-
Notifications
You must be signed in to change notification settings - Fork 567
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue #1227 - Get licenses for NuGet packages #3329
base: main
Are you sure you want to change the base?
Conversation
Signed-off-by: HeyeOpenSource <[email protected]>
Signed-off-by: HeyeOpenSource <[email protected]>
Signed-off-by: HeyeOpenSource <[email protected]>
Improves the go cataloger semver extraction logic to include getting the release version of traefik. This is based off of the regex pattern that already existed in the traefik binary classifier. Signed-off-by: Weston Steimel <[email protected]> Signed-off-by: HeyeOpenSource <[email protected]>
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: wagoodman <[email protected]> Signed-off-by: HeyeOpenSource <[email protected]>
…options dotnetConfig struct. Signed-off-by: HeyeOpenSource <[email protected]>
…ons Catalog struct. Signed-off-by: HeyeOpenSource <[email protected]>
…re#3327) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.12 to 3.26.13. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@c36620d...f779452) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: HeyeOpenSource <[email protected]>
…3326) Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.17.2 to 0.17.3. - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](anchore/sbom-action@61119d4...f5e124a) --- updated-dependencies: - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: HeyeOpenSource <[email protected]>
…09e9e5 (anchore#3331) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: willmurphyscode <[email protected]> Signed-off-by: HeyeOpenSource <[email protected]>
…870434 (anchore#3332) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: willmurphyscode <[email protected]> Signed-off-by: HeyeOpenSource <[email protected]>
Signed-off-by: HeyeOpenSource <[email protected]>
…rs() function in syft/pkg/cataloger/dotnet. Signed-off-by: HeyeOpenSource <[email protected]>
Signed-off-by: HeyeOpenSource <[email protected]>
641818d
to
00e2895
Compare
Just for the record: The configuration can also be influenced by the following four environment variables:
|
Signed-off-by: HeyeOpenSource <[email protected]>
…age provider URLs terminated by '/'. Signed-off-by: HeyeOpenSource <[email protected]>
…hen accessing remote NuGet package repositories. Signed-off-by: HeyeOpenSource <[email protected]>
- Fix remote NuGet license retrieval. - Allow for NuGet package retrieval from package repositories requiring authentication. Signed-off-by: HeyeOpenSource <[email protected]>
Signed-off-by: HeyeOpenSource <[email protected]>
Signed-off-by: HeyeOpenSource <[email protected]>
FYI: Gitea for example allows to create such code- and NuGet package repositories. |
Signed-off-by: HeyeOpenSource <[email protected]>
Signed-off-by: HeyeOpenSource <[email protected]>
Signed-off-by: HeyeOpenSource <[email protected]>
Switched back to draft due to commit by @wagoodman |
…gers (anchore#3348)](anchore@e4e985b) by Alex Goodman <[email protected]> Signed-off-by: HeyeOpenSource <[email protected]>
Since |
Signed-off-by: HeyeOpenSource <[email protected]>
Signed-off-by: HeyeOpenSource <[email protected]>
Signed-off-by: HeyeOpenSource <[email protected]>
Signed-off-by: HeyeOpenSource <[email protected]>
The Validations workflow finally throws no more errors at me. 👍 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @HeyeOpenSource, thanks very much for this PR! Generally speaking, it looks like you've followed the same patterns used elsewhere and this change looks really good. There are a couple specific things I'd like to note:
- instead of adding a bunch of binary files for the tests (including unneeded images and such), could we build these to a test docker image? for example Java runs some builds for test artifacts
- it looks as though there are a number of things reliant on the dotnet executable; can we get this information without it? if we could, this will definitely help move this PR forward more quickly
- environment variable usage should be cleaned up as noted in more specific comments
syft/pkg/cataloger/dotnet/parse_dotnet_portable_executable_test.go
Outdated
Show resolved
Hide resolved
…loger configuration. Signed-off-by: HeyeOpenSource <[email protected]>
Signed-off-by: HeyeOpenSource <[email protected]>
Signed-off-by: HeyeOpenSource <[email protected]>
Signed-off-by: HeyeOpenSource <[email protected]>
Signed-off-by: HeyeOpenSource <[email protected]>
Signed-off-by: HeyeOpenSource <[email protected]>
…rich``` functionality. Signed-off-by: HeyeOpenSource <[email protected]>
Signed-off-by: HeyeOpenSource <[email protected]>
Signed-off-by: HeyeOpenSource <[email protected]>
Signed-off-by: HeyeOpenSource <[email protected]>
After tackling all review conversations, the
I have removed any artifacts, which are not strictly neccessary. |
Description
Type of change
Checklist: