From 121b9aa32b2c024c5252d302ce013a83f7c8af18 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 9 Oct 2023 09:04:50 -0700
Subject: [PATCH 01/11] build(deps): bump ossf/scorecard-action from 2.2.0 to
2.3.0 (#841)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
.github/workflows/ossf-scorecard.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml
index 20c1662a1..0d82c78fe 100644
--- a/.github/workflows/ossf-scorecard.yml
+++ b/.github/workflows/ossf-scorecard.yml
@@ -37,7 +37,7 @@ jobs:
persist-credentials: false
- name: "Run analysis"
- uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0
+ uses: ossf/scorecard-action@483ef80eb98fb506c348f7d62e28055e49fe2398 # v2.3.0
with:
results_file: results.sarif
results_format: sarif
From e7160bcf2f7d86b76dd99c1c5ed79d22d3e08cf9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 9 Oct 2023 09:05:25 -0700
Subject: [PATCH 02/11] build(deps): bump stefanzweifel/git-auto-commit-action
from 4.16.0 to 5.0.0 (#842)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
.github/workflows/gen-docs.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/gen-docs.yml b/.github/workflows/gen-docs.yml
index 82a4ae621..33543f071 100644
--- a/.github/workflows/gen-docs.yml
+++ b/.github/workflows/gen-docs.yml
@@ -43,7 +43,7 @@ jobs:
EOF
- name: Commit
- uses: stefanzweifel/git-auto-commit-action@3ea6ae190baf489ba007f7c92608f33ce20ef04a # v4
+ uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v4
with:
commit_message: 'Update docs'
file_pattern: '*.md'
\ No newline at end of file
From 75476010d5cbced51be17cc0b3ac3e2dea826e72 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 9 Oct 2023 09:05:48 -0700
Subject: [PATCH 03/11] chore(deps): update
shogo82148/actions-upload-release-asset action to v1.7.0 (#835)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
.github/workflows/release.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 75c678029..1eae6e859 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -36,7 +36,7 @@ jobs:
run: dotnet publish --configuration Release --output ./bin --self-contained --runtime ${{ matrix.rid }} -p:PublishSingleFile=true -p:IncludeAllContentForSelfExtract=true -p:DebugType=None -p:PublishTrimmed=false ./src/Microsoft.ComponentDetection
- name: Publish CLI tool
- uses: shogo82148/actions-upload-release-asset@953d19cc84d8e8ecf80beec5afef40ca68b7e633 # v1.6.6
+ uses: shogo82148/actions-upload-release-asset@dbfb35b0d9069ff70bc1f9e47faba33ee30b2681 # v1.7.0
continue-on-error: true
with:
upload_url: ${{ github.event.release.upload_url }}
From 6b922cdccbd46019d2ee819e3d4903651eab3a46 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 9 Oct 2023 09:06:24 -0700
Subject: [PATCH 04/11] chore(deps): update dependency yamldotnet to v13.5.2
(#832)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
Directory.Packages.props | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Directory.Packages.props b/Directory.Packages.props
index 103a2ee6a..3a8f863bf 100644
--- a/Directory.Packages.props
+++ b/Directory.Packages.props
@@ -51,7 +51,7 @@
-
+
From 85b50ee52ac18ebe4185c8f6d419bcccc2559f02 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 9 Oct 2023 09:06:46 -0700
Subject: [PATCH 05/11] chore(deps): update github/codeql-action action to
v2.22.1 (#834)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
.github/workflows/codeql-analysis.yml | 6 +++---
.github/workflows/ossf-scorecard.yml | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index ee92cab1f..bbbaf165d 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -26,12 +26,12 @@ jobs:
fetch-depth: 0
- name: Initialize CodeQL
- uses: github/codeql-action/init@ddccb873888234080b77e9bc2d4764d5ccaaccf9 # v2.21.9
+ uses: github/codeql-action/init@fdcae64e1484d349b3366718cdfef3d404390e85 # v2.22.1
with:
languages: 'csharp'
- name: Autobuild
- uses: github/codeql-action/autobuild@ddccb873888234080b77e9bc2d4764d5ccaaccf9 # v2.21.9
+ uses: github/codeql-action/autobuild@fdcae64e1484d349b3366718cdfef3d404390e85 # v2.22.1
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@ddccb873888234080b77e9bc2d4764d5ccaaccf9 # v2.21.9
+ uses: github/codeql-action/analyze@fdcae64e1484d349b3366718cdfef3d404390e85 # v2.22.1
diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml
index 0d82c78fe..863355ee1 100644
--- a/.github/workflows/ossf-scorecard.yml
+++ b/.github/workflows/ossf-scorecard.yml
@@ -67,6 +67,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
- uses: github/codeql-action/upload-sarif@ddccb873888234080b77e9bc2d4764d5ccaaccf9 # v2.21.9
+ uses: github/codeql-action/upload-sarif@fdcae64e1484d349b3366718cdfef3d404390e85 # v2.22.1
with:
sarif_file: results.sarif
From 23b192e5a7b7768a96d05e1f2ae834ad239f85ab Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 9 Oct 2023 16:18:54 +0000
Subject: [PATCH 06/11] chore(deps): update
stefanzweifel/git-auto-commit-action action to v5 (#837)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
.github/workflows/gen-docs.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/gen-docs.yml b/.github/workflows/gen-docs.yml
index 33543f071..6ad35e8c1 100644
--- a/.github/workflows/gen-docs.yml
+++ b/.github/workflows/gen-docs.yml
@@ -43,7 +43,7 @@ jobs:
EOF
- name: Commit
- uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v4
+ uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5
with:
commit_message: 'Update docs'
file_pattern: '*.md'
\ No newline at end of file
From b22f08d22d17a794c80dc6824db9c33d7b4266d1 Mon Sep 17 00:00:00 2001
From: Justin Perez
Date: Mon, 9 Oct 2023 09:30:45 -0700
Subject: [PATCH 07/11] fix(cmd): allow `ScanSettings` to be serialized
---
.../Commands/ScanSettings.cs | 10 ++++++++++
.../Commands/ScanSettingsTests.cs | 17 +++++++++++++++++
2 files changed, 27 insertions(+)
diff --git a/src/Microsoft.ComponentDetection.Orchestrator/Commands/ScanSettings.cs b/src/Microsoft.ComponentDetection.Orchestrator/Commands/ScanSettings.cs
index 9f2b47041..3e134a6b6 100644
--- a/src/Microsoft.ComponentDetection.Orchestrator/Commands/ScanSettings.cs
+++ b/src/Microsoft.ComponentDetection.Orchestrator/Commands/ScanSettings.cs
@@ -3,6 +3,7 @@ namespace Microsoft.ComponentDetection.Orchestrator.Commands;
using System.Collections.Generic;
using System.ComponentModel;
using System.IO;
+using System.Text.Json.Serialization;
using Microsoft.ComponentDetection.Orchestrator.Extensions;
using Spectre.Console;
using Spectre.Console.Cli;
@@ -25,12 +26,18 @@ public class ScanSettings : BaseSettings
[CommandOption("--SourceDirectory")]
[Description("Directory to operate on.")]
+ [JsonIgnore]
public DirectoryInfo SourceDirectory { get; set; }
+ public string SourceDirectorySerialized => this.SourceDirectory?.ToString();
+
[CommandOption("--SourceFileRoot")]
[Description("Directory where source files can be found.")]
+ [JsonIgnore]
public DirectoryInfo SourceFileRoot { get; set; }
+ public string SourceFileRootSerialized => this.SourceFileRoot?.ToString();
+
[CommandOption("--DetectorArgs")]
[Description(
"Comma separated list of properties that can affect the detectors execution, like EnableIfDefaultOff that allows a specific detector that is in beta to run, the format for this property is DetectorId=EnableIfDefaultOff, for example Pip=EnableIfDefaultOff.")]
@@ -50,8 +57,11 @@ public class ScanSettings : BaseSettings
[CommandOption("--ManifestFile")]
[Description("The file to write scan results to.")]
+ [JsonIgnore]
public FileInfo ManifestFile { get; set; }
+ public string ManifestFileSerialized => this.ManifestFile?.ToString();
+
[CommandOption("--PrintManifest")]
[Description("Prints the manifest to standard output. Logging will be redirected to standard error.")]
public bool PrintManifest { get; set; }
diff --git a/test/Microsoft.ComponentDetection.Orchestrator.Tests/Commands/ScanSettingsTests.cs b/test/Microsoft.ComponentDetection.Orchestrator.Tests/Commands/ScanSettingsTests.cs
index ec87df249..9a94f31a3 100644
--- a/test/Microsoft.ComponentDetection.Orchestrator.Tests/Commands/ScanSettingsTests.cs
+++ b/test/Microsoft.ComponentDetection.Orchestrator.Tests/Commands/ScanSettingsTests.cs
@@ -1,6 +1,7 @@
namespace Microsoft.ComponentDetection.Orchestrator.Tests.Commands;
using System.IO;
+using System.Text.Json;
using FluentAssertions;
using Microsoft.ComponentDetection.Orchestrator.Commands;
using Microsoft.VisualStudio.TestTools.UnitTesting;
@@ -45,4 +46,20 @@ public void Validate_FailIfSourceDirectoryDoesntExist()
result.Successful.Should().BeFalse();
}
+
+ [TestMethod]
+ public void CanSerialize()
+ {
+ var settings = new ScanSettings
+ {
+ SourceDirectory = new DirectoryInfo(Path.GetTempPath()),
+ Output = "C:\\",
+ ManifestFile = new FileInfo(Path.GetTempFileName()),
+ SourceFileRoot = new DirectoryInfo(Path.GetTempPath()),
+ };
+
+ var action = () => JsonSerializer.Serialize(settings);
+
+ action.Should().NotThrow();
+ }
}
From 7221fd43885352585da4480dd5c50486eb35f5b7 Mon Sep 17 00:00:00 2001
From: Omotola
Date: Mon, 9 Oct 2023 09:36:40 -0700
Subject: [PATCH 08/11] move simple pip to default off (#836)
---
.../pip/SimplePipComponentDetector.cs | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/Microsoft.ComponentDetection.Detectors/pip/SimplePipComponentDetector.cs b/src/Microsoft.ComponentDetection.Detectors/pip/SimplePipComponentDetector.cs
index 088251532..83d758a94 100644
--- a/src/Microsoft.ComponentDetection.Detectors/pip/SimplePipComponentDetector.cs
+++ b/src/Microsoft.ComponentDetection.Detectors/pip/SimplePipComponentDetector.cs
@@ -10,7 +10,7 @@ namespace Microsoft.ComponentDetection.Detectors.Pip;
using Microsoft.ComponentDetection.Contracts.TypedComponent;
using Microsoft.Extensions.Logging;
-public class SimplePipComponentDetector : FileComponentDetector, IExperimentalDetector
+public class SimplePipComponentDetector : FileComponentDetector, IDefaultOffComponentDetector
{
private readonly IPythonCommandService pythonCommandService;
private readonly ISimplePythonResolver pythonResolver;
From 25e572f6b151b869798c24cf264b2ff20cf888ec Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 10 Oct 2023 11:09:56 -0700
Subject: [PATCH 09/11] chore(deps): update
mcr.microsoft.com/dotnet/runtime-deps:6.0-cbl-mariner2.0 docker digest to
98e5a9a (#845)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
Dockerfile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Dockerfile b/Dockerfile
index 82de5f243..ca0535c7b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -10,7 +10,7 @@ RUN dotnet publish -c Release -o out \
-p:PublishSingleFile=true \
./src/Microsoft.ComponentDetection
-FROM mcr.microsoft.com/dotnet/runtime-deps:6.0-cbl-mariner2.0@sha256:b98ce459b124ed1f46f6f061716d8ac209a754b04090eeebb33e68fd11a7bca5 AS runtime
+FROM mcr.microsoft.com/dotnet/runtime-deps:6.0-cbl-mariner2.0@sha256:98e5a9a0d1f8b55564e7412702258996e420e6bc8dbc973a9d0caad0469e8824 AS runtime
WORKDIR /app
COPY --from=build /app/out ./
