microsoft
/
component-detection
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
735 коммитов 43 Ветки 147 Теги 10 MiB
Граф коммитов

735 Коммитов

Автор SHA1 Сообщение Дата
renovate[bot] a206ec6f8d
chore(deps): update dependency coverlet.msbuild to v3 (#156) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-07-01 09:33:10 -07:00
Fernando Rojo d83ffee8ea
Fix error in parsing default library (#164) 2022-06-30 16:52:06 -07:00
Fernando Rojo a2bfed5f69
Contract Update to allow deserialization of DockerReference (#163) 
* Contract Update to allow deserialization of DockerReference

* Updates To allow deserialization

* remove Typed Component change
 2022-06-30 23:09:03 +00:00
renovate[bot] 1a4962ac92
chore(deps): update dependency microsoft.net.test.sdk to v17 (#158) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-06-30 08:48:04 -07:00
renovate[bot] fc97f54351
chore(deps): update dependency microsoft.net.test.sdk to v16.11.0 (#154) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-06-29 17:18:13 -07:00
renovate[bot] a9682ef809
chore(deps): update dependency nuget.projectmodel to v5.11.2 (#150) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-06-29 17:17:57 -07:00
renovate[bot] b2ceda7c7f
chore(deps): update dependency moq to v4.18.1 (#149) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-06-29 17:10:19 -07:00
renovate[bot] c3b46d773f
chore(deps): update dependency microsoft.sourcelink.github to v1.1.1 (#155) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-06-29 17:10:07 -07:00
renovate[bot] 29d02b805b
chore(deps): update dependency fluentassertions to v6.7.0 (#148) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Jamie Magee <jamie.magee@gmail.com>
 2022-06-29 17:09:54 -07:00
renovate[bot] 10eef321f6
chore(deps): update dependency nuget.versioning to v5.11.2 (#151) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-06-29 16:59:34 -07:00
renovate[bot] c8bcf2acd9
chore(deps): update dependency coverlet.msbuild to v2.9.0 (#147) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-06-29 16:12:15 -07:00
renovate[bot] 63f5683221
chore(deps): update dependency commandlineparser to v2.9.1 (#146) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-06-29 15:59:58 -07:00
renovate[bot] 1b8d2b7f9e
chore(deps): update dotnet monorepo (#144) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-06-29 15:51:18 -07:00
renovate[bot] 950a520dcb
chore(deps): update mstest monorepo to v2.2.10 (#145) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-06-29 15:42:22 -07:00
renovate[bot] 0d4bee6f2f
chore(deps): update dependency polly to v7.2.3 (#142) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-06-29 14:54:23 -07:00
renovate[bot] d1cf55228a
chore(deps): update dependency system.memory to v4.5.5 (#143) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-06-29 14:50:35 -07:00
renovate[bot] d5808ee30f
chore(deps): update dependency microsoft.aspnet.webapi.client to v5.2.9 (#140) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-06-29 13:24:11 -07:00
renovate[bot] 1cea61b2d5
chore(deps): update dependency docker.dotnet to v3.125.5 (#137) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-06-29 13:12:08 -07:00
renovate[bot] bb857e0301
chore(deps): update dependency dotnet.glob to v2.1.4 (#138) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-06-29 13:07:46 -07:00
Jamie Magee f999127c00
chore: add basic renovate configuration (#136) 2022-06-29 12:53:30 -07:00
Fernando Rojo f80259f10d
Transcribe docker reference parsing and introduce dockerFile detector (#114) 
Transcribe docker reference parsing and introduce dockerFile detectors/submission

Co-authored-by: Jamie Magee <jamagee@microsoft.com>
 2022-06-29 12:14:00 -07:00
Tom Fay 0c86fefdfd
bump syft to support Mariner distroless containers (#133) 
* bump syft to support Mariner distroless

Signed-off-by: Tom Fay <tomfay@microsoft.com>

* use ACR syft image

Signed-off-by: Tom Fay <tomfay@microsoft.com>
 2022-06-28 12:02:52 -07:00
Coby Allred 94e82076fa
Add SourceDirectory to ScanResult output (#135) 2022-06-28 11:57:46 -07:00
Juan Carlos Fiorenzano 46e8e80563
Fixed pnpm detector failing parsing link dependencies (#129) 
When the detector found a link dependency it failed the detection and the rest of components where not scanned. This change ignore the link dependencies and allow the dectector to continue parsing the rest of the file.
 2022-06-20 15:21:06 -07:00
Juan Carlos Fiorenzano c5c4f9d271
log info when the go cli is not present (#128) 
* log info when the go cli is not present

* Fixed null reference exception

The command is null if there is an invalid attribute

* Avoid warning users about unexpected relationship when is an empty relationship
 2022-06-16 11:32:53 -07:00
Teo Voinea 25d300c8fa
Support target specific cargo dependencies (#27) 
* Support target specific dependencies for the cargo detector

* Tests

* Forgot to commit the tests...

* Bump detector versions

* Run tests and fix them :)

* Bump detector versions

Co-authored-by: Coby Allred <cobya@github.com>
 2022-06-15 08:52:00 -07:00
Tom Fay c9bbe6726d
Add support for newer RPM based distros (Mariner 2.0) (#123) 
* Update syft to support Mariner 2.0

Signed-off-by: Tom Fay <tomfay@microsoft.com>
 2022-06-10 19:04:07 +01:00
Rushabh 9b2ceec4fb
In Go detector, Added error log to expose go cli error. (#118) 2022-05-17 15:32:13 -07:00
Rushabh 0bab2eea89
Enable GoCliDetector by default. Using env variable 'DisableGoCliDetector=true" to manually disable GoCliDetector. (#113) 
Previously, the Go-Detector by default scanned the manifest and generated components. We were using EnableGoCliScan env. variable to activate the Go Cli Detector. With this change, the use of EnableGoCliScan is removed. The Go detector by default uses Cli scan.

To manually override this behavior, new env. variable DisableGoCliScan is introduced.
 2022-05-09 11:09:56 -07:00
Jiahong Wen 7bf1182b4b
Add Path field to SPDX Detector (#112) 2022-04-27 20:49:42 +00:00
dependabot[bot] 05c2119c16
Bump github/codeql-action from 1 to 2 (#110) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-27 09:23:11 -07:00
Greg Villicana 6e1d270d35
Go CLI detector enhancement (`go list -m all`) (#105) 
* Go CLI enhancement, include only modules in build list
 2022-04-21 16:23:13 -07:00
Greg Villicana 164770f451
Fix Go CLI cyclic dependency graph (#103) 
* Fix Go CLI cyclic dependency graph
 2022-04-13 15:36:05 -07:00
dependabot[bot] 6c26b9d021
Bump shogo82148/actions-upload-release-asset from 1.6.1 to 1.6.2 (#101) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-12 15:41:12 -07:00
dependabot[bot] 4a77954784
Bump actions/upload-artifact from 2 to 3 (#99) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-08 22:37:19 +00:00
Rushabh 54dbb564d3
Bug Fix: While parsing maven scope, discard left-over string if present in the scope substring. (#96) 2022-04-06 15:41:46 -07:00
Rushabh 3a17feb7e1
Added dependencyScope detection for maven components (#87) 
* Added "DependencyScope" for scanned component. Currently detection is only active for maven components.
* Added telemetry to keep track of each recorded component.
 2022-04-06 11:24:13 -07:00
dependabot[bot] 63dcae650a
Bump shogo82148/actions-upload-release-asset from 1.4.0 to 1.6.1 (#94) 
Bumps [shogo82148/actions-upload-release-asset](https://github.com/shogo82148/actions-upload-release-asset) from 1.4.0 to 1.6.1.
- [Release notes](https://github.com/shogo82148/actions-upload-release-asset/releases)
- [Commits](https://github.com/shogo82148/actions-upload-release-asset/compare/v1.4.0...v1.6.1)

---
updated-dependencies:
- dependency-name: shogo82148/actions-upload-release-asset
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-05 13:50:32 -07:00
dependabot[bot] 419a5c5058
Bump actions/github-script from 5.0.0 to 6 (#92) 
Bumps [actions/github-script](https://github.com/actions/github-script) from 5.0.0 to 6.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v5.0.0...v6)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-05 13:42:56 -07:00
dependabot[bot] d63aa18699
Bump actions/checkout from 2.3.2 to 3 (#93) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-05 20:29:29 +00:00
dependabot[bot] e9e74fa34d
Bump actions/setup-dotnet from 1 to 2 (#95) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-05 20:27:28 +00:00
Jamie Magee f2f7f7cfff
chore: enable dependabot for github-actions (#86) 2022-04-05 20:25:03 +00:00
Greg Villicana 106b5c0afb
Fix Vcpkg test (#91) 
* Fix Vcpkg test

* nit
 2022-04-05 13:22:45 -07:00
Jamie Magee a3654b5aec
refactor(linux): use a smaller image to test base image annotations (#90) 
* refactor(linux): use a smaller image to test base image annotations

Currently we're using an Ubuntu image, which is >100MB for unit tests. This is a large image for build machines and users to pull in for a single unit test, especially when we're only checking annotations.

This PR instead uses the `docker.io/library/hello-world:latest` image, which weighs in at a whopping 13KB.

* UTC time
 2022-04-04 14:34:40 -07:00
Robert Schumacher a990db1c84
Initial implementation of VcpkgDetector and VcpkgComponent (#52) 
* Initial implementation of VcpkgDetector and VcpkgComponent

* Fix warnings

* Initial implementation of VcpkgDetector and VcpkgComponent

* Fix warnings

* Update src/Microsoft.ComponentDetection.Detectors/vcpkg/VcpkgComponentDetector.cs

* Address PR comments. Add parsing for Annotations.

* Use DateTime property for annotation object

* Add tests for VcpkgComponentDetector

* Satisfy format detector

* Update src/Microsoft.ComponentDetection.Detectors/vcpkg/VcpkgComponentDetector.cs

Co-authored-by: Greg Villicana <58237075+grvillic@users.noreply.github.com>
 2022-03-30 17:13:15 -07:00
Anton Kovalyov 9c00871de8
Initial implementation of SPDX22 Detector (#81) 
* Add SPDX detector code and basic tests

* update test.

* Remove version property and add suppressions for intentinal warnings. Add test spdx file for verification tests.

* PR feedback.
 2022-03-29 13:49:24 -07:00
Coby Allred ee44b89aa2
Migrate IPyPiClient cache to LRU MemoryCache (#80) 
* Migrate IPyPiClient cache to LRU MemoryCache
* Update test formatting
* Update Caching.Memory to 3.1.23
* Address PR comments
* StyleCop
 2022-03-24 15:35:29 -07:00
Jamie Magee 2d5a418320
docs: document environment variables (#84) 2022-03-24 15:12:38 -07:00
Coby Allred bb502a8f18
Normalize Podfile.lock Git Uris to support git@ (#78) 2022-03-22 16:16:42 -07:00
Jamie Magee 1455d8b6db
fix: log a warning when duplicate components are found in a yarn.lock (#77) 2022-03-17 16:15:16 +00:00