions.Logging;
 
-public class SimplePipComponentDetector : FileComponentDetector, IExperimentalDetector
+public class SimplePipComponentDetector : FileComponentDetector, IDefaultOffComponentDetector
 {
     private readonly IPythonCommandService pythonCommandService;
     private readonly ISimplePythonResolver pythonResolver;

src/Microsoft.ComponentDetection.Orchestrator/Commands/ScanSettings.cs

@@ -3,6 +3,7 @@ namespace Microsoft.ComponentDetection.Orchestrator.Commands;
 using System.Collections.Generic;
 using System.ComponentModel;
 using System.IO;
+using System.Text.Json.Serialization;
 using Microsoft.ComponentDetection.Orchestrator.Extensions;
 using Spectre.Console;
 using Spectre.Console.Cli;
@@ -25,12 +26,18 @@ public class ScanSettings : BaseSettings
 
     [CommandOption("--SourceDirectory")]
     [Description("Directory to operate on.")]
+    [JsonIgnore]
     public DirectoryInfo SourceDirectory { get; set; }
 
+    public string SourceDirectorySerialized => this.SourceDirectory?.ToString();
+
     [CommandOption("--SourceFileRoot")]
     [Description("Directory where source files can be found.")]
+    [JsonIgnore]
     public DirectoryInfo SourceFileRoot { get; set; }
 
+    public string SourceFileRootSerialized => this.SourceFileRoot?.ToString();
+
     [CommandOption("--DetectorArgs")]
     [Description(
         "Comma separated list of properties that can affect the detectors execution, like EnableIfDefaultOff that allows a specific detector that is in beta to run, the format for this property is DetectorId=EnableIfDefaultOff, for example Pip=EnableIfDefaultOff.")]
@@ -50,8 +57,11 @@ public class ScanSettings : BaseSettings
 
     [CommandOption("--ManifestFile")]
     [Description("The file to write scan results to.")]
+    [JsonIgnore]
     public FileInfo ManifestFile { get; set; }
 
+    public string ManifestFileSerialized => this.ManifestFile?.ToString();
+
     [CommandOption("--PrintManifest")]
     [Description("Prints the manifest to standard output. Logging will be redirected to standard error.")]
     public bool PrintManifest { get; set; }

test/Microsoft.ComponentDetection.Orchestrator.Tests/Commands/ScanSettingsTests.cs

@@ -1,6 +1,7 @@
 namespace Microsoft.ComponentDetection.Orchestrator.Tests.Commands;
 
 using System.IO;
+using System.Text.Json;
 using FluentAssertions;
 using Microsoft.ComponentDetection.Orchestrator.Commands;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
@@ -45,4 +46,20 @@ public class ScanSettingsTests
 
         result.Successful.Should().BeFalse();
     }
+
+    [TestMethod]
+    public void CanSerialize()
+    {
+        var settings = new ScanSettings
+        {
+            SourceDirectory = new DirectoryInfo(Path.GetTempPath()),
+            Output = "C:\\",
+            ManifestFile = new FileInfo(Path.GetTempFileName()),
+            SourceFileRoot = new DirectoryInfo(Path.GetTempPath()),
+        };
+
+        var action = () => JsonSerializer.Serialize(settings);
+
+        action.Should().NotThrow();
+    }
 }