From a54cb7cd51d8ecb41d84e37444f9a5ab8321ea75 Mon Sep 17 00:00:00 2001
From: Amitla Vannikumar <46578839+amitla1@users.noreply.github.com>
Date: Sun, 15 Oct 2023 23:56:16 -0700
Subject: [PATCH 10/11] Add Properties VCPKG (#855)
* added properties
* changed download location parsing to sanitize better
* added more checks
---------
Co-authored-by: Amitla Vannikumar
---
.../TypedComponent/VcpkgComponent.cs | 30 ++++++++++++++++++-
1 file changed, 29 insertions(+), 1 deletion(-)
diff --git a/src/Microsoft.ComponentDetection.Contracts/TypedComponent/VcpkgComponent.cs b/src/Microsoft.ComponentDetection.Contracts/TypedComponent/VcpkgComponent.cs
index a60a7bf98..26577e341 100644
--- a/src/Microsoft.ComponentDetection.Contracts/TypedComponent/VcpkgComponent.cs
+++ b/src/Microsoft.ComponentDetection.Contracts/TypedComponent/VcpkgComponent.cs
@@ -1,5 +1,6 @@
-namespace Microsoft.ComponentDetection.Contracts.TypedComponent;
+namespace Microsoft.ComponentDetection.Contracts.TypedComponent;
+using System.Linq;
using PackageUrl;
public class VcpkgComponent : TypedComponent
@@ -20,6 +21,11 @@ public VcpkgComponent(string spdxid, string name, string version, string triplet
this.Triplet = triplet;
this.Description = description;
this.DownloadLocation = downloadLocation;
+
+ if (!string.IsNullOrEmpty(downloadLocation) && downloadLocation.ToLower().Contains("https://github.com/"))
+ {
+ this.SetGitRepoProperties();
+ }
}
public string SPDXID { get; set; }
@@ -36,6 +42,10 @@ public VcpkgComponent(string spdxid, string name, string version, string triplet
public int PortVersion { get; set; }
+ public string GitRepositoryOwner { get; set; }
+
+ public string GitRepositoryName { get; set; }
+
public override ComponentType Type => ComponentType.Vcpkg;
public override string Id
@@ -71,4 +81,22 @@ public override PackageURL PackageUrl
}
}
}
+
+ private void SetGitRepoProperties()
+ {
+ /* example download locations
+ * "git+https://github.com/leethomason/tinyxml2@9.0.0"
+ * "git+https://github.com/Microsoft/vcpkg#ports/nlohmann-json"
+ */
+ var locationArr = this.DownloadLocation.Split('/');
+ if (!string.IsNullOrEmpty(locationArr[2]))
+ {
+ this.GitRepositoryOwner = locationArr[2];
+ }
+
+ if (!string.IsNullOrEmpty(locationArr[3]))
+ {
+ this.GitRepositoryName = locationArr[3].TakeWhile(ch => char.IsLetterOrDigit(ch)).ToString();
+ }
+ }
}
From 62c482be94b8556869a8c2d6a31a828ef22ded39 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 18 Oct 2023 08:37:51 -0700
Subject: [PATCH 11/11] build(deps): bump release-drafter/release-drafter from
5.24.0 to 5.25.0 (#866)
Bumps [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter) from 5.24.0 to 5.25.0.
- [Release notes](https://github.com/release-drafter/release-drafter/releases)
- [Commits](https://github.com/release-drafter/release-drafter/compare/65c5fb495d1e69aa8c08a3317bc44ff8aabe9772...09c613e259eb8d4e7c81c2cb00618eb5fc4575a7)
---
updated-dependencies:
- dependency-name: release-drafter/release-drafter
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
.github/workflows/release-drafter.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml
index 98f38be16..7e4ab26be 100644
--- a/.github/workflows/release-drafter.yml
+++ b/.github/workflows/release-drafter.yml
@@ -16,7 +16,7 @@ jobs:
pull-requests: read
runs-on: ubuntu-latest
steps:
- - uses: release-drafter/release-drafter@65c5fb495d1e69aa8c08a3317bc44ff8aabe9772 # v5
+ - uses: release-drafter/release-drafter@09c613e259eb8d4e7c81c2cb00618eb5fc4575a7 # v5
with:
disable-autolabeler: true
env: